Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 08/21/2021 in all areas

  1. Hi @jderp Thanks for the bug report. It would seem that all of the issues you are describing stems from one thing: the UI seems unhappy, which after some error is causing other elements (like buttons, recon data) to not load. I'm not quite sure what is causing the error yet, but I'll continue to try and debug it. I appreciate the screenshot of the browser console, was there any more? Could you describe how you've configured your device and what browser you're using? Thanks!
    2 points
  2. Give us more information, what type of information are you looking for, meta data, steganography, hidden but obscured content?
    2 points
  3. I know, it's a decision you have to make. I run all my Hak5 devices with Cloud C2 (that is possible), but not the Mk7 since I want to be able to access the features in the local web GUI rather than via Cloud C2.
    2 points
  4. Bought the new Mark 7 and want to give it a try during an assessment at work. Wireless is not a strong area for me. Looking to spoof an open access point with a captive portal. I have this setup with evil-portal and everything works great from my couch at home (where the actual SSID is very far away). However, in the office, it appears that ALL connections I've tried from a handful of devices connect to the real AP's at 5GHz. So I bought the approved Alpha USB device to get 5GHz. Running the latest firmware, I was happy to see the "hey, you have an approved device" screen. The device is visible in the GUI as wlan3 and can be selected as the recon interface. Great. I can run recon scans at 2.4GHz, 5GHz or both. My question though is how do I make my open access point operate at 5GHz? I'm only seeing 2.4 GHz (11 channels) from the drop down for the open AP. I'm expecting I'll see everything now in the office but clients will still connect to the real AP at 5GHz (seems to be the case with my own devices that are inches from the Pineapple). I'd love to be wrong about this (really). Last dumb question...if I change the name of SSID of the open access point and just rely on PineAP to broadcast the SSID, will I fare any better? The captive portal was a bit of a pain to setup and make pretty so I don't really want to abandon the pineapple just yet. Thank you
    2 points
  5. The pineapple can do all sorts of other things, the bit you are focused on is getting someone to connect to your rogue AP. Checkout all the available modules. Site Survey is built in.
    2 points
  6. You don't try to go for encrypted APs you go for unencrypted ones, most people have connected to at least one unencrypted AP in the past which is now stored in their favourites list. Think the free one at McDonalds or the hotel they stayed at. There was a bug at one point with a very small number of supplicants where they would happily downgrade to cleartext if the AP they expected to be encrypted wasn't, but doubt there are many of those around any more.
    2 points
  7. I could read that without wearing my glasses and that is good, although I advise keeping the font smaller (and normal) when posting. What Bash Bunny variant are you using? The Mark I or the Mark II? If a Mark II, do you have an SD card inserted/mounted? Where are your switch 1 or 2 content/directories located? What are you expecting your payload(s) to do? What's the content of the payload in switch 1 or 2?
    2 points
  8. And another one https://www.fail2ban.org/wiki/index.php/Category:HTTP
    1 point
  9. I assume you've fully read all the fail2ban documentation? https://www.fail2ban.org/wiki/index.php/HOWTOs
    1 point
  10. Yeah but you will learn a lot more if you do it by yourself. So you just need to backup the Documents folder with its subfolders?
    1 point
  11. After going to recon and starting my scan i pick a AP then i start the handshake capture then deauth after the deauth option is ready to be picked again it gives a exit status 1. and that happens for anthing i click after that. what is exit status 1.
    1 point
  12. I personally have both, and I believe you should have both. The Rubber Ducky works instantly and is only $45. Well worth the purchase. I dislike how I cannot easily take out the MicroSD card and put a new payload in it because none of my PC/work laptops support MicroUSB plugging in but overall, once I get a payload and modify it a little bit, that thing takes off so fast and works fantastic. The BB is great, but it has a 7-second boot. And it is obviously not a flash drive. Huge differences, but yeah, the BB can also run ducky scripts.
