Leaderboard

Initial Setup The OTA installation from the stager (initial setup firmware) does not support hidden and open WiFi networks. It only supports WPA WiFi networks. This is addressed in a forthcoming update. WiFi Client Mode This is a known issue related to some WiFi networks on an old firmware (version 1.0.0) which has been solved on subsequent releases. In firmware 1.0.0 the WiFi Client Mode settings were not automatically saved. There was a save button for if you wished to manually save the profile, however we learned that many people were not noticing the sav

That's OK, we believe you. I strongly recommend destroying the phone and terminating all accounts you have with Apple. You are fully compromised and all your data is now infected, you cannot get it back. I would also recommend disinfecting your PC, use a number of different products, just in case one is not enough. Move to Android and also move house, they know where you live now so you'll never be safe.

Hi Francis I am very sorry for your loss! To keep my answer short, I can tell you, that the Rubber Ducky won't help you. The Rubber Ducky can only automate your manual typing as it acts as a keyboard which can be programmed. What you need is a real forensic company. Unfortunately I do not know any company doing these kind of service near you, but a good company should be able to access at least the Win10 data, as long as it is not bitlockered... all the best flipchart

Nmap's OS fingerprinting is not always accurate, especially when it says it is only 87% sure, so I'd not put much weight on that. The easiest thing to do is to change the wireless password and then see what happens. Only change the password on devices one or two at a time and see if it comes back. If it does, check on the last few you updated. If it is someone who managed to get your key, as long as you pick a good strong one this time you should be able to keep them off. At least for a while. Did you do any check of things like HTTP headers from the web server? Banner grabbing or in

It definitely says you've been hacked. This type of hack is irreversible, the only way to recover is to buy a new phone. Do not reuse the SIM or you'll reinfect your new phone. I would go Android over iPhone so it can't leap over from your backups.

I'm having real problems with the Pinapple Mk7. I'm running on this version. 1) Is there any documentation on this product? I can't find anything beyond a basic setup guide. Is there a guide that tells you what each feature does and how to use it? 2) Recon doesn't work well at all. -- A 30 second scan seems to work pretty reliably, but running a continuous scan... not so much. The scan seems to stop randomly. The "Settings" panel will say that it's still scanning, but updates stop happening (no client updates, no new clients found). -- Handshake Capture seems sketchy

What type of vulnerabilities do you want? Your best option may be to install OpenWRT on a raspberry pi and then create a few vulnerabilities yourself. That will be cheaper and more consistent than trying to bulk buy specific devices.

SOLVED Found the solution. Before I first time copied portals via ssh, I renamed the folders with en profix (google-login -> en-google-login). Then in /www folder remained symlinks to non-existing folder. Solution is to update these symlinks and restart pineapple.

Well, that's not entirely true, there is more than the Evil Portal available and the Pineapple isn't just about modules even if it's one of the features. I've never been really disappointed with any of my Hak5 devices (and I have 10 out of the different variants made available). You have to be ready to do some work though. Buying Hak5 stuff isn't like buying a toaster in my opinion. Even though Hak5 makes it easier to enter the cybersec arena, you need at least some basic knowledge and... you need some dedication to learn and get better all the time and also be prepared to contribute. So, don'

If you really want a module make the frigging thing. Foxtrot has made some awesome documentation on building modules for the Pineapple stop being lazy and waiting for folks to do things for you. Modules have always and will always be primarily community driven. If the entire community is sat here banging their knife and forks on the table demanding food then guess what? You're all going hungry till one of you pulls your finger out and gets in the kitchen.. https://docs.hak5.org/hc/en-us/articles/360052162434-WiFi-Pineapple-Mark-VII-Modules Adde88 has already packaged up s

We're happy to announce the latest release of the Cloud C2! Change Log (3.1.1) Add Historical Recon data Improvements to Recon data filters, sorting and Cartography view Fix Recon sync issues with WiFi Pineapples Add Chat and associated permissions Add Device Notification History Add Notes and associated permissions Various UI styling, usability and performance improvements Device notifications are now decoupled across users and decoupled from device notification history Improve uptime tracking for connected devices Fix a bug whe

I assume they are configured with two different MAC addresses. Is the device.config file downloaded for each of the Turtles (just to make sure they don't use the same file that might confuse C2)?

