Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 05/01/2020 in all areas

  1. 2 points
    Getting the product to work as advertised would be a great start. Moving from concept to usable, dependable and effective production class tool would be my greatest wish.
  2. 2 points
  3. 2 points
    Hi, We're happy to announce the 2.2.x release of the Cloud C2, which features a new notifications system and support for the new Hak5 Key Croc! Change Log (2.2.0) Hak5 Key Croc Added support for the Hak5 Key Croc! Hak5's Key Croc is a Keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. Live keystrokes, typed history and keystroke injection can be performed remotely with ease. Notifications Notifications can now be sent from enrolled devices. Notifications can be managed from the new bell icon in the status bar of the Cloud C2. You can download the latest version over-the-air in your existing Cloud C2 instance on Linux or Mac, or visit the Hak5 Download Center to grab the release for all supported devices and operating systems. As always, thank you for the support and great community feedback!
  4. 2 points
    Key Croc A keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. Find the manual, or full user documentation for the Key Croc including getting started, software updates, payload development and tips from the Hak5 Documentation Center at: https://docs.hak5.org/hc/en-us/categories/360003797793-Key-Croc
  5. 2 points
    I have had a similar problem. I can not get any payload to save the output at all. I have been playing with the signal owl for days now and am unable to get it to actually do anything. I can ssh into it and run python in it which is pretty cool. I have to say it would be awesome to get this to work. I love HAK5 and wish Darren would do some damn video on the Signal Owl for us fans who can't seem to get it to work properly.
  6. 1 point
    @cyrus104, just wanted to check you saw Foxtrot's reply about this on Discord? The changes you suggest are exactly what I'd done and it looks like it's been applied by Foxtrot for the next version of firmware to be released. Hope that helps.
  7. 1 point
    Firstly, and I say this to be kind. Learn to use a search function. There is already a massive topic on it. https://forums.hak5.org/topic/913-hacking-where-to-begin/ Secondly, what do you specifically want to do? Coding can have nothing to to with the others if you just want to code. Think on what you want to do, then research the hell out of it.
  8. 1 point
    Roger that. Its going to be a few all of my Linux images were corrupted so I'm downloading fresh copies.
  9. 1 point
    Nevermind. Got it. Seems to be a problem when copying from OSX Machine via finder to the device. So if you having trouble also, try to scp directly 😉
  10. 1 point
    @emptyhen, I removed my PR as @Darren Kitchen submitted a complete rewrite of the default payload. While this new payload doesn't trigger the issue that we are seeing, most of the other sample payloads in the github do fall victim to this issue. I wanted to capture the fix you came up with here, please correct me if I don't get it right. In /usr/bin/shark_framework you modified line 120. from: echo "bash -C '$payload'" | at now to: echo "bash -c '$payload'" | at now You mention you chmod +x payload.sh, what about doing a chmod +x payload* at line 110? @Darren Kitchen / @Korben, The updated sample payload is vastly different than all of the other examples that utilize functions and are laid out in a easy to read / modify way. If possible can the change above to shark_framework be made? This would allow the sample payload to be reverted back to the original one which is inline with the other payloads in the git repository. Thanks
  11. 1 point
    Hi Pulkit, Making ISO from bootable USB is very easy if you know the right software and correct steps to follow. And I totally agree with @pradeep-india-IN has mentioned all the process. But i want to add and modify this process. You can use Imgburn efficiently but i don't think Rufus can do this job. So, just follow these steps. Download & Install Imgburn Insert USB and Open Imgburn. Now Click on Create image file from files / folders. Now locate to the USB directory and Select it. Now Configure the bootable advanced settings. Now set the Output directory and Start. And Done! Wait 2-3 minutes and your ISO file will be ready. For more detailed process with images you can also follow the Original Source Link. Hope it helps! And if you face any problem. Feel free to ask and i will definitely reply. Thanks
  12. 1 point
    http://www.just-fucking-google.it?s=make an exclusion powershell&e=finger
  13. 1 point
  14. 1 point
  15. 1 point
    i'm not sure if that's what you mean i have problems understanding the question. But I think what you're looking for is airodump-ng. enter the following in the terminal: airmon-ng start wlan1 && airodump-ng wlan1mon. Now you should see all existing wlan access points and the clients that are looking for them
  16. 1 point
    Check once if your SD card was recognized .... What is the output when you enter "fdisk -l" in the terminal?