    1 point
  13. The Pineapple Mark VII Is A Beast by AgtShadow | Shadow Gaming So, I have so far collected 107 handshakes and cracked a lot of them in Kali Linux. It is scary how powerful this device is. Long read, but I hope you do. TL:DR: Powerful device, google drive folder with redacted screenshots included below this paragraph, how to limit long wordlists when cracking handshakes, converting them and more Opening Thoughts: The screenshots are too big to include here, so here are some I had captured before the update wiped everything, and the ones I took this morning (this Google Drive folder is not from my business account, so it should not ask for permission to view this folder) Google Drive Link I have no plans to do anything with them after cracking them, either. I just wanted to see how powerful this device is. It seems running the Enterprise Client while making a campaign in Active Mode and having the PineAP-Open appears to provide some insane amount of data leaked and near almost constantly connected clients. I live in the suburbs of a city in California Central Valley, so the traffic is low, and the neighbors are limited, but someone getting powerful results with this. I am working on a React.js web app to deploy by midnight tonight, so I am losing time to Kali/Pineapple to work on this, so I will resume more research on this device, as well as the Rubber Ducky and Bash Bunny Mark II, after I deploy my new website/web app. I am a Web Designer and Developer first, penetration testing has just been this 14 month passion/hobby of mine, and watching/buying Hak5 gear has been essential, as I carry my Bash Bunny/Rubber Ducky/Work Laptop and WiFi Adapter on me everywhere I go now. The Handshakes Captured, How and the Results: I wanted to spend a few hours or so yesterday looking over the insanely long HTML reports, the over 100 handshakes I have had (this screenshot is after I went from beta to stable release, so it erased everything, but I downloaded everything before it being wiped from the update to stable). I also included a screenshot of my pineapple-handshakes directory in my 6TB external HDD, where I keep all my VMs and store pictures/screenshots/downloads, etc., instead of clogging up my 1TB NVME C:\ drive. I do this with several SSDs and external SSDs as well. All I ever do with this thing is keep it running in a pinned tab on my Windows 11 machine (64GB of RAM, Intel i9-9900K 5Ghz 8 cores, NVIDIA RTX 3060, Windows 11 Beta Insider Preview Build, etc.), keep it in active mode. From time to time run a campaign I made where it runs inactive. Reports plaintext and HTML reports, and eventually Cloud C2 once I get the time to set it up through the command line, it seems. Still, every time I open Windows Terminal through that directory, I download the Cloud C2 files or cd to it. It does not open like it does when I just double-click it, even running Windows Terminal in Admin Mode or using cmd.exe.) Limiting the characters of the rockyou.txt file from 14m passwords to about 1m, and limiting the characters to 8-32 characters/digits/symbols, cracked them much faster. To do this, just do this as it helped tremendously (and hopefully will help others newer to this as it took me some time to figure this out after over a year in Kali Linux): (to see the 14 million lines of text in the rockyou.txt file: wc -l rockyou.txt I then copied the rockyou.txt to my documents/pinelists directory: cp /usr/share/wordlists/rockyou.txt rockyou.txt Only keep passwords that are 8 to 34 characters in length, and make that copied rockyou.txt file to a new file, just make sure you are in that directory with the copied one, I use wpacracks1 as I have made a new one after cracking over 80 passwords from these handshakes to include into them). sudo grep -x '.\{8,34\}' rockyou.txt > wpacracks1.txt wc -l whatevernameyouwant.txt You can use Hashcat, or the utility in Hashcat, or on their website here to convert the .pcap file to something hashcat can work with, or use the 22000 files as well. However, I converted my .pcap files, and I believe the pineapple provides you with .cap files, but I converted them anyway, super fast and straightforward. Main Conclusion: Anything else I am missing here? Or should we do better or differently? And what else can be done with these? I am 100% ethical about this stuff. I mainly use my Rubber Ducky and Bash Bunny to automate tasks at my current IT job at my college, where they have authorized me to use them to test payloads, as long as all sensitive data is destroyed upon clocking out. They