Im finding limited modules and support for this Pineapple Mark VII, its pretty useless tbh.

hey, my pc and cell phone is hacked. whenever i watch videos or listen to music on youtube, twitch or other media platforms i can hear other people talking about my activities in the background. I have no idea how they do it but it bothers me. i capture my network traffic with wireshark and save them. sometimes they cahnge my clock & date or delete folders but the most time i can just hear the really quiet voices in the background. Any idea what it can be and how to do it? i would like to go to the police with it, but it bothers me at the time not being able to use my pc and my m

As others have said, we won't help you cheat on specific games. If you are interested in general discussion on how cheating and anti-cheat systems work, then there may be someone who has knowledge about it. If c0ncept is known to cheat, try asking them for specifics, not us.

'Yeah, I worked it out the other day I only changed the other lines and skipped the etc/config/wireless and it works fine, my PineAP recon is working on 2.4GHz as well as 5GHz like a charm

Don't you get the bash error when running that string? It should be pretty obvious. The command line is not correct, get rid of all the backslashes, they are not needed when running it as a single line wget https://c2.hak5.org/download/community -O c2.zip && unzip c2.zip && IP=$(curl -s https://checkip.amazonaws.com) && echo "Copy the below setup token to browser http://$IP:8080" && ./c2-*_amd64_linux -hostname $IP-listenip $IP

For some reason wget https://c2.hak5.org/dl -O c2.zip doesn't seem to work anymore. If you cat the downloaded file it will most likely be a html file, hence unzip complaining about the fact that it is not recognized as a zip file. Try wget https://c2.hak5.org/download/community -O c2.zip instead. The file should be about 47.5 MB when downloaded.

Perhaps what you need is to identify what type of RF the drone uses or if it is Bluetooth and in which channel it connects to make noise on that channel, there are several techniques to make noise on a transmission channel but they depend on how they connect.

Don’t know why I can’t edit it but I meant go to a website you didn’t visit on your laptop before, it could be the cahce with the website and sometimes it delays kicking off (when kicked still shows connected)

Yes that’s a quite serious issue, that would be a legal matter. Sorry we couldn’t assist further

Yeah same here, defo would love to find a fix to it!

Good morning, I hope you can get help from the developers. A few days ago I tried to create my own fake captive portal for a client based on cisco, copy the facebook-login files from the evil portal folder and edit them to modify the visual part since I really like how that portal looks, after activating it I began to fail the evil portal module, searching in the forum and thanks to the user M4R3K I was able to solve it through the command <ln -sfn modifying the symbolic links in the www folder since they pointed to deleted routes> however despite to solve that problem exactly, othe

This isn't the forum for it. Go to the cops.

I received my WiFi Pineapple Mark VII yesterday and was eager to try it out today. Unfortunately, after playing around with it for a couple of hours, my mood has completely changed and I would really like to set fire to the device now. Maybe I am too stupid for this, but there could also be quite a few bugs. Hopefully, somebody can confirm that I am not getting mad ;-) First of all, I had to re-run the installation multiple times, starting from scratch with the mk7-recovery_1.0.1.bin. In hindsight, the main issue seems to have been that I am using hidden Wi-Fi networks to connect to, and

I got the same error M4R3K, i delete the EP file who cause the problem, but for me i still having the same issue i have a mark 7 and il try to reinstall the firmware, reinstall dependencys and evil portal again and nothing, somebody can help me pls?

I have a similar problem a few weeks ago I installed the evil portal portals and everything worked fine, but today I started the server to prepare a new portal for a client and although the server starts the captive portal does not get up and when I press activate in any portal The library is never activated, please, does anyone have a solution?

6 months later there is a ton of dust on the unit as it sits as a paper weight. It doesn't work, it hangs on the redirect screen during setup. I've tried factory reset, firmware updates etc.. I got to the main screen once or twice in the last 6 months, but nothing would work right no matter the configuration. Currently it seems broken as setup is impossible. I have an openGL150 that I converted to a pineapple nano and it works 100x better and cost $20. This has been nothing but a headache and a huge waste of time and money. There are STILL no modules and nobody cares about developing for this

I wouldn't use the Mk7 in such scenarios, it's not really what it's for. Depending on what "method" the open captive portal is using, it might be possible to spoof a MAC address of an already registered device. I.e. register on the open network with, for example, your phone. Then spoof the MAC address of your phone on the device that doesn't speak "open captive portal". It might work...

