Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 02/03/2021 in all areas

  1. Initial Setup The OTA installation from the stager (initial setup firmware) does not support hidden and open WiFi networks. It only supports WPA WiFi networks. This is addressed in a forthcoming update. WiFi Client Mode This is a known issue related to some WiFi networks on an old firmware (version 1.0.0) which has been solved on subsequent releases. In firmware 1.0.0 the WiFi Client Mode settings were not automatically saved. There was a save button for if you wished to manually save the profile, however we learned that many people were not noticing the sav
    3 points
  2. That's OK, we believe you. I strongly recommend destroying the phone and terminating all accounts you have with Apple. You are fully compromised and all your data is now infected, you cannot get it back. I would also recommend disinfecting your PC, use a number of different products, just in case one is not enough. Move to Android and also move house, they know where you live now so you'll never be safe.
    2 points
  3. Hi Francis I am very sorry for your loss! To keep my answer short, I can tell you, that the Rubber Ducky won't help you. The Rubber Ducky can only automate your manual typing as it acts as a keyboard which can be programmed. What you need is a real forensic company. Unfortunately I do not know any company doing these kind of service near you, but a good company should be able to access at least the Win10 data, as long as it is not bitlockered... all the best flipchart
    2 points
  4. Nmap's OS fingerprinting is not always accurate, especially when it says it is only 87% sure, so I'd not put much weight on that. The easiest thing to do is to change the wireless password and then see what happens. Only change the password on devices one or two at a time and see if it comes back. If it does, check on the last few you updated. If it is someone who managed to get your key, as long as you pick a good strong one this time you should be able to keep them off. At least for a while. Did you do any check of things like HTTP headers from the web server? Banner grabbing or in
    2 points
  5. It definitely says you've been hacked. This type of hack is irreversible, the only way to recover is to buy a new phone. Do not reuse the SIM or you'll reinfect your new phone. I would go Android over iPhone so it can't leap over from your backups.
    2 points
  6. I'm having real problems with the Pinapple Mk7. I'm running on this version. 1) Is there any documentation on this product? I can't find anything beyond a basic setup guide. Is there a guide that tells you what each feature does and how to use it? 2) Recon doesn't work well at all. -- A 30 second scan seems to work pretty reliably, but running a continuous scan... not so much. The scan seems to stop randomly. The "Settings" panel will say that it's still scanning, but updates stop happening (no client updates, no new clients found). -- Handshake Capture seems sketchy
    2 points
  7. What type of vulnerabilities do you want? Your best option may be to install OpenWRT on a raspberry pi and then create a few vulnerabilities yourself. That will be cheaper and more consistent than trying to bulk buy specific devices.
    2 points
  8. Ok, It's probably the Pineapple. It may need to be factory reset. Something seems out of whack. Chrome is usually quite stable. That said, before you reset it, try again with a different browser. Either open the site in Edge, or grab a copy of Firefox, Opera, etc. You don't need to keep them or use them permanently. Just check if the behavior is the same or different there. If you have the same issues in a different browser, then reset the Pineapple. I hope that helps. --Aaron
    2 points
  9. SOLVED Found the solution. Before I first time copied portals via ssh, I renamed the folders with en profix (google-login -> en-google-login). Then in /www folder remained symlinks to non-existing folder. Solution is to update these symlinks and restart pineapple.
    2 points
  10. Well, that's not entirely true, there is more than the Evil Portal available and the Pineapple isn't just about modules even if it's one of the features. I've never been really disappointed with any of my Hak5 devices (and I have 10 out of the different variants made available). You have to be ready to do some work though. Buying Hak5 stuff isn't like buying a toaster in my opinion. Even though Hak5 makes it easier to enter the cybersec arena, you need at least some basic knowledge and... you need some dedication to learn and get better all the time and also be prepared to contribute. So, don'
    2 points
  11. We're happy to announce the latest release of the Cloud C2! Change Log (3.1.1) Add Historical Recon data Improvements to Recon data filters, sorting and Cartography view Fix Recon sync issues with WiFi Pineapples Add Chat and associated permissions Add Device Notification History Add Notes and associated permissions Various UI styling, usability and performance improvements Device notifications are now decoupled across users and decoupled from device notification history Improve uptime tracking for connected devices Fix a bug whe
