Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. I am getting this error Error on line 0 : Error parsing duck_text: b'GUI H' Which seems to refer to this line of DuckyScript SHIFT GUI H When encoding with https://ducktoolkit.com/encode. I am trying to get the keystroke ⇧⌘H (SHIFT–COMMAND–H). It seems that this is a problem with multiple modifer keys. What am I doing wrong, and how can I do it right in the future?
  4. I'm starting this thread on behalf of @CatatonicPrime who just released his Jackalope payload - which uses ethernet to attempt dictionary attacks against passwords. https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/Jackalope This post is made pre firmware v1.6 which will include dependencies, however if you wish to attempt this payload beforehand I've included the following snippets. You'll need to first get your Bash Bunny online, which can be done by following the instructions at https://docs.hak5.org/hc/en-us/sections/360002204213-Internet-Connectivity Update apt sources rm -rf /etc/apt/sources.list echo "deb http://archive.debian.org/debian/ jessie-backports main" | tee -a /etc/apt/sources.list echo "deb-src http://archive.debian.org/debian/ jessie-backports main" | tee -a /etc/apt/sources.list echo "deb http://httpredir.debian.org/debian jessie main contrib non-free" | tee -a /etc/apt/sources.list echo "deb-src http://httpredir.debian.org/debian jessie main contrib non-free" | tee -a /etc/apt/sources.list echo "deb http://ftp.de.debian.org/debian stretch main" | tee -a /etc/apt/sources.list echo "deb-src http://ftp.de.debian.org/debian stretch main" | tee -a /etc/apt/sources.list echo "Acquire::Check-Valid-Until false;" | tee -a /etc/apt/apt.conf.d/10-nocheckvalid echo "APT::Default-Release \"jessie\";" | tee -a /etc/apt/apt.conf.d/default-release echo 'Package: *\nPin: origin "archive.debian.org"\nPin-Priority: 500' | tee -a /etc/apt/preferences.d/10-archive-pin date -s 20190522 # replace with todays date apt-key update && apt update Install most dependencies apt -y install ntp apt -y install openssh-server dosfstools psmisc python isc-dhcp-server apt -y install nmap p0f tftpd perl tcpdump resolvconf apt -y install screen ldap-utils smbclient git curl apt -y install postgresql apt -y install expect apt -y install python-crypto python-pyasn1 python-openssl apt -y install python-pip apt -y install libxml2 zlib1g-dev libpq-dev libpcap-dev libsqlite3-dev apt -y -t stretch install ruby=1:2.3.3 ruby-dev=1:2.3.3 Install rvm curl -sSL https://rvm.io/mpapis.asc | gpg --import - curl -L https://get.rvm.io | bash -s stable source /etc/profile.d/rvm.sh echo "source /etc/profile.d/rvm.sh" >> /root/.profile you may need to tell curl to ignore ssl validation Install metasploit-framework cd /tools git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework gem install bundler bundle install
  5. v1.6 is being worked on currently and should include several new built in tools. There's an episode of Hak5 coming out shortly that talks about it some - along with a killer new payload.
  6. Looking for a payload/how to tutorials anything I can get my hands on for the nefarious well known “Microsoft scammers” thanks in advance.
  7. Yesterday
  8. I want to learn full details of hacking
  9. I have used both and think Kali is the way to go. I did not like the parrot interface vs what kali is. Parrot seems to be a knockoff of kali so that kali isnt the monopoly of this field. all in all kali is the way to go as it is easier to use unless your a parrot die hard fan in which all power to you.
  10. have you refreshed the webpage after connecting to show the IP connect to? A lot of times I lose the field of wlan2 and have to refresh to get the ip. also have you tried a home network analyzer to see if the pineapple connect to the router or not?
  11. nano is exactly what you want for wifi pentest. Kali can do the same with multiple different programs, but you need to know how to use them. Best suggestion is, learn them so you have a better idea on how the nano is working for you.
  12. yes it is. The latest 1.5 firmware addressed a lot of things and is able to still grow with extensions and payloads. the BB is right now almost perfect for what it was designed for.
