dark_pyrro

I can't understand this part, what do you mean?

Did you prepare the Pineapple to connect to the C2 server? I.e. created the device.config and transfer it to the Pineapple? Did you verify that the Pineapple is even able to reach the server (does it have internet access)?

not sure what you mean when saying that

Can you use an ordinary wired keyboard along with the phone (i.e. writing on the phone with a keyboard connected using USB)? Did you try with an OTG adapter? Even if you successfully get the Ducky to identify itself on the device, that payload will probably not be successful due to the fact that brute forcing the PIN on an Android device most likely will lock down the phone after a certain number of tries. There are a lot of years since the brute force method was successful and I don't think there has been any new attack vector revealed to circumvent this.

You have to look into the service file you are using to find the reasons for that I guess

What time are you referring to? To me, there are for sure changes in the time stamps for the errors listed if comparing your initial post and your latest screen shot of the service output.

Once again, post in the Pineapple section of the forums. Even the very first pinned message in this section of the forums says to not post Pineapple related questions here. This is where Pineapple Mark VII questions should be posted: https://forums.hak5.org/forum/108-wifi-pineapple/

Ask Pineapple Mark VII questions in the correct section of the forums

By learning some basic Linux commands and/or reading the Shark Jack documentation https://docs.hak5.org/shark-jack/writing-payloads/the-cloud-c2-commands

Try some of the things I told you to do when you had problems with the Croc (ssh and/or wget) to verify that it's possible to get any response from the C2 server on the Shark. One thing to do first of all is making sure that the Shark has the correct date and time.

no problem, if you open a web browser and load your C2 server web interface in the browser (in simple terms "visiting your C2 server using a browser"), can you see your visit in the service status output, i.e. 1) Open your C2 server URL in your browser (note the time) 2) check the C2 server service status using the same command that you displayed in your first post Are there error message entries (http2) in the status output that correlates with your attempts to load the C2 user interface in your web browser?

Can you link the http2 events to when you try to visit your C2 server web interface?

OK, and I assume that "website.com" in your service status output is just a temporary placeholder to not reveal your real domain on the forums. Is there a DNS A record created that links your domain name to the IP of the Amazon VPS public IP address?

The best Hak5 "toolkit" is the one that fits your business plan. What services is your company going to offer your clients/customers? If you don't know, then the answer would probably be "None" or "All of them". You have to be more specific about what you want to do in order to be specific about what devices that would be suitable.

OK, not the same issue then, at least not the same scenario. You have to provide more info. In what way is the Pineapple connected to the internet? Can you ping some online service/device using the terminal of the Pineapple (either ssh into the Pineapple or use the web UI based terminal), for example www.google.com?

Same issue as in; "can't get modules and I'm located in China"?

So you used C2CONNECT to force the Shark to connect to the C2 server?

Looks like you're running your C2 server on Amazon. Did you open all the ports needed in the VPS firewall?

I can't remember if the classic Ducky came with an inject.bin file on the supplied Micro SD card. It's so many years since I got it. The 2nd generation Ducky should have a payload that puts it in ATTACKMODE STORAGE out of the box. But that's not valid here since this is about the classic Ducky.

Don't post USB Rubber Ducky related questions here.

What landing page? Evil portal?

Well, if you try to obtain the hash on a PC that has no logged in user (i.e. a PC that isn't actually locked), I guess you have to prepare yourself to wait until kingdom comes.

Just to be sure, you have logged in to the PC and then locked it, right? Not just let it boot up without any login.

No

Yes, if you get a NTLM hash it will turn green. If not, it will continue to blink yellow. There's no guarantee though that it will ever be able to obtain the hash. Also make sure to leave it for a while. It can take all from 2 seconds from when it starts to blink yellow (i.e. attack started) to well over a minute.