Jump to content
Hak5 Forums


Popular Content

Showing content with the highest reputation since 09/22/2018 in all areas

  1. 4 points
    Hi everyone, We just launched the Hak5 Cloud C2! I just wanted to give everyone a heads up and give some basic instructions on how to get everything set up: Setting up the Hak5 Cloud C2 Server To set up the Hak5 Cloud C2 server, simply head over to https://c2.hak5.org, download either the community or professional edition, and wait for an email to arrive with the download link and licence key. Once you have downloaded the ZIP file containing the server, choose the correct version for your OS and architecture (such as linux 64bit), and execute the binary. You will be prompted to add some parameters such as '-hostname'. We recommend setting up the Hak5 Cloud C2 with DNS. Once running, you will have a setup token printed to your terminal. Make a note of that and head over to the configured IP / DNS and port using your favorite web browser (Firefox or Chrome(ium) are recommended). You will be be guided through the setup there, and asked to enter your setup token and licence key. After performing the initial setup, if you need further help, click on the three dots in the top right corner and click on "Help". Update your device firmwares: WiFi Pineapple Update your WiFi Pineapple NANO or TETRA to version 2.4.0 or aboveover the webinterface as you do normally Packet Squirrel Visit https://packetsquirrel.com/setup and follow the "Firmware Upgrades" instructions to install firmware version 2.0 or above LAN Turtle Update your LT, LT-SD, or LT-3G by using the "Check for updates" button inside of the turtle shell. Alternatively, follow the manual upgrade instructions from https://lanturtle.com/setup. You'll want to be on version 5 or above to have Cloud C2 support. Provisioning your devices: Once you have updated all of your Hak5 devices, you can go ahead and create new devices in the Hak5 Cloud C2 interface. After doing so, you'll be able to download the device.config files for each device by clicking the device from the list and then clicking the setup button from the device's menu. Once you have the config file, SCP it into the /etc/ folder on your device of choice and reboot the device. You should see it come online in the Hak5 Cloud C2 interface within a few minutes. Please remember that your devices will need to be networked to be able to reach the Hak5 Cloud C2 server (a mistake we made a lot during development). Introducing the Hak5 Cloud C2 video:
  2. 4 points
    One thing to help with all the other things. Ducky and bunny integration will be really cool. Great job guys!!!
  3. 3 points
    Yes, no, possibly and maybe. Yes, it will protect at least some of your network traffic as it goes from your device through to the FastestVPN server, at that point, the server decrypts the traffic and sends it on its way. That is what is mean by between the end points, you to them, what happens from them onwards depends on the type of traffic you are sending. This should at least get your traffic through the Chinese firewall. No, the Chinese have some very strict rules in place and may block the VPN or mess with the traffic in order to be able to decrypt what they see, for example swapping out encryption certificates. When doing this, if the client has been written correctly, it should warn you that something bad is happening so you will be able to make a decision as to what to do. Possibly, without knowing something about how FastestVPN works, it isn't possible to say how well they configure the service, done well and all your traffic should go across the VPN, done badly and all sorts could leak out around it. Maybe, without fully testing it in an environment where you can monitor exactly what is going on then it isn't possible to know for sure. Something to remember, if you are using public wifi and they have a captive portal (a web login page), then you'll probably need to have the VPN off to reach it meaning all your traffic is flowing in the clear till you've logged in. Also consider "Evil Maid" attacks and general surveillance. A VPN is good, but a camera pointed at your screen watching everything you do will defeat the protections to a degree.
  4. 2 points
    If we need any more leverage for reminding us the importance of security in app development here it is: https://www.eureporter.co/rss-imports/2018/09/29/conservative-party-conference-app-reveals-mps-numbers/ It'll be interesting to see what secure development lifecycle approach was used by the comms company http://www.crownbc.com/ who made it! Conservative Party Conference - Apps on Google Play
  5. 2 points
    You mean Samy Kamkar. You can find the exact project you're referring to (MagSpoof) here.
