Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 02/04/2021 in Posts

  1. Initial Setup The OTA installation from the stager (initial setup firmware) does not support hidden and open WiFi networks. It only supports WPA WiFi networks. This is addressed in a forthcoming update. WiFi Client Mode This is a known issue related to some WiFi networks on an old firmware (version 1.0.0) which has been solved on subsequent releases. In firmware 1.0.0 the WiFi Client Mode settings were not automatically saved. There was a save button for if you wished to manually save the profile, however we learned that many people were not noticing the sav
    3 points
  2. That's OK, we believe you. I strongly recommend destroying the phone and terminating all accounts you have with Apple. You are fully compromised and all your data is now infected, you cannot get it back. I would also recommend disinfecting your PC, use a number of different products, just in case one is not enough. Move to Android and also move house, they know where you live now so you'll never be safe.
    2 points
  3. Hi Francis I am very sorry for your loss! To keep my answer short, I can tell you, that the Rubber Ducky won't help you. The Rubber Ducky can only automate your manual typing as it acts as a keyboard which can be programmed. What you need is a real forensic company. Unfortunately I do not know any company doing these kind of service near you, but a good company should be able to access at least the Win10 data, as long as it is not bitlockered... all the best flipchart
    2 points
  4. Nmap's OS fingerprinting is not always accurate, especially when it says it is only 87% sure, so I'd not put much weight on that. The easiest thing to do is to change the wireless password and then see what happens. Only change the password on devices one or two at a time and see if it comes back. If it does, check on the last few you updated. If it is someone who managed to get your key, as long as you pick a good strong one this time you should be able to keep them off. At least for a while. Did you do any check of things like HTTP headers from the web server? Banner grabbing or in
    2 points
  5. It definitely says you've been hacked. This type of hack is irreversible, the only way to recover is to buy a new phone. Do not reuse the SIM or you'll reinfect your new phone. I would go Android over iPhone so it can't leap over from your backups.
    2 points
  6. I'm having real problems with the Pinapple Mk7. I'm running on this version. 1) Is there any documentation on this product? I can't find anything beyond a basic setup guide. Is there a guide that tells you what each feature does and how to use it? 2) Recon doesn't work well at all. -- A 30 second scan seems to work pretty reliably, but running a continuous scan... not so much. The scan seems to stop randomly. The "Settings" panel will say that it's still scanning, but updates stop happening (no client updates, no new clients found). -- Handshake Capture seems sketchy
    2 points
  7. What type of vulnerabilities do you want? Your best option may be to install OpenWRT on a raspberry pi and then create a few vulnerabilities yourself. That will be cheaper and more consistent than trying to bulk buy specific devices.
    2 points
  8. SOLVED Found the solution. Before I first time copied portals via ssh, I renamed the folders with en profix (google-login -> en-google-login). Then in /www folder remained symlinks to non-existing folder. Solution is to update these symlinks and restart pineapple.
    2 points
  9. Well, that's not entirely true, there is more than the Evil Portal available and the Pineapple isn't just about modules even if it's one of the features. I've never been really disappointed with any of my Hak5 devices (and I have 10 out of the different variants made available). You have to be ready to do some work though. Buying Hak5 stuff isn't like buying a toaster in my opinion. Even though Hak5 makes it easier to enter the cybersec arena, you need at least some basic knowledge and... you need some dedication to learn and get better all the time and also be prepared to contribute. So, don'
    2 points
  10. If you really want a module make the frigging thing. Foxtrot has made some awesome documentation on building modules for the Pineapple stop being lazy and waiting for folks to do things for you. Modules have always and will always be primarily community driven. If the entire community is sat here banging their knife and forks on the table demanding food then guess what? You're all going hungry till one of you pulls your finger out and gets in the kitchen.. https://docs.hak5.org/hc/en-us/articles/360052162434-WiFi-Pineapple-Mark-VII-Modules Adde88 has already packaged up s
    1 point
  11. We're happy to announce the latest release of the Cloud C2! Change Log (3.1.1) Add Historical Recon data Improvements to Recon data filters, sorting and Cartography view Fix Recon sync issues with WiFi Pineapples Add Chat and associated permissions Add Device Notification History Add Notes and associated permissions Various UI styling, usability and performance improvements Device notifications are now decoupled across users and decoupled from device notification history Improve uptime tracking for connected devices Fix a bug whe
    1 point
  12. I assume they are configured with two different MAC addresses. Is the device.config file downloaded for each of the Turtles (just to make sure they don't use the same file that might confuse C2)?
