-
Posts
4,887 -
Joined
-
Days Won
248
Content Type
Profiles
Forums
Gallery
Events
Everything posted by Darren Kitchen
-
I was unable to find a support ticket with the email address you have listed on your forums account. Perhaps it went to our older system? Please keep a lookout for an email from us with RMA details for your WiFi Pineapple exhibiting the malfunctioning EMMC behavior. It will be coming from support@hak5.customerdesk.io
-
Official answer: Use a MicroSD card — not a Micro SDHC, SDXC or SDUC card. That means 2 GB and under. Unofficial (I'm a hacker) answer: As long as the file system is FAT (FAT/VFAT or FAT32) as opposed to other common formats like exFAT, NTFS EXT4, etc — it should work, albeit with a potential performance hit*. *The larger the partition (and the more files/directories) the longer it will take to be read — both from the perspective of the USB Rubber Ducky itself (reading inject.bin, seed.bin or writing loot.bin) but also to the target, enumerating the USB "Flash Disk" when using the command ATTACKMODE STORAGE. As an example, I've formatted a 200 GB SanDisk Ultra MicroSDXC card with the FAT32 file system and loaded it with a very simple "Hello World" payload: ATTACKMODE HID STORAGE DELAY 1000 STRING Hello, World! And it injected the keystrokes within a second of attaching it to the target — however the target (a Windows 10 PC in this case) took over a minute to recognize the USB drive in Explorer.
-
first
-
DuckyScript 3.0 Offline Encoder
Darren Kitchen replied to Antithetikos's topic in New USB Rubber Ducky
DuckyScript 3.0 for the new USB Rubber Ducky can be encoded in Payload Studio — both Community and Pro editions — right in your browser. The compiler and all payload editing is done client-side, locally. We never see your work. You can download an offline copy of the IDE from your browser. Keep in mind that the offline version you download will be frozen in time, whereas the online version will be continuously updated as we add features and fixes over time. You can see the version number in the bottom left corner of the page. -
Thank you all for the incredible feedback on the Key Croc – especially the 1.3 beta. We knew in development that we were on to something game changing, so to hear the enthusiasm from you all directly is truly rewarding. The amount of creativity shown in such a short period of time since initial release is encouraging. We hope that with this Key Croc firmware 1.3 we can further that creativity. As always we welcome your feedback here on the forums and of course on our Discord channel. Thanks for your support and happy hacking! Huge thanks to our team – @Korben for his work on this firmware with the support of @Foxtrot and everyone including 0xdade for feature inspiration. Changelog: General (optional) Password Protected Arming Mode built into framework/parser ARMING_PASS and (optional) ARMING_TIMEOUT can be defined in config.txt (Credits: 0xdade) Fix croc being shutdown by host machine going to sleep C2 notifications added to relevant event handlers iProduct can now be defined with PROD_ when calling ATTACKMODE, and defined in config.txt as PROD iManufacturer can be defined in config.txt as MAN Croc now waits for keyboard to enter ATTACKMODE HID Increase output log write speeds Fixed $LOOT ATTACKMODE now automatically populates /tmp/vid /tmp/pid /tmp/man /tmp/prod along with /tmp/mode Fixed payload validation at boot and added payload validation to RELOAD_PAYLOADS Payloads / Tools Add SAVEKEYS [path] UNTIL [regex] syntax support to payloads (Credits:0xdade) SAVEKEYS NEXT/UNTIL now also produce .filtered logs handling backspaces and removing control characters/modifiers. Ported GET extension script from Bash Bunny Added GET_VARS script giving your payload access to the following live data VID PID MAN PROD HOST_IP TARGET_IP TARGET_HOSTNAME Added the following helper scripts QUACKFILE (alias QFILE) ENABLE_PAYLOAD DISABLE PAYLOAD WAIT_FOR_KEYBOARD_ACTIVITY WAIT_FOR_KEYBOARD_INACTIVITY WAIT_FOR_LOOT Framework functions exported MOUNT_UDISK UNMOUNT_UDISK UPDATE_LANGUAGES ENABLE_WIFI ENABLE_INTERFACE START_WLAN_DHCP CLEAR_WIFI_CONFIG CONFIG_PSK_WIFI CONFIG_OPEN_WIFI ENABLE_SSH DISABLE_SSH Added the following scripts WAIT_FOR_ARMING_MODE WAIT_FOR_BUTTON_PRESS ARMING_MODE GET_HELPERS Misc Added get_payloads.html to udisk Fixed language file consistency, example: CONTROL/CTRL Moved examples into library/examples Debug logs moved to /root/loot so they will be automatically moved to udisk for easier debugging access DEBUG ON in config.txt now enables parser and framework debug logs at boot Download from https://downloads.hak5.org/croc Documentation from https://docs.hak5.org/ Flashing Instructions from https://docs.hak5.org/hc/en-us/articles/360048015333-Updating-the-Key-Croc
-
Our of curiosity, what was the issue you had with Finder on your Mac?