  13. it only really has about 1-1.5gb after all the payloads you store on it. if your looking for a linux distro to store on the BB, then you will not have room for anything else. anything light like xfce
  14. I have had the same issues with just PineAP enabled and collecting ssid. usually after about 2hrs it starts recording these jacked up ssid's. No recon adds or manual entries. both on nano and tetra. But have been noticing more on the nano than the tetra and my tetra is on almost 24/7 collecting ssid
  15. I guess the keyboard layout of your host machine where you're executing the payload is not the US layout? Have you specified a language file during the encoding of the payload?
  16. We have a lot, and I mean like shitloads (at least 100) old computers my high school, not to mention probably even more laptops (though they are often off, and are very cheap). Thought it'd be really fun to do something...anything to the network or computers (like maybe a botnet) wouldn't wanna do anything too evil/illegal tho. Don't really care what, any cool ideas... I don't really know what I'm doing so just any ideas are cool as long as you explain what the methods are so I can research them. I don't really know where to start right now. I'll try and get the IT guy/the principals' permission of course. I'm somewhat a beginner, so if you could say the names of the things you are doing so I can research them, that would be great. I literally have 3 years to figure it out. Most the network is wired, but laptops and phones connect to wireless, and the computers have trendmicro installed on them. Though I kind of have an advantage because I have access to like everywhere every day. for 3 years. All computers are windows 10. We have like 4 rooms with switches and stuff... lots and lots of cables in those rooms. I can probably get into them but I'll need the key (I know who has it) I really want to do something/learn how to do something but I don't know what to learn. P.S. if I end up doing this illegally (which I totally won't) I'm not gonna change anyone's marks or access anything, personally I don't really care about the stupid school data and the last thing I need is a zero when someone finds out my marks were changed. I'll probably just screw with people. ...Maybe play a particular song full blast during an assembly... -----> or on every computer at once <---- Just an idea. (every computer has a speaker)
  17. Hi, Could you please generate a debug log from the Help module and attach it to a reply in this forum thread? I'd like to look into any potential faults and narrow this down.
  18. Hi, Could you please generate a debug log from the Help module and attach it to a reply in this forum thread? We'd like to investigate further :)
  19. Sorry, can't help as I don't have one but it does look like you are not the only one suffering this. https://forums.hak5.org/topic/46187-wlan2-not-connecting/ https://forums.hak5.org/topic/45346-wifi-pineapple-usb-wifi-adapter-not-recognized/ https://forums.hak5.org/topic/46167-i-am-in-need-of-a-pineapple-nano-mentor/ https://forums.hak5.org/topic/45819-wifi-connectivity-not-working/ I don't think anyone from Hak5 has responded to any of these and the earliest post I have seen was February. You might be better off with an eBay adapter after all!!
  20. Hey, Apologies in advance if this issue is being caused by something painfully obvious - bit of a noob with the ol pineapple... I'm trying to connect though wlan2 (USB Ralink RT5370). I can scan and identify networks, but when I enter the password and click connect, the pw form field just clears and no connection is made. Have tried all the obvious stuff (reset, re-flashed, upgraded, proved operation of both the Ralink card and network by using with other devices etc.). Running Kali with VBox on a Mac host with bridged connections. Any help much appreciated. Thanks!
  21. Last week
  22. how much memory does it have and what linux distro do you think would work with it?