  17. 1 point
  18. 1 point
    And there it is.
  19. 1 point
    This is a very simplified and vague explanation but it usually for pen testers it the entry door to a LAN. Depending on how well the WiFi network is deployed it may be a HUGE open hole in the network. There are other things like eavesdropping on the actual WiFi along with other tactics. Just look at it as a door way to possible full network access.
  20. 1 point
    When renaming a device, if you type a new name and hit cancel, the name is still changed. To test (1) Click on device (2) Click on Rename Button (3) Start typing a new name (4) Hit the cancel button
  21. 1 point
    Thanks!!! It works!! You are amazing!!!
  22. 1 point
    2.5Ghz and 5Ghz. One is likely on BG wifi, another on n/ac.
  23. 1 point
    Are you sure you performed these tasks befor? npm i serialport Adjust COMPORT and FILENAME in file node.js It seems COM port 21 does not exist. And you definitely need a TTL device, I used this one: DSD TECH SH-U09C2, You only need GND TXD RXD
  24. 1 point
    I don’t know what to do at this point. No help from The customer service what so ever .even here. I spent 200 dollars on a device I can't even use. I think I'm going to submit a Complain to BBB. I have no other option. Only had the device for 8 days. I received it on 04-30-2020
  25. 1 point
    Oh, and actually mine is doing the same thing.
  26. 1 point
    Wow, that's funny. I got the same email. My Tetra keeps refusing to start PineAP, and I have to keep resetting it to get it to work.
  27. 1 point
    I just finished installing some modues to my SD card. Everything seems to be working now CPU is no longer constantly on 100% SD Card works SD Card formatting works Looks like ther is some major problems with the new release Thank you for your suggestion! Much appreciated!
  28. 1 point
    I would suggest checking your spam folder. DM me the account and email and I can take a look to see what's going on.
  29. 1 point
    Stop stealing other peoples work :) You can see if you can figure out what base-theme they used, and base your own design on that. The same for plugins, and the like, but plain downloading everything, throw it on a new server doesn't make it your content, and yes, it is theft, and copyright infringement. You can buy base-themes and use for a starting point in your own design, some allow that. So, going that route would be the right route, everything else is plain wrong. Be creative on your own :) And yes, it can take a lot of time designing a website, that's half the fun :) If it's for a phishing campaign, stop doing something illegal :) You cant just download a WP site, you'll need the files, AND the DBase, to have a complete backup / copy. If you don't have creds, and can't get them, you're on the wrong path :) /Kent
  30. 1 point
    I've updated with my key. That I had for a while now.
  31. 1 point
    You can't just steal someone elses theme, that isn't how WordPress works.