-
Key Croc A keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. Find the manual, or full user documentation for the Key Croc including getting started, software updates, payload development and tips from the Hak5 Documentation Center at: https://docs.hak5.org/hc/en-us/categories/360003797793-Key-Croc
-
- 2
-
[VIDEO TUTORIAL] Shark Jack Firmware Recovery
Darren Kitchen replied to Darren Kitchen's topic in Shark Jack
No, unfortunately doing so will overwrite the bootloader thus rendering the device incapable of software-based recovery. In this case your best course of action is to contact support to inquire about an express replacement for accidental damage. https://shop.hak5.org/pages/support -
The Shark Jack features a firmware recovery option which allows the user to restore the devices firmware image. This procedure is performed via a special web interface. Download the latest firmware image for your Shark Jack from the Hak5 Download Center. It is extremely important that you follow the directions precisely as it pertains to powering the device and image selection from the web recovery interface. The video is provided as a reference however does not replace carefully reading the instructions listed below. Follow these steps to access the recovery web interface and update the firmware. With the switch in the OFF position, plug in a suitable USB power source and fully charge the Shark Jack. The LED will blink blue while charging, and solid blue when fully charged. If no LED activity is present, leave the Shark Jack connected to the power source for 10 minutes. Unplug the Shark Jack completely from the USB power source Prepare to press the Shark Jack reset button located on the bottom of the device next to the regulatory label. Using a paperclip, SIM card removal tool or similar instrument practice pressing the button. With the Shark Jack unplugged and with its switch in the off position, carefully insert the instrument and directly downward until you feel resistance. Gently press the button. You should feel a click. With the instrument at the ready, flip the switch into the arming (middle) position and immediately after press and hold the reset button for 7 seconds. Connect a USB power source to the Shark Jack Connect the Shark Jack to your host PC Ethernet interface. After a moment the Shark Jack LED will indicate solid green with intermittent activity flashes. Set a static IP address for the host PC Ethernet interface connected to the Shark Jack as follows: IP Address: 192.168.1.2 Netmask: 255.255.255.0 From the host PC, browse to http://192.168.1.1 A Shark Jack Recovery interface with a red banner will appear. Click to the Recovery tab, then click Browse Firmware, select the Shark Jack firmware downloaded from the Hak5 Download Center, then click Start Upload File. If your Shark Jack web interface shows a blue banner reading Web Failsafe Recovery, click the OS tab, then click browse, select the Shark Jack firmware downloaded previously, then click Start Upload File. If your Shark Jack features the blue bannered Web Failsafe Recovery interface, it is extremely important that you select the OS tab and not the Firmware tab or any other tab as doing so will render the device inoperable. This process will take several minutes. Do not interrupt the power supply while the firmware is updating. Once complete, the Shark Jack will restart as indicated by a green blinking LED. At this point, disable the static IP address on the host PC Ethernet interface connected to the Shark Jack and reset it to receive an IP address automatically via DHCP.
