Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 02/13/2011 in all areas

  1. Evil Portals A collection of portals that can be loaded into the Evil Portal module and can be used to capture credentials. Usage and more; https://github.com/kbeflo/evilportals/ I'd be happy to hear about issues, and suggestions. Feel free to ask anything, contribute new templates, and improve the project.
    13 points
  2. Introducing Bash Bunny firmware v1.1 A feature packed firmware awaits Bash Bunny users just one month after release. We've excited to announce version 1.1, including many new features, conveniences, bug fixes and refined experiences. The newly improved LED command adds patterns in addition to variable blinks, as well as standardized payload states for common stages such as setup, attack, cleanup and finish. The Bash Bunny framework now includes support for extensions which augment the bunny scripting language with new commands and functions. Tools can now be installed with eas
    12 points
  3. Hi all -- big news we're super excited to share with you. If you've been following the recent 6th gen WiFi Pineapple developments you may have seen comments about 5 GHz. This has been on our road map for quite some time and man let me tell you it ain't easy. Then again, nothing worth doing ever is, right? Which is why we're excited to introduce our first ever dual-band device (2.4/5 GHz) -- the WiFi Pineapple TETRA! We're way ahead of schedule on the project and I want to give the forums community the first opportunity to get them in your hands because this ongoing project is made possible
    11 points
  4. MANA-Toolkit! Pineapple NANO + TETRA. (IPK installation-files, and source-files ready to compile with OpenWRT-SDK) MANA Toolkit includes a working version of SSLstrip2+dns2proxy for the Pineapples. Last update: 22.07.2018 Changelog: Taxonomy part of hostapd is activated. Updated to follow upstream, same updated source-code as Sensepost is using. Changes have been done to installation part! Remember to read the output! Will no longer use a copy of my python-library. But download the needed python packages fro SSLstrip2, SSLsplit, dns2proxy, crackapd, net-creds, f
    10 points
  5. BunnyTap is coming... 415 ? Ss 0:00 /usr/bin/SCREEN -dmS dnsspoof /usr/sbin/dnsspoof -i usb0 port 53 417 ? Ss 0:00 /usr/bin/SCREEN -dmS node /usr/bin/nodejs ./bunnytap.js 419 pts/0 Ss+ 0:00 /usr/sbin/dnsspoof -i usb0 port 53 420 pts/1 Ssl+ 0:02 /usr/bin/nodejs ./bunnytap.js
    10 points
  6. Lookit, anyone that's been around for awhile, even noobs, there have been ups and downs. Hak5 stuck with it, I just want to say Thank you guys, I hope this year is a New Dawn. Thank you developers so much...guys lets donate a bit to them, they give us the good stuff....WhistleMaster, Newbi3, Foxtrot, sud0nic, Datahead, mbuckyboy, Ingsoc, hfam, ExigentCircumstance, patriceking, phpsystem, barry99705, leg3nd....ect ect... Whatever you have used.... Forgive me devs if I missed you, I had to post on my phone
    10 points
  7. What would be a WiFi Pineapple firmware release without a code name vintage movie poster?
    10 points
  8. Yeey!!!! @Foxtrot REALLY made my day yesterday! 🥳 Hak5 have sponsored me with the latest WiFi Pineapple MKVII 😍 I can't wait to check it out, and start developing stuff for it! Thank you so much @Foxtrot , @Darren Kitchen and everyone else at Hak5 ❤
    9 points
  9. This payload exfiltrates specified documents to the Bash Bunny via SMB (Windows File Sharing). https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/smb_exfiltrator The first stage injects keystrokes into the run dialog. The powershell one-liner wait until the Bash Bunny appears as a network, then copies files and exits. The powershell runs in a minimized state to limit visual impact on the target. The second stage switches the attack mode from HID to RNDIS_ETHERNET and sets up an SMB server using Impacket. It then waits for files to finish copying
    9 points
  10. Hey everyone, Recently I have seen a lot of questions in regards to installing tools on the Bash Bunny. This post will contain a list of .deb files published by Hak5. Please see our wiki for installation instructions. If you would like to suggest a tool to be published, please reply to this thread. All other posts will be removed. Impacket Responder Gohttp Metasploit-Framework (Requires firmware 1.6 or above). Disclaimer: Hak5 is not responsible for these tools. They are 3rd party packages and have not been checked for stability or security. Hak5 si
    9 points
  11. Module: Site Survey Version: 1.2 Features: View APs around with information such as SSID, MAC, Encryption, Cipher, Auth, Channel, Frequency, Signal Quality. View connected Clients Vendor information on AP's MAC Start capture on AP Start deauth on AP Capture history with information such as number of IVS or 4-Way Handshake Change log: 1.2 Add timer to know when the scan will be finished1.1 View connected Clients Bug fixes
    9 points
  12. For all the people who are new at this whole “computer†thing and don’t really understand what hacking is all about and where to begin, I offer up these links to some great places to start learning. Please contribute to this thread and I will keep it up to date. Probably should be made sticky. News: www.digg.com www.slashdot.org Presentations: http://www.lessig.org/freeculture/free.html <-- A speech given talking all about the problems facing culture when dealing with copyright and other digital laws. Podcasts: http://www.grc.com/SecurityNow.htm <-- This is fantastic f
    9 points
  13. WiFi Pineapple - Themes Github: https://github.com/kbeflo/pineapple-themes Dark Theme Install: wget -qO- https://raw.githubusercontent.com/kbeflo/pineapple-themes/master/dark/install-dark.sh | bash Screenshots:
    9 points
  14. I think we may do a pre-order next week leading up to the launch on Friday, but it wouldn't be publicized really. Just something special for us cool peeps on the forums & IRC.