never check, but they know I am an honest person that is mainly a Frontend Web Designer and Developer. So, if I check my notifications from @Darren Kitchen GitHub repos from Rubber Ducky, Bash Bunny, and Ducky Toolkit. Side note, for anyone who has more available time than I or is better suited for/experienced in pentesting than I, please keep adding to and fixing these repos and payloads. Most of them I have tried on Windows/Mac/Linux desktops, laptops, tablets, phones, FireTVs, etc., from work to school (with permission). Many of them do not work or must be modified, especially the DELAY and other things, as my work uses Sophos. When I image laptops/PCs/Macs, I have removed anti-virus from them to test as well, and many still have some sort of conflicted issue I just, unfortunately, have no time for at the moment. Surprisingly, the USB Rubber Ducky Deluxe works amazing, modifying the delays and they work better than my Bash Bunny Mark II somehow, and of course the 7 second boot, but I am not doing in the field social engineering tests anymore, I did with a few coworkers and it is shocking how easy it is to pop one in, either or, and get results and unplug before they notice. I of course tell them later, and show them the loot directory, with only two of them, and they thought it was cool, but those were the ones that worked. I need to get back to work finishing my react web app. I am working hard to land this React Developer position soon and get an interview with them in 4 days after a phone interview, so I am really excited but incredibly overworked now doing all of this. Plus finishing my Associate Degree in Web Design this fall semester as well. And my wife and kids need time with them more than ever after all this work/school/etc. So, any tips, tricks, or helpful advice moving forward would be greatly appreciated as I do not have any time to work on this anymore. And the handshakes, connected clients, reports, and everything just keep flowing in, so I am leaving it in passive mode and disabling the campaign until I get back to pentesting. Also, my wife and kids hate me being on my PC all day, so I spent the weekend mostly with them, but I am back to post and finish my web app and deploy it. Anyway, attached are the screenshots and included here. It is already time-consuming redacting private information on these screenshots poorly, I don't even want to fire up PhotoShop, faster to load up Paint and do it dirty, but it works. Windows 11 vs Windows 10 mini-rant: And yes, Windows 11 for the past two weeks on my machine, in my experience, has been much smoother, faster, better, and the new interface/UI/GUI improvements, as well as WSLg. Hence, all your WSL Linux apps are standalone in Windows 11 (like setoolkit or hashcat or CherryTree, etc., can all be run as a standalone app within Windows 11, instead of firing up VMware Workstation Pro 16, Kali Linux, then opening the tools, I just Windows Key + S > <kali Linux app name>, click on it, it loads up, no terminal needed for every app within Kali Linux, Debian, Ubuntu, Git Bash, Azure, literally all the WSL subsystems I have installed on my machine that I usually would access through Windows Terminal Preview (can be downloaded and highly customized in the Windows Store, and you can get Winget, windows package manager. On top of all of this, gaming has been much better, CPU/GPU utilization, the list goes on and on with why I installed Windows 11 over Windows 10. Much more beautiful (please Microsoft, tabs on Explorer.exe, and dark mode integrated into ALL Windows apps and utilities like Control Panel, etc and beautify those as well as keeping the Windows 10 skin.) Sorry for the long read. I type fast and probably talk too much outside of the topic. It is a flaw I am working on.
    1 point
  14. It would be good to get a more detailed feedback on how it was solved. Other users could benefit from that when visiting and reading the forum threads.
    1 point
  15. The first thing I would do is to ditch Metasploit and test it all out with netcat. Run a listener internally, set up your ngrok, then try to connect to it using netcat on the outside. That will help you get an idea of how it is all working and to debug it in a much cleaner way.
    1 point
  16. What module are you asking about? The title says URLSnarf (which is broken, if not fixed recently but I don't think so since it's removed from the Hak5 GitHub repo containing modules for the Turtle), and then autossh and sshfs in the text. Is the question about all three modules or just one/some of them?
