dark_pyrro

Still you haven't got the admin password to change things. But... if you can't control the main router, why not add a second one ("behind" the main router) that you actually can control and do the settings you desire to do?

Equipment is less important, knowledge is higher up on the ladder. If you don't know what to do, then equipment won't help you do a good job. If you have the knowledge, you know what equipment you need.

That argument won't give you the right to make changes to equipment that you clearly don't have permissions to access.

All parts of the module started? The desired portal activated in the module web UI?

I would say that you have a tough assessment ahead of you...

Yes, it can act as a keyboard and inject keystrokes (but that's not the same thing as keylogging) Just by attaching the cable to the phone doesn't make it start to "tap" keystrokes when the "internal" on-screen phone keyboard is used The keylogging needs a physical attached external keyboard where the cable sits in-line between the external keyboard and the phone/device (but you have already gotten that answer in this thread) You also need to connect the active end to the target device ("To successfully keylog, you need to physically connect the active end to the target host.") External keyboard <-> O.MG cable <-> Phone (or whatever device that is used) Keys entered on the external keyboard >>> Keys captured by the cable >>> Entered keys shown/"inserted" on device just as if nothing has happened https://forums.hak5.org/topic/54456-omg-keylogger-cable/#comment-344754 https://forums.hak5.org/topic/54456-omg-keylogger-cable/#comment-346480 https://github.com/O-MG/O.MG-Firmware/wiki/Keylogger

I'll let the thread creator answer before asking any further questions...

Why would you want to force the change of channel?

https://github.com/hak5/bashbunny-payloads/blob/master/languages/de.json Not sure if this is Swiss german or french or something else https://github.com/hak5/bashbunny-payloads/blob/master/languages/ch.json

https://github.com/hak5 https://github.com/hak5/bashbunny-payloads/tree/master/languages

or even on the udisk of the Bunny

it's available on the Hak5 GitHub

There's no shortcut that I know of. You need the language file on the Bunny. Or, are you referring to a URL where you can download that file?

Never had any real issues with the Kleo portals Is anything stored in the actual log file in the file system?

You probably already have had better luck since you used the TP-Link adapter and that worked.

OK, I guess it's the V1 of the UE300 then since it uses the RTL8153 chipset (V2 is using the same as your Anker, i.e. AX88179A) Seems unlikely that the chipset should matter though. I haven't heard that there should be any hardware related issues when it comes to what the Plunder Bug might "accept", I haven't been running into any issues either. I'll see if I have something based on the same type of ASIX chipset, but most GBit adapters that I have are based on RTL8153.

So, you're not connecting the Plunder Bug to any device via the USB-C interface, just one [in] and one [out] Ethernet cable to the RJ45 ports of the Plunder Bug? What are the exact model names of each adapter (TP-Link and Anker)? What chipsets are they using?

What portal are you using? Something you created yourself or some already existing portal (such as the Kleo ones).

Just use the admin UI of your access point for the home network. But why not disable the AP instead of just hiding it. You also need to set up the Pineapple in the exact same way as the home network AP was set up. I.e. use the same passphrase, etc. if the home AP is using such.

Why post Mark VII questions in the Mark V section of the forums?

Plugged where?

Pedantic is good! As well as added knowledge in the backpack 🙂

Well, if an organization/web site owner isn't answering to your request, there's not much you can do. I wouldn't in any way do anything without permission, so don't just start trying some random pentesting if they don't answer. Even if you have only good intentions and want to help, you can still be charged. I've seen it happen several times. Even employees that wants to help and "pentest" things without permission has been reported by their employer and then convicted. "Being kind" isn't a relevant/valid argument. You need written permission by someone that have the mandate within the organization to allow such operations. Bug bounty has already been mentioned. You could also look for a security.txt file that has contact information within the organization. Look for it at https://<URL>/.well-known/security.txt (or using http) on each website. It's not a "standard" so don't expect to find it everywhere, but a way to be able to contact website owners about vulnerabilities found. Note though that you might be considered trying to break security if you first find the vulns, then report them. It might get you into trouble. Some orgs are nice, some do things "by the book" and might report you.

As said, what can you do with a keyboard in such a situation? The same capabilities goes for the Ducky. The Ducky would for sure not be my first choice of method in such a scenario.