Jump to content
Hak5 Forums

Leaderboard


Popular Content

Showing content with the highest reputation since 12/21/2018 in all areas

  1. 5 points
    Hey guys, I'm sincerely sorry for not making a formal announcement when the podcast went on hiatus a few weeks ago. I should have said something - but seeing as Hak5 has been in my life since the beginning - it was too hard to say that I was putting the show on hold. I've been going through a difficult time in my personal life (tl;dr: wedding is canceled) and I wasn't able to do the show the justice it deserves. That said, I'm resilient and new episodes will begin to air on January 2. We're also growing as a team, and we have amazing plans content, products, and community in 2019.
  2. 2 points
    It would be awesome if I could manage my wifi pineapples modules/payloads from cloud C2. Obviously this would be true of the other supported devices as well.
  3. 1 point
    I made a POC of a remote shell for windows accessible via TOR hidden services. This could easily be made into a BashBunny payload. See my project description here: https://www.cron.dk/under-the-radar-remote-shell/ Comments are welcome.
  4. 1 point
    @Darren Kitchen Sorry to hear that man. I know the whole community is here for you!
  5. 1 point
    Hmmmm... I am not familiar with any laws surrounding collecting users MAC Addresses but I would suggest that you actually use two raspberry pi zeros instead. They are super cheap and you can probably write a python script to do exactly what you described in an hour.
  6. 1 point
    So, I have not tried on windows but translating the instructions and my experience with the BB and Linux I see these things. 1 set payload.txt to: ATTACKMODE RNDIS_ETHERNET 2. Discover what interface comes up for the BB. It will be a new one. I would inspect interfaces before the BB and interfaces after to see what comes up. 3. Right-click the interface that connects your machine to the internet and select properties. 4. Select the sharing tab and set to allow users to use this internet connect and select the BB interface in the list of interfaces. 5. Change the ip on the BB interface to 172.16.64.64 and subnet 255.255.255.0 try and ping the bb at 172.16.64.1. ssh to it at that ip if pingable. The script for the BB does kind of the same with setting the IP on the interface that connects the BB and enables forwarding.
  7. 1 point
    Give us more information. What do you mean by a device that shouldn't be there? Where is it and how do you know it is scanning you? When you say web facing, do you mean internet facing?
  8. 1 point
  9. 1 point
    This is incorrect. The filters need to be in "Deny" mode with no entries listed in order for any client to connect.
  10. 1 point
    Have you tried connecting to the Tetra's wireless network? I do that, then go to the web UI, but unfortunately it's very buggy. You're better off using the command line.
  11. 1 point
    airmon-ng check kill airmon-ng (to check your lan adapter name) airmon-ng start wlanxxx ( your lan adapter name)
  12. 1 point
    Thx - I am having the same issue. New Tetra, (replacing my Nano) plugged it in today and no go.
  13. 1 point
    Was this a first boot after a factory reset by any chance? I see that the command used to conduct a site survey failed. What happens when you execute the following commands: /etc/init.d/pineapd start /usr/bin/pineap /tmp/pineap.conf run_scan 15 2 chmod a+x /pineapple/modules/Help/files/dumpscan.php /pineapple/modules/Help/files/dumpscan.php 0
  14. 1 point
    Xavious! Thanks for all your help and useful input. Those of us with mind reading skills really enjoy your insights. In 31 years of IT and Network administration I've known many folks like yourself. Fired every single one of them. X:\Downloads\c2-1.1.1_community\c2_community-windows-64.exe -hostname 10.0.0.1 -listenport 80 Where -hostname can equal your gateway on your network or an actual URL. _listenport for browser in this case If all goes well you should see something like this: X:\Users\You>X:\Downloads\c2-1.1.1_community\c2_community-windows-64.exe -hostname 10.0.0.1 -listenport 80 [*] Initializing Hak5 Cloud C2 [*] Initial setup detected. Setup token: UXXX-MXXX-CXXX-BXXX [*] Running Hak5 Cloud C2 Go to your browser and type "localhost" without quotes, follow the prompts to register and login. You'll need the Setup token and the license key to complete the process. Hope this helps
  15. 1 point
    Hi everyone, In an effort to lower the barrier to entry of writing Ducky Scripts even more, our newest addition to the development team @dallaswinger has created a totally self-contained HTML file which acts as a Ducky Script encoder. In addition to supporting all currently available commands the original Java based Duckencoder, this new version also supports different keyboard layouts in the form of the Bash Bunny language files. We will be adding more features to this encoder soon, and are especially looking forward to your feedback. Please leave all suggestions or bug reports in this thread. The jsencoder.html file can be found attached to this post and should be considered to be in beta. If it drinks your coffee, eats your pets, or starts an intergalactic war, please blame @dallaswinger. Note: You currently need an internet connection to load the bootstrap CSS and jQuery JS files. As this is not the final release, we have forgone including them inside of the HTML. jsencoder.html
  16. 1 point
    I've got myself a nice little Portal together now. Just have one problem left: After my iPhone connects to the evil portal, it correctly shows the apple captive portal. But after successful authorization the page just reloads and does not close automatically. This looks quite suspicious, even though I can close the window and am connected to the evil portal afterwards. Is there any way to fix this behaviour ?