  6. 2 points
    First question, what are you interested in? And if you are running Mint, stick with that and install the tools you want to use in there. It is more work but believe me, it will work out better in the long run.
  7. 1 point
    I've finally gotten around to updating the PMKID module with a couple of new features. v0.3 includes the following additions. Changes to config (specifically the command line args) are now persisted (cc: @PixL) The ability to switch between include and exclude as the filter mode is provided (cc: @Just_a_User)
  8. 1 point
    There is a pinned post in this forum going through the set-up instructions ?
  9. 1 point
    The business version will add the ability to logically differentiate by site, along with multiple logins for teams / collaboration. There is no limit to where devices may be deployed, however the stats on the home tab are aggregated from all devices in the site.
  10. 1 point
    Huge, just huge... thank you dev team for putting this together. I can't wait to try it out.... now where is that Pi hiding...
  11. 1 point
    Kismet - Pineapple Edition - With WEB-UI I just saw the video uploaded by Hak5 to youtube the other day, where they used an array of Tetra's running Kismet to scan ALL channels at all times. After that, i just had to get it working! Today i finally managed to compile the latest source-files for kismet, which also has a working web interface. I've tested it all day on my Tetra, but it should be working on the Nano as well. It might complain about the version of libmicrohttpd , so i recommend to also download the version of libmicrohttpd on my repo. (links to ipk's below) All the other libs should work (downloaded under installation), if you just remember to run opkg update before installing them. I've updated the version of Kismet (26.05.2018). So the "issue" with libmicrohttpd should be fixed, and it should now be content with the version on openwrt's repos. which it downloads under installation. Also tried adding support for libpcap and pcre, please test it out. ? Kismet Kismet-remote After installation: Run "kismet" inside a SSH terminal to the Pineapple. Kismet should launch. You should now be able to access the web-interface on TCP-port 2501. (Eg: Another tip: run airodump-ng-oui-update on the Pineapple When completed, run: ln -s /etc/aircrack-ng/airodump-ng-oui.txt /etc/manuf This will make Kismet use Aircrack-ng's OUI database. ? Ask questions, or whine about issues here. I'll try my best to keep it up to date. Makefiles needed for the OpenWRT-SDK can be found on the repo. mentioned above, if you want to compile it yourself.
  12. 1 point
    Out of curiosity what is your use case for broadcasting all SSIDs? Broadcasting additional SSIDs comes with overhead and the best practices I've read recommend keeping it to 3-4 or less. You can execute a Karma attack without publicly broadcasting all collected SSIDs, just enable "respond to beacons", "allow associations", and ensure your filter settings will allow the clients you want to capture.
  13. 1 point
    In which case look for live box CTF challenges such as Metasploitable and the boxes available on https://www.vulnhub.com/ . And as for network stuff being the core, not really, there is no core. I'm currently dumping a client's full database through a web app vulnerability, on some networks you need to know wifi skills to gain access and softer skills such as analysing network design and segmentation also come in very handy. That is why I say to anyone who asks this question, pick what you are interested in and learn that. Don't try to jump in to areas that others say are sexy, fun, well paid, if the area doesn't interest you as whatever area you choose will probably also be sexy, fun and well paid once you are good at it.
  14. 1 point
    If the access point and client both implement 802.11w then it should be protected from deauth attacks. 802.11w is a specification for encrypted management frames, but I believe both the AP and client need to support it for it to be effective. This could be your issue.
  15. 1 point
    My ebook is fairly straightforward. Check it out https://www.amazon.ca/dp/B0749CZL8L/ref=cm_sw_r_cp_awdb_t1_tpxQBbHD16CZK
  16. 1 point
    Ill give you some props here. I also have been working on a router Front end. debian based router. Rails server and bootstrap styles. this page shows a live stream of my current wifi signal strength in real time. I plan to add basic wifi tools for network management and then exploit tools. Live data stream from console applications is the proof of concept seen in the picture. this is a basic template I made I can now duplicate for other tasks like running reaver for example and see the live data stream at the front end.
