Darren Kitchen
-
Posts
4,887 -
Joined
-
Days Won
248
Posts posted by Darren Kitchen
-
-
On 10/18/2022 at 7:29 AM, xinjia said:
I contacted the support months ago and they responded with a succinct "use the recovery firmware"a month late. This isn't a solution. So support people either don't know there's a problem with their products or they ignore it for prevent RMAs.
As you will understand, it is a very expensive product to have such horrible support and from what I see on reddit and in this same forum I'm not the only one who suffers from it. So I'll ask what I see necessary.
With this situation I don't plan to buy anything else from Hak5.
I was unable to find a support ticket with the email address you have listed on your forums account. Perhaps it went to our older system? Please keep a lookout for an email from us with RMA details for your WiFi Pineapple exhibiting the malfunctioning EMMC behavior. It will be coming from support@hak5.customerdesk.io
-
Official answer:
Use a MicroSD card — not a Micro SDHC, SDXC or SDUC card. That means 2 GB and under.
Unofficial (I'm a hacker) answer:
As long as the file system is FAT (FAT/VFAT or FAT32) as opposed to other common formats like exFAT, NTFS EXT4, etc — it should work, albeit with a potential performance hit*.
*The larger the partition (and the more files/directories) the longer it will take to be read — both from the perspective of the USB Rubber Ducky itself (reading inject.bin, seed.bin or writing loot.bin) but also to the target, enumerating the USB "Flash Disk" when using the command ATTACKMODE STORAGE.
As an example, I've formatted a 200 GB SanDisk Ultra MicroSDXC card with the FAT32 file system and loaded it with a very simple "Hello World" payload:
ATTACKMODE HID STORAGE DELAY 1000 STRING Hello, World!
And it injected the keystrokes within a second of attaching it to the target — however the target (a Windows 10 PC in this case) took over a minute to recognize the USB drive in Explorer.
-
4
-
-
-
DuckyScript 3.0 for the new USB Rubber Ducky can be encoded in Payload Studio — both Community and Pro editions — right in your browser. The compiler and all payload editing is done client-side, locally. We never see your work. You can download an offline copy of the IDE from your browser.
Keep in mind that the offline version you download will be frozen in time, whereas the online version will be continuously updated as we add features and fixes over time. You can see the version number in the bottom left corner of the page.
-
2
-
3
-
-
Thank you all for the incredible feedback on the Key Croc – especially the 1.3 beta. We knew in development that we were on to something game changing, so to hear the enthusiasm from you all directly is truly rewarding. The amount of creativity shown in such a short period of time since initial release is encouraging.
We hope that with this Key Croc firmware 1.3 we can further that creativity. As always we welcome your feedback here on the forums and of course on our Discord channel.
Thanks for your support and happy hacking!
Huge thanks to our team – @Korben for his work on this firmware with the support of @Foxtrot and everyone including 0xdade for feature inspiration.
Changelog:
-
General
-
(optional) Password Protected Arming Mode built into framework/parser
- ARMING_PASS and (optional) ARMING_TIMEOUT can be defined in config.txt (Credits: 0xdade)
- Fix croc being shutdown by host machine going to sleep
- C2 notifications added to relevant event handlers
- iProduct can now be defined with PROD_ when calling ATTACKMODE, and defined in config.txt as PROD
- iManufacturer can be defined in config.txt as MAN
- Croc now waits for keyboard to enter ATTACKMODE HID
- Increase output log write speeds
- Fixed $LOOT
- ATTACKMODE now automatically populates /tmp/vid /tmp/pid /tmp/man /tmp/prod along with /tmp/mode
- Fixed payload validation at boot and added payload validation to RELOAD_PAYLOADS
-
(optional) Password Protected Arming Mode built into framework/parser
-
Payloads / Tools
- Add SAVEKEYS [path] UNTIL [regex] syntax support to payloads (Credits:0xdade)
- SAVEKEYS NEXT/UNTIL now also produce .filtered logs handling backspaces and removing control characters/modifiers.