    1 point
  17. What switch is it set to? https://docs.hak5.org/hc/en-us/articles/360010554053-Switch-Positions
    1 point
  18. With the autossh module stopped in the Turtle "text based GUI", try running the following directly from the terminal on the Turtle (change user@address to something relevant for your setup and ports as well, if not "default") autossh -M 20000 -i /root/.ssh/id_rsa -R 2222:localhost:22 user@address -p 22 -N -T If that works (it should), change the following line in /etc/turtle/modules/autossh from: uci set autossh.@autossh[0].ssh="-i /root/.ssh/id_rsa -N -T -R "$autossh_remoteport":localhost:"$autossh_localport" "$autossh_host" -p "$autossh_port" " to: uci set autossh.@autossh[0].ssh="-i /root/.ssh/id_rsa -R "$autossh_remoteport":localhost:"$autossh_localport" "$autossh_host" -p "$autossh_port" -N -T" Furthermore... to get the module itself working, change the lines in the "configure" function of the autossh module from: autossh_host=$(uci show autossh.@autossh[0].ssh | awk '{print $7}' | sed "s/'//g") autossh_port=$(uci show autossh.@autossh[0].ssh | awk '{print $9}' | sed "s/'//g") autossh_remoteport=$(uci show autossh.@autossh[0].ssh | awk '{print $6}' | sed 's/:/ /g' | awk '{print $1}') autossh_localport=$(uci show autossh.@autossh[0].ssh | awk '{print $6}' | sed 's/:/ /g' | awk '{print $3}') to: autossh_host=$(uci show autossh.@autossh[0].ssh | awk '{print $5}' | sed "s/'//g") autossh_port=$(uci show autossh.@autossh[0].ssh | awk '{print $7}' | sed "s/'//g") autossh_remoteport=$(uci show autossh.@autossh[0].ssh | awk '{print $4}' | sed 's/:/ /g' | awk '{print $1}') autossh_localport=$(uci show autossh.@autossh[0].ssh | awk '{print $4}' | sed 's/:/ /g' | awk '{print $3}') Also change the line in the "start" function of the autossh module from: autossh_host=$(uci show autossh.@autossh[0].ssh | awk '{print $7}' | sed 's/@/ /g' | awk '{print $2}') to: autossh_host=$(uci show autossh.@autossh[0].ssh | awk '{print $5}' | sed 's/@/ /g' | awk '{print $2}') Done!
    1 point
  19. I think you have mixed something up and made settings that isn't needed (or shouldn't be there). 2222 has nothing to do with the local sshd on the vps. Just skip any settings for the local sshd on the vps and see it from the Turtle perspective.
    1 point
  20. Remove $IP and put the IP address there instead, you could also get rid of $IP-listenip, it's not a valid parameter (or it should be a space in there) It could be scripted and use the $IP variable if $IP is given a valid value/IP address Instead of: ./c2-*_amd64_linux -hostname $IP-listenip $IP Use something like: ./c2-*_amd64_linux -hostname 10.10.10.10 (where 10.10.10.10 is an example)
    1 point
  21. OK, it should be visible among the "binary garbage" in the device.config file. In what way do you start your C2 instance? (Don't post any sensitive/personal information such as domain names or IP addresses here though), I've helped ppl that has followed Darren's example using a variable for the IP address that makes a total mess of it all if you don't understand what you are doing and doing it wrong (no blame on Darren at all, he just did it in a way to help ppl and make it easier to get started). More exact, I've spent some hours with some users where it eventually surfaces that they have used $IP when starting the C2 instance, but using $IP isolated with nothing in that variable, it will for sure create problems that will make it look like the C2 instance is running perfectly well. However, it spills over all the way to the Hak5 devices since that creates a device.config file that also uses $IP as a parameter and that simply says nada to the Hak5 device which makes it impossible for it to connect to the C2 instance. I'm not sure if that is the fact for you specifically, but make sure that the C2 instance is started with an IP address or a domain name that is valid and reachable from the internet (or locally at least if using the C2 instance on a local network only) and then make sure that it's visible in the device.config file as well. From your output, it seems as if you have something wrong in the line that starts the C2 instance. "-listenip" shouldn't be a part of the device.config file. You should either have the IP address or domain name before the port in that file.
