Darren Kitchen

xotan - Please see your support ticket for further options. Thanks!

AngryPeanut - I'm sorry to hear of the trouble you're having. Please see your support ticket for further assistance. To anyone else having issues getting into SSH via Arming Mode - please note that on first boot into arming mode it may take several minutes for SSH keys to be generated. So if you can ping 172.16.56.1 but can't SSH into port 22, please be patient and try again in a few minutes. Also, please do not modify the firmware image files - bad things can easily happen by doing that. I've posted a video that should address some of the more common questions re: getting started at

tecno - Thanks for your feedback and contributions. In reading your thoughtfully written post, I notice you mention the issue with wlan0 vs wlan1. I just wanted to chime in and let you all know that we're aware of this bug and that it's being fixed in a forthcoming firmware update now. Anyone reading this post after version 1.0.1 should not have this issue.

The Signal Owl supports standard serial-based GPS dongles, like the U-blox7, so it's just a matter of time before there's a wardriving payload – if that's what you're looking to do. The kismet-remote on the system is intended for stationary deployments with a backhaul via WiFi. Last I spoke to Drag0rn (kismet author) he was working on just such a payload.

Holding the button for 7 seconds will reset the password and network configuration to defaults.

I recommend checking your firewall settings. The C2 Server listens by default on port 2022 for incoming SSH connections. This is configurable with the -sshport parameter. From the CLI usage: -certFile string Custom SSL Certificate file (disabled letsencrypt) -db string Path to the c2 database (default "c2.db") -hostname string Hostname of server (ip or DNS name) -https Enable https (requires ports 80 and 443) -keyFile string Custom SSL Key file (disables letsencrypt) -listenip string IP address to listen on (default "0.0.0.0") -listenport string Port of the HTTP server (default "8080") -reverseProxy If set, Cloud C2 will work behind a reverse proxy -reverseProxyPort string If reverseProxyPort is set, this port will be the internet facing port the Cloud C2 will be available at -sshport string Port of the SSH server (default "2022")

If there is no payload present on local storage or external storage and the device boots into attack mode (the default) then it will indicate LED FAIL, which is a slow blinking LED. Payloads and extensions are copied from external to internal storage only in attack mode, not arming mode. In arming mode, if an external USB disk is present with an upgrade-x.x.x.bin file for the Owl, it will flash regardless of whether or not it is the currently running version. This process will take 5-10 minutes to complete, overwriting anything stored on the device, and it is important to note that interrupting this process will render the device inoperable so *do not* unplug the power until the firmware flashing process is complete. Here's a rundown of the functions: BOOT 1. Initial boot, indicated by a blinking LED 2. USB disk enumeration/mounting, indicated by a solid LED 3. Mode Selection for 3 seconds, indicated by a rapidly blinking LED ATTACK MODE If the button is not pressed during the 3 second mode select phase of boot, the device will enter attack mode where: 1. Check to see if a FAT or EXT formatted USB disk is connected, and if so the disk is checked for a payload on the root and an extensions directory 2. If a payload exists on the disks root, it will be copied to the internal storage at /root/payload/ overwriting any existing payload 3. If an extensions directory exists on the disk, the contents will be copied to internal storage at /root/payload/extensions/ overwriting any existing estensions 4. Extensions are sourced and the payload is executed from internal storage 5. If no payload is present on internal storage (either copied from USB in the above steps, or manually loaded from SSH/SCP in arming mode) the device will indicate LED FAIL (slow blinking LED) ARMING MODE If the button is pressed during the 3 second mode select phase at boot, the device will enter arming mode where: 1. Check to see if a FAT or EXT formatted USB disk is connected, and if so the disk is checked for a firmware upgrade file named upgrade-x.x.x.bin on the drive root 2. If a firmware upgrade file exists on the disks root, it will be copied to internal storage at /tmp/ and flashed with sysupgrade (standard firmware flashing precautions apply, do not unplug during the 5-10 minute firmware update process as doing so will render the device inoperable) 3. If no firmware upgrade file exists on a flash disk, an access point will be started and the SSH server will start (on the standard port 22) and the LED will indicate a double blinking pattern. By default the access point in Arming mode is open with an SSID beginning with Owl_ and ending with the last two octets of the devices MAC address. This may be configured by editing the wireless file in /etc/config. The root password is hak5owl, and of course you are encouraged to change this using the passwd command.

