Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 06/10/2019 in all areas

  1. 2 points
    Indeed. If you don't want information "leaking" around through Cortana, just disable her ; never / don't config. during setup.
  2. 2 points
    The BashBunny can do USB-HID (keyboard), USB-serial and USB-ethernet, the packet squirrel can only do network-related attacks. Furthermore, the BashBunny has more local storage, more RAM and more computational power. You should think of the Packet Squirrel more like a LAN Turtle except for being inline ethernet.
  3. 1 point
    I’m not affiliated in anyway to this guy but I wish he was someone I hung out with; I’msure it would make me a smarter person. I love this guy’s apps. They’re informative, useful and to the point. He’s one of three app developers where I’ve sent extra money to support his work. His Electronic Toolbox Pro and RF-Toolbox Pro are way over my head. His Network Toolbox app is something I keep on my static iphone dock. Man is It’s useful. Check out his stuff I think most of the serious people on this forum would appriciate his work. https://itunes.apple.com/us/developer/marcus-roskosch/id334053438 https://roskosch.de
  4. 1 point
    nano is good and the tetra is better. both do the same thing, but the tetra has more power and 5ghz
  5. 1 point
    I would wait until the majority of people that have a Nano, can say that they have no problem connecting wlan2. I believe that it is a firmware/software issue that is just not being fixed. I cannot find a wifi adaptor that will work correctly (because the wifi adaptor is not the problem). Hak5 is really slow at addressing the problems and it's generally the forum members that have to do the debugging. Bob
  6. 1 point
    This may seem crazy but unplug it, remove the battery, and press the power button for at least two straight minutes. Coworker had a brand new laptop and the same thing happened. One day it just refused to turn on. I don't know if a capacitor holds a charge when it shouldn't or what the deal is. I never thought in a million years that trick would work but for whatever reason it did. Hope this helps.
  7. 1 point
    We, are the product for them. You have the right to choose what you share with them.
  8. 1 point
    Use a good VPN and make sure you do full certificate checks when authenticating. Only visiting HTTPS based sites, and again, checking certificates, will also help.
  9. 1 point
    Facebook, google, twitter, apple microsoft. They all listen. They all watch, they all sell. It's up to you if you are happy with it, if you minimise it, or just shrug and get on with your life. You're online, someone, or something, is watching. Cortana is no more "malicious" than Siri, Alexa or Google
  10. 1 point
    How old is your daughter? To be honest the worst thing to do is to monitor her all the time. Simple things like AdBlocker (to protect her from harmful ads) and maybe a firewall (see PfSense) on your router could be enough. "Black Mirror Season 4: Arkangel" <-- for when you don't know what parental controls in the future might do 😅 Just make sure you talk to her about it, that she needs to be wary of the dangerous/strange stuff she can see online.
  11. 1 point
    To allow it to brute force the admin account even if the account name has been changed you should add the following: call psgetsid.exe rerun psgetsid with the output and add -500 to the end grab that output and run the attack against account name This will return the name of the administrator account even if its been renamed.
  12. 1 point
    Make sure ya have permission by owner sure
  13. 1 point
    Depends if you've got permission.
  14. 1 point
    Check your local laws.
  15. 1 point
    1 go to https://downloads.hak5.org/ 2 wifi pineapple 3 select pineapple 4 page down 5 download WiFi Pineapple TETRA Recovery Firmware 6 hold resset button 10 second opening 7 change ip setting 192.168.1.2 255.255.255.0 8 go to page 192.168.1.1 9 select file 10 upload fw and wait 3-4 minutes 11 finish
  16. 1 point
    You could ask the owners of the camera for access. 🙂
  17. 1 point
    when i go to recon and press start it says pineap needs to be enable when clicking to enable it it wont enable and thus being unable to do scans . ON current update 2.5.4
  18. 1 point
    The problem IS your filters, your homework is to figure out what and why. Watch this from start to end - :) 11:05
  19. 1 point
    Great points guys. I started a similar thread asking about the Turtle and Squirrel specifically since they are so similar. I encourage anyone who has input to reply to that thread. I would love to see a detailed comparison of the two so I can better round out my toolkit and processes. Thanks to all who reply!
  20. 1 point
    You guys sum it up well. Now that we've rounded out the catalog I've setup a page that hopefully makes it clearer - https://www.hak5.org/gear Basically the typical use cases of the USB physical access tools, like the bunny and ducky, are for drive-by attacks - usually under a minute for an exploit. Our Ethernet tools are made more for longer term deployments - like doing a packet capture or recon scan for a few minutes, or planting at the client site semi-permanently (throughout the engagement)
  21. 1 point
    They are tools for two different types of attacks. Bashbunny is geared toward USB based attacks on the machine by pretending to be different USB devices in different combinations. You plug it into a USB on the victim and it types out stuff or does something on its brought up USB network, etc. The BB cannot do MiTM outright. Some have been trying to do hacks so it can but it doesn't automatically. The Squirrel, from what I read, is a MiTM device. It is designed to sit between two network connections. It can capture packets that go through it on an external usb storage and do a variety of MiTM attacks. One is for network level attacks and one is direct host USB interaction attacks.
