[Shark Jack stopped working]

You probably got some input on Discord about it all

[key croc factory reset not working]

1 hour ago, Fitzy789 said:

its not being able to be recognized by the computer i think this is due to the usb being worn (i think the data line

 

On 6/19/2024 at 4:40 PM, Fitzy789 said:

it would work fine (as in the keyboard would type)

It seems to be rather non logic that it's the data line being faulty if the keyboard succeeds in passing through keystrokes when the Croc sits in line between the PC and the keyboard

if it's not covered by warranty any longer, it's always possible to crack it open (which will void warranty) and check the soldering to verify if any cable isn't connected to the PCB properly (or, solder a new cable and USB connector to the PCB to eliminate any broken cable inside the "pigtail")

1 hour ago, Fitzy789 said:

i am unable to find what the ip is to ssh into the croc

to get an IP to ssh into, you need to configure the Croc to connect as a client to some WiFi network (or create a payload using a network attackmode), but since you can't get it into arming mode, you can't reach the config file or payload file on the udisk, try (as I said in the previous post) to connect to the Croc using serial instead when it is assumed to be in arming mode (even if it fails to mount as a storage device to the PC it's connected to)

1 hour ago, Fitzy789 said:

am i able to try get it repaired

if you've had the Croc for a while, I doubt that it would be covered by warranty, but you could always try to submit a support ticket and ask

[key croc factory reset not working]

Tried different USB ports? Different computers?

Tried to serial into the Croc when in arming mode?

[key croc factory reset not working]

45 minutes ago, Fitzy789 said:

but after it was factory reset nothing had changed as in it was the same firmware

What firmware did it have before the factory reset?

 

45 minutes ago, Fitzy789 said:

the config file still had my ssid and password saved

It's there because the udisk is left untouched in large aspects on a factory reset.

 

There's of course also a possibility that the factory reset wasn't successful.

 

1 hour ago, Fitzy789 said:

it also struggled to be detected by my computer when it was in arming mode

In what way does this show? Isn't it entering arming mode straight away? Does it enter arming mode after a while (like after 1 minute roughly)? Is Cloud C2 configured on the Croc?

 

[rubber ducky isssue working as normal usb]

What payload(s) are you using, and how did you encode/compile it?

Using a 128 GB Micro SD card I rather overkill, but it depends on the use case.

[How to Share Internet]

1 hour ago, Emperorr said:

Is possible with PPTP VPN PROTOCOL.

How's that going to help fixing it?

[Bash Bunny Mark II]

The only thing I can think of is that the hardware switch is faulty. Otherwise, that shouldn't be an issue at all if all steps are executed properly. I don't think it is faulty though because it should blink blue in arming mode as well, not green.

To test the hardware switch, boot the Bunny in arming mode and serial into it
Safely unmount the Bunny storage from the target computer (i.e. the computer that the Bunny is attached to), but do not physically remove it from the computer
In the serial terminal, run:
udisk mount
cd /root/udisk/payloads/extensions
source ./get.sh
GET SWITCH_POSITION && echo $SWITCH_POSITION
it should return "switch3"
flip the hardware switch of the Bunny to the middle position (with the Bunny still plugged in to the computer) and run the same command again
it should return "switch2"
flip the hardware switch of the Bunny to the position that is most far from the USB connector (with the Bunny still plugged in to the computer) and run the same command again
it should return "switch1"

then run
cd
udisk unmount

[Wifi Pineapple as probe logger]

 

[Wifi Modules & its dependencies installation manually]

More details needed.

What modules are you trying to install using the web UI?

What packages are you trying to install manually?

What exact errors/feedback do you get?

[Bash Bunny Mark II]

Define "not working". In what way isn't that payload working? What are you expecting to happen, and what does actually happen? Not possible to serial into the Bunny using that payload? Not showing up as a storage device on the target device?

What other payloads have you tried?

Are you using a Micro SD card?

[Understanding the HIDE_PAYLOAD command]

Not really sure why all that text was needed to ask that question, but, anyway...

What is the definition of "secure" in this case? Non recoverable? If that is the definition, then no. Although it depends. Using some kind of file recovery software will most likely find the inject.bin file and be able to restore it.

However, after successfully restoring the file comes the next thing, trying to "reverse engineer" the inject.bin file to readable plain text code which probably will be a challenge for most people.

[Remote USB / HID wireless or wired]

The Croc has wireless built-in, but not for the purpose you're asking. The Croc needs to sit physically in-line between the PC and the keyboard to capture keystrokes.

[HID/Mass Storage interaction]

It will execute the payload at every boot, so nothing strange about that. If you want to stop it from running the payload, you have to replace the payload with something else. Or, as you say, press the button at boot to enter arming mode.

[Bash Bunny Mark II]

Post Bunny related questions in the Bunny section of the forums. Also read the documentation, and be more specific about what you are trying and in what way it fails.

[Where are pineAP logs located?]

Or /root

Not sure if it has changed in newer firmwares. On my Mark VII, I have the PineAP logs in /root/log.db though (and it's quite recently reset).

[Where are pineAP logs located?]

Did you check /tmp ?

[Feature Request]

9 minutes ago, JDM said:

First connect the router to the network,  then connect a device the router and accept the terms of service. After that all other devices should be able to connect with out issue correct?

