dark_pyrro

Plugged where?

Pedantic is good! As well as added knowledge in the backpack 🙂

Well, if an organization/web site owner isn't answering to your request, there's not much you can do. I wouldn't in any way do anything without permission, so don't just start trying some random pentesting if they don't answer. Even if you have only good intentions and want to help, you can still be charged. I've seen it happen several times. Even employees that wants to help and "pentest" things without permission has been reported by their employer and then convicted. "Being kind" isn't a relevant/valid argument. You need written permission by someone that have the mandate within the organization to allow such operations. Bug bounty has already been mentioned. You could also look for a security.txt file that has contact information within the organization. Look for it at https://<URL>/.well-known/security.txt (or using http) on each website. It's not a "standard" so don't expect to find it everywhere, but a way to be able to contact website owners about vulnerabilities found. Note though that you might be considered trying to break security if you first find the vulns, then report them. It might get you into trouble. Some orgs are nice, some do things "by the book" and might report you.

As said, what can you do with a keyboard in such a situation? The same capabilities goes for the Ducky. The Ducky would for sure not be my first choice of method in such a scenario.

You can do with the Ducky whatever you can do with a keyboard on a lock screen with no user yet logged in. The Ducky doesn't provide you with some magical key to the kingdom that lets you circumvent all security in an operating system if that was what you were referring to. I guess you have to elaborate on that "lost laptop assesement scenario" to fully understand what you want to achieve.

The Java encoder isn't supported anymore, so it will not be looked into. Not the old HTML/Javascript based encoder either. PayloadStudio is the only supported encoder/compiler. INJECT_MOD isn't a part of DS 1.0 so it will simply not work on the 1st gen Ducky, you'll need the 2nd gen Ducky/DS 3.0 for that.

It's a lot easier if you post the payload code so other can try to recreate what you're experiencing and troubleshoot from there

Read the documentation (you have to be careful when reading though since the old docs for the 1st gen Ducky is removed and is combined with the docs for the 2nd gen Ducky), also check DuckyScripts on GitHub. How to achieve what you want to do is less Ducky related and is more about getting knowledge about how to do it in the target OS. Then make it happen using the Ducky.

What are you actually trying to accomplish here? Do you have the actual knowledge needed of tcpreplay and/or how networking works so that you're 100% sure that what you're trying to do actually is possible to do? You can't just capture anything and replay it and think that the other end will simply accept it. In what way do you verify that some replays works OK and some (one) NOK (i.e. method used)?

I would suggest learning some Linux basics, you will benefit from it for numerous reasons It's not a service, it's a process Run the ps command to list processes running on the Squirrel

Then something is wrong in your setup. The way I described works as a generic instruction on how to set it up from start to finish. The way I describe it is made with the Squirrel in arming mode. Any mode that allows the Squirrel to have internet access (or access to the network where C2 is running) should connect to C2 if it's properly configured, and since arming mode is using NETMODE NAT the Squirrel should have access to an external network. Make sure that C2CONNECT is executed (check that the cc-client process is running).

OK, I haven't had any issues (running full HD on most machines). I seem to remember that there was some issue in earlier firmware versions, but I might remember that wrong. Are you on the latest firmware?

The json file is incomplete and missing chars/keys needs to be added. Just open the language file in PayloadStudio and add the code for BACKSPACE The file also seem to have missing chars specific for Danish and those needs to be added as well. I created a Swedish language file a while ago when a user needed it. I guess that the DK keyboard is pretty similar to SE keyboards, so you might use it as a template and just change the specific Swedish chars to the Danish equivalents. https://codeberg.org/dark_pyrro/Swedish_Layout_Test

Posting Pineapple questions in the correct part of the forums is a good start. Your chances will increase getting answers.

Well, I found hundreds of security related jobs listed on trustworthy sources with a simple search so I have to disagree on that point as well. If they violate GDPR, then just report them to Datatilsynet.

Even if you experiencing the same problem, it's always good to have more detailed information in order to try to guide and troubleshoot. What have you already tried? In what way is the Pineapple accessed/from what OS? etc...

It's a web interface, so I can't see why it wouldn't. Depends on how you define "all the functions" though.