    1 point
  22. Haven't experienced that before, I guess you need to tell more in detail about your setup and how you start your C2 instance to be able to troubleshoot any further.
    1 point
  23. Careful with the thread necromancy there buddy. There's definitely a EvilPortal module for the tetra, as for DNS spoofing check out this rather old video of our very own DK talking you through it: Obviously this is for the mk5 I think but the process should be the same.
    1 point
  24. Try adding the MAN_ and SN_ parameters to your ATTACKMODE. You probably also need to add another mode in addition to just HID because simply HID by itself (or any one attack mode for that matter) will enumerate as a single-interface device rather than a multi-interface "composite" device, which is what the target is expecting. See https://docs.microsoft.com/en-us/windows-hardware/drivers/install/standard-usb-identifiers
    1 point
  25. Hey all, I found myself in the situation that any matchless payloads I wrote (e.g. payloads without a MATCH sequence) would not run on boot of the Key Croc. I tried many things, like setting ATTACKMODE HID with and without specific hardware properties, attaching a keyboard even though it should not be necessary etc. Nothing worked. While debugging I found the matchless payload detection in the "croc_framework" file (/usr/local/croc/bin) being badly implemented. The grep would not reliably detect non-match payloads and also did not take into account commented lines (#) or whitespace. This can be found in line 538 in the function execute_non_match_payloads() in the original 06/2020 firmware. The original line 538 is: for p in $(find /root/udisk/payloads -type f | xargs grep -c 'MATCH'|grep 0$|cut -d':' -f1) Replace it with: for p in $(find /root/udisk/payloads -type f | xargs grep -cHP '^(?=[\s]*+[^#])[^#]*(MATCH)' | grep 0$ | cut -d':' -f1) ... and now find yourself with working matchless payloads! For me, these are really important and provide great use cases. Best regards, lartsch
    1 point
  26. Same scenario here. I would love to know what needs to happen to be able to stand up a 5GHz open AP from the "Access Points" tab. Recon works fine now with 5GHz.
    1 point
  27. I've used it a few times, but not as my sole device. I bounch between Kali (laptop),Raspberry pi 4 and use the pineapple more for its "visual" features. I not fully confident in using it as the only device I take out with me. You should use multipal devices, not just rely on the pineapple. But for me personal, its all about the pi.
    1 point
  28. Seeing all of issues people have with the MK VII, I'm curious if anyone has used this or any version of the pineapple in a professional setting?
    1 point
  29. Or you could `ping 1.1.1.1` or `ping 8.8.8.8`
    1 point
  30. I had the same knightmare too, it turned out the device doesnt like the internet connection to be a hidden network (god knows why). Also try opening the pineapple terminal enter ping google , See what you get.
    1 point
  31. I'm not that sure I would use the Shark for such a scenario. That device is more of a "hit and run" thing rather than being persistent. Battery life also needs to be considered (even though it's possible to run the Shark with a power adapter while it's operating). In terms of Hak5 devices, I would probably use the Packet Squirrel in combination with some OpenVPN AS setup. Then, from a remote computer, go via the OpenVPN AS further on via the Squirrel and to the internal network.
    1 point
  32. Well, if it's still not solved, how can it be too late? As I understand it, there is work being done on getting the Croc to better accept different types of keyboards. It has for sure been a bit picky this far.
