Sebkinne

Hey guys, I am just creating an extra thread in hope that someone knows the answer: What exact open-mesh router model is the V2? It looks like an OM1P, but that seems unlikely, except if Darren found a way to make the old firmware work (which I would still be interested in, just to know how). So what model is it? Could someone that has a Pineapple v2 check the back? Best, Seb

No, there is no "master reset", but you could try running a ping to the router with it not having power. Then connect the power and see if you get any returned pings. Make sure that you are on the same subnet. If you do get a reply, you can manually use something like putty or if you are using linux the built in client to telnet to the routers IP. I had that problem with the old Fon, I cant use any standard flash app for some reason, I can only do it by going into redboot myself. Lastly there is always using a serial cable to access redboot, allowing you to flash and enable telnet listening. Hope that helped a bit, Seb

Does it flash anyway? I get the same error with an OM1P, but it still flashes after about 5-6 seconds. If it flashes I would not worry about it. Best, Seb

It is quite easy as ICS is built into OSX. You do however make your pineapple listen on 192.168.2.1 (that being your osx machine), you can set the pineapple to 192.168.2.2, with the default route set to 192.168.2.1. As far as I know, it is not easily possible to change the ip. It is fairly simple and works out of the box on the mac side. Seb

Yeah, the strange thing is, that I thought Darren uses the OM1P too for the Pineapple V2. If that where so, we should be able to do exactly what he does.. I am still working on the Backfire version though. Seb

Hey, if you check the forum, I am releasing a firmware hopefully today, using the new hostapd karma by Digininja. Check the thread in this forum. Best, Sebkinne

Thank you for posting this again! I will give it a shot and let you know how it went! Best, Seb

Yeah, the idea of updating came to mind to me too of course, tried it, even recompiled the toolchain. As SWFu said, BT4 repos are way out of date, which is kind of sad but yeah...oh well. I got it working now actually, i messed up my avr install, removed it, and reinstalled using apt-get. suddenly it recognized the chip and yeah, thanks for the suggestions though Seb

Hey everyone, As many of you, i have been busily coding for the ducky. Now, I have run into a problem: AVR for backtrack4 does not support the teensy 2.0 yet (it does support the 2.0++). Now, I do have a 2.0++ too but I want to make use of the 2.0 on my version of backtrack. Did anyone have the same problem? Can anyone point me in the right direction? Thanks in advance, Seb

Yeah, sorry to break you the bad news.. :) Wait, thats not how its done? More beer? :)

Didnt think of that, great :) Ill add it to my list..should really write that up today :) Seb

In regards of disconnecting the ducky, great idea, good that you thought of that! I dont think copy con will work if the antivirus running (if not killed as discussed in another thread) has an instant scanning feature scanning contents of currently modified files.. Seb

Looks good, I will try it out on a range of different machienes, good work! Seb

You have a point there. However, when I gave it a try with McAfee, after 10 minutes the program will start the processes again. That does however give us a timeframe of 10 minutes.. :) Seb

The Duck hunt program blocks HIDs I believe (correct me if Im wrong..). That would mean any HID device. Nice thought, but not going to work. Seb Source: DuckHunt 1.1.1: This application will prevent all keyboard and mouse input when new USB devices are attached and will only allow input again when the device is removed. It will prevent the USB Rubber Duck from functioning and on Vista and higher it will also prevent the use of the Autorun dialog. Requires .net Framework 3.5 and on Vista/7 also requires Administrator privileges.

All really good ideas, but it would really require it to be between the keyboard and computer.. OR another thing you could do is execute TWO payloads. One that is dormant waiting for it to be activated, the other would be executed right away, sniffing the packets from the keyboard to the computer. Im pretty sure that that is the only software way this is possible. Seb

Dyndns normally should work, but surprisingly i noticed that metasploit will generate a payload that seems to resolve the dns name and use the ip adress to create the payload.. Meaning that its still not going to update the ip.. I might be wrong, but thats what I noticed when i did my experimentations.. But reverse TCP is always better than using a bind, who now doesnt own a router that blocks all the standard ports..? Seb

Actually, I had the same problem the first time I flashed. As digininja said: Reflashing gives you a clean install and that did the trick for me :)

What I would do in your case: Open the casing up, see if on the top part of the casing you see any black / brown marks (caused by heat). If that is the case, it is most likely fried. Did you experiment with any battery packs or other way of powering? 4 double A batteries should not fry your device, and a USB cable cut off should also be allright. I suggest you dont try with other batteries, cables etc. as there is the potential of it going "boom" Seb

Yeah, thats why I was a little unsure but bytes sounds right, otherwise we have a problem. ;) I guess we can then tie in metasploit reverse shells, they are below the 32 bytes I think... although I think the reverse vnc is 36 bytes, but still, this method should help a lot. Maybe we should start a thread with a compilation of ideas or methods such as this?

Actually, thats a good idea, I will take a look at that in a bit. Problem could potentially be space though? Seb

^- Exactly.

Actually, the av will recognize it when the ducky just creates it like above in the CommandPromt.. when you write the commands to the file dl.vb with the > and >>, it writes to the file. once the last part of the file is complete, the av will call it, because it monitors files that are JUST being written to... so, a different method needs to be found...

While Chaemelion is right, I suppose that most AVs run on a different level / are not that easily killable and will at least display a warning. I know that AVG and Avast do so at least, not sure about Mcafee.. Seb

Works but is recognized by most AVs as an exploit... But good work anyway Seb