- Ported GET extension script from Bash Bunny
-
Added GET_VARS script giving your payload access to the following live data
- VID
- PID
- MAN
- PROD
- HOST_IP
- TARGET_IP
- TARGET_HOSTNAME
-
Added the following helper scripts
- QUACKFILE (alias QFILE)
- ENABLE_PAYLOAD
- DISABLE PAYLOAD
- WAIT_FOR_KEYBOARD_ACTIVITY
- WAIT_FOR_KEYBOARD_INACTIVITY
- WAIT_FOR_LOOT
-
Framework functions exported
- MOUNT_UDISK
- UNMOUNT_UDISK
- UPDATE_LANGUAGES
- ENABLE_WIFI
- ENABLE_INTERFACE
- START_WLAN_DHCP
- CLEAR_WIFI_CONFIG
- CONFIG_PSK_WIFI
- CONFIG_OPEN_WIFI
- ENABLE_SSH
- DISABLE_SSH
-
Added the following scripts
- WAIT_FOR_ARMING_MODE
- WAIT_FOR_BUTTON_PRESS
- ARMING_MODE
- GET_HELPERS
-
Misc
- Added get_payloads.html to udisk
- Fixed language file consistency, example: CONTROL/CTRL
- Moved examples into library/examples
- Debug logs moved to /root/loot so they will be automatically moved to udisk for easier debugging access
- DEBUG ON in config.txt now enables parser and framework debug logs at boot
Download from https://downloads.hak5.org/croc
Documentation from https://docs.hak5.org/
Flashing Instructions from https://docs.hak5.org/hc/en-us/articles/360048015333-Updating-the-Key-Croc
-
1
-
General
-
Our of curiosity, what was the issue you had with Finder on your Mac?
-
Key Croc
A keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed.Find the manual, or full user documentation for the Key Croc including getting started, software updates, payload development and tips from the Hak5 Documentation Center at:
https://docs.hak5.org/hc/en-us/categories/360003797793-Key-Croc
-
1
-
1
-
-
On 12/9/2019 at 4:08 PM, Francis Daigneault said:
Is there a way to recover in case I did not RTFM correctly and use the Firmware TAB instead of OS ?
No, unfortunately doing so will overwrite the bootloader thus rendering the device incapable of software-based recovery.
In this case your best course of action is to contact support to inquire about an express replacement for accidental damage.
-
The Shark Jack features a firmware recovery option which allows the user to restore the devices firmware image. This procedure is performed via a special web interface.
Download the latest firmware image for your Shark Jack from the Hak5 Download Center.
It is extremely important that you follow the directions precisely as it pertains to powering the device and image selection from the web recovery interface. The video is provided as a reference however does not replace carefully reading the instructions listed below.
Follow these steps to access the recovery web interface and update the firmware.
- With the switch in the OFF position, plug in a suitable USB power source and fully charge the Shark Jack. The LED will blink blue while charging, and solid blue when fully charged. If no LED activity is present, leave the Shark Jack connected to the power source for 10 minutes.
- Unplug the Shark Jack completely from the USB power source
- Prepare to press the Shark Jack reset button located on the bottom of the device next to the regulatory label. Using a paperclip, SIM card removal tool or similar instrument practice pressing the button. With the Shark Jack unplugged and with its switch in the off position, carefully insert the instrument and directly downward until you feel resistance. Gently press the button. You should feel a click.
- With the instrument at the ready, flip the switch into the arming (middle) position and immediately after press and hold the reset button for 7 seconds.
- Connect a USB power source to the Shark Jack
- Connect the Shark Jack to your host PC Ethernet interface. After a moment the Shark Jack LED will indicate solid green with intermittent activity flashes.
