[ducky version 3]

https://docs.hak5.org/hak5-usb-rubber-ducky/unboxing-quack-start-guide#2.-mod-the-case-for-a-squeeze-to-press-button

[BB hangs on boot up - constant green LED]

So, in what way did you try to serial into the Bunny?

[BB hangs on boot up - constant green LED]

Can you serial into the Bunny when it's in arming mode?

[HID ATTACKMODE not working]

Just create the DE_CH language file for the Bunny. I have no O.MG device so I can't tell if it's 1:1 or using some kind of format that differs from the Hak5 format. There's a ch.json language file for the Bunny, not sure if it's German though.

[HID ATTACKMODE not working]

OK, if the target machine is able to identify the Bunny as a HID device, there's nothing wrong with the Bunny itself. It works as expected.

Regarding your payload:

43 minutes ago, mELLoMaN said:

ATTACKMODE HID
Dealy 3000
Q GUI r
Delay 100
Q String powershell
Q Enter

I would do it slightly different, try something like:

ATTACKMODE HID
QUACK DELAY 3000
QUACK GUI r
QUACK DELAY 500
QUACK STRING powershell
QUACK ENTER

First, you need to spell the commands correctly

Then, you need to QUACK your DELAYs

I'm rarely using Q instead of QUACK. Q is really just a shortcut/link to QUACK but I've experienced issues in the past that might have been linked to the use of Q and instead of taking time to deep dive into if that actually is the case, I just starting using QUACK only instead.

 

[No SSID Pool Tab on MK7]

Ask Pineapple related questions in the Pineapple section of the forums

[HID ATTACKMODE not working]

3 hours ago, mELLoMaN said:

When I used it a long time ago, it worked fine

Judging from your previous posts, it doesn't seem to have been fully fine before either.

Post some example payload code that doesn't work for you (if you're not trying anything else than just simply ATTACKMODE HID in your payload code).

You could also try the following.....

With the Bunny not attached to the PC, run the following in a Powershell window:

Get-PnpDevice -PresentOnly | Where-Object {$_.InstanceId -match '^USB' } > USB01.txt

Plug the Bunny into the same PC with a payload that includes ATTACKMODE HID and run (after the Bunny has booted up fully):

Get-PnpDevice -PresentOnly | Where-Object {$_.InstanceId -match '^USB' } > USB02.txt

Compare the files and see if there's any difference between the two:

Compare-Object (Get-Content USB01.txt) (Get-Content USB02.txt)

If the Bunny is identified, the output of the above command should be something like:

InputObject
-----------
OK         HIDClass        USB Input Device                                                                 USB\VID_...

 

[[RELEASE] WiFi Pineapple 2.1.3]

If you bought the device from a reseller, you have to go via the reseller to sort things out.

[C2 problem]

What OS is the C2 server running on? Any local firewall? Are ports opened?

[Bluetooth Rubber Ducky]

Any USB Rubber Ducky knock-off implementation should be discussed elsewhere. This forum section is about the "Classic" 1st generation USB Rubber Ducky from Hak5. Also, super old thread.

[Packet Squirrel - Firware update]

If Hak5 explicitly say that it is a Mark II device, then it is a Mark II device. You just have to follow the instructions provided by Hak5 since there are extremely few in the community that has gotten the Mark II by mistake and therefore can't assist in any way here on the forums.

[[PAYLOAD] BunnyPicker (Win1oLockpicker)]

Well, I have some doubts about that payload in general, but that's another discussion.

Start with creating a simple payload that uses ATTACKMODE RNDIS_ETHERNET and attach the Bunny to the PC and verify that it shows up as a network device and hands out a DHCP lease to the PC from the 172.16.64.0/24 range.

[C2 problem]

As I understand your posts, you have problems getting both the Mark VII and the Packet Squirrel to appear in your C2 server web UI. To be able to help and troubleshoot your issues, you need to tell more about your C2 setup (how it's started, if it's on your local network or on the internet, etc.).

[MitM HTTPS in 2022?]

If you want the modules and they aren't available, then you need to develop them yourself. If it was me, I wouldn't spend many minutes trying to get those work since the methods are deprecated/useless in an absolute majority of cases nowadays.

[[PAYLOAD] BunnyPicker (Win1oLockpicker)]

44 minutes ago, efexit said:

yes and it goes through the police lights

For how long? Seconds or minutes?

[[PAYLOAD] BunnyPicker (Win1oLockpicker)]

If so, the factory reset hasn't been successful. Are you leaving it plugged to a power source the 4th time you've plugged it in during the reset procedure?

[[PAYLOAD] BunnyPicker (Win1oLockpicker)]

You have to be more specific. Since you mention sources.list, I can't really see how that relates to cloning a GitHub repo. It seems to me that you're trying to install something on the Bunny using apt (probably gcc or git or both) and it's apt throwing back errors at you (which is totally normal when it comes to the Bunny since it's running Debian Jessie and that is a deprecated release, hence the errors since it's not maintained any longer).

In what way are you sure that factory reset doesn't work? By looking at the contents of the Bunny udisk (the storage device that mounts to the computer when you have set the Bunny in arming mode, or using ATTACKMODE STORAGE without a Micro SD card)? If so, that's no sign of if the Bunny was reset or not since the udisk is left untouched when doing a factory reset, i.e. all files and directories on the udisk is still there even though the Bunny (the OS and all the Hak5 specifics) have been reset.

[[PAYLOAD] BunnyPicker (Win1oLockpicker)]

Why isn't it any good?

[Packet Squirrel - Firware update]

Do you know what variant of the Squirrel you got? The old one (1st gen) or the "Mark II" that some seems to have gotten delivered.

[How to update Debian Jesse repos in 2023]

Just some comments:

9 hours ago, rf_bandit said:

/etc/sources.list

Should be

/etc/apt/sources.list

 

And

9 hours ago, rf_bandit said:

apt-update

 

9 hours ago, rf_bandit said:

apt-upgrade

aren't valid commands, it should be

apt update
apt upgrade

However, I would be careful to do an upgrade. It might work, but can also possibly break Bunny functionality.

It's possible to add [trusted=yes] to each line in /etc/apt/sources.list but it will probably not be stopping apt/dpkg from complaining.

Also, when installing packages using apt, it's possible to add -oAcquire::AllowInsecureRepositories=true

For example:

apt install build-essential

would be

apt -oAcquire::AllowInsecureRepositories=true install build-essential

Errors will most likely still show in some form or at some point, but Jessie is an old distro release so not that surprising.

[TCP dump to C2 cloud server]

Streaming tcpdump output directly to Cloud C2 isn't something that is built-in as far as I can remember off the top of my head. It's possible to remotely stream tcpdump output to remote Wireshark sessions though, but that's another use case scenario.

[Failed to obtain available modules. Please check your internet connectivity settings.]

What "proxy network"? You have already told that you can't access Google based services (which was the reason to need to sideload modules), so how would you be able to ping Google if it's restricted/banned?

[Failed to obtain available modules. Please check your internet connectivity settings.]

You will probably want to run it with the "package" parameter to get the tar.gz file

./build.sh package

 

[Failed to obtain available modules. Please check your internet connectivity settings.]

That's most likely because there are some bad CR handling in the files you've downloaded. Probably not because of the files themselves, but some local setting that seems to add bad carriage returns (^M) to the script file. Could be Windows line endings that Linux doesn't like.

[Failed to obtain available modules. Please check your internet connectivity settings.]

So, you totally skipped what I previously told you about using the build.sh script?