Jump to content

Darren Kitchen

Root Admin
  • Content Count

  • Joined

  • Days Won


About Darren Kitchen

  • Rank
    Hak5 Junkie
  • Birthday 02/11/1983

Contact Methods

  • AIM
  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
    San Francisco, CA

Recent Profile Visitors

95,405 profile views
  1. IIRC I had to add -k but I'm not in front of my BB right now - hence the mention that you may need to ignore validation Yes, it does take a minute to load. This can be sped up in the payload by using the CUCUMBER extension - like CUCUMBER PLAID, get metasploit going, then CUCUMBER DISABLE for the remainder of the payload (I get that this isn't obvious). That said, with this sorta payload you're deploying for hours or potentially days depending on the engagement - so what's 60 seconds up front to get the ball rolling? The optimal way to do it would be with a purpose built multi threaded application to take advantage of the bunny's four cores. I've seen a PoC that's 100x faster than this implementation which should see the light of day hopefully soon - but that doesn't take away from the coolness of this payloads metasploit exploit (scanner) implementation because it's infinitely repeatable with any of the numerous exploits of the framework.
  2. I'm starting this thread on behalf of @CatatonicPrime who just released his Jackalope payload - which uses ethernet to attempt dictionary attacks against passwords. https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/Jackalope This post is made pre firmware v1.6 which will include dependencies, however if you wish to attempt this payload beforehand I've included the following snippets. You'll need to first get your Bash Bunny online, which can be done by following the instructions at https://docs.hak5.org/hc/en-us/sections/360002204213-Internet-Connectivity Update apt sources rm -rf /etc/apt/sources.list echo "deb http://archive.debian.org/debian/ jessie-backports main" | tee -a /etc/apt/sources.list echo "deb-src http://archive.debian.org/debian/ jessie-backports main" | tee -a /etc/apt/sources.list echo "deb http://httpredir.debian.org/debian jessie main contrib non-free" | tee -a /etc/apt/sources.list echo "deb-src http://httpredir.debian.org/debian jessie main contrib non-free" | tee -a /etc/apt/sources.list echo "deb http://ftp.de.debian.org/debian stretch main" | tee -a /etc/apt/sources.list echo "deb-src http://ftp.de.debian.org/debian stretch main" | tee -a /etc/apt/sources.list echo "Acquire::Check-Valid-Until false;" | tee -a /etc/apt/apt.conf.d/10-nocheckvalid echo "APT::Default-Release \"jessie\";" | tee -a /etc/apt/apt.conf.d/default-release echo 'Package: *\nPin: origin "archive.debian.org"\nPin-Priority: 500' | tee -a /etc/apt/preferences.d/10-archive-pin date -s 20190522 # replace with todays date apt-key update && apt update Install ruby apt -y -t stretch install ruby-full Install rvm curl -sSL https://rvm.io/mpapis.asc | gpg --import - curl -L https://get.rvm.io | bash -s stable source /etc/profile.d/rvm.sh echo "source /etc/profile.d/rvm.sh" >> /root/.profile you may need to tell curl to ignore ssl validation Install metasploit-framework cd /tools git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework gem install bundler bundle install
  3. v1.6 is being worked on currently and should include several new built in tools. There's an episode of Hak5 coming out shortly that talks about it some - along with a killer new payload.
  4. Hi all - I understand the desire to use the infusions from the WiFi Pineapple Mark V era. As Seb has previously pointed out, unfortunately the older devices are no longer capable of securely downloading these infusions over the air from our infrastructure. That being said, all of the modules/infusions may be manually installed to either local of SD storage with ease. To that effect I have published the following article on docs.hak5.org - https://docs.hak5.org/hc/en-us/articles/360023458173 Happy hacking!
  5. Hi all - First off I want to thank everyone for providing feedback on this release. @Foxtrot will be following up shortly with an update that addresses an issue for those not being able to see probes. We've also come to understand that our filtering documentation has not been as explicit as it could - so we've made an update to that module and the required configuration at time of initial setup. The WiFi Pineapple filtering system limits the scope of engagement by filtering devices by MAC address and network by names in an Allow Mode of targeted devices or network names and a Deny Mode of off-limit devices or network names. Client filters specify which devices, by MAC address, are either explicitly allowed to connect or explicitly denied from connecting. In Allow Mode only the listed MAC addresses are allowed to connect. In Deny Mode, the listed MAC addresses will be prevented from connecting. SSID filters specify the network names to which the WiFi Pineapple will respond. In Allow Mode, devices will only be allowed to associate with the WiFi Pineapple for SSID names listed. In Deny Mode, devices will be prevented from associating with the WiFi Pineapple for the listed SSID names. In the event that both filters are set to deny mode, you will be warned that all devices will be allowed to associate with the WiFi Pineapple for all requested SSID names. I hope this clears up any confusion and once again we appreciate all of the feedback and support.
