dark_pyrro

Do you have the local Pineapple web interface open at the same time as it's enrolled to the C2 server, like described in this post?

You will probably have to struggle with MAC Address Randomization used by mobile devices when/if they aren't connected to a WiFi network.

What "other page" are you referring to?

Post a screenshot of how the Croc storage looks like when you've put the tar.gz update file there

You shouldn't extract it, but do as the documentations says; "Do not extract the .tar.gz archive" If you are already on fw version 1.4, what are you trying to update to (since 1.4 is the latest available firmware version)?

I would consider this normal. There's no "click in to pop out", you have to pull it out without any aiding mechanism. The thing is that the USB-C connector is a bit in the way of the "path" that the Micro SD card needs to be fully released/pulled out. When in need, I usually just lift it gently with my fingernail and pull it out, or use a spudger to lift it. However, you shouldn't be needing to remove the Micro SD card in a normal situation, just use the button to put the Ducky in "arming mode" and access the content of the card.

It has the management AP, the open AP, the Evil WPA, etc. On top of that it can impersonate APs/ESSIDs as well. https://docs.hak5.org/wifi-pineapple/ui-overview/pineap https://docs.hak5.org/wifi-pineapple/ui-overview/settings#wifi Not all sure what you mean by that, but the Mark VII doesn't have cellular capabilities. You can see wireless devices, but identifying them as mobile phones specifically might not be successful all the time.

Is this a part of the payload?

You mean that you have access to the Croc using Cloud C2 and controlling it that way (or using ssh from the same network to which the Croc is connected)? When saying "example payload", are you referring to the example_payload.txt that came out of the box with the Croc (i.e. the MATCH on hello)? In what way are you going to remove the payload?

The device.config file should be located in /etc

I can't understand this part, what do you mean?

Did you prepare the Pineapple to connect to the C2 server? I.e. created the device.config and transfer it to the Pineapple? Did you verify that the Pineapple is even able to reach the server (does it have internet access)?

not sure what you mean when saying that

Can you use an ordinary wired keyboard along with the phone (i.e. writing on the phone with a keyboard connected using USB)? Did you try with an OTG adapter? Even if you successfully get the Ducky to identify itself on the device, that payload will probably not be successful due to the fact that brute forcing the PIN on an Android device most likely will lock down the phone after a certain number of tries. There are a lot of years since the brute force method was successful and I don't think there has been any new attack vector revealed to circumvent this.

You have to look into the service file you are using to find the reasons for that I guess

What time are you referring to? To me, there are for sure changes in the time stamps for the errors listed if comparing your initial post and your latest screen shot of the service output.

Once again, post in the Pineapple section of the forums. Even the very first pinned message in this section of the forums says to not post Pineapple related questions here. This is where Pineapple Mark VII questions should be posted: https://forums.hak5.org/forum/108-wifi-pineapple/

Ask Pineapple Mark VII questions in the correct section of the forums

By learning some basic Linux commands and/or reading the Shark Jack documentation https://docs.hak5.org/shark-jack/writing-payloads/the-cloud-c2-commands

Try some of the things I told you to do when you had problems with the Croc (ssh and/or wget) to verify that it's possible to get any response from the C2 server on the Shark. One thing to do first of all is making sure that the Shark has the correct date and time.

no problem, if you open a web browser and load your C2 server web interface in the browser (in simple terms "visiting your C2 server using a browser"), can you see your visit in the service status output, i.e. 1) Open your C2 server URL in your browser (note the time) 2) check the C2 server service status using the same command that you displayed in your first post Are there error message entries (http2) in the status output that correlates with your attempts to load the C2 user interface in your web browser?

Can you link the http2 events to when you try to visit your C2 server web interface?

OK, and I assume that "website.com" in your service status output is just a temporary placeholder to not reveal your real domain on the forums. Is there a DNS A record created that links your domain name to the IP of the Amazon VPS public IP address?

The best Hak5 "toolkit" is the one that fits your business plan. What services is your company going to offer your clients/customers? If you don't know, then the answer would probably be "None" or "All of them". You have to be more specific about what you want to do in order to be specific about what devices that would be suitable.

OK, not the same issue then, at least not the same scenario. You have to provide more info. In what way is the Pineapple connected to the internet? Can you ping some online service/device using the terminal of the Pineapple (either ssh into the Pineapple or use the web UI based terminal), for example www.google.com?