-
[VIDEO TUTORIAL] Shark Jack Unboxing and Setup
Darren Kitchen replied to Darren Kitchen's topic in Shark Jack
I use a Digital Ocean "droplet" (VPS) with 512 MB RAM and 20 GB disk. I hardly tax the thing. -
@Topknot thanks for detailing the process you followed to upgrade - however I want to advise against this method as it will not be supported. We cannot guarantee that the firmware file will always fit in the root file system in /root/, and the sysupgrade function may not always be present in the framework. If you wish to manually upgrade the Shark Jack, as opposed to the guided method using the sharkjack.sh helper available from https://downloads.hak5.org I advise you to please follow the instructions listed at https://docs.hak5.org/hc/en-us/articles/360038189894-Manual-Upgrade
-
[VIDEO TUTORIAL] Shark Jack Unboxing and Setup
Darren Kitchen replied to Darren Kitchen's topic in Shark Jack
@Geeksystem here's the article on manual flashing as promised: https://docs.hak5.org/hc/en-us/articles/360038189894-Manual-Upgrade -
[VIDEO TUTORIAL] Shark Jack Unboxing and Setup
Darren Kitchen replied to Darren Kitchen's topic in Shark Jack
I'm using the USB Ethernet adapter from https://shop.hak5.org/collections/accessories/products/combo-ethernet-adapter-and-retractable-cable (which is included in the Shark Jack Combo Kit) - but any regular USB Ethernet adapter will work. I'll post a manual upgrade guide to https://docs.hak5.org but essentially the process is similar to that of the Packet Squirrel or WiFi Pineapple where you download the latest firmware from downloads.hak5.org, copy the file to /tmp/ on your device via SCP, then SSH into the device, verify its SHA256 sum, then issue sysupgrade -n /tmp/upgrade.bin The IMPORTANT bit to keep in mind with the Shark Jack is that it should be plugged into USB power during the flashing process, as an interruption in power will result in a bricked device. -
Everything from unboxing your Shark Jack to connecting in arming mode, exfiltrating loot, changing out payloads, upgrading the firmware, checking out the new web interface and even connecting it to Cloud C2. VIDEO CHAPTERS: 0:58 - Unboxing 4:22 - Attacking with the default payload 7:08 - Connecting in arming mode 10:40 - Navigating the file system 12:34 - Exfiltrating loot to our local host 14:13 - The sharkjack.sh helper script 17:16 - Upgrading the firmware 19:26 - The new arming mode web interface 20:30 - Loading new payloads 25:19 - Setting up Cloud C2
-
Yep - that's for real. We'll have a site detailing all of our official global distributors shortly - we just have a few more partners coming online now.
-
-
The Screen Crab by Hak5 is a stealthy video man-in-the-middle. This covert inline screen grabber sits between HDMI devices - like a computer and monitor, or console and television - to quietly capture screenshots. It's perfect for sysadmins, pentesters and anyone wanting to record what's on a screen. Out of the box it saves screenshots to a MicroSD card every few seconds. And by editing a simple text file you can configure every option, including capturing full motion video. Planting the Screen Crab is easy. Just plug it in, power by USB, pop in a card and get instant feedback from the multi-color LED. Coupled with a large MicroSD card - you can discreetly save nearly a year's worth of data. And with the Screen Crab, remote monitoring is built right in. Connect it to the Internet over WiFi and exfiltrate those screenshots, or watch the screenshots live from anywhere online with Hak5's Cloud C2. Screen Crab - covert inline screen grabs. SHOP: https://shop.hak5.org/products/screen-crab DOCUMENTATION: https://docs.hak5.org/hc/en-us/categories/360002117873-Screen-Crab
-
The Signal Owl by Hak5 is a signals intelligence platform with a unique design allowing it to be discreetly planted, or taken with you on any engagement. With a dynamic payload system, it orchestrates attacks using custom utilities and popular tools - like Aircrack-ng, MDK4, Kismet and more. The internal WiFi radio is optimized for close access operations, and coupled with a number of common transceivers it'll support GPS, SDR and Bluetooth. Powered by USB and featuring USB pass-through, the Signal Owl is able to share a port that may otherwise be occupied without interference. And with Hak5 Cloud C2, command and control is at the forefront. Easily exfiltrate data and drop right into a shell from the web and get root access anywhere. Signal Owl - the signals intelligence platform with simple payloads. SHOP: https://shop.hak5.org/products/signal-owl PAYLOADS: https://github.com/hak5/owl-payloads DOCUMENTATION: https://docs.hak5.org/hc/en-us/categories/360002117953-Signal-Owl
-
I don't condone cheating but I also get that it's very much a part of the experience. This is why we would send mates to check out the rigs of our opponents at LAN parties back in the original CS / Q3 / UT99 days. Anyway - interesting concept. I've never heard of Cheat Engine. Care to elaborate? I don't have time to game anymore, just curious.