    1 point
  33. This is a old post please read the documentation. https://docs.hak5.org/hc/en-us/categories/360000982534-Bash-Bunny
    1 point
  34. Hey, I updated to 1.1.0 stable and im having the same issue but no matter what I try The option to choose 2.4 or 5.8 will not appear. I feel its some script not functioning when the usb NIC is attached. Where is the script / code located that initiates the function of showing the image / choice in the UI? I dont know much about this so I probably ask wrong question. Thankyou
    1 point
  35. Hey guys, would just like to share with you a functional Evil Portal that I have been messing around to work on the WiFi Pineapple MK7. The attack method of choice is up to you on how you would like the target to connect to your Evil Twin in order to obtain the Access Point Password. As time progresses this topic and the repo will be updated. Link https://github.com/alex-sesh/wifipass-capture Screenshots Notification and logs on the MK7 when a user enters the password to the Access Point you are spoofing. Demo
    1 point
  36. My name is completely unimportent. So is my dreams, needs and wishes. I am a hacker in training for one single goal. Stopping the manipulative sadisatic psychopaths that the law is not fit to stop. Murders break the law. So does thiefs, rapists, blackmalers, and so on. But true psychopaths doesnt technically break any laws. They manipulate honest people to do what the psychopath want, even if it ruins the life of the honest people. Nothing unlawful in that, but still extremly devestating for the honest people being manipulated. Someone needs to start hunting these psychopaths, and i am aiming to be that someone. But, as my nickname here implies, i am a beginner. There is a lot more i need to train in order to achive my goal. My realistic goal is that when i become a senior citizen, this hunt for psychopaths would be my primary engagement. Which gives me about 20-30 years of training. Considering the complexity of hacking and social engineering, i just might be fully trained when i become a senior citizen....30 years from now. The most importent goal is not to change the world today, it is to prepare to change the world tomorrow. No matter how much time it may take.
    1 point
  37. Hello, I purchased my Pineapple mark VII and I am really sad because the Evil Portal module does not work. I can start webserver, start evil portal, create new portal without problem. The problem is when activating concrete portal. When I click the activate button on some created portal, nothing happened, so the whole evil portal does not work without activated portal. Does anyone know why is this happening and its solution? Is there some way how do activate concrete portal with ssh if this approach within GUI does not work for me? Thanks, MK
    1 point
  38. Thanks! This worked for me. I was just about to send back my ULANSEN wifi adaptor back to amazon (Chinese clone)
    1 point
  39. Ah, that is true. I am starting to rewrite some of them and I need mimikatz for one. We should be able to install: 1. Mimikatz 2. setoolkit 3. airmon-ng I am unsure what else but aren't we able to fire up a Kali Linux VM and launch a Bash Bunny interface or better yet, sudo apt install <package> ? I am going to have to mess with this A LOT more this weekend otherwise most of these payloads are obsolete or work very poorly and I work in the IT and Web Development departments. So, I was able to test this Bash Bunny Mark II on about a dozen laptops today and several PC's and other hardware devices. Whether logged in or not, most of the payloads did not work except DumpCreds 2.1, where I do not see any information of mine that is worth anything to anyone. When I turn the switch on 1 or 2 and plug it in, it goes. We just need more tools and updated payloads that bypass newer issues or more creative ways to do things and my name is AgtShadow and I am here to help and have PLENTY of hardware to test this on (yes, my supervisor knows). So does the network admin haha.
