Jump to content


Popular Content

Showing content with the highest reputation since 01/21/2020 in all areas

  1. 2 points
    You guys might wanna check your filters. Client filters specify which devices, by MAC address, are either explicitly allowed to connect or explicitly denied from connecting. In Allow Mode only the listed MAC Addresses are allowed to connect. In Deny Mode, the listed MAC addresses will be prevented from connecting. So either set to ALLOW and add your clients MAC address, or choose DENY to let every client join. That should work.
  2. 2 points
    If you hit a site by IP and the certificate isn't for the IP then you'll get a warning. View the certificate and get the common name or SAN from it then you can browse to that.
  3. 2 points
    This is a ethical hacking forum. You may want to ask at the gopro forum.
  4. 1 point
    Does the O.MG cable have built in storage? When a person connects to a phone does it download all the information (pictures, text messages....) to storage on the phone?
  5. 1 point
    @kuyaya Nicely said. And the last payload was this. https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/prank/NiceShutdown/README.md
  6. 1 point
    I wrote a password grabber payload using Lazagne. I made a github repository, you can look it up here. I tried to make it as simple as possible. If there are any questions or advices for improvement, just post them here and I'll reply. Have fun with it!
  7. 1 point
    First of all, use the search bar. You would find this: This topic was posted in november 2019 and is still very accurate and not outdated. But ok, I'll answer your questions. 0. You probably think of the bunny like that: A malware device that will hack your computer but it mostly gets detected by AV's. That is completely wrong. The BB is a linux system in a USB-stick. It doesn't have to do anything with malware. That's the same like if you would download malware on your computer and then you would tell me that your computer is a malware computer that will hack other computers. But, you can use your computer ofc also for hacking. 1. Yes it is worth getting a BB in 2020. Why wouldn't it be worth? Tell me pls. Tell me the negative points, because I don't see any. It's the best hak5 product in my opinion. 2. No, the BB won't be detected by the AV. Look, the BB isn't something dangerous. It is a trusted device, or more like, it takes the clothes of a trusted device. The BB itself ins't "dangerous" and won't be detected, there would be no reason for that. But I mean, if you would put a virus program on the BB, it may be detected, but that's the same as on a regular USB device. If you put WannaCry on an usb-stick, your AV will go crazy. 3. No, it doesn't turn to a DedBunny. I mean, that is just one guy here who got a dead bunny and all the other 600000 (idk how many) are working. There are always some black sheeps in the horde. And we don't even know what this guy did with the bunny. Maybe it fell into water or something. Maybe it isn't even the bunny's fault. 4. I'm using mine since december 2018 almost every day. That's around 400 days. Some days I'm using the bunny for more that 5 hours (im not kidding xd) and some days I don't use it at all. And it still works perfectly. It does have a long live. But there's also a topic for that in the forums, you could use the search bar 😉. Last words: 95% of the people who have issues getting the bunny to work are using it wrong (e.g. wrong setup or something). On almost every topic it isn't the bunny's fault. And I would recommend you to write your own payloads, as some of the payloads on the hak5 github don't work. Note: Those aren't hak5's payloads. Those are community payloads.
  8. 1 point
    You know, this is a hard one and it has multiple answers depending on numerous reasons. A lot of things have changed on here. Some due to Hak5 and some due to Linux in general. So it is a rather loaded question, and it depends your knowledge, what you want to do with the devices, and if your willing to learn. I don't have a lot of time to go into great detail at the moment but I'll put it this way. If I had to go back and do it over. I'd buy most of what I have purchased. If today was the first time seeing them and like you have had the chance to look over the forums, then I'd probably only buy one item at best.
  9. 1 point
    As a fellow 3-month-nano-owner, I can sympathize. Ive gotten very familiar with the factory reset and firmware recovery process. That said, Im pretty much a novice, and my journey with the pineapple has been a big learning experience; I the more I learn and understand what the modules and their scripts are actually doing, the better it all seems to work (and/or troubleshoot). I think it is safe to assume that my lack of knowledge (and possible unrealistic expectations) definitely contributed to the bumpy ride. Currently: Evil Portal works perfectly (for me). The "utility" modules like cabinet, ssid manager, signal strength, etc. all work. I have Portal auth, nmap, ngrep, p0f, and tcpdump, working too, but some needed some script amending, symlinks or other minor fixes and/or are a little quirky. SSLSplit, Dwall, dnsspoof, all work fine but are effectively neutered in our modern https world. I have responder installed and it appears to be operational, but havent yet really tested it out. SiteSurvey seemed to work, but i never could get any handshakes whenever I tried it out. there are a lot of cool (newer) tools NOT on the official module manager: Some need to be run from the commandline some also have a GUI (or several), like PMKID. That one especially works very well. checkout adde88's github page if you havent already. hang in there!
