All Activity

wlan2 represents the WiFi client interface of the Pineapple, so I can't see why that would directly be involved in the use of the evil rogue AP.

Hi guys, just fresh installed firmware 2.1.3 and running the PineAP Evil Enterprise and get this error: no address range available for DHCP request via wlan2 My iPhone cannot connect to it but does show the username pw entry fields. Any clue? Logfile: https://file.io/MoNVAxqkkSXa

There is a "conflict" here. Combining the two (plugging the SJC directly to the router, and having the SJC in arming mode) should lead to issues since the Shark will "be the network" in arming mode (using the IP address of 172.16.24.1) and reaching that address shouldn't really be possible since/if the router presents a totally different network and expects networking clients to connect to it. That's also why I'm a bit surprised you are even able to ping it or be able to get something in return when trying to ssh into it (although it throws back an error). To use the SJC as a client and plugging it into a router expecting it to get network (and internet) access, I would instead create a payload that would set the SJC in "NETMODE DHCP_CLIENT" at boot and also start the ssh daemon. Then find the IP address that the Shark has received on the LAN and ssh into it. This will not work for different reasons. One is that your MacBook most likely don't have a DHCP service running that is able to hand out a DHCP lease to the SJC. You will also have additional issues since you most likely need to configure both the Shark and the Mac to let the Shark have internet access via the Mac.

Might be a newb question but I seem to be unable to ssh into the SJCable busybox when it is attached directly to my router and in arming mode. I can see it via the router admin panel and can ping it nicely from my terminal but ssh root@dhcp_ip returns => port 22: Connection refused When I connect directly via USB-C based Ethernet Cable on my MacBook I can ssh into the static IP but then can not activate NETMODE DHCP_CLIENT => here the bugger simply hangs in an endless loop Any ideas on how best to tackle? Simply need to run the initial upgrades. Thx a bunch

That can't be too difficult to do a Google search on. Especially since "John" is also mentioned in the payload readme/instructions plus the fact that the GitHub repo is linked in the instructions. So... JtR stands for "John the Ripper", it's a tool. https://github.com/openwall/john https://en.wikipedia.org/wiki/John_the_Ripper https://www.openwall.com/john/ You haven't included any commands in the post, but I guess that you are referring to the commands in the payload instructions. They should be executed on the Bunny itself (when it has been configured to be able to reach the internet). You will most likely run into a bunch of errors while running the apt commands since Jessie is EOL and the upstream package repos aren't maintained anymore. The payload itself is interesting as a concept, but nothing I would use that much since it's rather limited in the way that it is only able to try a limited amount of possible passwords. I would go with QuickCreds/Responder instead and do any "password restoring" on something more powerful than the Bunny. The Responder version that is used in the payload is also older than needed.

Hi there, I started playing with Bash Bunny, I would like to unlock a Windows PC, without knowing the password, for security measures I cannot reset the password. I have seen the Bunnypicker (Win10 Lockpicker for Bash Bunny) payload, listed on official GitHub repo. Has anyone worked with it? I have the following question as this person mentioned in the GitHub issue. I will list the questions here as well: 1. What does JtR means? 2. Where do I run the following commands? In Windows, on the Setup machine (a Windows where I setup the BashBunny USB stick) ? Based on what I have seen, the below commands can be run on a Windows Machine with Linux subsystem activated (WSL2). Am I missing something?

@viggolek did u fixed the issue, having the same problem sadly ? 😞

I was having problems with the forum. I am not abusing anything there is people abusing your products and it's impacting people and they are targeting vulnerable people. I'm not having it local law enforcement. Don't get it. They don't see it. I see it very clearly now do I have to go to the FBI with this? I already put a complaint in on whatever site that is they have nobody ever contacted me back but the level that these guys are at they got guys working in the data center. They got guys that are working on the lines. This is serious shit.

Pro license of PayloadStudio is not included if you don't buy the "Pro" or "Elite" bundle when you buy the Ducky, which is possible to read all about on the shop page https://shop.hak5.org/collections/best-selling/products/usb-rubber-ducky It's possible to buy it separately as well https://shop.hak5.org/products/payload-studio-pro No, it's not necessary. You can use the community version for free (which is as cheap as it gets) as stated in the official documentation https://docs.hak5.org/payload-studio

Hi everyone! I'm looking to buy the RubberDucky and learn how to use it. But I have a question before I buy. Is the PRO licence included in the purchase of the RubberDucky or do you have to buy it separately? Is the PRO licence necessary to encode code on a microSD and put it in the rubber on payloadstudio.com or is there another way (preferably cheaper)? Thank you very much Nicolas

I've had this issue with people hacking me for about two years now and I'm a retired IT professional. I'm 58 years old and where I live there's a bunch of kids running around doing things you don't want to get caught doing. . What should I do? It's crazy. They are into everything like cockroaches. They're even in the cops shit and I told them you're hacked you're penetrated and they never had their IT guy call me. I worked in corporate IT for over 30 years and if somebody came up to me and told me, hey, you got a security issue issue or whatever I would've made that call by the end of the day. They got a bad internal problem because I know they got a guy that works in the data center and then they have other guys that are contractors for the cable company and they're with the bucket trucks. This shit blew my mind what I stumbled upon and I don't wanna do something that's gonna hurt you guys so please give me some advice. these are not good people because I gave them every opportunity to knock it off and if they have a problem with me, they need to come talk to me. I have enough evidence to send them away for a long time. I mean, come on using fucking jammers. I got them using jammers on my fucking Wi-Fi cameras and my neighbors.