    1 point
  40. This simple bash script for the Hak Wifi Pineapple Mark VII features persistent handshake storage and automatically submits your handshakes to this wonderful service (onlinehashcrack.com)! You will receive an email confirmation and upon completion! Sit back, relax, and automate your WPA pen-test workload with ohc-api.sh. https://github.com/sailboat-anon/wifi-pineapple-mark-vii install and use wget https://raw.githubusercontent.com/sailboat-anon/wifi-pineapple-mark-vii/main/scripts/ohc-api.sh nano ohc-api.sh (change the receiving email address, 'email=') chmod a+x ohc-api.sh ./ohc-api.sh You'll likely want to run this on a schedule (default: 5min) export VISUAL=nano; crontab -e */5 * * * * /pineapple/ohc-api.sh workflow: capture handshakes using mark vii handshakes are moved from /tmp to /root/loot/handshakes handshakes are sent to the onlinehashcrack.com api, user receives an email confirmation and upon completion (be sure to set the 'email' variable below to your email address) submitted handshakes in /root/loot/handshakes are renamed 'submitted-.cpab' persistent handshake storage: /root/loot/handshakes transaction logs: /root/loot/handshakes/logs
    1 point
  41. Is there any step-by-step instructions on setting up C2? It can be very confusing and reading the thread makes it more confusing. 1. If you are running on Windows and double click nothing happens. 2. When you go to the command prompt and run a command line it wants a host name or IP address. What IP address should I be using? If it is a Cloud shouldn't I be using your IP address? 3. When you talk about a host name should I be using one of my servers? I'm confused on this.
    1 point
  42. I am also having basically the same issue. Im just running the Cloud C2 server locally and I can connect to it, add a device (wifi pinapple VII) then download my device.config file. I have the wifi pineapple using ICS and it has connectivity as when on its browser gui I can successfully update the news and download modules etc. At that point I go into its settings and upload the device.config file. The file has properly uploaded because the browser displays the message "This device is enrolled in a Cloud C2 instance. Management from this local interface has been disabled". At that point after a reboot its supposed to show up in Cloud C2 but it never does.
    1 point
  43. I have the same issue as OP. Ive used the Mark7 for only a few hours, but I am sensing a trend already that's leaving me uneasy. I’ve encountered multiple issues that other users are experiencing as well. The documentation/videos have many inconsistencies between stated procedures/troubleshoot fixes and reality. There may be workarounds, but I've only seen them provided by the “community” so far. Hak5, the company that sold the product, has yet to provide responses to any of the issues I’ve experienced. I’ve yet to contact them personally, but the lack of response from Hak5 on the forums is foreboding. I was looking forward to the Mark7 – hoping to use it as a main driver to launch a new service offering. Unfortunately, after spending only a few hours with it and the documentation/videos/forums, it’s proving to fall majorly short of anything acceptable. I glanced at hak5’s Refund policy and cringed at the stated requirement that the returned product must be unused and almost vomited at the 30% restocking fee. Again, I only glanced – I hope a further read of the entire policy reveals that Hak5 will accept returns of and charge no restocking fees for products that have been advertised as functional but delivered as anything but. Holding onto hope that what I’ve read about Hak5's Pineapple line to be true - can anyone attest to the proper working of any previous Pineapple models? Recommendations, please. My ideal exit strategy would be to return this Mark7 junk for an older, properly functioning model (oxymoronic, isn't it?).
    1 point
  44. Okay, update out! Now the payloads fully bypasses UAC and still runs lazagne as admin. Creds go again to PoshMagicCode, for his powershell UAC bypass. Thank you, it's really useful. Check it out! I made a pull request, so if it's good enough it would be published to the official repository. I would love to see it there!