-
Not receiving items booked through Hak5 store
Darren Kitchen replied to deano123's topic in Everything Else
Hi all. I'm just now becoming aware of multiple related situations identified in this thread. I sympathize as no one should be waiting this long on their orders, and I offer my sincerest apologies. Looking deeper into the various issues it seems that most are related to a hazmat shipping situation that has prevented us from selling batteries outside of very limited circumstances (domestic ground shipments only). Unfortunately our logistics provider has been extremely slow to respond in rectifying the situation. For example, some international shipments sent by DHL had been shipped back then repackaged via FedEx. It's extremely frustrating to have high value orders containing multiple units get to the border and be delayed by days if not weeks and incur immense shipping expenses due to one unit. We have since removed all batteries from kits until a better logistics solution can be found. We are also investigating alternative logistics providers to alleviate these response delays. I'm terribly saddened that our plan to use a professional logistics outfit for fulfillment of orders at higher speeds than possible by the small team that is Hak5 has resulted in the exact opposite in these edge cases. It's absolutely unacceptable and I share in your frustration. Furthermore, our support systems have not been adequate to deal with these logistics challenges in a timely manner, and for that I offer my sincere apologies. We are back from defcon, we hear you, and while half of us are hard at work on the next big thing - the rest of the team is dedicated to digging into to each and every support ticket to ensure that you receive exactly what you are due. You will have resolution by the end of the week. -
Not receiving items booked through Hak5 store
Darren Kitchen replied to deano123's topic in Everything Else
Deano123 - I'm really sorry we completely dropped the ball on this. I really appreciate your patience and understanding - but you shouldn't have to wait a month for your order or a week for a response. You have my word we'll make this right - and in doing so we'll prevent this from happening again. I must admit we're pretty damn good for the 99% of orders, but the edge cases like yours where packages go lost, stolen, stuck in customs, bounced back to us or any number of other odd exceptions - we can do better. For what it's worth, we're in the midst of a transition here internally where we're revamping a lot of processes that were put in place ad hoc as we grew from the garage. For the most part there has already been a lot of refinement on the backend, but customer service - especially with these edge cases - is the number one area where we need improvement. Based on this experience, we're developing a bot which will monitor the packages tracking while they're in transit and alert us if an order is taking longer than usual to get to its destination. That way we can be proactive about notifying the customer and helping in situations where customs or the shipping carriers cause issues. I know this doesn't immediately solve your particular issue, but know that we're taking the issue seriously and we're working to solve your AWOL package in the process. You'll be hearing from us via ZenDesk/Email shortly. xinjie00 - Your order held briefly since there was a short delay between the order being accepted and one of the items - I believe the WiFi Pineapple - being available at the warehouse. I'm 99% certain it left the warehouse yesterday (Monday). Regarding the 30 day policy for international orders - I'd say that it's more like 2-5 days for DHL and 4-11 days for USPS - but unfortunately customs can add up to another 3-4 weeks if the package gets held and while it only impacts less than 1% of orders, sadly it's something that's completely out of our hands. The hope is that our new order tracking/alerting bot will allow us to be proactive in these situations. -
It's a great companion to the USB attack tools, with the right payload. You'll see. Basically drop the Squirrel as a listener for an accompanying payload on the Duck/Bunny. Working on something special for that. Also, noted hardware request.
- 1 reply
-
- 2
-
You forgot NETMODE TRANSPARENT wget https://packetsquirrel.com BUTTON 1m && { echo "Discount unlocked!" LED FINISH } || { echo "Timeout dude!" LED FAIL }
-
minimum cmd "mode" is 18,1 -- at least on my systems. Also you can pre-load the obfuscation commands on line 39 with this cmd /K "mode 18,1 & color FE & cd C:\ & title " Cheers!
-
Awesome payload. Neat concept of a powershell reverse shell stager to kick off commands by netcat. It's a shame the powershell netcat interpreter is 342 characters long - necessitating opening and obfuscating a cmd window. I wonder if it could be whittled down to fit in the run dialog with its 260 max length. Something like cmd /c "start /MIN powershell <command goes here>"