  10. 1 point
    This is an awesome script. Thanks.
  11. 1 point
    @afraIT I just tried your suggestion. Works!!! I feel dumb af... anyways, thank you VERY much afraIT for your help 🙂 To anyone else who happens to stumble across this page in the future, I had originally set my NANO on "Allow" mode (for both options) when doing the initial setup. This turned out to be wrong. RESOLUTION Preform a factory reset and choose "Deny" mode for both options instead of "Allow". (Fill in everything else as you normally would) I then connected to my NANO via the website, then connected the NANO to my internet (Networking page - WiFi Client Mode) Next, I did a brief Recon scan, added the "Scan Results" (there's a nice little drop-down arrow "Add all SSID's to PineAP Pool"), went to PineAP, checked all the boxes, enabled both options and saved the settings. Lastly, I used my iPhone to search for the local WiFi. Connected my iPhone to my NANO's AP successfully and was able to reach Google 🙂 (I also tried connecting this way with a Android as well; works)
  12. 1 point
    I want to use GoPro for video recording, and sync it with the music I am recording through garageband. The sound quality of GoPro is not so good. Has anyone done that before?
  13. 1 point
    Thanks @nterSUAR, I will try it. For windows, You can try Virtual Box application to run garageband app on your windows pc. I found this complete guide where steps are well explained so you can refer to that. Cheers!
  14. 1 point
    You need to either set up your own OpenVPN server or use a service that provides and ovpn file. Private Internet Access is one such VPN service.
  15. 1 point
    Go play with DVWA for a while and watch Security Tube videos, that should get you started.
  16. 1 point
    It isn't a ransomware attack, it is the theft of files. Without knowing what files were taken, or by who, it is hard to say why they took them.
  17. 1 point
    dude wtf? You asked us once to make a custom payload for you. You didn't told us what device, you didn't told us what kind of payload it should be. You just said "I need a custom payload and I will pay for this". What do you expect?? Now he's blaming the forum for not helping him lmao There are so many tutorials on the rubber ducky and it is well documented. It is really not hard to write a hello world payload, and you don't have to have any computer knowledge. I think it is better for you to learn how to write payloads by yourself than just pay for it. But that is your choice. http://www.just-fucking-google.it/
  18. 1 point
    Thank you so much for presenting the instructions in layman language. I am a medical professional and dont know much about IT, but i just bought pineapple nano and wanted to learn a lil bit about computers and IT. I was a lil bit afraid to ask questions in the forum because of my limited knowledge in IT. But because of people like you i think i can shed my fears and learn with more enthusiasm and optimism. Cheers.
  19. 1 point
    I have never done this to a Windows VPS. So some of this may not help at all. When I setup my turtle I setup my port 22 as the ssh port that I connect to my vps on. Then I set the remote port 2222 and that is the shell port I I'll use to connect to from my vps. So from VPS I would ssh root@localhost -p 2222 -i ~/.ssh/rsa. But before I would do that I would check the connection from the turtle to the VPS by running the this command on the VPS. netstat -lt4 The L is listening T is tcp and the 4 ip 4. When I run it on my VPS I get a list of ports. When the turtle is connected I see 2222 in the list. This is the one that means that turtle connected. tcp 0 0 localhost:2222* LISTEN If I don't see that in the list I know that I have dome something wrong on the first half. Turtle connection to the VPS. If I see that and can't connect then I am doing something wrong on the second half. Connecting back to the turtle. I don't have access to windows box right now to check for the same commands.
  20. 1 point
    Answer varies depending where in the world you are and what tools they have access to and what rights you may or may not have.
  21. 1 point
    I got mine today and used the flash_64.exe from Windows 10 and its setup with the default "station mode" and It doesn't show up on a IP scan. I tried connecting to it with the last 6 of the mac address per the readme. I never connects or shows up in any wifi scan. If anyone has any ideas let is know.