  22. 1 point
    One thing the Packet Squirrel can do however is things that require a network uplink. For example packet-sniffing, redirects, cookie-theft and such. The BashBunny is something you'll probably remove after a minute, like the ducky, while the Packet Squirrel is intended to stay "behind enemy lines".
  23. 1 point
    The bashbunny and packetsquirrel are two different devices that do different things.
  24. 1 point
    WabbitWeb The ultimate payload-handling tool! Hey guys, I finally got around to uploading my first payload, after many weeks of tinkering with it - trying to get it to work. So, what did I spend hours upon days upon multiple weeks making? This. A tool that focuses mainly on handling payloads. With this tool, you have to know that payloads are referred to as Letters, as the payloads are saved as letters (A, B and C). Target: Windows 7, 8, 8.1, 10 Dependencies: Impacket - For SMB server - WabbitWeb will still work without Impacket, but won't start the SMB server Directory 'ww' - Holds everything, basically Features: BashBunny-hosted python webserver - Handles all of the events, commands and pages! - Beautiful, user-friendly web interface that scales with your screen! File Command System (FCS - makes it sound a bit fancier) - Uses the BashBunny's file system to handle commands and functions! - If there is a file called COMMAND.sh in the 'ww' directory, it will instantly source and delete it! - Allows WabbitWeb to have a CLI interface in the website itself! Payload Launcher - Website app (handled by FCS) - Launch a Letter you just created using the Payload Editor! Payload Editor - Website app (handled by FCS) - Create a Letter, a payload saved to a letter (A, B or C) that is runnable almost instantly! - Doesn't handle existing payloads, only allows you to create new ones (future feature, maybe?) Command Line - Pass commands straight to the Bunny! - Logs and saves all commands to WabbitWeb! SMB Launcher - Website app (handled by FCS) - Launches a SMB server at WabbitWeb's payload folder - giving you access to all it's code DURING RUNTIME! - Automagically starts up a Windows Explorer window pointed straight at the SMB server! - Edit your Letters in your own editor (e.g. Notepad++) or copy your own payload to the folder, then use the Payload Launcher to run them! Shutdown (yes..this is a feature!) - Website app (handled by FCS) - Shuts down WabbitWeb (...what did you expect?) - Uses ATTACKMODE OFF to hide, thanks to firmware 1.3! Known bugs: Payload Editor - LED commands return a usage error - Sleep functions don't register - Swapping ATTACKMODEs isn't wise (doable, but it doesn't like it too much) Github: Link to Github page I will be updating this quite a bit in the background, so stay tuned if you are interested in keeping this up-to-date. I will only upload versions that are working properly, so don't worry if you think that its main features (Letters - Payload Launcher and Payload Editor) might not be working and therefore not update. Currently the files are in their own Github (master), so if anyone could give me a rundown of how to get Darren to put them in the payloads folder, shout at me in the comments or PM me. Usage: To use WabbitWeb, just copy the contents of the Github repo to a switch, plug the Bunny in with that switch ready and let it fly. Once it is flashing blue, you can open up Chrome (preferably Chrome, but most web browsers should work fine) and go to: 172.16.64.1:80 which will take you to the WabbitWeb's home page! From there, you can create payloads (known as Letters), launch the Letters you make, start up an SMB server so you can edit the Letters firsthand and edit the webpages if you really want..or just see the code as it is running. Okay, that's cool. How do I edit a Letter from the SMB server's folder? All you need to do is go to the 'scripts' folder and you should see 3 script files (among a few other files) there, la.sh, lb.sh and lc.sh. They are your A, B and C letters. If you create a payload using the Payload Editor, you will see the scripts update. If you create a script using Notepad++ or another program like that (e.g. Notepad - ew..) and save it as one of those letters, you can launch it using the Payload Launcher! Keep in mind that any output you make goes straight to a log file in the usual logs folder, so don't bother manually making a log file unless you want it somewhere specific. Screenshots: Link to Imgur post Updates: Updated to 1.0.1 on 5/05/17 Updated to 1.0.2 on 5/05/17 Updated to 1.0.3 on 8/05/17 Updated to 1.0.4 on 10/05/17 Updated to 1.0.5 on 10/05/17 Updated to 1.0.6 on 11/05/17 Updated to 1.1.0 on 22/05/17 Updated to 1.1.1 on 23/05/17 Feel free to give me lots of constructive feedback! Also, if you can think of anything that may fix any of the bugs above, feel free to comment/PM me! If you find any more bugs, comment below - I'll check this post most days. This payload is open-source and editable as you like, but please do not post a copy of this as your own work, as it isn't nice and it isn't your own work!
×
×
  • Create New...