    1 point
  12. Im finding limited modules and support for this Pineapple Mark VII, its pretty useless tbh.
    1 point
  13. hey, my pc and cell phone is hacked. whenever i watch videos or listen to music on youtube, twitch or other media platforms i can hear other people talking about my activities in the background. I have no idea how they do it but it bothers me. i capture my network traffic with wireshark and save them. sometimes they cahnge my clock & date or delete folders but the most time i can just hear the really quiet voices in the background. Any idea what it can be and how to do it? i would like to go to the police with it, but it bothers me at the time not being able to use my pc and my m
    1 point
  14. Don't you get the bash error when running that string? It should be pretty obvious. The command line is not correct, get rid of all the backslashes, they are not needed when running it as a single line wget https://c2.hak5.org/download/community -O c2.zip && unzip c2.zip && IP=$(curl -s https://checkip.amazonaws.com) && echo "Copy the below setup token to browser http://$IP:8080" && ./c2-*_amd64_linux -hostname $IP-listenip $IP
    1 point
  15. For some reason wget https://c2.hak5.org/dl -O c2.zip doesn't seem to work anymore. If you cat the downloaded file it will most likely be a html file, hence unzip complaining about the fact that it is not recognized as a zip file. Try wget https://c2.hak5.org/download/community -O c2.zip instead. The file should be about 47.5 MB when downloaded.
    1 point
  16. Yeah same here, defo would love to find a fix to it!
    1 point
  17. Good morning, I hope you can get help from the developers. A few days ago I tried to create my own fake captive portal for a client based on cisco, copy the facebook-login files from the evil portal folder and edit them to modify the visual part since I really like how that portal looks, after activating it I began to fail the evil portal module, searching in the forum and thanks to the user M4R3K I was able to solve it through the command <ln -sfn modifying the symbolic links in the www folder since they pointed to deleted routes> however despite to solve that problem exactly, othe
    1 point
  18. I received my WiFi Pineapple Mark VII yesterday and was eager to try it out today. Unfortunately, after playing around with it for a couple of hours, my mood has completely changed and I would really like to set fire to the device now. Maybe I am too stupid for this, but there could also be quite a few bugs. Hopefully, somebody can confirm that I am not getting mad ;-) First of all, I had to re-run the installation multiple times, starting from scratch with the mk7-recovery_1.0.1.bin. In hindsight, the main issue seems to have been that I am using hidden Wi-Fi networks to connect to, and
    1 point
  19. I got the same error M4R3K, i delete the EP file who cause the problem, but for me i still having the same issue i have a mark 7 and il try to reinstall the firmware, reinstall dependencys and evil portal again and nothing, somebody can help me pls?
    1 point
  20. I have a similar problem a few weeks ago I installed the evil portal portals and everything worked fine, but today I started the server to prepare a new portal for a client and although the server starts the captive portal does not get up and when I press activate in any portal The library is never activated, please, does anyone have a solution?
    1 point
  21. 6 months later there is a ton of dust on the unit as it sits as a paper weight. It doesn't work, it hangs on the redirect screen during setup. I've tried factory reset, firmware updates etc.. I got to the main screen once or twice in the last 6 months, but nothing would work right no matter the configuration. Currently it seems broken as setup is impossible. I have an openGL150 that I converted to a pineapple nano and it works 100x better and cost $20. This has been nothing but a headache and a huge waste of time and money. There are STILL no modules and nobody cares about developing for this
    1 point
  22. I am stuck on this, on /etc/config/wireless: do I create a new radio 3 and if so what are the options or do I just put the line optionifname 'wlan3' at the end of the file? is it any chance you could share the whole code on the etc/config/wireless ?
    1 point
  23. I am experiencing the same issues as above, I've spent the last hour looking for documentation and found none, I turned on handshake capturing on my own network and cant figure out what it's asking for to get it configured, it wont capture handshakes. I need something that's written for a new user not a user who's used it for 5 years through the different iterations. Yes, I'm a newbie too but right now, I've wasted hours on a Saturday night that I dedicated to understanding how to use the pineapple to capture handshakes. Like above, most of the clients on my own network dont show up. Also, ho
    1 point
  24. My son died a couple weeks ago and im left with his phone that has a pin we think its a 4 digit, ive looked high and low but hopping someone can help out with getting it open without losing data,
    1 point
  25. If you have questions, rather than asking one per topic. How about making one topic, with all the questions, and put it in the questions section? Also be specific, that question is so vague that it cannot be answered.
    1 point
  26. Oh, any why are so few clients found? is that a bug? Most SSIDs have no clients associated with them.
    1 point
  27. Well, it should work, it does for me at least. What settings do you have on your Pineapple apart from the modules? What module are you trying to run? Evil portal or some other ones?
