Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Well said. The payloads provided are more for example. They might work "out of the box" for some scenarios but recon is required to specialize them to be fully functional most of the time. Also a lot of the payloads have not been updated for some time. As companies catch word of the vulnerabilities posed by old payloads they can try to prevent them with updates/patches fixing the vulnerabilities. This doesn't mean there aren't unpatched systems in the wild but usually leads to new/updated payloads being required. If you want to learn about the use of the bash bunny start with very simple payloads like one that opens a text editor and types something. Evaluate how it works, modify it, then move on to more complex payloads.
  3. Today
  4. @hoppler almost all of the payloads are developed by 3rd party developers, meaning they dont work for hak5. hak5 does not update these payloads. They provide the tools ( the Bashbunny ) for the pentester to do what they want to do with it. This means for the most part, you need to have a general knowledge of how the payload works. Myself, I have gone through different payloads and read the code and changed things to make it do what I want it to do. Also realize that these are made for a Business style attack, meaning your home machine most likely wont work for these because some ports might not be open or you dont have the required tools setup on the BB. I personally was able to acquire an old machine from where I work ( I bought it for cheap from them ) and a lot of the payloads do work and I have setup the payloads to work with that version of windows running. The BB is not just a plug and play. You need to do your research on the machine your attacking and edit the payload to that. Most people that us the BB are familiar with coding and just make there own payloads for there situation and never upload them to github because maybe they dont want to.
  5. Thanks for info. In the thread on module statuses that was recently reported as well by another user. This confirms it as well. Seems there is an issue with reaver and bully.
  6. In any case, the scan will produce results now but the WPS module will still not run. Oh well
  7. Cap_Sig, I used the recovery image as instructed and everything looks good but I cannot get the pineapple to recognize my microsd card even when it says it has successfully formatted it. Was this feature supported back then?
  8. What OS are you having this issue in? Have you tried a different OS? Have you tried another USB cable? Could be as simple as a bad pin or broke wire in the cable. Just a couple quick things to check before digging in deeper to the problem.
  9. Its a tough spot to be in. Hak5 could just never release updates for the device and the community modules continue to work without being updated, but then how would you feel if new features/improvements never got offered over the life of the device..? The biggest hope is module creators of past/present/future continue to update/improve there modules to work with the latest Hak5 firmware.
  10. So,we wait for this. But you have to admit that the latest update just made this device worthless. Even the handshake cannot be captured, 70% of the modules do not work when the downgrade device to version 2.5.4 already has the handshake working but some useful modules do not work either (including dwall).
  11. This is the second thread on ddos-guard.net and I think both posters are spammers. Especially when there's free DDoS and layer 7 DDoS protection from CloudFlare. Mod, cross check the IP at the Stop Forum Spam database.
  12. I'm wanting to know how I can use my SDR to capture an ADP encrypted radio transmission and run it through some sort of software and crack this very simple encryption scheme. This is of my own interests using my own radio using ADP. I currently run SDR# and DSD+ and I'm very familiar with radio communications, etc. I was thinking Wireshark and something else could help crack the key. What's say you?
  13. Hello. It used to work without any issues, and today this started happening: I connect my Alfa to my computer with usb cable The Alfa's led turns on and it gets recognized in system, 1 second later it turns off and stays off for a few seconds Step 2 Step 3 It's random for how long it turns off and the light sometimes flicker a bit and sometimes the Alfa doesn't turn on at all. At one point it stayed on for 2 minutes and I checked it's mac adress, tried connecting to wifi, it all worked. What can be the problem? Please help I'm going crazy.
  14. Yesterday
  15. @NetsForNutworks thanks for the report. I was able to reproduce the error you've indicated. The team is investigating.
  16. The best tool is the Javascript encoder from our repository at https://downloads.hak5.org/api/devices/usbrubberducky/tools/jsencoder/1.0/ This creates the inject.bin file from your ducky script all in browser with just a single HTML file - so no java, python or online tool needed.
  17. There's ~23 MB free on the root file system and another ~30 MB available in /tmp Cocktail napkin math says with 14 byte hashes you're looking at being able to store some 1.6 million creds, give or take... And of course there's always C2CONNECT && C2EXFIL /tmp/logfile # :)
  18. This is literally exactly the current scenario... the modules you receive as part of the firmware are authored by Hak5, modules available on the Module Manager are the "bonus" user created modules, to put it the same way you did. The comparison to Apple is nonsensical. We are not a large enough team to manage 20+ modules that we did not author. They will be updated when we can, or when the module authors do.