    1 point
  45. There are at least 4 simple ways to install packages: 1. ICS & SSH Connect your Shark Jack to your computer's Ethernet interface and boot it into arming mode. Then share your computer's Internet connection with the Shark Jack (outside the scope of this post) and SSH into the Shark Jack. Finally, use the commands `opkg update` and `opkg install curl` 2. LAN & SSH Load your Shark Jack with the ssh-ip-blinker payload, then connect the Shark Jack to your LAN and boot it into attack mode. Then SSH into the Shark Jack. Finally, use the command `opkg update && opkg install curl` https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/util/ssh-ip-blinker/payload.sh 3. Headless Load your Shark Jack with the package-installer payload, setting PACKAGE_TO_INSTALL to your package of choice ("curl" in this example). Then connect the Shark Jack to your LAN and boot it into attack mode. Wait for the LED FINISH (Green blink to solid) to indicate that the package has successfully installed. https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/util/package-installer/payload.sh 4. Cloud C2 Provision your Shark Jack with a device.config file from your Cloud C2 server and edit your payload.sh file to run `C2CONNECT`. Then connect to the Shark Jack via the web Terminal from your Cloud C2 server and issue the `opkg update && opkg install curl` command. https://c2.hak5.org
    1 point
  46. I solved it by editing e.cmd so that it formats a legit file name. You can see my post in the other Password Grabber thread. Failure to create the directory was the clue. It never gets to the point it runs Lazagne. e.cmd
    1 point
  47. I managed to fix this problem by making a few modifications to the e.cmd file all i did was drop the V after the -v in the cmd that runs laZagne.exe i also did so fiddling around and managed to make it so it outputs to the proper file for organizational purposes the modded e.cmd file is attached to this post if you want to see what was modified e.cmd
    1 point
  48. Okay, I came up with some steps for the new comers to get up and going on their BBs. This includes testing your BB after you got it to make sure it is working and then updating. 1) After you get your bunny, stick it in arming mode. Switch position closest to the USB port. 2) Put BB in computer. It should come up as a USB storage device. 3) Inspect the device has a loot, tools and payload folder 4) In the payload folder go into switch1 folder. 5) In the payload.txt file clear all text out of it and put the following. This for windows machines. ATTACKMODE HID LED G R Q DELAY 5000 Q GUI R Q DELAY 500 Q STRING notepad Q DELAY 500 Q ENTER Q DELAY 2000 Q STRING "Hello World" Q DELAY 500 Q ENTER LED B R ATTACKMODE RNDIS_ETHERNET LED G 6) On windows the above should open up notepad and type hello world. After that it will switch to attackmode ethernet for windows. 7) At this point you can try and ping 172.16.61.1. If you get a ping back, ethernet seems to be up. Now, try and use putty to ssh into the BB using root as login name and hak5bunny as password. If you get in, your bunny should be golden at default. Now, time for the fun part. On this part you are going to firmware upgrade the Bunny. Only a few people have had bad luck with this, most of the issues have been from lack of patience. It takes awhile, on mine it took 5-10mins so make sure your machine is plugged into live power and the USB port you are using is good. You want no interruptions. Kill that USB powersave mode too. Now, download the firmware from here and do check checksum, it is there for you to make sure your download was not corrupted. https://wiki.bashbunny.com/#!downloads.md Unplug the bunny and switch it back to arming mode, switch position closest to USB port and put back in. When the storage for it comes up, copy the file still compressed to the root of the bunny storage folder (not in loot, not in tools and not in payloads). Safely eject bunny from Windows and unplug the bunny from the usb port, wait 5-10 seconds and plug it back in and do the hardest part.....wait. If upgrading from 1.0, the led will flash red while it is flashing. It will flash red for awhile. Let it flash red, leave it alone, do not do stuff on computer that it is plugged into, go do something else. When it is done it will flash blue and your BB storage will show up again. From this part you copy the tools from this forum thread to the tools folder on the BB storage drive. After you have done that, tell Windows to eject the BB drive so it is sure to sync and not create a dirty bit. (whenever you are going to disconnect in arming mode, always eject the BB) Wait 5 seconds and plug it back in and wait. When the BB is done installing the tools, the storage drive will show up again for the BB. At this point you should be updated and ready to go. Go grab some payloads and try them out. Copy the contents of one of the payload's folder to a switch folder. Do not copy the folder itself into the switch folder, just what i inside the folder (contents). If you storage folder is operational but empty like it has gotten erased, you will have to serial into the BB while in arming mode and do a " udisk reformat". Adding folders by hand back in will not work due to permission differences. Serialing into the BB can be found on the wiki here, along with SSH instructions and emergency firmware recovery. https://wiki.bashbunny.com/#!index.md
    1 point
×
×
  • Create New...