dark_pyrro
-
Posts
2,621 -
Joined
-
Last visited
-
Days Won
198
Posts posted by dark_pyrro
-
-
Ask in the LAN Turtle section of the forums, and you might have better luck getting an answer.
-
A full capture contains all EAPOL messages (M1->M4) along with a beacon frame, as the docs visualize
https://docs.hak5.org/wifi-pineapple/ui-overview/recon#handshakes
Partial captures doesn't contain everything of the above, but can still be possible to crack. You will need at least M2, preferably along with M1 or M3.
If you get a full capture, then use it. Otherwise, just try to crack it with what you got. Use the Hashcat format if you plan to use Hashcat (obviously).
There are tons of info out there about how handshakes work and the Pineapple isn't unique in any way in that sense.
-
I guess you have to time your clicks better. If you can't get it working, just remove the Micro SD card and insert it in some device (computer) using a Micro SD card adapter and delete the inject.bin file (or rename it if you want to keep it for some reason) and then re-insert the Micro SD card into the Ducky.
-
What have you tried this far? Putting the PS between a target computer and the network, or the network and a target printer? (or something else)
-
What OS are you using on the device to which you're connecting the Pineapple?
What USB cable are you using? The one that came with the Pineapple, or something else? Tried different cables and/or USB ports?
-
1 hour ago, rowie said:
my keycroc is on the latest fimware
and that is 1.4?
1 hour ago, rowie said:Would it be possible to update the OS from keycroc to something current stable
Anything is possible, but if you mean using something else than the current Debian version, the answer is no (if you don't care to involve yourself in a ton of work).
Do you have any other Hak5 devices that successfully connects to your C2 server?
In what way are you running your C2 server? Locally, self hosted on the internet, or some VPS (or such)?
Are you running the C2 server manually or as a service?
What command line are you using to start the server? (Don't post any IP address or domain name that you might not want to share)
The device.config file is in the correct place on the Croc?
Is the cc-client error log file in /tmp on the Croc showing any errors?
What happens if you try to ssh from the Croc to the C2 server on port 2022? It won't let you log in but it will at least "reply" if things are working as it should.
-
If that's your conclusion, then do it. It will void warranty though.
-
Keep things in English, I won't Google Translate that
-
So, it wasn't actually doing a successful factory reset then (given the LED pattern you describe).
Regarding the factory reset process. Can you confirm that you did unplug the Bunny 4 (four) times when the green LED turns off. Just so that I can be sure you understood the instructions in the documentation correctly. The reason why I'm asking is that Bunny users have misunderstood the instructions before and just unplugged it 3 (three) times in total which is not enough for a factory reset. The below (that you quoted from the documentation) is a total of 4 (four) times, not 3 (three).
8 hours ago, lllooo said:2.Plug the Bash Bunny into a USB port and unplug it immediately after the green LED turns off3.Repeat step #2 three times -
What USB cable are you using? The one that came with the Pineapple or something else? Try different USB cables and different ports (and perhaps other computers).
-
8 hours ago, lllooo said:
There were no operational errors following the official instructions
OK, judging from your comment, the factory reset is successful then and you get the "police LED" for the set amount of minutes.
8 hours ago, lllooo said:Fault reason: (apt update&&apt y full upgrade) has been updated once and will no longer be usable
In what way do you get this? What does it come from? If the Bunny isn't possible to be accessed, there should be no way of getting any error message from it.
8 hours ago, lllooo said:apt y full upgrade
A specific comment about this; you shouldn't ever do a Debian upgrade on the Bunny since it possibly will break features of the Bunny. It won't fully break it, but you might run into issues that makes it necessary to factory reset it.
-
Why would you want TwinDuck on the 2nd gen Ducky? I can't understand why there's a need for it.
-
30 minutes ago, lllooo said:
I have tried armed mode with the green light off and unplugged three times, but the system has not been restored
Just to avoid any confusion, you should unplug it 4 times in total.
Any information regarding what you did with the Bunny before it entered this state might benefit the troubleshooting.
-
"Flashing legacy or third-party firmware will render the device irrecoverable." (from the docs)
-
Buy a new one. Flashing the 2nd gen Ducky voids warranty (as the very first page on the documentation site says)
-
-
Why did you flash it in the first place? You shouldn't EVER flash a 2nd gen USB Rubber Ducky. It's bricked.
-
Attach the 5 GHz adapter to the Pineapple
Make sure that PineAP is using wlan1 (configure that in the web UI)
Make a copy of /etc/config/wireless (just as a backup)
Edit /etc/config/wireless
Remove any entries related to radio3 and wlan3 (most likely at the bottom of the file)
You could leave them and change what's already there, but it will most likely end up in a mess if you don't know what you're doingCopy the sections covering radio0 and wlan0 (NOT! wlan0-1, wlan0-2, etc) at the top of the file and paste it in at the bottom
Change the pasted section so that every occurrence of radio0 becomes radio3
Change the wifi-device section for the newly created radio3 so that; hwmode is set to 11a, channel is set to something relevant to 5 GHz and that the path is correct for the device, htmode can also be changed if desired
Regarding the path, verify it by running
ll /sys/class/net
make sure any path that is copied starts from "platform" and doesn't include the trailing "/net/wlan3"In the newly pasted wifi-iface section, change wlan0 to wlan3, set a relevant ESSID and change the MAC address
reboot the Pineapple or restart wireless/networking
try to connect to the 5 GHz open AP from a device of choice
iptables rules might be needed in order to access the Pineapple itself
using the internet (if the Pineapple itself has internet access), should work without any firewall rules added
(or change /etc/config/firewall) -
In what way did you extract/obtain the hives from the target device (detailed version)?
-
5 hours ago, kramerz said:
After receiving my Ducky USB I hurriedly copy and paste payload ducky script into my inject.bin file
"copy and paste"? Define that action. You can't just simply grab the clear text and paste it into a file named inject.bin, you need to compile/encode it.
-
OK, so if you don't need to involve any built-in Pineapple functionality and only need a simple 5 GHz AP, then just set wlan1 as the recon interface and use the 5 GHz adapter to set up the 5 GHz AP in /etc/config/wireless
-
I wouldn't say it's impossible. Setting up a 5 GHz adapter is for sure possible. The question is if you want it to still be useful to PineAP. I think the question is too wide and needs to be narrowed down. Do you want to use the MK7 AC adapter for recon (and such) and also broadcast an open 5 GHz AP with Pineapple features and functionality? Or, do you just want to set up a 5 GHz open AP (not linked to the already existing open AP of the Pineapple). There is a difference. To retain the Pineapple features, you will need to do some more in depth tweaking (and perhaps two 5 GHz adapters). To just add the adapter and broadcast an open 5 GHz AP will need less tweaking (and is less likely to break out-of-the-box functionality).
-
Ask Ducky questions in the Ducky section of the forums.
-
Capturing Printer Jobs (Packet squirrel Mark II)
in Packet Squirrel
Posted
You have to describe in detail what you're doing so that it can be reproduced by someone else trying to aid in troubleshooting things. Also, what printer (make/model) are you using?