  32. 1 point
  33. 1 point
    To all having issues like "Disconnect" in the webbased terminal: I had the same Issues, so I checked the traffic of a connected packet squirrel by connecting a plunderbug. The packet squirrel was able to connect to the Cloud C2 on port 2022 and the TCP connection was kept alive. Then I checked the browser console when trying to open the webbased terminal and saw that for the webbased terminal websockets were used. websockets were not properly passed by my nginx reverse proxy, so here is my new working nginx config: server { server_name c2.mydomain.com; # The internal IP of the VM that hosts your Apache config set $upstream 10.13.37.123:8080; location / { proxy_pass_header Authorization; proxy_pass http://$upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; proxy_buffering off; client_max_body_size 0; proxy_read_timeout 36000s; proxy_redirect off; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/cloudy.mydomain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/cloudy.mydomain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = c2.mydomain.com) { return 301 https://$host$request_uri; } # managed by Certbot server_name c2.mydomain.com; listen 80; return 404; # managed by Certbot } and the shell is now working 🙂
  34. 1 point
    GIve-Me-My-iP (GIMMP) This payload is used to force the SharkJack on to Static LAN's. Main Scenario - DHCP is disabled or not present on the LAN, only Static IP Devices. The Payload uses ARP-Scan to scan a Array of Subnets to determine if ANY devices are on those subnets. - If so connect to the last known network with devices and set the IP of the SharkJack to the Subnet and Last Digits you assign in the payload. Enjoy. NOTE: This payload requires the Router/LAN to have ARP Scanning enabled. Some Routers/LAN's do not have this feature enabled. The Code: #!/bin/bash # # Title: GIve-Me-My-iP! (GIMMP) # Author: REDD of Private-Locker # Version: 1.0 # # Description: This payload will determine if DHCP is enabled # on the LAN. - If not, it will scan a List of Common Network # Subnets for any Static IP Devices using ARP-scan. Once a valid # IP is found. It will set the SharkJack to the subnet of the last # detected Network in the log file with the ending IP digits. # # LED SETUP (Magenta) - Setting up Variables and enviroment # LED Yellow thru Magenta - Waiting to be plugged in # LED Cyan thru Magenta - Scanning Subnets for Static IP Devices # LED Green Blinking - DHCP found # LED Green SOLID - IP Address found and set to SharkJack # LED Red SOLID - Payload failed, No IP addresses detected # LED FINISH (Green) - Payload completed # # Ending IP digits of the SharkJack. SET_IP="250" # Source IP that the ARP-Scan will come from. FAKE_SRC="192.168.133.7" # Packet Rate for ARP-Scan. BANDWIDTH="100000" # Temp log file for output of script. TMP_LOG="temp.log" # Determine if SharkJack gets IP. while ! ifconfig eth0; do LED M SOLID;sleep .8;LED Y SOLID;sleep .2; done NETMODE DHCP_CLIENT; LED M SOLID; sleep 5; IP="$(ip route list dev eth0 | awk ' /^default/ {print $3}')" # Verify variable to compare SharkJack IP. VERIFY="^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$" function cleanup() { if [ -f "$TMP_LOG" ]; then rm -rf $TMP_LOG; fi } function scan_networks() { NETWORKS=( '192.168.0.0/24' '192.168.1.0/24' '192.168.2.0/24' '192.168.10.0/24' '192.168.100.0/24' '172.16.0.0/24' '172.16.1.0/24' '172.16.2.0/24' '172.16.10.0/24' '172.16.24.0/24' '10.0.0.0/24' '10.0.1.0/24' '10.0.2.0/24' '10.0.10.0/24' '10.10.0.0/24' '10.10.1.0/24' '10.10.2.0/24' '10.10.10.0/24' '10.100.0.0/24' '10.100.1.0/24' '10.100.2.0/24' '10.100.10.0/24' ) for i in "${NETWORKS[@]}"; do LED M SOLID; arp-scan --arpspa $FAKE_SRC -g -B $BANDWIDTH -I eth0 ${i} >> $TMP_LOG LED Y SOLID; sleep .2; done LED M FAST; LAST_IP=$(grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" $TMP_LOG | tail -1 | cut -d"." -f1-3) if [ "$LAST_IP" != "" ]; then SHARKJACK_IP="${LASTIP}.