This isn't your grandma's SDR beginner post! I'm putting out a bat-signal to all the SDR enthusiasts out there: hackers, tinkerers, hardware wizards, developers of all stripes (software, firmware, you name it) – anyone who gets a thrill from pushing the boundaries of tech. Beyond Signal Hunting: Sure, I'm a newbie in the SDR world, but my interests are more than just finding radio signals. I'm obsessed with reverse-engineering hardware and unlocking the hidden potential of SDR. Level Up My Skills: I've been hitting the books (official docs) and forums hard, but I crave the next level: deep dives into the technical nitty-gritty. Here's what gets my neurons firing: Academic Intel: Research papers and white papers that crack open the frontiers of SDR technology. Bleeding-Edge Projects: Proof-of-concept adventures and experimental applications that showcase the true power of SDR. The Resourceful Hacker Way: Bootstrapping My Setup: Repurposing hardware and mastering the art of reverse engineering is my jam. Eco-Friendly Hacking: Minimizing waste is a priority. I believe in responsible hacking that maximizes knowledge gain. Future-Proof Investment: I'm on the hunt for an SDR platform that can grow with my skills and ambitious projects, even if it means getting my hands dirty with some soldering and coding. Calling All SDR Gurus: Are you a seasoned SDR developer who gets fired up by cutting-edge concepts and guiding enthusiastic newcomers? If so, I'd be honored to connect and learn from your expertise. Collaboration is the Name of the Game: In addition to a mentor, I'm on the quest for hidden knowledge: Academic Gems: Hit me with links to those insightful research papers or white papers that delve into the latest SDR advancements. Hidden SDR Haunts: Point me in the direction of lesser-known forums, communities, or projects that explore advanced SDR topics. Let's push the boundaries of SDR together. Raspberry Pi and Arduino are fantastic tools for teaching electronics and programming while promoting sustainable practices. Learning how to critically think, troubleshoot, and repurpose old components not only benefits individuals but also contributes to a more sustainable and efficient society.

Hi newbi3, the portals work great except that they don't log anything the first time I enter my creds. I have to reconnect and enter them again before they get logged. This happens with all the portals. I am using the Kleo Portals. Any idea what the Problem could be that i dont get the creds on the first attempt ?

OK, keep it the Nano section then, you will have the best chances of getting the most relevant answers in the case it's device specific. I haven't experienced it though over the years using the Kleo portals, not with the Mark VII or the Nano.

Hi dark_pyrro, I've only had the experience with the Nano. Best regards, DP.

I've removed one (hidden.)

Is this the same use case as you've already posted about (twice) in the Nano section of the forums, or are you actually experiencing this on both the Mark VII and the Nano?

Hi guys, the portals work great except that they don't log anything the first time I enter my creds. I have to reconnect and enter them again before they get logged. This happens with all the portals. I am using the Kleo Portals. Any idea what i can do to get the credentials after first login attempt ?

Okay thanks for the reply dark_pyrro!, another Question: i installed the Evil Portal module with the portals from kleeo. If i start Evil Portal with an portal for example google-login, the captcha is working and if a new client connects to the AP he has to enter his credits. The Problem is, that if he hits the Button Sign in, the Portal dont deliver the Informations he filled in the field. But if he ignores the AP and reconnects to it again. His filled out fields are gonna delivered to the log file. But everytime just on the second attempt. Any options i can change to get the details after the first attempt ? Kind regards DP

Did you set the 5 GHz adapter as the recon interface after the firmware upgrade?

When I got this out of the box and did the setup it had options for 5GHz on recon once i did the firmware upgrade they disappeared, how do I get them back?

The Nano is EOL so there will be no official fixes (and no already existing ones available that I've heard of over the years). You have to try to figure that out yourself if you necessarily need to connect it to a WPA3 enabled AP. OpenWrt 19.07 should support WPA3 though, but you probably need to tweak it to get it working. You will probably run into issues trying to install packages needed. Going down that rabbit hole might have negative effects on Pineapple features. My guess is that it's easier to use a WPA2 AP rather than to try to get WPA3-sta working on the Nano.

Hi, I think the Problem is the Securitytype of the Iphones Hotspot, it contains WPA 3. I think the nano can´t acces to WPA 3. I tried it with an Android on WPA2 and on my router it worked perfectly. Is there a way to fix that issue? Sadly you cant change the Securitytype to WPA2 on the Ios Device. Maybe any hotfixes for the Nano to connect to WPA 3?

Please don't do sketchy shit.

Hello, I have a question, if I gift to someone and then he hypotetically uses it to do something criminal, can the device be traced back to me who actually bought it? I mean through the firmware or some kind of device id. thank you