  17. 1 point
  18. 1 point
    I think the iPhones have to connect over wifi.
  19. 1 point
    Yeah, we are definitely not helping with that.
  20. 1 point
    usually each module has a forum thread so thats a good place to start https://forums.hak5.org/forum/90-nano-tetra-modules/
  21. 1 point
    No anywhere but here Most members here are white hats and none of us will answer a question like that Also try to only post once not three different post just saying
  22. 1 point
    Why not buy it from the store?
  23. 1 point
    bb.sh never worked for me. Here's as simple script I made to make it work for me #!/bin/bash ifconfig $2 netmask iptables -X iptables -F iptables -A FORWARD -i $1 -o $2 -s -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward Then I just feed it the wan iface and lan iface sh ./bbshare.sh eth0 eth1
  24. 1 point
    Plug it into the NANO In the web interface, go to the Advanced tab. In the top right corner you should see a dropdown arrow next to USB. Click it and select Format SD Card.
  25. 1 point
    Introduction: This process requires an Android phone capable of running the EasyTether app which can be downloaded here: http://www.mobile-stream.com/a/easytether-device.apk and also possibly an SD card. The Lite version of the app prevents https & udp connection, so to use those you have to pay mobile stream $10 once, which I still think is better than paying your carrier that every month. I do not endorse tethering data without your carrier's permission, proceed at your own risk. I am currently working on a module that will automate this process, if you can't figure out this tutorial you can wait for that or contact me. Setup on Android: Download and install the EasyTether app and follow the in-app instructions for setting up USB Tethering. Setup on the Pineapple: You will need to install EasyTether for Openwrt located here: http://www.mobile-stream.com/easytether/drivers.html I used the OpenWrt 15.05 --openssl which I show being downloaded below. NOTE: You may need an SD card for this as it is a larger file. The below commands assume you have an SD card set up correctly. If you do not with to install to your SD card ignore the --dest sd options below and know that it may not work. root@Pineapple:/sd# wget http://www.mobile-stream.com/beta/openwrt/easytether-usb-openssl_0.8.5-1_openwrt-15.05-rc3.zip Once you downloaded the package, install unzip so you can open the previously downloaded compressed package. (BTW if anybody knows the the two errors at the bottom are let me know, to my knowledge they do not effect the packages being installed. My assumption is that opkg is searching in /usr when it should be looking in /sd/usr). root@Pineapple:/sd# opkg install unzip --dest sd Installing unzip (6.0-3) to sd... Downloading https://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/unzip_6.0-3_ar71xx.ipk. Configuring unzip. grep: /usr/lib/opkg/info/unzip.control: No such file or directory cat: can't open '/usr/lib/opkg/info/unzip.list': No such file or directory Then unzip the EasyTether application. root@Pineapple:/sd# unzip easytether-usb-openssl_0.8.5-1_openwrt-15.05-rc3.zip Then cd to the correct application distribution. root@Pineapple:/sd# cd 15.05-rc3/ar71xx/generic/ Then install the application! root@Pineapple:/sd/15.05-rc3/ar71xx/generic# opkg install easytether-usb-openssl_0.8.5-1_ar71xx.ipk --dest sd After that you can run the application (you do not need to be in any specific directory anymore) root@Pineapple:/sd/15.05-rc3/ar71xx/generic# easytether-usb Now control-C because the Pineapple doesn't have Internet just yet, you need to configure it to allow Internet sharing from Android by running the below command (all the lines at once). cat << EOF >> /etc/config/network config interface 'wan' option ifname 'tap-easytether' option proto 'dhcp' EOF You should be all set and see "Connection Established" if you followed the Android instructions correctly and have Internet on your Pineapple! If you need more help ask me or read MobileStream's tutorial. Good luck guys!