    9 points
  15. Hey all - just thought I'd share a great time I had with the NANO this weekend. My dear friends got married this weekend and I thought I'd have some fun, but not in the usual pineapple-y way. I wanted to wish them the best and congratulate them in my way - the hacker way. I loaded up the NANO with the Occupineapple module and created a list comprised of: Congrats Drew and Pete! Woohoo Pete and Drew! P&D 2016! Pete and Drew Tie the Knot! Pete and Drew Forever! etc, etc, etc I used a small usb battery, and fit it into my tux. People started arriving, and of course after the obligat
    9 points
  16. Hi @RazerBlade, I'm sorry you are not satisfied with the WiFi Pineapple. I haven't been able to spend a lot of time on the WiFi Pineapple lately, because I was focusing on other Hak5 products. That's why you haven't seen any firmware or system module updates. In terms of bugs, I am aware that some exist, but you should know that only a small subset of our users experience them, which make them hard to track down. Once I pick up the WiFi Pineapple again, I'm going to go over every Module (maybe one a week) and rid it of bugs and usability issues. I'll also be launching RCs to ens
    9 points
  17. Hey Everyone, Just three and a half weeks from dev launch, the WiFi Pineapple NANO is getting its first full firmware update. We're excited to bring you a number of bug fixes and features. In the coming days modules will begin to become available over the air through the Module Manager. Similarly the package repository is now online. Our next focus will be on API documentation. Thank you all for the continued support and feedback! Once again please submit any bugs found to wifipineapple.com/bugs Changelog 1.0.6: Wireless Update WiFi drivers from upstream Fixed an issue where the m
    9 points
  18. Hey guys we're super excited to introduce our 6th gen wireless network auditing tool! We're calling it the WiFi Pineapple NANO. We engineered it from the ground up based on the successes and feedback from the Mark V with a focus performance and usability. What we ended up with is something total new. It's not a simple client radio, or just a router or access point. We believe the WiFi Pineapple NANO is the most powerful wireless network auditing tool you can put in your pants. It leverages our unique hardware design and intuitive new web interface to integrate with your pentest workflow.
    9 points
  19. To all those that are whining about "customer service" and/or the "we want value for money" boys; you're not only giving your money for the hardware, you're also supporting innovation. You're supporting a good cause, see it as a way you can make Unicef keep doing what they do. But without the CEO that fills his pockets with $1000000 a year. Besides that, they have given us more updates for the hardware then Linksys, Netgear and Belkin did combined for all of their stuff in the past year... And not only you get the best piece of hardware you yourself never could come up with, they also are
    9 points
  20. Hi everyone, In an effort to lower the barrier to entry of writing Ducky Scripts even more, our newest addition to the development team @dallaswinger has created a totally self-contained HTML file which acts as a Ducky Script encoder. In addition to supporting all currently available commands the original Java based Duckencoder, this new version also supports different keyboard layouts in the form of the Bash Bunny language files. We will be adding more features to this encoder soon, and are especially looking forward to your feedback. Please leave all suggestions or bug reports
    8 points
  21. Xavious! Thanks for all your help and useful input. Those of us with mind reading skills really enjoy your insights. In 31 years of IT and Network administration I've known many folks like yourself. Fired every single one of them. X:\Downloads\c2-1.1.1_community\c2_community-windows-64.exe -hostname 10.0.0.1 -listenport 80 Where -hostname can equal your gateway on your network or an actual URL. _listenport for browser in this case If all goes well you should see something like this: X:\Users\You>X:\Downloads\c2-1.1.1_community\c2_community-windows-64.exe -hostname 10.0.0.1 -l
    8 points
  22. Hello all, With MAC's (and Linux) you have to know the device of course to serial into it. To make it quicker for me I wrote the below script to search the MAC for the bash bunny (If you have multiple modems this may not work for you) and prompt you to connect to it. Feel free to use and modify as desired. #!/bin/bash # # Title: Mac Serial Connect # Author: NightStalker # Version: 1.0 # # Finds the Bash Bunny in the /dev/cu.* location and # prompt you to connect to it. clear bunnyloc=`ls /dev/cu.* | grep usbmodem` echo "Bash bunny is located at: $bunnyloc" read
    8 points
  23. The new firmware is coming, and the current plan is to release it before Christmas. Because this upgrade is very important to us (and is packed with features and fixes), we wanted to take our time and do it right, rather than launch a bunch of new firmware in short succession. That said, after this release, upgrades will be much more frequent, with the possibility of nightly builds in Q1 of 2018.