-
Set a static IP address for the host PC Ethernet interface connected to the Shark Jack as follows:
- IP Address: 192.168.1.2
- Netmask: 255.255.255.0
- From the host PC, browse to http://192.168.1.1
-
A Shark Jack Recovery interface with a red banner will appear. Click to the Recovery tab, then click Browse Firmware, select the Shark Jack firmware downloaded from the Hak5 Download Center, then click Start Upload File.
- If your Shark Jack web interface shows a blue banner reading Web Failsafe Recovery, click the OS tab, then click browse, select the Shark Jack firmware downloaded previously, then click Start Upload File. If your Shark Jack features the blue bannered Web Failsafe Recovery interface, it is extremely important that you select the OS tab and not the Firmware tab or any other tab as doing so will render the device inoperable.
- This process will take several minutes. Do not interrupt the power supply while the firmware is updating. Once complete, the Shark Jack will restart as indicated by a green blinking LED. At this point, disable the static IP address on the host PC Ethernet interface connected to the Shark Jack and reset it to receive an IP address automatically via DHCP.
-
1
-
27 minutes ago, Milhouz said:
Just because I've been digging for this info for a bit as I just ordered a Shark Jack. If I want to setup a Cloud C2 instance what are the recommended specs for that system if its going onto a VPS?
I use a Digital Ocean "droplet" (VPS) with 512 MB RAM and 20 GB disk. I hardly tax the thing.
-
@Topknot thanks for detailing the process you followed to upgrade - however I want to advise against this method as it will not be supported. We cannot guarantee that the firmware file will always fit in the root file system in /root/, and the sysupgrade function may not always be present in the framework.
If you wish to manually upgrade the Shark Jack, as opposed to the guided method using the sharkjack.sh helper available from https://downloads.hak5.org I advise you to please follow the instructions listed at https://docs.hak5.org/hc/en-us/articles/360038189894-Manual-Upgrade
-
2
-
-
Thanks for the report. We are looking into this now. This is related to Hak5 infrastructure as it pertains to adding packages not already in the mainline OpenWRT feeds end and will not impact your ability to install standard packages.
-
1
-
-
@Geeksystem here's the article on manual flashing as promised: https://docs.hak5.org/hc/en-us/articles/360038189894-Manual-Upgrade
-
1
-
-
On 11/9/2019 at 5:49 AM, Cyo59 said:
@Darren Kitchenhey what did you use to get your Ethernet and sharkjack on the same laptop?
I'm using the USB Ethernet adapter from https://shop.hak5.org/collections/accessories/products/combo-ethernet-adapter-and-retractable-cable (which is included in the Shark Jack Combo Kit) - but any regular USB Ethernet adapter will work.
22 hours ago, Geeksystem said:Hmmm... suspect behaviour here.
I downloaded new firmware and sharkjack.sh to my kali machine. Shark Jack is connected, pinging and i can connect to it with ssh.
When i run sharkjack.sh and select "connect" it only says "waiting for shark jack to connect"
Same on upgrade so i can't upgrade. Is there a way to manually copy the upgrade to,the Shark and start the upgrade directely from ssh shell ?
Greets, Heiko
I'll post a manual upgrade guide to https://docs.hak5.org but essentially the process is similar to that of the Packet Squirrel or WiFi Pineapple where you download the latest firmware from downloads.hak5.org, copy the file to /tmp/ on your device via SCP, then SSH into the device, verify its SHA256 sum, then issue sysupgrade -n /tmp/upgrade.bin
The IMPORTANT bit to keep in mind with the Shark Jack is that it should be plugged into USB power during the flashing process, as an interruption in power will result in a bricked device.
-
Everything from unboxing your Shark Jack to connecting in arming mode, exfiltrating loot, changing out payloads, upgrading the firmware, checking out the new web interface and even connecting it to Cloud C2.