  17. 1 point
    It's probably because the ports are literally filtered / closed on the target you're attempting to scan. I'd wait a while before trying again, then maybe a port might open - usually 80.
  18. 1 point
    @jayiod105, @plubowicz, and @Att3mp7ed-R3c()n if you completely delete the module from your Pineapple and download the latest from my GitHub you will not have this problem. This is an issue in the current version on the module manager and I have not had time to fix all of the merge conflicts from the pull request to the main repo. This is why the latest from my GitHub is not available in Hak5's repo yet.
  19. 1 point
    I spoke too soon. I'm back in business on the Tetra, code 2.3.1 after running these at command line: mv /pineapple/modules/PortalAuth/includes/scripts/libs/tinycss /pineapple/modules/PortalAuth/includes/scripts/libs/tinycss-old mv /pineapple/modules/PortalAuth/includes/scripts/libs/tinycss-old/tinycss/ /pineapple/modules/PortalAuth/includes/scripts/libs/tinycss rm -rf /pineapple/modules/PortalAuth/includes/scripts/libs/tinycss-old/ Worked like a champ actually. It's pretty freakin' scary how good this module works, which of course is part of the value of the Pineapple.
  20. 1 point
    I waited to reply to this. I am an old fud. There is nothing wrong with using the tools other before you have provided. The thing that makes me really call someone a script kiddy is when their learning and understanding stops there. So, you have this tool and its source..or an exploit and its source but you never bothered to look into how it works or what makes it tick. You never reverse engineered it to see what is going on hence you really do not know what it is doing. That is like giving a 5 year old a nuke. They know it goes boom but they do not know anything about fallout and radiation. So, being a temporary kiddy on your way to understanding is cool. Being a kiddy because you are mentally lazy is not hacking. Doesn't even define the word because you are only an expert at running someone else's tool. In my opinion you become one of the masses on github asking a creator they should figure out and add a certain exploit instead of themselves knowing anything about how the exploit works, much less adding it themselves. That is a script kiddy through and through. So, if you use metasploit to pop a test box, look at how that exploit works. Try and rewrite it in another language like python or whatever. Metasploit even comes with tools built into itself to inspect its payloads source. Want to learn how to exploit with Powershell, look at Empire and its modules. Use the tool and then look under the hood to see how it is pulled off so you know and can do this in any situation with almost any custom code. In the process you may come up with cool ideas yourself. Those two tools have taught me so much about how a C&C server would work. A magician pulling a magic trick when the magician who is doing it has no idea how they did it is sad. Funny when someone in the audience does know and can do it even better because they do.
  21. 1 point
    If you are asking "should I use tools from Github" then yes, that is what most of us do.
  22. 1 point
    I came up with the idea to "misuse" the LED colors (8 payload possiblilties) as payload indicator. This allows to use switch position 2 to select the payload (it copies the payload content to switch1) and make your selection with moving the switch to position 1. Pluggin in the stick with position 1 will execute your payload and indicate the payload color for 1 sec. The project is hosted on Github: https://github.com/H8to/HoppEye Strange to explain, but cool if you get the hang of it. Folder structure looks like the following: payloads/ payload_B_BluePayload/ payload_G_Green/ payload_OFF_empty/ payload_W_network/ payload_C_empty/ payload_M_PoisonBunnyTap/ payload_R_ReverseShellEmpire/ payload_Y_empty/ switch1/ switch2/ payload.txt <-- This is where the magic happens Please see the Github for further info.