  23. Hey, so I'm just curious if my ssid pool (150 ssid's) is to big to broadcast?
  24. Just curious if this module is still supported? I have started the download a number of times and nothing ever happens. 😕
  25. TLDR; I designed and 3D printed a drone from scratch. Used Phantom 3 STD motors from a crashed phantom, a Mini Pix flight controller, a 4 in 1 ESC, a generic PDB, a FlySky I6S controller and receiver, and a 4S 2000mAh 65C battery, to get the drone in the air, and strapped a WiFi Pineapple to the bottom powering it off the battery with a 5v BEC. I call it the PWN Drone, and hope to use it for pentesting engagements, and to educate the public about the attacks that are out there and how to keep themselves safe. Just sharing my experience, and ideas. Pics to come, when I have time to host them. Website for more info: https://olilenel.wixsite.com/pwndrone Questions, comments, criticisms welcome. A while back I had the idea to create a penetration testing drone. I fired up the google machine and came up with a couple of people who had already delved into this idea. The first one I stumbled on was the danger drone created by bishop fox. I loved the idea, but kept looking. Not long after I found some videos on YouTube by HAK5 and GlytchTec that were more along the lines of what I had in mind. So in August of 2018 I ordered a 3D printer (the Creality CR-10 4S) and began doing some research on how to make a drone like this. I used HAK5 and GlytchTec's drones as inspiration, but wanted a fully custom design, so I got to work with sketchup and began designing a drone that was modeled after the DJI mavic (I liked her curves 😉). A couple of weeks later I had a shell, and discovered that I absolutely love 3D printing, especially for designing drones. Its the perfect combination. No more buying parts online if something breaks, just a quick 14 hour print and you have yourself a shiny new part! And the limitation is your imagination (and weight and size considerations). Not to mention the cost, if you don't factor in the $500 3D printer, is considerably less than buying parts. The frame cost me less than $20 to print! Next step, flight components. I needed a flight controller, ESC's (Electronic Speed Controllers), a PDB (Power Distribution Board), a transmitter and receiver, a battery, a GPS, a payload, and a way to power it, screws, glues, the list goes on. Time for some more research. It was at this point that I realized that I had never flown a drone before, and I might need some experience with an established system before I went off and created my own. Time for some eBay shopping! After a week of scouring eBay for a cheap drone to test my flight skills out, I found a DJI Phantom 3 STD for $200 that came with everything I needed to get started. It even came with prop guards, an extra battery and controller, and I thought a camera drone would be a lot of fun, plus I wouldn't need an expensive FPV setup. So I pulled the trigger and bought it. A week later it showed up at my door, and I had it flying within a matter of a couple of hours (batteries had to charge). If you've never flown a drone before, i just have to say, their a lot of fun! I flew it every day for the next week. Every chance I had I was putting it in the air, and by the end of the week I was getting pretty good at maneuvering it around my back yard, around an obstacle course I set up to get my flight skills up to par. I even began working on getting some good angles and shots with the camera mounted on the Phantom. I live by a large lake with some beautiful sunsets. At the end of the week against my better judgement, I decided to take the drone to the lake to try and get some video of a beautiful peninsula that sticks out into the water, with a beautiful sunset as a backdrop. The scene was ideal, the wind not so much. But it wasn't going to stop me. I took the phantom out for a test flight, and it seemed to deal with the wind just fine. Time to work on some sick drone shots. I launched the phantom from the beach and slowly began moving towards the peninsula, and was super excited, the video looked gorgeous! I was flying the phantom close to the peninsula with the camera slowly panning left and it opened up to the sunset as the drone was flying along the edge of the peninsula. I was in deep concentration at this point, flying it completely from the camera view on my phone (Bad Idea). As I neared the end of the peninsula, the wind picked up and blew my new phantom into the trees at the edge of the peninsula, at which point my phantom decided it had had enough of the flying, and wanted to become a submarine 😢. After recovering my poor phantom from about 10 feet of water, the lights were still blinking, and I knew she was toast. The cool thing about drone motors is that they don't really mind being submerged in fresh water. I lost $200 and a drone, but now I had some motors for my PWN Drone. Ya gotta look on the bright side. This shaped the components I was going to use to make my 3D printed shell. I looked up the specs of the DJI Phantom 3 STD and found out that the motors use 20A ESC's. Not bad. I then found the PIX hawk, a flight controller with some pretty sweet features like: autonomous flight, plug