  19. Well, I'll answer myself, before somebody else runs into the same problems thinking the Firmware doesn't work. Here's the little story: I installed Firmware 1.6. So far, so good. But when I logged into the Bash Bunny I could only see : "udisk" and "Version.txt". Before I made the update I could see something like "ATTACKMODE", "TOOLS" and many other Directorys/Files. After I installed the new Firmware 1.6. there was only what I mentioned above. Well, I'm not good with linux, but I'm not a quitter. so I started digging deeper into the BB. And I got the clue! The filesystem has changed!!! Now I have to do a " cd .." to see the files installed in the BB. Important: See the space between "cd" and "..". I got metasploit installed, responder, but gohttp will be ignored. I put the files into the Tools folder - it shows magenta light, so it is installing, but no gohttp - I need it for a reverse shell. Why I can't install gohttp ??? Well, I don't know if Mr Darren Kitchen is still around. But if he is, I would like to tell him: Please, Mr. Kitchen, if you are still working on hak5 I need your help! The Bash Bunny is a great Tool for pentesters, but unfortunally there seems to be no help, or at least very few help, to get bpayloads started. Most of the payloads on github don't work anymore. And I'm not satisfied with it. A video showing that the BB can show a message when plugged in or change the wallpaper (big Deal) isn't something a pentester needs to know. I don't know if you still interested in the development of payloads for the BB. But if you do, you might want to make some tutorials - this is better then showing any uninterested stuff on hak5 for the BB. I guess you have to be serious and not presenting anything like "I can change your wallpaper if you plugin you BB". Wow, big deal! No, I guess the community have to wake up! Where is the challenge? Were are the programmers who can defeat let's say UAC? Most of the stuff shown isn't very intersting - for more than 30 minutes - yawn!!! Hey, guys, wake up!!!!!!!!!!!!!!!!!!!!!!!!
  20. I will test it this weekend when get some time to see if can replicate the issue.
  21. Hi KentJ, Thank you for taking the time to reply and confirming what I thought already your input is much appreciated, and will help very much in my re-search and development in security research. I will continue to invest in this area and develop new skills and develop new software. I hope I am able to learn and help others also on my journey.
  22. Hey guys, I have a packet squirrel setup in Cloud2 and I can successfully start a terminal session. In a terminal session I would like to run a packet capture. If I run the command tcpdump -nni eth1 -f /mnt/loot/tcpdump/test2.pcap I am able to capture some packets. I can Exfil the packet capture with the command: C2EXFIL /mnt/loot/tcpdump/test2.pcap and the file shows up in the C2 dashboard. However, when I download the pcap, Wireshark cannot open it. I get an error message: "The file test2.pcap isn't a capture file in a format that Wireshark understands" Screenshot: https://imgur.com/a/t9MJtoZ I can open the pcap file with Wireshark from the USB stick, if I remove it from the Packet Squirrel and plug it into my PC. Could the C2EXFIL command be modifying the .pcap file when it moves it? I've used the C2EXFIL command to move other files like .txt and .nmap and have not had any issues. Has anyone else experienced this or figured out a way to move pcap's using C2EXFIL?
  23. Can you Hack a PC over the internet without a user clicking on a link or running a virus? Depends. If there are open ports, running vulnerable services, or through a web driveby targeted at the browser, maybe. But you will have to get code execution one way or the other, if you cant get a virus / payload onto the system, or exploit open port, no. Get on to a domain without knowing the credentials If you can get a foothold on a domain joined system, you dont have to have credentials. They help, and are good to have, but with a good enough exploit collection, credentials doesn't matter. Get Hacked if you are not even connected to the internet without physical access No. If there no connection network, no internet, no radio based keyboard / mouse, and the system have restricted physical access, you're pretty safe. But, that's still a system thats pretty hard to safeguard, and not very userfriendly šŸ˜‰ just some random thoughts šŸ˜‰
  24. Hi Team, I am new Member hear and wanted to say Hi I am a security researcher and have over 3 years experience in computer security and love to learn new things and my aria of study is computer security and computer forensics and have 12 years knowledge in the computer industry anything from programming to forensics and computer security but I have one burning question: I have used the tactics of social engineering and used Kali Linux to a intermediate / advanced level and comfortable using the tools, but I have 1 question I hope someone can clear up. Can you Hack a PC over the internet without a user clicking on a link or running a virus? Get on to a domain without knowing the credentials Get Hacked if you are not even connected to the internet without physical access for the purpose of my skills and research I am unable to answer this but hoping that someone may know the answer. Thanks
  25. same here.. this firmware is unstable whenever working with SD Card, sometimes rebooting is working sometimes not. Others installation task also seems unstable. I have to do the reboot to install modules..
  26. Yeah i used it, it works but as you already know from my other post, i have a problem that capturing stops and don't continue so i am afraid that both issues maybe related? what do you think
  1. Load more activity
  • Create New...