    1 point
  28. 1 point
  29. 1 point
  30. Payload Library for Web UI/SSH (Unofficial Patch) This (unofficial) Patch provides the Official SharkJack Web UI with a additional Tab on the Web UI (http://172.16.24.1/) to maintain your payloads on the Device itself rather than relying on a PC to switch to your prior used payloads. I personally figured since the SharkJack has not received any Love in over a year, I'd give it a little attention. Since it was missing a Payload Management System on the device (That is accessible via Web UI), I decided to make one. I attempted to "copy" the original style of the original Web UI. - Takin
    1 point
  31. Or use Raspwn, the vulns are "built in", depends on what the goal is though (and it's unspecified in this case). No need to run for a specific image/distro or OpenWrt either, just grab a standard Raspberry Pi OS Lite image and install dnsmasq, hostapd and add some iptables rules and the the AP is up and running. Vulns needs to be added though.
    1 point
  32. 1 point
  33. 1 point
  34. Wow a very nice and intuitive way to manage your payloads. Can't wait to see an enhanced version somewhere in time which makes it possible to set the payload configurations via the graphical shell as well. @Darren Kitchen can this or such functionality be integrated in a future firmware?
    1 point
  35. I have to say this a great addon and should of really been in the initial release. SSH'ing may not always be practical especially if your on assignment and need to switch payloads on the fly, you may not have access to SSH on someone else's PC but every PC has a web browser. I can certainly think this would expand the use cases for the SharkJack in any pentesters arsenal. Be sure to check out REDD's C2 Discord payload as well. I hope he continues to develope addons and payloads for ther many Hak5 products.
    1 point
  36. it will always be 100%, no bug
    1 point
  37. Your user name is your email address.. Not really good idea..
    1 point
  38. Hi, The scan will refresh in the UI every 5 or so seconds, the scan duration is how long Recon will run for in total. - This could be due to Recon just not seeing activity from that device at the right time since the re-association. Your expectation is wrong here - the Filters are meant to prevent associations to the device, not to prevent devices from showing up in the Recon scans. If it worked this way, it'd be frustrating to add new devices to the filters via Recon, which isn't the workflow we are working towards. These are settings you shouldn't mess with u
    1 point
  39. Hello, I am new to Hak5 forums and still have to learn a lot about the Pineapple. I just started, so please have mercy with me 🙂 Maybe someone can clarify and answer some of my (sure in your eyes silly) questions regarding the Mark 7. 😅 Recon: ===== Settings - Time interval like 30 seconds does REFESH every given amount of time (e.g.30 sec) and list newly connected devices AND adds or removes in-/active APs - is this correct? Or should it only scan one time for 30 seconds and NOT refresh again (Snapshot)? I am seeing different results. Sometimes no flickering/refres
    1 point
  40. Just to help echo what @jholbrookftl said. You most definitely are collecting SSID's and rebroadcasting them hence the same MAC.
    1 point
  41. When you installed Kali, and ran the setup, a prompt should have appeared and ask to login, user name I use root, and then for password I use what ever name i want. I never had a problem using this on a VM machine
    1 point
  42. So your kidding me if I type airmon-ng I get command not found. If I type sudo airmon-ng the command runs just fine. Rather than the good old days where you get a small reminder to be root or to use sudo...nowadays we just say command not found? Dumb...
    1 point
  43. The Key Croc is based on the Bash Bunny platform so yes, it shares many of its ATTACKMODE options. That said, the payload execution framework and hardware implementation are very different. Sorta like how certain SUVs and Pickup trucks share the same frame.
    1 point
  44. Looks good. It's nice that my script which was based on the sample payload has been taken and itself evolved in something else :)
    1 point
  45. The best tool is the Javascript encoder from our repository at https://downloads.hak5.org/api/devices/usbrubberducky/tools/jsencoder/1.0/ This creates the inject.bin file from your ducky script all in browser with just a single HTML file - so no java, python or online tool needed.
    1 point
  46. So, I did this and it is recognized, however, I don't get prompted to select the space. Is there some other place to configure where they are stored?
    1 point
  47. At boot the LED sequence is Yellow solid, followed by 15 seconds of no LED, then Blue Blinking until bootup is complete. Once booted, the LEDs indicate the following: Blue: wlan0 (almost always on unless you manually disable the radio) Red: wlan1mon (used for sniffing/injection by PineAP) Yellow: eth0 (for instance if you have the TETRA plugged into a wired network) Regards, Darren
    1 point
×
×
  • Create New...