I would dare to disagree with such a generalization. I'm pretty sure there are organizations in Denmark that has (at least some) kind of control. I can't imagine that 802.1X is totally absent in Denmark. Hamlet isn't always correct about every aspect of that country. What are you going to listen to? I assume they have switched networks and not hubs broadcasting traffic everywhere. What are you going to show the CEO? Packet captures? EU organizations will most likely get a bitter pill to swallow when the NIS2 directive becomes domestic law in the member states on the 17th of October 2024. If they haven't done their homework, the risk is that it will be costly if they get reported or caught not being compliant when being scrutinized. Instead of showing some "tech based arguments", I would start educating the organization (and with top management as a priority) to make it clear to them what could happen if they aren't compliant. That will then lead to technical actions needed, preferably based on some method/model like ISO27000, NIST Framework, and/or CIS Controls.

The Plunder Bug has no WiFi built in. It depends on the use case and what's desired, but using some alternative hardware would most likely not be that much of a challenge. Especially taking into account your profession and the type of company you run. You should have the knowledge needed. If speaking of Hak5 devices, it could probably be possible to use a slightly modded Packet Squirrel to achieve "Plunder Bug-like features" along with WiFi capabilities. Note that the Squirrel doesn't have WiFi out of the box but it's possible to add it. However, and as said, it all depends on the use case and it wouldn't be exactly like a Plunder Bug.

I'm a bit confused. It's marked as a solution but still there is a question. Is the issue that it works but sends the replayed traffic to the "wrong" interface, i.e. using br-lan pushes the traffic in the wrong direction/to the wrong actual interface? What happens if you use eth1 instead?

I guess you've gotten some answers on Discord regarding this.

OK... doing it from scratch... Setup: - Cloud C2 running on a Ubuntu 20.04.x LTS machine - Packet Squirrel Mk1 on fw 3.2 - Cloud C2 and Packet Squirrel both on local network (Cloud C2 server = 172.24.12.145) Download the Cloud C2 binary to the Ubuntu machine (verify the sha256 checksum of the downloaded file) wget https://downloads.hak5.org/api/devices/cloudc2/firmwares/3.3.0-stable -O c2.zip Unpack the zip file Create a private/public key pair on the Ubuntu machine openssl req -newkey rsa:2048 -x509 -sha256 -days 3650 -nodes -out c2-publ.crt -keyout c2-priv.key NOTE! Be sure to use the address of the Cloud C2 server for the Common Name field when creating the key pair, in this case 172.24.12.145 Start the Cloud C2 server using the keys created sudo ./c2-*_amd64_linux -hostname 172.24.12.145 -https -keyFile ./c2-priv.key -certFile ./c2-publ.crt Visit the Cloud C2 web UI, do the initial Cloud C2 setup, and add the Packet Squirrel device https://172.24.12.145 Create a device.config file for the Packet Squirrel using the Cloud C2 web UI and download the device.config file from the Cloud C2 server (The copying/scp of the files below can be made in different ways, here, it's done connecting to the Packet Squirrel in "arming mode" switch position to a computer, then the Packet Squirrel will be moved to the network where it will interact with the Cloud C2 server) Copy the device.config file to /etc on the Packet Squirrel scp device.config root@172.16.32.1:/etc Copy the public key file (never copy the private key!) to /etc/ssl/certs on the Packet Squirrel scp c2-publ.crt root@172.16.32.1:/etc/ssl/certs ssh into the Packet Squirrel and add the public key to the already existing ca-certificates.crt file on the Packet Squirrel cat /etc/ssl/certs/c2-publ.crt >> /etc/ssl/certs/ca-certificates.crt (Move the Packet Squirrel to the network where the Cloud C2 server is running, if it hasn't already, and connect the Packet Squirrel to that network using the "WAN" Ethernet port) If the Cloud C2 Ubuntu based machine is running any local firewall, make sure to allow the relevant ports for Cloud C2 The Packet Squirrel should now show as online in the Cloud C2 web UI

You create a private/public key pair on the C2 server (using the correct/relevant CN). The public key/cert file from that key pair is then copied to the Squirrel. When it has been copied to the Squirrel it should be added to the file you mention.

You mentioned in another post that your Packet Squirrel runs firmware version 3.2 which indicates that it's a Mk1 Squirrel. Is this valid for this post as well? I.e. that the question is about the Mk1 Packet Squirrel and not the newer Mk2 version.

The private key should never be copied to any other place than where it is really needed (which should be the C2 server in this case), only the public key/cert should "leave" the C2 server. The CN needs to represent the C2 server if you are using self signed certs, nothing else.