    8 points
  24. Currently working on a PoC - we'll see how well it works.
    8 points
  25. Ahem... So does being mid Sept. constitute appeasing our endless anticipation with at least another hint? Can't blame a fellow for trying right...
    8 points
  26. I'll be demoing this on next weeks Hak5 episode but figured I'd post it here first and get some feedback. Thus far it works perfectly on a Galaxy Nexus running the latest Android 4.2.1. I've also tested it with a Galaxy Note 2 running 4.2.1 and it ran as expected. I'm very surprised that with the stock Android OS and recommended settings of setting a PIN code this was possible. I had expected the phone to reset or format after 100 attempts or something like that. With a 4 digit PIN and the default of 5 tries followed by a 30 second timeout you're looking at a best case scenario of exhausti
    7 points
  27. I haven't had a chance to read this entire thread but I can respond to the OP and say, absolutely not, Hak5 is very much alive. I understand that we haven't put out many of our regular videos lately. Personally I've been taking a bit of a hiatus to restructure some things in my life that needed attention. With that said we have a lot of great programming right around the corner coming to the channel - some familiar faces, some new faces, and some fantastic shows all around. Stay tuned for a channel teaser in the next few weeks.
    7 points
  28. Hak5 is proud to release the firmware we’ve all been waiting for - the much anticipated WiFi Pineapple version 2.0.0! This beast of a release brings a complete rewrite of the pineapple core, numerous enhancements to the web interface, updates to the OS and base packages across the board as well as dozens of performance tweaks, stability improvements and bug fixes. For instance you can now sort and download recon and profiling data. OUI lookups are just clicks away and raw HEX frames can even be injected from PineAP - just to name a few. There's more in this release than we can even l
    7 points
  29. Hi everyone, We just released firmware version 2.5.x for the WiFi Pineapple, vastly improving the PineAP engine. Expect greater results on your next wireless engagement with this release. Changelog 2.5.4: Recon Fixed an issue where scan times would be invalid in non-Chromium web browsers. Changelog 2.5.3: Clients Fixed an issue where SSIDs would not populate. Filters Add detailed Filters information. Setup Choosing the Filter modes is now required upon Setup. Recon Fixed an issue where, in some cases, probes would
    7 points
  30. Hi All - I've started the beginning of a comprehensive user manual on the WiFi Pineapple NANO and TETRA. This will eventually become available as a PDF download, but until then I invite you all to review and comment on the living Google Doc either here or in the doc. https://docs.google.com/document/d/1KVYSTedUJTjn8VxG2Wk2iXeo3QHnnwM8V1GVFnr8w8c I'm very excited to hear your feedback on what I believe will help many newcomers and veterans alike with this project. Cheers!
    7 points
  31. Hot off the heels of 1.2 our brave little bunny is hopping into 1.3 with exciting new features and fixes! This Kilo Echo Whiskey Lima release is cool as a cucumber - with new CPU performance and thermal enhancements to boot! In fact, the new CUCUMBER command allows you to throttle down to one core for chilly long term deployments - or put the petal to the metal and go PLAID with all out quad core speeds! We even snuck in some sneaky new ATTACKMODE features - like ATTACKMODE OFF to run dark and go completely bus silent after your attack completes. Or new ATTACKMODE parameters for
    7 points
  32. not sure what it is yet but just shut up and take my money!!!
    7 points
  33. dafuq are you talking about? If you have a problem with a module post the issue in its support thread and the developer will help you.