That would be a way of doing it. At least try. Of course, there are always a bunch of "it depends" in all of this since every network isn't set up the same way. Most guest networks (or such) should work using this kind of method though. DNS servers might be needed to be tweaked in some cases, but that will be obvious when things aren't working when it comes to resolving domain names.

Another way (a bit more steps though) would be to connect to the network using a device and register it on the guest network, then just use the MAC address of the registered device and set it as the MAC address of the wlan2 interface of the Pineapple.

[Feature Request]

It's possible (on most networks), so no real need for a feature request, but I would really not suggest using the Pineapple as a travel router. It's not the intended use case for it. But, if you are willing to accept any downsides you might experience (such as lack of network speed), it's nothing stopping you from using it that way.

[Network admin passed away and cannot manage infrastructure no passwords]

When it comes to Hak5 products, I would most likely say no in this specific case.

These kinds of scenarios almost always haven't got a quick and simple answer. One have to deep dive into the setup of the specific environment and look for possible ways that might be the result of such recon. It's also a good thing to let someone that knows these things do the work, and not try yourself if you don't have the knowledge needed. In worst case it will make the already bad scenario even more bad. Hire someone from a reliable company to do it instead.

Another reason to why these kinds of questions perhaps don't get full answers is that it can be "malicious", i.e. none of the said is true (fake story/scenario) and someone just want tips on how to illegally access an environment they aren't allowed to access.

The "lessons learned" in this case is that things happen, and however tragic they are, processes needs to be in place that stops these kinds of situations to appear. A single admin shouldn't be the only one in control of credentials, and they should for sure not store it on their personal devices.

[Cloud c2 Functionality with Mark VII]

If you have the Pro version of C2 and can't get access to the web UI features of the Pineapple, I'd suggest submitting a support ticket.

[Pinapple setup issue]

Post Pineapple related question in the Pineapple section of the forums

(As the very first/pinned thread in this forum section says)

 

[Key croc]

It's an implant that is supposed to sit in-line between a physical keyboard and a computer (or any other type of device that uses a USB keyboard that is "compatible" with the features that the Croc offers). It has WiFi, but acts as a client on the network it is connected to. It's not an AP (it can be tweaked to host one, but it's not how it was intended to be used though). If you find a general way of obtaining iPhone credentials over a network, then you could work on that use case and see if you are lucky, but I wouldn't hold my breath waiting for success.

[IPhone screen lock + remote control]

If there is a way to exploit iPhones that way over a network, it might work. The Pineapple alone won't do the job getting screen lock information.

[My c2 keeps going unresponsive]

In what way are you starting C2? Manually, or as a service? Starting it manually in the terminal makes the process terminate when the terminal terminates. If so, you need to set it up as a service to keep it running even when you have no terminal active.

[add user and change password credential login win 8,10,11]

5 hours ago, samcro said:

This is a script that takes a photo of the user, leaves it in facial recognition with a green frame on the PC or notebook, adds a user and changes the user's password, FINALLY it remains as wallpaper.

It is written in Python ver 2.7 and works for all versions.

 

ps to convert it into a rubber script we must upload it to dorpox generate link.

 

<---------------->

REM loook at me

import os
import cv2
import time
import win32api
import win32con
import pyautogui
import subprocess
import tkinter as tk

# Inicializar la cámara (start camera)
cap = cv2.VideoCapture(0)

# Tomar una foto (take photo)
ret, frame = cap.read()

# Mostrar la foto por 5 segundos (show pic 5 seconds)
cv2.imshow('Foto', frame)
cv2.waitKey(5000)
cv2.destroyAllWindows()

# Hacer un marco verde en la foto (make a green frame)
frame = cv2.rectangle(frame, (0, 0), (frame.shape[1], frame.shape[0]), (0, 255, 0), 10)

# Guardar la foto con el marco verde
cv2.imwrite('foto_con_marco.jpg', frame)

# Cambiar la contraseña de usuario (change user password)
win32api.keybd_event(0x11, 0, 0, 0) # Presionar la tecla "Control"
win32api.keybd_event(0x4B, 0, 0, 0) # Presionar la tecla "K"
win32api.keybd_event(0x4B, 0, win32con.KEYEVENTF_KEYUP, 0) # Soltar la tecla "K"
win32api.keybd_event(0x11, 0, win32con.KEYEVENTF_KEYUP, 0) # Soltar la tecla "Control"

win32api.keybd_event(0x31, 0, 0, 0) # Presionar la tecla "1"
win32api.keybd_event(0x32, 0, 0, 0) # Presionar la tecla "2"
win32api.keybd_event(0x33, 0, 0, 0) # Presionar la tecla "3"
win32api.keybd_event(0x34, 0, 0, 0) # Presionar la tecla "4"
win32api.keybd_event(0x35, 0, 0, 0) # Presionar la tecla "5"
win32api.keybd_event(0x36, 0, 0, 0) # Presionar la tecla "6"
win32api.keybd_event(0x37, 0, 0, 0) # Presionar la tecla "7"
win32api.keybd_event(0x38, 0, 0, 0) # Presionar la tecla "8"
win32api.keybd_event(0x39, 0, 0, 0) # Presionar la tecla "9"
win32api.keybd_event(0x30, 0, 0, 0) # Presionar la tecla "0"

win32api.keybd_event(0x0D, 0, 0, 0) # Presionar la tecla "Enter"

 

lol...