Mr-Protocol
-
Posts
4,227 -
Joined
-
Days Won
91
Posts posted by Mr-Protocol
-
-
So in order for the Ducky to work, it needs an inject.bin on the root of the SD card. Generate a payload, place the inject.bin on the root of the SD card and give that a shot.
Here is the default inject.bin that will WIN+R, open notepad, and type "Hello World!!!"
-
Did you run the rfcat command with sudo on the pi?
-
Are there any files on the SD card? If so, what are they?
-
Here is how to clean flash the Mark 4.
http://mr-protocol.blogspot.com/2013/12/wifi-pineapple-mark-iv-clean-flash-uart.html
My additional instructions from what once was the official wiki entry.
If you just forgot the password, you could hookup UART and just reset it through there (using passwd) without needing a flash.
-
I would say check for firmware upgrades using the Advanced tab. That is also a good way to see if the Pineapple itself has internet. If there are updates, apply them and re-try your scenario. It should say something along the lines of "No updates found" if it is able to reach the server to check.
If you are already on the newest firmware, I would suggest in the Networking options, hit the drop down arrow in the title bar and reset network settings to default and try again.
-
Most cars use rolling keys and are not able to be replay attacked by simply recording the unlock and re-brodcasting it.
You would need something like this: http://www.wired.com/2015/08/hackers-tiny-device-unlocks-cars-opens-garages/
-
You program it using the same key combinations you would on a Mac.
-
Could you post your ducky script? Keep in mind the online generators may need tweaking to get it to work.
-
No problem :D
-
Locked per request
-
It will not show you feedback that characters are typed in. So if you are expecting to see like:
Push a key
root@172.16.42.1's password:*
Push another key
root@172.16.42.1's password:**
You wont see that. Just type your password and hit enter when completed. That should get you in.
If that's not the issue then I will see if I can dig around on the internet to find a cause/solution. I hope this post doesn't come across as offensive, but I have no clue of experience levels of people.
-
1
-
-
I am trying to get an idea of how many people actually use the fingerprint to unlock their phone. Nexus, Apple, Samsung, whatever.
If you all could use the twitter poll buttons and help me out it would be greatly appreciated.
https://twitter.com/Mr_Protocol/status/715187976481935361
Thanks :D
-
If you have a machine, just type in the key combinations as a manual walk through. Document all they key presses and insert delays between them depending on how responsive your machine is.
Feel free to check out http://usbrubberducky.com/#!index.md for more resources as well.
-
-
What OS are you using? Make sure your OS network manager isn't fighting with the Nano.
-
No problem. Hopefully it's what you needed.
-
-
Can other devices like your computer see the hotspot?
-
Give this a try:
CONTROL ESCAPE
REM this is equivalent to the GUI key in Windows
-
1 - Is it LEGAL to set your wifi receiver to monitor mode, and collect packets in the open air? I've heard that this is legal SO LONG as you don't attempt to decrypt (or crack) any traffic that is encrypted. Can you guys confirm? There seems to be a court ruling in 2012 that confirms this, but I don't really see anything after that, so is that the final word, essentially?
2 - Is it legal to (when staying at a hotel) packet sniff the hotel wifi, or wired network? Technically, most hotels have "open" WiFi, but it requires registration before you'll be given a DNS connection that will allow you to access the internet.
3 - Adding on to #2, can you connect to one of these networks that are technically "open" at the association point, and once on, run discovery tools like NET DISCOVER (ARP responses), and run NMAP? I mean, as long as I'm not altering anything, or attempting to change anything, is there anything wrong with this?
4 - I totally understand that using a Pineapple in pretty much any perspective, other than within your own home is totally illegal; however, is there any way to use it in the wild, but make it legal? Like... is there a way that perhaps you can use it, but have it not connect back to the internet (provide no connection back out obviously) and have a relay page that says... "NOT A VALID NETWORK, PLEASE DISCONNECT?"
5 - Is it legal to send "De-authorization" packets to devices that are connected to a private wireless network, and then sniff their reconnection traffic? EVEN IF... I have no intention of using that data or attempting to connect to the AP for which I sent those de-auth packets?
6 - Finally, totally hypothetical question here... let's say I had a friend (haha) that accidentally ran a tool that attempts to brute-force an AP using the 4-digit pin attack on the WPS feature... ok, let's say this friend accidentally did it to some random neighbor's Wifi AP, but didn't realize it until a few minutes later that he wasn't actually doing it to the one that he had set up purposely for the point of doing this. And, let's say that it only ran for a few minutes and never got through anyway? What laws were broken, if any?
Thanks guys, I appreciate it.
1) Eh, kind of a gray area
2) Going to say no
3) No
4) I would say that depends if you are running Karma to get clients to associate.
5) No
6) Don't do that.
I am not a lawyer. Also read the computer fraud and abuse act.
-
He explained it to me once. From what I remember, he selects a mixture of peppers and spices, dries them, and creates these blends.
-
Lots more info is here too: https://www.wifipineapple.com/
and
https://www.youtube.com/playlist?list=PLW5y1tjAOzI1benBAgqAbMExp5dWkQLgO
Enjoy!
-
Have this a look:
-
Try the download from wifipineapple.com. The hash issue should be addressed for latest firmware.
Red light not detected
in Classic USB Rubber Ducky
Posted
Not sure what OSXbin file is. But did you try the one linked above on a Windows OS?