  23. 1 point
    Quick update! Added 8th payload support - default colour is OFF Added full payload support, allowing the user to launch a full payload from the corresponding directory in Diodamic's switch folder E.g. If I chose the Magenta payload it would source the script from "<diodamic-switch-dir>/1/payload.sh"
  24. 1 point
    WabbitWeb The ultimate payload-handling tool! Hey guys, I finally got around to uploading my first payload, after many weeks of tinkering with it - trying to get it to work. So, what did I spend hours upon days upon multiple weeks making? This. A tool that focuses mainly on handling payloads. With this tool, you have to know that payloads are referred to as Letters, as the payloads are saved as letters (A, B and C). Target: Windows 7, 8, 8.1, 10 Dependencies: Impacket - For SMB server - WabbitWeb will still work without Impacket, but won't start the SMB server Directory 'ww' - Holds everything, basically Features: BashBunny-hosted python webserver - Handles all of the events, commands and pages! - Beautiful, user-friendly web interface that scales with your screen! File Command System (FCS - makes it sound a bit fancier) - Uses the BashBunny's file system to handle commands and functions! - If there is a file called COMMAND.sh in the 'ww' directory, it will instantly source and delete it! - Allows WabbitWeb to have a CLI interface in the website itself! Payload Launcher - Website app (handled by FCS) - Launch a Letter you just created using the Payload Editor! Payload Editor - Website app (handled by FCS) - Create a Letter, a payload saved to a letter (A, B or C) that is runnable almost instantly! - Doesn't handle existing payloads, only allows you to create new ones (future feature, maybe?) Command Line - Pass commands straight to the Bunny! - Logs and saves all commands to WabbitWeb! SMB Launcher - Website app (handled by FCS) - Launches a SMB server at WabbitWeb's payload folder - giving you access to all it's code DURING RUNTIME! - Automagically starts up a Windows Explorer window pointed straight at the SMB server! - Edit your Letters in your own editor (e.g. Notepad++) or copy your own payload to the folder, then use the Payload Launcher to run them! Shutdown (yes..this is a feature!) - Website app (handled by FCS) - Shuts down WabbitWeb (...what did you expect?) - Uses ATTACKMODE OFF to hide, thanks to firmware 1.3! Known bugs: Payload Editor - LED commands return a usage error - Sleep functions don't register - Swapping ATTACKMODEs isn't wise (doable, but it doesn't like it too much) Github: Link to Github page I will be updating this quite a bit in the background, so stay tuned if you are interested in keeping this up-to-date. I will only upload versions that are working properly, so don't worry if you think that its main features (Letters - Payload Launcher and Payload Editor) might not be working and therefore not update. Currently the files are in their own Github (master), so if anyone could give me a rundown of how to get Darren to put them in the payloads folder, shout at me in the comments or PM me. Usage: To use WabbitWeb, just copy the contents of the Github repo to a switch, plug the Bunny in with that switch ready and let it fly. Once it is flashing blue, you can open up Chrome (preferably Chrome, but most web browsers should work fine) and go to: 172.16.64.1:80 which will take you to the WabbitWeb's home page! From there, you can create payloads (known as Letters), launch the Letters you make, start up an SMB server so you can edit the Letters firsthand and edit the webpages if you really want..or just see the code as it is running. Okay, that's cool. How do I edit a Letter from the SMB server's folder? All you need to do is go to the 'scripts' folder and you should see 3 script files (among a few other files) there, la.sh, lb.sh and lc.sh. They are your A, B and C letters. If you create a payload using the Payload Editor, you will see the scripts update. If you create a script using Notepad++ or another program like that (e.g. Notepad - ew..) and save it as one of those letters, you can launch it using the Payload Launcher! Keep in mind that any output you make goes straight to a log file in the usual logs folder, so don't bother manually making a log file unless you want it somewhere specific. Screenshots: Link to Imgur post Updates: Updated to 1.0.1 on 5/05/17 Updated to 1.0.2 on 5/05/17 Updated to 1.0.3 on 8/05/17 Updated to 1.0.4 on 10/05/17 Updated to 1.0.5 on 10/05/17 Updated to 1.0.6 on 11/05/17 Updated to 1.1.0 on 22/05/17 Updated to 1.1.1 on 23/05/17 Feel free to give me lots of constructive feedback! Also, if you can think of anything that may fix any of the bugs above, feel free to comment/PM me! If you find any more bugs, comment below - I'll check this post most days. This payload is open-source and editable as you like, but please do not post a copy of this as your own work, as it isn't nice and it isn't your own work!
  25. 1 point
    For the time being you'll need to download and use it over terminal. And i don't have a ETA on a module. But i hope to have it ready soon. :)
×