  22. 1 point
    Thanks for posting the pictures. It allows me to still be paranoid. On my turtle the Module Keymanager never says started. That module doesn't need to be running to have worked. The screen shot looks correct to my eyes. The Keymanager makes a public and private key pair. You will use the private key on your turtle and pub key on your VPS to connect. Then when you connect from your vps you will connect to your turtle you will type something like ssh root@localhost -p 2222 -I ~/.ssh/rsa and you will end up on your turtle. So if you exit the Turtle Gui and end up at a prompt. You should be able to type ssh you@xxx.xxx.xxx.135 -i ~/.ssh/rsa and connect to your server. That will confirm that your turtle pub key is in the ~/.ssh/authorized_keys on your vps. If it fails please type the same command but start with ssh -vvv you@.... any errors will tell us where its going wrong. Also you will need to change the ssh command with the proper user name and ip. I would also double check the name of the key. I used custom ones so I don't recall what the real name is. I hope that helps. Keep trying. It gets easier.
  23. 1 point
    Im not clear about your no response from shell. Using the command prompt are you able to ssh to your server using the cert the Turtle Key Manager made for you. It would look something like this "ssh me@myserver.com -i ~/.ssh/rsa" If that doesn't work you could put the -vvv after ssh and you would see a lot of info. It could help you find the error. I have noticed a lot of people mentioning trouble with the GUI in Turtle version 6.0 and up. I have mine working but I don't see the star next to it that I would expect. None the less its working. No I didn't download your zip file from the hacker website to look at your screen shots.
  24. 1 point
    Thanks, got it working! The 2.6.2 Firmware is not working too great for me. The Reporting Module is not working and I always get the the /overlay/upper is full.. thats why I am tring with 2.5.4
  25. 1 point
    You don't need to have apps open for them to be running in the background. If you hit that IP over HTTPS then it gives you the domain name WWW.BOEIOT.NET.CN. Browse to that and it looks like a home automation/IOT company.
  26. 1 point
    I have found that it always works best if you start with dropping out of the Turtle and getting to a shell. Then you can ssh to the server using the cert you generated. If it doesn't work you can re run it with a -vvv in it to give you lots of details. After getting it working there I find the rest works.
  27. 1 point
    Get your own internet connection. Completely separate from his.
  28. 1 point
    Nice payload! One issue is I'm pretty sure this will only work on a machine running Windows Defender. When adding the exception for the drive letter this will not work if the system has Windows Defender disabled due to having something like AVG installed as AV program. I plan to mess around with the payload some and post back.
  29. 1 point
    format card and write fstab in the GUI.... OR. use fdisk, and make sda1(ext4) and sda2(swap). vi the entries in /etc/fstab use mount and swapon.
  30. 1 point
    Cyber security is very vague(in my opinion, note my opinion.) it depends on where you want to start. Then also you need to account for your budget. while you can learn a lot for free, you can also learn a lot for free. There are plenty of sources listed in the topic one straight forward course via udemy is https://www.udemy.com/share/102pDwBUodc11SRnQ=/ (not my course but I have viewed most of the vids) There are also plenty of VIds on HAK5 and other channels
  31. 1 point
  32. 1 point
    You won't see any traffic from Dwall if the client is browsing a secure site (HTTPS) or has a VPN running with the connection.
  33. 1 point
  34. 1 point
    You can't really answer Q2 without answering Q1, since you don't know what penetration methods can be used. You just threw out some tech jargon and common tools, kinda "let's see what sticks" approach. And it sounds like you have no ideas for Q1, so why should you get this job? I would suggest you brush up on penetration techniques, specifically related to Windows and Active Directory. The following Google search yielded some really interesting articles that seem pertinent to what you are looking for: https://www.google.com/search?q=pentest+find+user+machine+from+employee+name&oq=pentest+find+user+machine+from+employee+name&aqs=chrome..69i57j33.9488j1j7&sourceid=chrome&ie=UTF-8 I especially enjoyed the article from https://hausec.com, which walks you through the process from the beginning. I'm not going to give you direct answers, since that would make me more qualified for this job than you. I also don't claim to have all the answers, but I'm not the one interviewing for a infosec job, as much as I would love a career change. I wish you luck on your job search and I hope you can gain the knowledge you need to do your job well and impress the interviewers.
  35. 1 point
    There is a cable out there already, go search for it. As for avoiding the "bug" in public places, don't use any public chargers. Simple.
  36. 1 point
    If you have Android phone. You just need to download connector. https://play.google.com/store/apps/details?id=org.hak5.pineappleconnector Only one search away 😵
  37. 1 point
    As always, learning to find information, using google or search functions is a good place. There's an entire topic on it: https://forums.hak5.org/topic/913-hacking-where-to-begin/
  38. 1 point
    You need to turn caps lock off.