    7 points
  34. TL;DR: The NANO isn't txpower locked -- they're capped the chips maximum which is what we've implemented. No magic command is going to push the silicon past its spec. The easy way to increase total output power is with a higher gain antenna. If you want to take it a step further, I recommend using a low noise amplifier like the USB powered ALFA booster in the hakshop. There's a lot of myth and legend surrounding txpower, mostly because improperly configured systems would let you set the txpower as high as the config file would allow -- but not actually do anything. So while you can sometimes
    7 points
  35. If you read through these forums a few things should become readily apparent. First, this community is very supportive and helpful and Hak5 is quite responsive. You'll also notice that many threads are successfully marked answered, and many others do not require such tags. Some have to do with newcomers to the project, or Linux as a whole -- and that's awesome (we welcome you). Most of the "unanswered" threads are known issues being addressed by the upcoming firmware release this week. I'm using a beta build on 1.0.2 now and it has addressed many of the concerns. Likewise if you take a few st
    7 points
  36. PMKID Attack WPA/WPA2 on WiFi Pineapples! Pineapple NANO + TETRA WARNING! This attack is EXTREMELY effective on the Pineapples! And is capable of capturing an entire neighborhood of PMKID's in a minute or less, even without access-points! ONLY use hcxdumptool on networks and devices you have expressive permission to, because of this: hcxdumptool is able to prevent complete wlan traffic! hcxdumptool is able to capture PMKID's from access points (only one single PMKID from an access point is required!) hcxdumptool is able to capture handshakes from not conn
    6 points
  37. Seems unnecessarily aggressive...
    6 points
  38. See some people getting stuck with updating bunnies and tools etc. so put together quicklist of what I did from a brand new bash bunny on my linux box. I'm sure there are some differences with OSX and windows but in general with adaptation or tweaks this should work for all as a general outline. 1. Read the wiki - seriously even if you dont remember it all, know where it is and use it for reference. 2. Switch position to 3 (closest to USB) and insert to pc. With mine I got a blue light. I also backed up the original payloads dir but its not required. 3. Clone the payloads github
    6 points
  39. It's also my opinion that you don't need to be very knowledgeable on <topic> to be a hacker. It's a mindset, or a way of thinking, a personality.
    6 points
  40. Hello all, being a proxy engineer when I got the Bash Bunny the first thing I thought of was how can I force people who are (excuse my assumptions here ) lazy to lock their machines when they walk away and leave them vulnerable. As a pentester an unlocked and unattended machine is a gold mine but you sometimes only have those few precious seconds to gather the data you need. If you could set a proxy and more important a SSL proxy by inserting your certificate as well you could gather all the intel you need even after the initial attack. Enter Proxy Interceptor (Geeky name I know), this pa
    6 points
  41. Hey Everyone, As is likely apparent from the name, Buffalo Bulldozer is a rock solid release with the intent of synchronizing a stable base for both WiFi Pineapples in the 6th generation - the NANO and TETRA. We've implemented some major improvements to the Recon mode of the PineAP engine, both increasing accuracy as well as stability. Recon scans now gather both AP and Client information by default using only one radio. This change decreases wlan0 overhead, allowing for faster association responses and uninterrupted communication with connected clients. WPS detection has also been a
    6 points
  42. Both the nano and tetra will receive a new firmware upgrade in short order. We hope to have improved the experience a lot with the coming release.
    6 points
  43. Here's the official specs: Atheros AR9331 SoC at 400 MHz MIPS 16 MB Onboard Flash 64 MB DDR2 RAM 2x 10/100 Ethernet Port USB 2.0 Host Port 4-way payload select switch RGB Indicator LED Scriptable Push-Button Power: USB 5V 120mA average draw Dimensions: 50 x 39 x 16 mm Weight: 24 grams
    6 points
  44. https://hakshop.com/products/packet-squirrel
    6 points
  45. Just working on securing a venue for a Hak5 event in San Francisco mid October to introduce you all to our new furry friends. ?️?️?️
    6 points
  46. No we aren't... Some people read books then go out and sell their services as testers and let people down. That reflects badly on the industry and can get clients into trouble if they trust bad advice or rely on faulty results. Some people pose as testers to ask questions that they know if they asked offering their real intentions that they would be kicked off. Some people are just hobbyists. Someone who is a working pen tester would know how to scan a network to find user names and would know that you can't know what reach you have into a network without looking.
    6 points
  47. Hi This is a module that allows you to quickly generate a template for your GUI module. You can also manage the modules you have generated in the past. Module Maker creates a template for your module, with some comments to help you understand what each file does and how they work together. Images are available in the spoiler. -Foxtrot
    6 points
  48. ZaraByte - Thanks for providing detailed feedback on the WiFi Pineapple NANO. While it is unfortunate that your particular Android device does not support USB Tethering, I have yet to see any indication that your NANO is not working properly. Similar to the wp6.sh script, the WiFi Pineapple Connector app is provided free of charge as a convenient way to tether the device. The former is a front-end to iptables, and the later is a front-end to figuring out the IP address of the WiFi Pineapple on your Android device when USB Tethered. Given the nearly infinite unix network configurations and ne
    6 points
  49. I'm planning on doing some videos covering the core functionality. For right now I highly recommend checking out the Help section in the new interface. I know it sorta sounds like I'm saying RTFM, but as the author of TFM -- I tend to think it's pretty good
    6 points
×
×
  • Create New...