dark_pyrro

Is the domain name linked to the public facing IP address of the Lightsail VPS (DNS A record)?

If you have "reserved" that domain name for other use, you can most likely use one registered for free at (for example) freenom.com

OK, then you need to decide what route you want to travel; using that domain name you already have and go with Let's Encrypt, or go down the other path involving more setup. I wouldn't advise trying to use any certificate handling other than Let's Encrypt in this case, just to keep things as simple as possible.

OK, so if you want to use https with the built in Let's Encrypt functionality, you will need a registered domain name. If not, you can't use Let's Encrypt and you have to obtain/create certificates in some other way.

I think you need to step back a bit and specify what setup you want to achieve. Some parameters seem to be set, such as the fact that you're using a Lightsail VPS Then you need to decide if you want to use a domain name and if you're going to use https or not. When the details have been established, it's possible to offer some kind of guidance on how to set it all up.

I guess you're the same user as on Discord asking about the same thing. If so, you've already got the advise to create a support ticket.

The machine where you run C2; is it possible to access it from the internet? I.e. is it a public VPS or a resource on an internal/private network behind a firewall? More info needed about that to be able to troubleshoot things correctly. Is the new domain possible to resolve to the relevant IP address where C2 is running? Are port(s) open in any firewall that is needed by Let's Encrypt?

Yes it does, and both the v2 and v3 variants seem to share the same PID and that's probably why lsusb identifies it as a v2 even if it's actually a v3. Same chipset anyway.

That's for sure an old firmware version. Seems like no one has used that Nano since the model was first released. The domain should be up, but I haven't used (or upgraded) my Nano for quite a while now so some parts of it might have been taken down. I guess it should be possible to use splitweb and sysupgrade on the Nano just like on the Mark VII (and other OpenWrt based devices) to do a manual upgrade.

The answer is most likely some posts up this thread. The output in your post shows that it's the v2 variant of the TL-WN722N adapter and that is based on the RTL8188 chipset, not the Atheros one (that comes with the 1.x version). So, those who say that their TL-WN722N adapter works probably has got the 1.x version and those who experience issues have some other version of the same adapter "model" with an incompatible chipset (or at least a chipset with missing drivers).

Check the ports already in use on your system. Also, check processes in the case you might have a C2 instance already running. Running with "https", colon and slashes included in the hostname will most likely not work. I also assume that the "X" is just a temp replacement for an actual valid hostname (and not an IP address). If https is going to be used, IP addresses isn't going to work if using the built-in Let's Encrypt support. If using https without the built-in support, then more parameters are needed to get it working.

Probably a question for the Pineapple section of the forums, and... probably something one should avoid since "use it walking around to use man in the middlle or evil twin attacks" most likely is illegal in any civilized country if it's being made on resources that you don't have explicit permission to do so.

Same thing was asked on Discord, so I guess it's the same user

If the networks/ESSIDs that the target devices are looking for are open networks, then you can spoof the ESSID and hope they will connect. If the networks are protected then you need to know the secret and set up the evil twin using that information. https://docs.hak5.org/wifi-pineapple/ui-overview/pineap#impersonation

OK, I understand That, however, doesn't convert anything to DuckyScript as I see it. So my question remains; what tool are you using to encode the DuckyScript code to an inject.bin file that the Ducky can execute? That doesn't really answer my question about if the keyboard language used when encoding the DuckyScript payload is corresponding to the keyboard language used by the intended target. So, is the target Windows computer using a US keyboard layout? From what I can tell by looking at the output posted, it seems as if line feeds aren't handled correctly. That's why I'm asking about keyboard layouts. It doesn't really look like that might be the issue, but I have to ask to rule that out of it all. And my last question; are you using a true/original/official Hak5 USB Rubber Ducky (first generation) when doing all of this?

Just to be sure; as I see it, it's not the Ducky script that is encoded with base64, it's the PowerShell code/script. What are you using to encode the Ducky script itself into an inject.bin? Are you using a language when encoding that corresponds with the target keyboard language (if not US)? BTW, both your screenshot and the included base64 code is exposing a Discord webhook. If it's your webhook then that should perhaps be removed if you don't want to share it.

That sounds sus. Writing it that way is a sign of not in ownership (or allowed by the owner) of the networks being attacked. Keep it legal if discussed here.

I wouldn't worry that much about the specs with such requirements. Just install it and run it and you'll figure out when the hardware is the limiting factor. Using the RPi you mention will most likely be just fine to start with if just using a very few devices that isn't that active. The same thing goes with the scenario if scaling things up, just test with what hardware you have available. And, if planning for 20-30 devices, you need to step up from the free community version and buy the Professional version, and in that case you should have access to standard support (not just community support) and can most likely ask official support about any hardware setup suggestions depending on your use case scenario.

Are you running other modules in the Pineapple or is HTTPeek the only one? I have never had any issues using that module, although I haven't had any real reason to use it since it's quite (or, very) limited in its scope. When saying "interfaces", I assume that you refer to network interfaces, such as wlan0, wlan0-1, wlan1, wlan2, and so on?

Why do you need more definitive numbers? It's easier to provide some kind of opinion if you're more specific about your needs (version of C2 that you plan to use, how many devices are you going to attach to the C2 server, if it's any kind of exfiltration scenario; what amounts of data is going to be extracted from devices to the C2 server in a specific time unit, any specific hardware that you already have plans to run it on and if so what specs does that hardware feature, etc, etc).

I have to say... I almost never ever read books when it comes to cybersec. I have quite a few for sure, but I always revert to things online. It's the natural way to learn for me and has always been from the point in time when internet was a relevant source of information (in my case since the beginning of the 90's even though it was far from what it is today in terms of available information). One way to do it (at least the way I would do it) is to decide what area of knowledge you want to focus on and then start to study hard, either it'd be web, Windows environments, OT, or whatever. If you want to buy books, then go ahead. And/or use web resources such as articles, white papers, CTF oriented web sites, etc. Also, try not to focus that much on the hacking perspective at first. Try to be good at the tech that is used, then you'd be a much better pen tester (or whatever area you want to enter in the cybersec realm). If you know web, you will be a much better "red teamer". If you have Windows environments in mind as future targets in customer engagements, then become good at Windows (client/server), AD, networking, etc. etc. The most recent list of books focusing on "hacking" that I've seen is the one posted on YouTube by Bombal. I have no idea if it's good quality or not. https://www.youtube.com/watch?v=r0P5vLcXpjY

After doing a factory reset/firmware recovery (according to the procedure described in the documentation), download the latest upgrade file from the Hak5 downloads web site and verify its SHA256 checksum, then: scp the upgrade to your pineapples /tmp directory ssh into the pineapple and enter the /tmp directory (verifying the sha256sum locally on the Pineapple as well isn't a bad idea, just to be sure) Execute: splitweb /tmp/upgrade.bin (or whatever firmware filename that has been downloaded) Then run: sysupgrade -n /tmp/upgrade.bin You do the above at your own risk. I'd suggest submitting a support ticket if you want to get official assistance on what to do.

As I understand it, there are infrastructural changes being made to the platform facilitating the awards including a new voting mechanism. It will be announced when ready.

Read the documentation of the tools available and you will get an understanding of what's possible or not. Well, just configuring an "evil twin" to use the same ESSID won't make any target device auto-connect to your fake AP if you don't already know the passphrase for that network. Not sure what you mean here. In what way does the MAC address affect it all?

Some users got Squirrels that didn't have the correct firmware flashed from factory, but that was really early, even before it was officially released. Not at all sure if this is the case here, but I would suggest submitting a support ticket to get assistance.