    1 point
  13. Im finding limited modules and support for this Pineapple Mark VII, its pretty useless tbh.
    1 point
  14. hey, my pc and cell phone is hacked. whenever i watch videos or listen to music on youtube, twitch or other media platforms i can hear other people talking about my activities in the background. I have no idea how they do it but it bothers me. i capture my network traffic with wireshark and save them. sometimes they cahnge my clock & date or delete folders but the most time i can just hear the really quiet voices in the background. Any idea what it can be and how to do it? i would like to go to the police with it, but it bothers me at the time not being able to use my pc and my m
    1 point
  15. As others have said, we won't help you cheat on specific games. If you are interested in general discussion on how cheating and anti-cheat systems work, then there may be someone who has knowledge about it. If c0ncept is known to cheat, try asking them for specifics, not us.
    1 point
  16. 'Yeah, I worked it out the other day I only changed the other lines and skipped the etc/config/wireless and it works fine, my PineAP recon is working on 2.4GHz as well as 5GHz like a charm
    1 point
  17. Don't you get the bash error when running that string? It should be pretty obvious. The command line is not correct, get rid of all the backslashes, they are not needed when running it as a single line wget https://c2.hak5.org/download/community -O c2.zip && unzip c2.zip && IP=$(curl -s https://checkip.amazonaws.com) && echo "Copy the below setup token to browser http://$IP:8080" && ./c2-*_amd64_linux -hostname $IP-listenip $IP
    1 point
  18. For some reason wget https://c2.hak5.org/dl -O c2.zip doesn't seem to work anymore. If you cat the downloaded file it will most likely be a html file, hence unzip complaining about the fact that it is not recognized as a zip file. Try wget https://c2.hak5.org/download/community -O c2.zip instead. The file should be about 47.5 MB when downloaded.
    1 point
  19. Perhaps what you need is to identify what type of RF the drone uses or if it is Bluetooth and in which channel it connects to make noise on that channel, there are several techniques to make noise on a transmission channel but they depend on how they connect.
    1 point
  20. Don’t know why I can’t edit it but I meant go to a website you didn’t visit on your laptop before, it could be the cahce with the website and sometimes it delays kicking off (when kicked still shows connected)
    1 point
  21. Yeah same here, defo would love to find a fix to it!
    1 point
  22. Good morning, I hope you can get help from the developers. A few days ago I tried to create my own fake captive portal for a client based on cisco, copy the facebook-login files from the evil portal folder and edit them to modify the visual part since I really like how that portal looks, after activating it I began to fail the evil portal module, searching in the forum and thanks to the user M4R3K I was able to solve it through the command <ln -sfn modifying the symbolic links in the www folder since they pointed to deleted routes> however despite to solve that problem exactly, othe
    1 point
  23. I received my WiFi Pineapple Mark VII yesterday and was eager to try it out today. Unfortunately, after playing around with it for a couple of hours, my mood has completely changed and I would really like to set fire to the device now. Maybe I am too stupid for this, but there could also be quite a few bugs. Hopefully, somebody can confirm that I am not getting mad ;-) First of all, I had to re-run the installation multiple times, starting from scratch with the mk7-recovery_1.0.1.bin. In hindsight, the main issue seems to have been that I am using hidden Wi-Fi networks to connect to, and
    1 point
  24. I got the same error M4R3K, i delete the EP file who cause the problem, but for me i still having the same issue i have a mark 7 and il try to reinstall the firmware, reinstall dependencys and evil portal again and nothing, somebody can help me pls?
    1 point
  25. I have a similar problem a few weeks ago I installed the evil portal portals and everything worked fine, but today I started the server to prepare a new portal for a client and although the server starts the captive portal does not get up and when I press activate in any portal The library is never activated, please, does anyone have a solution?
    1 point
  26. 6 months later there is a ton of dust on the unit as it sits as a paper weight. It doesn't work, it hangs on the redirect screen during setup. I've tried factory reset, firmware updates etc.. I got to the main screen once or twice in the last 6 months, but nothing would work right no matter the configuration. Currently it seems broken as setup is impossible. I have an openGL150 that I converted to a pineapple nano and it works 100x better and cost $20. This has been nothing but a headache and a huge waste of time and money. There are STILL no modules and nobody cares about developing for this
    1 point
  27. I wouldn't use the Mk7 in such scenarios, it's not really what it's for. Depending on what "method" the open captive portal is using, it might be possible to spoof a MAC address of an already registered device. I.e. register on the open network with, for example, your phone. Then spoof the MAC address of your phone on the device that doesn't speak "open captive portal". It might work...