and play design, and a pretty simple setup process. But the PIX hawk was way to big for the frame. I played around with the idea of a DJI NAZA-M but they are pretty pricey. It wasn't long after I found the baby brother of the PIX hawk, the aptly named Mini Pix. It had all of the same features of the PIX hawk but was much smaller. Perfect. It also cost considerably less than the DJI NAZA-M. I found the cheapest place to get these was good old BangGood.com. This is what decided a lot of the other missing components. The Mini Pix came with a PDB, I found a 4 in 1 20A ESC that was the same form factor as the Mini Pix, and decided on the FlySky I6S controller transmitter bundle, added two 4S 2000 mAh 65C batteries with a cheap charger, and found a compatible radiolink GPS designed for the Mini Pix. This was essentially all that I needed to get the drone in the air. BangGood is great for pricing but most of the components ship from china and take around 2 weeks. So I had 2 weeks of waiting to do, and decided this would be a good time to figure out my payload design. My original plan was to use the cheap $10 raspberry pi zero and load kali on it to launch some wireless attacks from the drone. With my new found 3D printing skills I put together a payload case, and a carrier so that it could be switched out for another Pi Zero W, so that i could hot swap payloads. I had a Pi Zero W laying around with a male USB hat, and found a sweet kali distro created by mame82 called P4wnP1 that did exactly what I was looking for out of the payload. At this point the parts began to arrive from china, and I put aside the payload, and began work on the flight components. I soon realized that even with the smaller components that I ordered ,all of the parts, especially the battery, were not going to fit in the frame I designed. My solution.... print it 15% bigger. This was a process as I had to scale all of the parts. Sounds easy but I already had the screws and didn't want to order more, so I had to go into every file and reduce all of the screw holes by 15%, then scale the parts up 15%, then test print every one. This took me a couple of days between school work, but the finished design came out better than I expected. All of the parts fit nicely and the project was coming along. For a while I had been following HAK5 on YouTube, and had quickly fallen in love with the WiFi Pineapple Nano. I finally had a good paying job and was making enough money that I was ready to commit and buy one. Even after all of the work I had put into the raspberry pi payload, I even gave it a name (PiLoad) and had a couple of versions, I think I was up to PiLoad v3.0, I wanted to strap the Pineapple to this drone. I found operating the Pineapple to be much easier than setting up the P4wnP1, and it was all around more capable. I could do scans of the wifi landscape, de-auth targets from networks, so that they would connect to mine, not to mention I could use the web interface to do this all in real time as I was flying the drone in auto level mode. One problem I had not yet gotten to was powering the payload. With the 15% increase in size and the larger payload I already knew I didn't want to add another battery, and the PDB didn't offer a 5v output, so I ordered some 5v BEC's powered them off of the PDB, wired them to a female USB cable and voila, 5v regulated power for any payload! At this point the drone was close to being complete. I used the 9" props from the phantom as they would have enough lift to pick up this monster that was nearing the size of the phantom. At last time to see if this thing flies! I paired the controller and receiver, set up the Mini Pix with the mission planner software, and took it out for a test flight. As a software developer I can wholeheartedly say that I have never had anything work on its first try, but the demo gods were looking out for me that day, and miraculously the thing flew! I still have to calibrate the flight controller, because there is some noticeable drift with the Pineapple strapped to the bottom, but I cant ask for much more. I soon plan on adding a Pi cam with a Pi Zero to get FPV footage streamed to my laptop, and take this thing out to do some mock engagements. I hope this drone can be used in pentests in the future, but I also hope to use it to educate the public of the dangers of MITM, and Karma attacks. Whenever explain the capabilities of the Pineapple to everyday people, they always tell me how scary that is, and ask how to prevent being PWN'd. I think this could be a great educational tool to inform the public of the attacks out there and how to keep their devices safe. Im sure I missed something, and am happy to fill in the blanks. I just wanted to share my experience, and some of my ideas, and welcome any questions, comments, or criticisms. I have many pictures of the process, but none of them are hosted as of today. I do however have a wix page up with some more details, and plan on getting my pictures hosted when I get the time. If you want to check out the website the URL is https://olilenel.wixsite.com/pwndrone
  26. @Foxtrot did you get what you needed? This is happening to me within 2 hour windows.
  1. Load more activity
×
×
  • Create New...