VIDEO CHAPTERS:
0:58 - Unboxing
4:22 - Attacking with the default payload
7:08 - Connecting in arming mode
10:40 - Navigating the file system
12:34 - Exfiltrating loot to our local host
14:13 - The sharkjack.sh helper script
17:16 - Upgrading the firmware
19:26 - The new arming mode web interface
20:30 - Loading new payloads
25:19 - Setting up Cloud C2
-
1
-
-
Yep - that's for real. We'll have a site detailing all of our official global distributors shortly - we just have a few more partners coming online now.
-
-
The Screen Crab by Hak5 is a stealthy video man-in-the-middle. This covert inline screen grabber sits between HDMI devices - like a computer and monitor, or console and television - to quietly capture screenshots. It's perfect for sysadmins, pentesters and anyone wanting to record what's on a screen. Out of the box it saves screenshots to a MicroSD card every few seconds. And by editing a simple text file you can configure every option, including capturing full motion video. Planting the Screen Crab is easy. Just plug it in, power by USB, pop in a card and get instant feedback from the multi-color LED. Coupled with a large MicroSD card - you can discreetly save nearly a year's worth of data. And with the Screen Crab, remote monitoring is built right in. Connect it to the Internet over WiFi and exfiltrate those screenshots, or watch the screenshots live from anywhere online with Hak5's Cloud C2.
Screen Crab - covert inline screen grabs.
SHOP: https://shop.hak5.org/products/screen-crab
DOCUMENTATION: https://docs.hak5.org/hc/en-us/categories/360002117873-Screen-Crab-
1
-
-
The Signal Owl by Hak5 is a signals intelligence platform with a unique design allowing it to be discreetly planted, or taken with you on any engagement. With a dynamic payload system, it orchestrates attacks using custom utilities and popular tools - like Aircrack-ng, MDK4, Kismet and more. The internal WiFi radio is optimized for close access operations, and coupled with a number of common transceivers it'll support GPS, SDR and Bluetooth. Powered by USB and featuring USB pass-through, the Signal Owl is able to share a port that may otherwise be occupied without interference. And with Hak5 Cloud C2, command and control is at the forefront. Easily exfiltrate data and drop right into a shell from the web and get root access anywhere. Signal Owl - the signals intelligence platform with simple payloads.
SHOP: https://shop.hak5.org/products/signal-owl
PAYLOADS: https://github.com/hak5/owl-payloads
DOCUMENTATION: https://docs.hak5.org/hc/en-us/categories/360002117953-Signal-Owl-
1
-
1
-
-
I don't condone cheating but I also get that it's very much a part of the experience. This is why we would send mates to check out the rigs of our opponents at LAN parties back in the original CS / Q3 / UT99 days. Anyway - interesting concept. I've never heard of Cheat Engine. Care to elaborate? I don't have time to game anymore, just curious.
-
2
-
-
You'd email me directly. Unfortunately YouTube leaves a lot to be desired for the gear giveaways I'm doing. Hopefully soon we'll have a better system.
-
Hi all. I'm just now becoming aware of multiple related situations identified in this thread. I sympathize as no one should be waiting this long on their orders, and I offer my sincerest apologies. Looking deeper into the various issues it seems that most are related to a hazmat shipping situation that has prevented us from selling batteries outside of very limited circumstances (domestic ground shipments only). Unfortunately our logistics provider has been extremely slow to respond in rectifying the situation. For example, some international shipments sent by DHL had been shipped back then repackaged via FedEx.
It's extremely frustrating to have high value orders containing multiple units get to the border and be delayed by days if not weeks and incur immense shipping expenses due to one unit. We have since removed all batteries from kits until a better logistics solution can be found. We are also investigating alternative logistics providers to alleviate these response delays.
I'm terribly saddened that our plan to use a professional logistics outfit for fulfillment of orders at higher speeds than possible by the small team that is Hak5 has resulted in the exact opposite in these edge cases. It's absolutely unacceptable and I share in your frustration. Furthermore, our support systems have not been adequate to deal with these logistics challenges in a timely manner, and for that I offer my sincere apologies. We are back from defcon, we hear you, and while half of us are hard at work on the next big thing - the rest of the team is dedicated to digging into to each and every support ticket to ensure that you receive exactly what you are due. You will have resolution by the end of the week.