  6. I don't condone cheating but I also get that it's very much a part of the experience. This is why we would send mates to check out the rigs of our opponents at LAN parties back in the original CS / Q3 / UT99 days. Anyway - interesting concept. I've never heard of Cheat Engine. Care to elaborate? I don't have time to game anymore, just curious.
  7. The best way to diagnose this would be to have a logcat over adb of the issue happening. Unfortunately since the crash causes a reboot I'm not sure how you'd go about getting that.
  8. Hi mikogo - I've been trying to ascertain the information necessary to diagnose your problem via twitter and email now. This seems like a routing issue. How are you getting shell access to your 3G LAN Turtle when it's deployed (SSH reverse shell, meterpreter, netcat, openvpn, etc)? How is it being powered – connected to a computer or a USB power source?
  9. @David Byers I'm keen to get your particular unit in for testing. Please send an email to shop@hak5.org indicating such and linking to this post. Our customer service folks will send you a return label and ship a replacement.
  10. That is really strange. I've never seen this happen. It works perfectly on all of my Windows boxes. Do you happen to have a WiFi Pineapple NANO - because if that works with the Windows boxes I'm even more at a loss since they share the same ASIX chipset. Is anyone else experiencing this?
  11. Hi all - We're excited to introduce a new bit of kit to the Hak5 arsenal – the Plunder Bug! It's a smart LAN Tap with a new take on Packet Sniffing! This is a bit of kit I've been wanting for myself for quite a long time, as I've never been satisfied with the traditional RJ45 Ethernet-based LAN Taps, and if we were going to make one we'd make it special with the ability to act as not just a tap but a mini-switch and a USB Ethernet adapter all in one. It's sweet and simple with the convenience of USB-C and a very small form-factor while sporting some features you won't find in your typical LAN Taps – like the integrated USB Ethernet adapter (yay, no more mess of cables and dongles!), the ability to make passive captures or active scans (acting sort of like an unmanaged switch), and a companion Android root app that makes it possible to capture packets right from your phone! You can find the device for sale now at https://shop.hak5.org/products/bug The documentation can be found at https://docs.hak5.org/hc/en-us/categories/360001482953-Plunder-Bug And the connection scripts are available in the Hak5 Download Center at https://downloads.hak5.org/ and on our Github at https://github.com/hak5/plunderbug-scripts As for the tech, we've packed in a 10/100 Base-T Fast Ethernet switch with the mirrored traffic heading to the integrated USB Ethernet adapter (ASIX AX88772C chipset) and the whole thing is powered over USB-C with a very low draw around 200-300 mA. INB4 it's compatible with gigabit links in that it'll drop 'em to 100 Mbit. I'll post a video here shortly – stay tuned! Huge props to the ever growing Hak5 dev team and their awesome work putting together these scripts and the killer Android app (more on that soon) and as always thanks again to you guys for being the awesome Hak5 community that you are, for your feedback and contributions and making this place somewhere all hackers belog 🙂
  12. You'd email me directly. Unfortunately YouTube leaves a lot to be desired for the gear giveaways I'm doing. Hopefully soon we'll have a better system.
  13. Powerful stuff man. Emotions - life's little signals - they're there to respond to (and take responsibility for) not to react to. Anyway - new episode is out now. Thank you all for the kind words of support 🙂
  14. Hey guys, I'm sincerely sorry for not making a formal announcement when the podcast went on hiatus a few weeks ago. I should have said something - but seeing as Hak5 has been in my life since the beginning - it was too hard to say that I was putting the show on hold. I've been going through a difficult time in my personal life (tl;dr: wedding is canceled) and I wasn't able to do the show the justice it deserves. That said, I'm resilient and new episodes will begin to air on January 2. We're also growing as a team, and we have amazing plans content, products, and community in 2019.
  • Create New...