    1 point
  28. My son died a couple weeks ago and im left with his phone that has a pin we think its a 4 digit, ive looked high and low but hopping someone can help out with getting it open without losing data,
    1 point
  29. Why are you posting in month old topics? Check the dates before you post.
    1 point
  30. Every product Hak5 has, has it's own section in the forums. You mentioned bunny, so I assume you mean Bash Bunny. https://forums.hak5.org/forum/92-bash-bunny/
    1 point
  31. If you have questions, rather than asking one per topic. How about making one topic, with all the questions, and put it in the questions section? Also be specific, that question is so vague that it cannot be answered.
    1 point
  32. Oh, any why are so few clients found? is that a bug? Most SSIDs have no clients associated with them.
    1 point
  33. Well, it should work, it does for me at least. What settings do you have on your Pineapple apart from the modules? What module are you trying to run? Evil portal or some other ones?
    1 point
  34. 1 point
  35. Payload Library for Web UI/SSH (Unofficial Patch) This (unofficial) Patch provides the Official SharkJack Web UI with a additional Tab on the Web UI (http://172.16.24.1/) to maintain your payloads on the Device itself rather than relying on a PC to switch to your prior used payloads. I personally figured since the SharkJack has not received any Love in over a year, I'd give it a little attention. Since it was missing a Payload Management System on the device (That is accessible via Web UI), I decided to make one. I attempted to "copy" the original style of the original Web UI. - Takin
    1 point
  36. 1 point
  37. Or use Raspwn, the vulns are "built in", depends on what the goal is though (and it's unspecified in this case). No need to run for a specific image/distro or OpenWrt either, just grab a standard Raspberry Pi OS Lite image and install dnsmasq, hostapd and add some iptables rules and the the AP is up and running. Vulns needs to be added though.
    1 point
  38. 1 point
  39. Don’t buy. I’ve have both the tetra and the Mark VII. There is a good reason you can still buy the tetra. after I purchased the M7 I realized the I entered a paid beta program. Not that big of a deal really and there are some things about the M7 that I like more than the tetra. I took a 3 month break to return to the M7 finding that both the C2 and the M7 had a new version. Unfortunately the M7 didn’t get much better and although C2 now supported the M7 it doesn’t do much good. An ultra cheap netbook running kali and a 20$ panda wireless USB adapter would server you be
    1 point
  40. The modules are typically developed by 3rd party developers. Developers need to port over the modules from the Nano/Tetra to the Mk7. This will take some time since developers have to get the hardware and then start writing code. Feel free to create any modules you want to as well! https://docs.hak5.org/hc/en-us/sections/360008923634-Development More documentation and tutorials are in the works from what I hear.
    1 point
  41. Topic for discussions around Network reconnaissance payload for Shark Jack. Network reconnaissance payload for Shark Jack Swiss knife network reconnaissance payload with options for loot capturing (e.g. DIG, NMAP, IFCONFIG, ARP-SCAN, LLDP), notification (e.g. Homey, Pushover (the best push notfications service!), Slack), exfiltration (e.g. Cloud C2, Pastebin, Slack) and led blinking for IP address. Payload is based on various sample payloads from HAK5, MonsieurMarc, Topknot and others. The script has been created in a modular fashion which allows easy extending the script with n
    1 point
  42. When you installed Kali, and ran the setup, a prompt should have appeared and ask to login, user name I use root, and then for password I use what ever name i want. I never had a problem using this on a VM machine
    1 point
  43. The Key Croc is based on the Bash Bunny platform so yes, it shares many of its ATTACKMODE options. That said, the payload execution framework and hardware implementation are very different. Sorta like how certain SUVs and Pickup trucks share the same frame.
    1 point
  44. Looks good. It's nice that my script which was based on the sample payload has been taken and itself evolved in something else :)
    1 point
  45. The best tool is the Javascript encoder from our repository at https://downloads.hak5.org/api/devices/usbrubberducky/tools/jsencoder/1.0/ This creates the inject.bin file from your ducky script all in browser with just a single HTML file - so no java, python or online tool needed.
    1 point
  46. Yellow is eth0 (RJ45 Jack) Blue is wlan0 tx Red is wlan1mon, when enabled.
    1 point
  47. I was just reading the front-end code. It looks like the page is re-written with html from an API call on every tab/module change. While it's possible to preserve state between view changes, it can get messy with the front-end framework Hak5 chose (AngularJS) without using non-core Angular libraries. (or rewriting a substantial part of AngularJS) In any case, doing so (keeping state) ends up being a tiny bit more memory intensive for the browser since it's keeping state between page views; perhaps it was a conscious decision.
    1 point
×
×
  • Create New...