  39. 1 point
    Well I am 70 years young, and I spend about 5 hrs per day!
  40. 1 point
    To you a must MY BELOVED History I just started helping people out there most dont know anything about what they do just abuse constantly, I've helped everyone my brain thinks eletronics more then software but understand them both accurately ill try fail look at everyones mistakes and go back and accomplish my goal. Once thought of myself as a ghostbuster of the computer world for many years it just felt as i was removing demon code from Windows which eventually brought me over to linux backtrack5 homage for the deceased. Favorite game: frontier first encounters andyj and ittiz mod. Favorite console: Hacked Favorite Phone : Psp phone (ROOTED) Favorite OS: Kali, I had to break it hundreds of times to fix it once. Started with backtrack 5 in early 2007. Got my start with that blue xp acer netbook everybody came to love. Nationality: NewAmericaCitizen Sex: Dolphin (as of late 2019) Age: The top (on my way down now) Height: Average Status: Alive barely Build: 2.0 My greatest version yet. Favorite band: 2.4ghz Favorite book: Open Without a cover Jonathan Livingston Seagull Book by Richard Bach. Favorite movie: Aristocats (Cartoon) Favorite TV Show: Rugrats (Cartoon) Studies:html5, css3, javascript, linux fundamentals, Mastering linux, fortran, Cisco CCNA (outdated) but been keeping up with technologies. hobbies: fail fixing things that are not broken and changing the world one computer at a time through trial error knowledge Truth & understanding. first attempt in learning. CREDIT@JIGGYVISUALS Car: does not help the situation Occupation: Freethinker To Death I Part. NOTHING EVER CHANGES IT JUST REARRANGES AND STAYS THE SAME _-+-_ -/Two(+-_-+)Nine\- /mbdm\ (! vnnv !) d---b ps. I see back about 11 yrs in fourm remebre things change in computers every 3-6 months and networking tech 5-10 yrs its been along time people hak5 has to change this is the way of the world 5g is almost here as of 11/15/2019 tonight and wifi 6 is here also everything needs to update and people need to get back to studying so the community does not stop and die. Im leaving to go learn more. laterz fam
  41. 1 point
    I would suggest you go to the carrier and get a new sim card immediately if you suspect this did occur but a sim card larger the 32gb (more the 250 contacts) cannot be cloned as they are version 2 or 3 which have not been cracked yet. Any sim card smaller then 32gb would also need to be pretty old already (~10yrs old).
  42. 1 point
    Great idea and definitely something we considered for exactly the same reason. Unfortunately the first prototype with that feature introduced lag since the video signal had to go through software - but it's something we'll be investigating because I think there's a creative way to do this with some fancy switching.
  43. 1 point
    I am 48 and I spend too much time, especially when I am trying to get something to work then the black hole of time swallows me A lot of the time I am watching something though. Working through computer issues for some reason is extremely relaxing. If I am off I will most likely spend the whole day, if I work I really try not to attack any projects as it could go on for hours, I really want to unbrick my laptop but I know if I start it will be like it has been, a day long ordeal. I don't need the laptop but it troubles me when I can't solve the issue... well.. with the help of google 🙂 I got that mainstay chair with lower back support if that helps any of you. Works GREAT!
  44. 1 point
    Well for one. You'd want to connect maybe using scp or sftp. Then you may place the files in the appropriate directory. Evil portal is nice but you can accomplish all this in landing page through /www/
  45. 1 point
    Hi, Here is the solution; The problem is there is a file missing because of that procps service cannoty be started, here is how to fix it; cp /lib/systemd/system/bak/systemd-sysctl.service /lib/systemd/system ln -s /lib/systemd/system/procps.service /etc/systemd/system/procps.service Now you are good to go...
  46. 1 point
    I do not off the top of my head. I know that such commands are possible with a bluetooth keyboard (such as the Logitech bluetooth keyboards for iPad, which you can press combinations of buttons for using the "command" key and letters on the keyboard, which would work I assume by using the "GUI" button syntax for the USB rubber ducky/Bash Bunny.)
  47. 1 point
    For anyone who finds this thread later, the icon showed up today. If you have the same problem just wait a day and try again. I hope this helps someone.
  48. 1 point
    Which is why you're forced to change that password on first login which can only be achieved from the USB side of the device. Still beats admin/admin (or pineapplesareyummy)
  • Create New...