${SET_IP}" ifconfig eth0 ${SHARKJACK_IP}/24 up CURRENT_SUBNET="${LAST_IP}" CURRENT_GW=$(ip route list dev eth0 | awk ' /^default/ {print $3}') LED G SOLID; else # If no LAN detected, exit. LED R SOLID; exit 1; fi } # Start the script. If Valid IP, continue script. - If not lets scan some networks! if [ -f "$TMP_LOG" ]; then rm -rf $TMP_LOG; else touch $TMP_LOG; fi if [[ "$IP" =~ $VERIFY ]]; then # Gateway found. Continuing script. LED G FAST; sleep 1; elif [ -z "$IP" ]; then # No Gateway found (Blank Gateway Variable) NETMODE TRANSPARENT; scan_networks; elif [ "$IP" == "172.16.24.1" ]; then # Added to detect if the SharkJack remains on the current Arming Mode IP. NETMODE TRANSPARENT; scan_networks; else # Exiting with exit code 1. LED R SOLID; exit 1; fi # Final Cleanup. cleanup; # Run your SCAN's here.. OR ... if you have Internet Tester Payload backed up in SharkLib LED FINISH SHARKLIB="/root/payload/sharklib" PAYLOAD="${SHARKLIB}/'Internet Tester'/payload.sh" if [ -d "$SHARKLIB" ]; then source $PAYLOAD; fi Changelog: 1.1 - Initial Release
  35. 1 point
    Thanks @nterSUAR, I will try it. For windows, You can try Virtual Box application to run garageband app on your windows pc. I found this complete guide where steps are well explained so you can refer to that. Cheers!
  36. 1 point
    Hello all, I have been at this for a good 8 -10 hours now where I have read forum after forum, watched video after video and read troubleshooting to the point my eyes are about to bleed. The main issue is that since i have had the pineapple nano (little over a year now) my SSLsplit has yet to work properly even once. I have tried to use this module time and time again, and though it is set to autostart, well nothing happens. Then when I turn the autostart off and hit start, the button goes red and says running but down below in the output log it either says that it is not in fact running or even worse, sometimes says that it is not even installed! I mean, as far as i can begin to know, this is sort of the meat and potatoes of the pineapple, thus only being a small piece of what can be used, but a crucial one especially when learning about pen testing. I have tried installing through ssh, spent hours on that, but i end up with one single annoying message every time. "sslsplit: can't load library 'libevent_openssl-2.0.so.5'". There is absolutely no hope from running it from the command line, so I have reached the point where I just need to flat out ask for help. I have read on some other threads where some people are having a similar issue, however I just don't understand this at all! Am i wrong to assume that this is a downloadable module or infusion for the pineapple gui and that once downloaded to internal storage (from what i have read) and then installed the dependencies that it is supposed to work without further intervention? I assume that when i ssh into the pineapple is the way to fine tune things, but shouldn't this just flat out be working ? Or is there some kind of invisible step that I am missing here? I don't mind using the command line to work this out, however I am not a superstar and I am a windows user, however i use Bitvise ssh client to ssh in and go from there but again I am not command line guru. Is there anyone who can help me? I have factory reset this thing a bunch of times, though i would rather not but have done so as i am hoping that something will change. I guess that after a year of playing with this thing I should without doubt had the success of being able to get the sslsplit infusion to work so i could see what everyone is always talking about when they've successfully had several connected clients to work with. Please help, there is so much to read and I end up with 40 open tabs trying to figure out what's going on, but ultimately forget where i even began. In the below picture shows how sslsplit says that it is running but it is clearly not. I do believe that this is the least of the issues at hand. -Thanks
  37. 1 point
    I recommend 1. On your ethernet adapter properties, sharing tab, turn off ICS Allow other network users to connect through this computer's Internet connection. 2. IPv4 Properties on the Wifi Pineapple Nano interface to obtain IP address automatically. 3. Go back to your ethernet adapter properties, sharing tab, turn on ICS Allow other network users to connect through this computer's Internet connection. 4. From there the Wifi Pineapple Nano should have IP address 192.168.137.1, now change that to 172.16.42.42 and subnet mask to 255.255.255.0. Note: Make sure you have properly setup your ethernet adapter properties, IP address and DNS server.
×
×
  • Create New...