Darren Kitchen

@gigawatts I've been using mine as an AutoHotKey like device - triggering payloads to write canned responses to common emails. Even better since I have the power of bash to be able to use variables. So yes, even outside of pentesting it's a nifty little gadget to have. In regards to supporting other devices – let me be clear that the intended use cases for this turnkey keylogging pentest implant is first and foremost as a keylogger. That said, and in the hacker spirit, of course it's capable of so much more. Just, please understand that we're a small team and don't have the resources to support every possible device under the sun. If you attach a NIC and it works - great. If it doesn't - sorry, that wasn't within the scope of what we're trying to do here. Will we be helpful and point you in the right direction if we have that ability? Of course. But I just want to set clear expectations that while it can absolutely be used for use cases outside the intended function, we're limited in what we can "officially" support. So, with that I might mention that our friend @GlytchTech recently added support for an RTL-SDR dongle so he could pick up Software Defined Radio signals on the Key Croc. It that totally cool? Yes. Is it an absolute hack? Of course - and we love it.

I totally agree that dongle life has made things easier on the hardware implant front. Rats nests behind docking stations abound. Heck, most monitors include USB hubs in the back – I know I dock my macbook on a Dell U3818DW with a single USB-C and rely on the screen for my peripherals. Anyway, we'll look into this and see what's possible.

As it stands today it does not passthrough mouse - however it is something we can look into. Is there a particular target keyboard/mouse combination with wireless receiver we should investigate?

There is not a way to get the voltage in software - but I'll take that into consideration.

Key Croc A keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. Find the manual, or full user documentation for the Key Croc including getting started, software updates, payload development and tips from the Hak5 Documentation Center at: https://docs.hak5.org/hc/en-us/categories/360003797793-Key-Croc

@flipchart the license includes: "Standard Support - valid for 1 year and up to 10 tickets. You will receive a professional response within 2 business days." Additional support thereafter is available on a case by case basis.

Are you talking about SSH connections, or connection attempts? The latter is the nature of running an SSH server on the Internet. The risk is low if you are taking standard precautions (updated SSH server, good passwords, known host fingerprint checking, public key authentication, etc). A SSH SYN does not equal “getting hacked”. My very own VPS logs attempts from China and elsewhere - which is the nature of the beast. If I were concerned, I might restrict the firewall to only allow connections from my home IP address, but I don’t believe that is necessary. If you have data to share to backup your claim of a security vulnerability, we are obviously all ears and in fact have channels for such bug reporting. I don’t assume you are acting with anything less than good intentions, however making such a claim without data is not the most helpful.

You are correct, that is the direct link to the essential usb adapters product. In regards to the EFK – I can't say for sure at the moment as those kits are being reworked for Q2.

Keep in mind you can always access your WiFi Pineapple's serial console - which will provide a bash terminal on the linux OS - right from the UART port. This is incredibly helpful for debugging as you'll see the system log live as the device boots and while interacting with the shell. Here's more on this feature: https://docs.hak5.org/hc/en-us/articles/360010555553-Serial-Access-WiFi-Pineapple-TETRA

Are you able to connect any other Hak5 gear to your Cloud C2 server from the same network that is hosting the Screen Crab?

Yes. The ATTACKMODE command supports spoofing multiple ID values including VID, PID, Manufacturer, and Serial Number.

Too long, and that's my fault. I really need to find a scalable solution to this but thus far haven't.

2 TB - which AFAIK at time of writing are not commercially available yet. The Screen Crab features an SDXC card reader, which supports cards up to 2 TiB. I have had great experience with a Samsung Evo 512 GB card. That said, I cannot list every possible cards compatibility as I do not have access to them all for testing. In theory as long as they're all adhering to the spec, any SDXC card should work - but YMMV.

Foxtrot will be releasing the new firmware early next week. In addition to fixing live recon, it also fixes reporting emails and openvpn crashes. Full details to come. Thanks again for all the valuable feedback

Thanks everyone for the detailed bug reports. After investigating the issue, we were able to identify and reproduce the bug. Currently firmware v2.6.3 is being validated, and can confirm it fixes live recon. Once testing has completed, we'll get this published to downloads.hak5.org I really appreciate the reports and welcome any further constructive feedback. Thank you!