dark_pyrro
-
Posts
2,621 -
Joined
-
Last visited
-
Days Won
198
Posts posted by dark_pyrro
-
-
Not that it's impossible, but I wouldn't select the Pineapple for that specific task. I'd probably rather use Wireshark along with a directional antenna in that case.
-
The answer for your question about tshark on the Shark Jack is most likely valid for the Squirrel as well
-
opkg probably hasn't got any "install candidate" for tshark (it's most likely difficult to get tshark binaries/packages for a bunch of OpenWrt releases, if any). You will need to compile it yourself if you want it on your Shark.
-
ok, you will perhaps figure it out, it's not the way the C2 server is supposed to be executed though so I can't help you from this point if you decide to run it that way
-
This will probably mess up things since you should only specify an IP address or DNS name for the hostname parameter
-
Why are you using a port along with the IP address for the hostname parameter?
-
I'm waiting for answers to my previous questions before diving into something else.
-
Post Ducky questions in the Ducky section of the forums
-
Are the relevant ports open on the C2 server side?
In what way is the C2 server started (with which command line options, don't post any public IP or domain name that might be "private")?
Is it possible to ssh on port 2022 on the C2 server from the Squirrel (won't let you log in, but should respond)? -
If you need more specific details about compiling from source, then it's not the path you should walk.
The correct way to install is as you mention, but... there are dependencies that aren't met regarding libpcap specifically which stops tcpreplay from executing even if you installed it in the way it's supposed to be installed.
You could try (as I mentioned in a previous post) to create a symlink between the already existing libpcap file and the one tcpreplay wants. Might not be optimal and "unorthodox", but it could make it run.
libpcap should be located in /usr/lib
so...
cd /usr/lib
Create a symlink (this is the possibly "unorthodox" thing)
ln -s /usr/lib/libpcap.so.1 /usr/lib/libpcap.so.0.8ls -la (or ll) on /usr/lib/ should show the created symlink in the directory listing
libpcap.so.0.8 -> libpcap.so.1Execute tcpreplay
-
1
-
-
Do you have any cc-client error log file in /tmp ?
-
Compiling it from source most likely
-
You have the error in the output that should lead you in the correct direction
31 minutes ago, aclx said:Error loading shared library libpcap.so.0.8: No such file or directory (needed by /usr/bin/tcpreplay)
My guess is that it's a newer version of libpcap on the system (or available for installation). One "dirty" fix would be to symlink 0.8 to the existing one, but it might result in bad behavior since there could be diffs between what the tcpreplay version expects/needs from the lib and the onboard version.
-
There's a limitation in C2EXFil that stops transfers of larger files. Might be good to know since tcpdump files can grow pretty quickly.
-
Ask in the Cloud C2 or Packet Squirrel section of the forums
-
Ask Shark questions in the Shark Jack section of the forums
-
In what way should things be "best"? What's the definition and criteria?
Define "monitoring". What's going to be monitored? Anything else apart from work hours?
-
There was a user just now on Discord that reported similar issues. Perhaps it's a bad batch. Not usual, but could happen. Submit a support ticket if the Turtle continues to misbehave.
-
I would suggest taking the VM out of the equation as a first step. Even if you are able to see the Turtle from the VM and it's possible to communicate with it, it just adds unnecessary complexity to the scenario.
-
For example:
Alfa AWUS036ACM (which has already been mentioned)
and
Aukey WF-R13, that is the same as EDUP EP-AC1605 v1 (v2 has the RTL 8812 chipset = bad)There are other models based on the same chipset, but if you are in need of external/replaceable antennas, then the ones above are a good choice. I have them both, and actually an AWUS1900 as well that has just collected dust for many years now.
Some seem to have a certain faiblesse for Alfa products, and if so, use the mentioned ACM adapter. It has worked well for me in different setups (I have one of my ACM adapters "permanently integrated" with the Pineapple Mark VII).
What is the reason for the need of long range? Remember that even if you have "super range" on your end, you might not necessarily be able to "hear" the targets if they themselves doesn't have the equal possibility to transmit over a long range.
-
Have you ever been able to reach the firmware recovery web page on the Turtle? It's a bit unclear to me. You say
14 hours ago, cowoftheball said:I've probably rebooted it while holding down the reset button over 50 times at this point
and
14 hours ago, cowoftheball said:but I still cannot get to the factory reset webpage.
So, from that I assume that you've tried to put the Turtle in recovery mode, but you haven't been able to reach the firmware recovery web page.
If so, can you ping the Turtle on 192.168.1.1 when you've put it in recovery mode?
Are you getting an IP address in the 192.168.1.0/24 range on the device to which you connect the Turtle?
Regardless of getting any IP address, does it show any networking interface at all on the device to which you connect the Turtle, i.e. do you get a network interface showing up?
What device are you connecting the Turtle to? OS?
I also assume that you are trying to connect to the Turtle using the USB side of it, not the Eth RJ45 port side of it.
I can't be the judge of your soldering skills, but pictures of both sides of the PCB where you have done some soldering operations would be good in order to see if there is some bad soldering.
-
I would say, none of them. As I wrote in the other thread you posted in:
I would avoid anything based on RTL881x due to crappy drivers. If you already have one, then use it. But if I would buy one, I would go for something based on MT761x (like the MT7612 chipset that is the same as the MK7AC adapter for the Pineapple is using).
-
I would avoid anything based on RTL881x due to crappy drivers. If you already have one, then use it. But if I would buy one, I would go for something based on MT761x (like the MT7612 chipset that is the same as the MK7AC adapter for the Pineapple is using).
-
Just to be sure about the method, are you using the DNSspoof module of the Mark VII?
cant connect to http://172.16.42.1:1471
in WiFi Pineapple
Posted
You have to be more specific about your setup in order to try to troubleshoot.
Is it a Mark VII Pineapple?
How are you connected to the Pineapple? If it's a Mark VII, I assume it's via the USB-C Ethernet port of the Pineapple.
Can you ping the Pineapple (even if you won't get any response using the URL in a browser)?
Are you sure that the browser you are using isn't "reverting" to https instead of http, i.e. forcing https?
What OS is the device running to which you are connecting the Pineapple?
In what way did you set up the 172.16.42.42 address on the device connected to the Pineapple?
Can you connect to the management and/or open AP of the Pineapple (without setting any static IP address on the device from which you are connecting, and just let DHCP take care of it) and then access the web UI?
What specific part of the documentation are you referring to?