Yes, the communication between the Screen Crab and Cloud C2 are AES encrypted.

Yes, you read correctly. It is a USB passthrough port. If you wish to add another radio you will need to use the USB host port (furthest from the pigtail). The Signal Owl is not a keylogger.

Hey there - welcome to the community! I understand that the modules and payloads are a big factor of Hak5 gear, and it's our goal to create powerful pentest platforms that make it convenient to execute complex attacks. Over the years the community developed contributions to these projects have increased, as has our arsenal as a whole. With WiFi Pineapple firmware version 2.6, we're introducing a major update to the platform by jumping openwrt base from 15.05 to 19.07. At this time OpenWRT has not officially released 19.07 - it seems to be "late" if one goes by the version numbering scheme. Still, we wanted to build on top of the latest possible base so that we could take advantage of the most up to date Linux kernel. As with most major OS updates, package support may lag behind the initial release. This had not been the case with previous WiFi Pineapple firmware versions for the NANO or TETRA, however with the move to 19.07 some bumps in the road were to be expected. As a general rule developers are notified of upcoming releases and community members are encouraged to join the beta program to provide feedback via discord. See https://shop.hak5.org/pages/community We strive to ensure that all core functionality is thoroughly tested and works as expected before release. This covers the first-party modules, such as PineAP, which ship with the firmware. Additionally any underlying changes to packages or the API are documented so that third party module developers can make the most of the new firmware. Usually if a module breaks it's fixed in short order. I can say from experience this is the first instance where module updates were required to this extent - and that's likely due to the new linux base. It's something we're aware of, and we're currently working on a fix. Learning from this experience going forward I am reviewing our processes to see if there is a better release channel or means to incorporate module developers with releases. Thanks, Darren

The Screen Crab by Hak5 is a stealthy video man-in-the-middle. This covert inline screen grabber sits between HDMI devices - like a computer and monitor, or console and television - to quietly capture screenshots. It's perfect for sysadmins, pentesters and anyone wanting to record what's on a screen. Out of the box it saves screenshots to a MicroSD card every few seconds. And by editing a simple text file you can configure every option, including capturing full motion video. Planting the Screen Crab is easy. Just plug it in, power by USB, pop in a card and get instant feedback from the multi-color LED. Coupled with a large MicroSD card - you can discreetly save nearly a year's worth of data. And with the Screen Crab, remote monitoring is built right in. Connect it to the Internet over WiFi and exfiltrate those screenshots, or watch the video signal live from anywhere online with Hak5's Cloud C2. Screen Crab - covert inline screen grabs. SHOP: https://shop.hak5.org/products/screen-crab DOCUMENTATION: https://docs.hak5.org/hc/en-us/categories/360002117873-Screen-Crab

The Signal Owl by Hak5 is a signals intelligence platform with a unique design allowing it to be discreetly planted, or taken with you on any engagement. With a dynamic payload system, it orchestrates attacks using custom utilities and popular tools - like Aircrack-ng, MDK4, Kismet and more. The internal WiFi radio is optimized for close access operations, and coupled with a number of common transceivers it'll support GPS, SDR and Bluetooth. Powered by USB and featuring USB pass-through, the Signal Owl is able to share a port that may otherwise be occupied without interference. And with Hak5 Cloud C2, command and control is at the forefront. Easily exfiltrate data and drop right into a shell from the web and get root access anywhere. Signal Owl - the signals intelligence platform with simple payloads. SHOP: https://shop.hak5.org/products/signal-owl PAYLOADS: https://github.com/hak5/owl-payloads DOCUMENTATION: https://docs.hak5.org/hc/en-us/categories/360002117953-Signal-Owl