My son died a couple weeks ago and im left with his phone that has a pin we think its a 4 digit, ive looked high and low but hopping someone can help out with getting it open without losing data,

Why are you posting in month old topics? Check the dates before you post.

Every product Hak5 has, has it's own section in the forums. You mentioned bunny, so I assume you mean Bash Bunny. https://forums.hak5.org/forum/92-bash-bunny/

If you have questions, rather than asking one per topic. How about making one topic, with all the questions, and put it in the questions section? Also be specific, that question is so vague that it cannot be answered.

Oh, any why are so few clients found? is that a bug? Most SSIDs have no clients associated with them.

Well, it should work, it does for me at least. What settings do you have on your Pineapple apart from the modules? What module are you trying to run? Evil portal or some other ones?

Yes, this is normal behavior.

Payload Library for Web UI/SSH (Unofficial Patch) This (unofficial) Patch provides the Official SharkJack Web UI with a additional Tab on the Web UI (http://172.16.24.1/) to maintain your payloads on the Device itself rather than relying on a PC to switch to your prior used payloads. I personally figured since the SharkJack has not received any Love in over a year, I'd give it a little attention. Since it was missing a Payload Management System on the device (That is accessible via Web UI), I decided to make one. I attempted to "copy" the original style of the original Web UI. - Takin

Great work keep up the hard work. Thanks👍

Or use Raspwn, the vulns are "built in", depends on what the goal is though (and it's unspecified in this case). No need to run for a specific image/distro or OpenWrt either, just grab a standard Raspberry Pi OS Lite image and install dnsmasq, hostapd and add some iptables rules and the the AP is up and running. Vulns needs to be added though.

Glad to see your back and still have the device!

Excited to test it! Will keep you posted.

Don’t buy. I’ve have both the tetra and the Mark VII. There is a good reason you can still buy the tetra. after I purchased the M7 I realized the I entered a paid beta program. Not that big of a deal really and there are some things about the M7 that I like more than the tetra. I took a 3 month break to return to the M7 finding that both the C2 and the M7 had a new version. Unfortunately the M7 didn’t get much better and although C2 now supported the M7 it doesn’t do much good. An ultra cheap netbook running kali and a 20$ panda wireless USB adapter would server you be

The modules are typically developed by 3rd party developers. Developers need to port over the modules from the Nano/Tetra to the Mk7. This will take some time since developers have to get the hardware and then start writing code. Feel free to create any modules you want to as well! https://docs.hak5.org/hc/en-us/sections/360008923634-Development More documentation and tutorials are in the works from what I hear.

Topic for discussions around Network reconnaissance payload for Shark Jack. Network reconnaissance payload for Shark Jack Swiss knife network reconnaissance payload with options for loot capturing (e.g. DIG, NMAP, IFCONFIG, ARP-SCAN, LLDP), notification (e.g. Homey, Pushover (the best push notfications service!), Slack), exfiltration (e.g. Cloud C2, Pastebin, Slack) and led blinking for IP address. Payload is based on various sample payloads from HAK5, MonsieurMarc, Topknot and others. The script has been created in a modular fashion which allows easy extending the script with n

When you installed Kali, and ran the setup, a prompt should have appeared and ask to login, user name I use root, and then for password I use what ever name i want. I never had a problem using this on a VM machine

The Key Croc is based on the Bash Bunny platform so yes, it shares many of its ATTACKMODE options. That said, the payload execution framework and hardware implementation are very different. Sorta like how certain SUVs and Pickup trucks share the same frame.

Looks good. It's nice that my script which was based on the sample payload has been taken and itself evolved in something else :)

The best tool is the Javascript encoder from our repository at https://downloads.hak5.org/api/devices/usbrubberducky/tools/jsencoder/1.0/ This creates the inject.bin file from your ducky script all in browser with just a single HTML file - so no java, python or online tool needed.

Yellow is eth0 (RJ45 Jack) Blue is wlan0 tx Red is wlan1mon, when enabled.

I was just reading the front-end code. It looks like the page is re-written with html from an API call on every tab/module change. While it's possible to preserve state between view changes, it can get messy with the front-end framework Hak5 chose (AngularJS) without using non-core Angular libraries. (or rewriting a substantial part of AngularJS) In any case, doing so (keeping state) ends up being a tiny bit more memory intensive for the browser since it's keeping state between page views; perhaps it was a conscious decision.