-
4
-
1
-
-
Deano123 - I'm really sorry we completely dropped the ball on this. I really appreciate your patience and understanding - but you shouldn't have to wait a month for your order or a week for a response. You have my word we'll make this right - and in doing so we'll prevent this from happening again.
I must admit we're pretty damn good for the 99% of orders, but the edge cases like yours where packages go lost, stolen, stuck in customs, bounced back to us or any number of other odd exceptions - we can do better.
For what it's worth, we're in the midst of a transition here internally where we're revamping a lot of processes that were put in place ad hoc as we grew from the garage. For the most part there has already been a lot of refinement on the backend, but customer service - especially with these edge cases - is the number one area where we need improvement.
Based on this experience, we're developing a bot which will monitor the packages tracking while they're in transit and alert us if an order is taking longer than usual to get to its destination. That way we can be proactive about notifying the customer and helping in situations where customs or the shipping carriers cause issues.
I know this doesn't immediately solve your particular issue, but know that we're taking the issue seriously and we're working to solve your AWOL package in the process. You'll be hearing from us via ZenDesk/Email shortly.
xinjie00 - Your order held briefly since there was a short delay between the order being accepted and one of the items - I believe the WiFi Pineapple - being available at the warehouse. I'm 99% certain it left the warehouse yesterday (Monday).
Regarding the 30 day policy for international orders - I'd say that it's more like 2-5 days for DHL and 4-11 days for USPS - but unfortunately customs can add up to another 3-4 weeks if the package gets held and while it only impacts less than 1% of orders, sadly it's something that's completely out of our hands. The hope is that our new order tracking/alerting bot will allow us to be proactive in these situations.
-
1
-
-
It's a great companion to the USB attack tools, with the right payload. You'll see. Basically drop the Squirrel as a listener for an accompanying payload on the Duck/Bunny. Working on something special for that.
Also, noted hardware request.
-
2
-
Who is lying, Hak5 or Passport?
in Everything Else
Posted
Richard —
In the past, we only offered DHL as an option for International orders. They're very fast, however they do not handle duties for our customer. That becomes their responsibility at time of border crossing.
Because of this, we have implemented another shipping option for our International customers — Passport. They collect duties up front. It's a pretty smooth service, however it isn't as fast as DHL. They aren't a traditional carrier in their own right, rather a brokerage service that acts on your behalf for customs clearance. On the backend, packages are sent via UPU.
If you aren't familiar with the Universal Postal Union (UPU), it's is a global postal network that facilitates international mail services. It works closely with the United Nations, and coordinates with each member countries postal service. As an example, when a package is shipped via UPU from the United States to the United Kingdom — it originates its journey with the United States Postal Service (USPS). Once it crosses the border and clears customs (something Passport facilitates for you) it will be handed over to the Royal Mail.
Because multiple agencies are involved, tracking may take some time to update — and it won't be as fast as the DHL option that doesn't include customs brokerage. It's a tradeoff, but after having offered it for several years we've found it to be a reliable, economical choice, albeit slower.
As the face of, and lead hacker behind Hak5, I have put a tremendous amount of effort into implementing systems that will ensure a smooth customer experience. Everything from customs brokerage to shipping services to package insurance to fraud mitigation to the support agents who are empowered to see that you have a successful and satisfactory transaction. It's my personal goal to make sure that when you order from us, it's a seamless experience. We have a process in place to deal with every potential edge case when an inevitable snafu does arrive, should you reach out.
I've checked our support ticket system for any email from your r*@c*.com email address, however none have been found. We typically address tickets in 1-2 business days, so I advise contacting us at https://hak5.org/contact or visiting https://support.hak5.org if you still need assistance. We'd be happy to help.
Best,
Darren