[Security]

Future security solutions...

• limit http and ssh access to certain hosts
  
• add encryption to a new management ssid
  
• enable ssh & http to only eth0 interface
  
• enable SSL on http access / https
  
• only permit management though ssh access (restrict http access to all but lo)
  
• build web user access who is not root
  
• disable root access, make user escalate for SU rights
  

Just brainstorming ideas

[Security]

with all this concern about security it amazes me that we dont have encryption on the management ssid NOR SSL on the web traffic..

Out of the box I guess you could do an shell connection with port forwarding.

So the moral of the story is think carefully about changing the root password to something that is familiar to you as it is transmitted in clear text.

[Module Idea...]

How about a file manager as a module.

That way you could pull logs and other tools just by connecting and logging in.

[Battery Life]

Ok I ran MKIV with a 16GB SanDisk Fit on a 5000mAh Battery with wireless and karma on and it after 24 hours straight I still have over 25% left in the battery.

The battery I used was...

monoprice 5000mAh

[Karma Isnt Saying Yes!]

target: android ICS Evo LTE

[Karma Isnt Saying Yes!]

Well ICS is working.

[Karma Isnt Saying Yes!]

Oh yes I tried reflashing... forgot about that.

I changed the IP Scheme to fit into my Macbook ICS restrictions.

I didn't know about OSOC. Ill have to look into it.

[Oui Lookup]

Just an idea but what if the MKIV could do an OUI lookup on the MAC?

[Karma Isnt Saying Yes!]

Pineapple Hardware Version: Mark IV

Pineapple Software Version: 2.3.1

OS used to connect to the pineapple: OSX Lion

Network layout of how your setup is connected (including IP information): mac is connected to wireless AP using WiFi (internet), mac ethernet is connected to Mark IV lan port.

Mac WiFI: 10.7.1.132/16

Mac ETH: 192.168.2.200/24

Mark LAN Port: 192.168.2.254/24 GW 192.168.2.200

All the tools/options that are running on the pineapple when the issue happened: usb drive installed with swap space setup

Ping results from computer to pineapple: 100% pass

Is the problem repeatable (Yes/No): YES

Steps taken which created the problem: Haven't gotten it working

Error Messages: None

Log file information:

Anything else that was attempted to 'fix' the problem: Converted address space to 192.168.2.0 instead of 172.16.42.0 following instructions. Mark IV is able to access internet through OSX system (pings and module listings) Wireless is on as I can see the pineapple SSID and connect to it. Mark IV KARMA is ON. I have created other "fake" wireless SSID on target machines to pump out Probe requests but I am still not able to get a karma response.

[Solar Pineapple]

looks like a lead acid UPS battery.

[Solar Pineapple]

Might be interesting to have the pineapple be able to monitor the battery and solar health. Maybe send/tweet an SOS if the battery reaches a threshold.

[The Quadshot...]

Just in case anyone missed the Kickstarter project...

The Quadshot team is now offering preorders.

http://thequadshot.com/

10% off for preordering.

ALSO... You can see that they support the HAK5 show in this video... http://thequadshot.com/blogs/news/4765612-quadshot-episode-6

[[Question] New Red Ducky?]

cross platform support was also removed.

I really hope this project doesn't go down this path as that is a real waste of time and $.

[[Question] New Red Ducky?]

agreed...

[[Question] New Red Ducky?]

I like that MicroSD slot alot more than the original design.

[Mark3 Just Received Is Not Working]

I tried it at home. over 1/2 dozen laptops sitting around. even took it out and about on a walk and never got any other ssids other than internet and pineapple (the 2 internal ssids)

[Mark3 Just Received Is Not Working]

it does.

[Mark3 Just Received Is Not Working]

Darren I did exactly that.

Added "this is a fake" ssid to my cell phone set it to disassociate to any other network and start searching for known networks. No luck.

Watched the segment several times trying to make sure I didnt miss a setup.

[Mark3 Just Received Is Not Working]

I am having some issues getting karma to work on my mark 3.

I have tried resetting it but I still does not recognize and start responding from my probes. I dont get any error messages.

Is there a log where I can get more information on what is going on?

The Mrk3 is completely stock and I just received it from the hak-Shop today.

[[Question] Could The Duck Be Used As A Backup Tool]

Not until we can access the SD card after a firmware update.

Right now you could use 2 devices the USB Rubber duckie and anther usb medium (usb flash drive/usb hard drive/ect) and have the duck run the commands to backup the data to dedicated external device.

[[Question] Binary Breakdown?]

Hopefully the FW will be out soon with source.

[[Suggestion] Keyboard Caps Lock As Communication]

If a HID is not able to receive data then how does the LED get lit on a physical USB Keyboard?

[[Question] Usb Rubber Ducky Micro Sd Storage]

You might have a bad card. :/ does it work in a reader?

You might want to clean the microsd card with rubbing alcohol. Also reformatting the card might be prudent.

[[Question] Usb Rubber Ducky Micro Sd Storage]

I found that if the SD card was not in the duck the LED is RED. Are you sure you had the SD card sitting properly? The SD card should not slide out when the metal door is down.

[[Question] Usb Rubber Ducky Micro Sd Storage]

Im using a 8gb Micro SD without issues. Have you checked how it is formatted? Mine is FAT32.