Jump to content

Darren Kitchen

Root Admin
  • Posts

  • Joined

  • Days Won


Everything posted by Darren Kitchen

  1. For the record, you don't need to perform a factory reset to make these changes. Just select the desired setting from the Filters page.
  2. I understand the frustration when something doesn't work as expected. I think it's important to understand what the WiFi Pineapple sets out to achieve, and where it allows users to leverage its capabilities. Since the beginning of this project we've been working hard at making the WiFi Pineapple a robust platform for WiFi pentests. Our focus is to provide a stable platform that makes the network and transport elements of a recon and rogue access point system simple, while providing an open API for developers to leverage our unique hardware. Because of this we've fostered a community of talented pentesters and developers that have made some fantastic modules, bring a lot of applications to the ecosystem – so in that I believe we've achieved this goal. While we continue to refine the core system, we're faced with a number of challenges as third party module developers may need to update their code in order to work with the latest base. As @scretch pointed out, there are some known bugs - like the deauth function of SiteSurvey needing a modification to its aireplay command as an example. Thankfully this is made simple between the easy to follow developer docs (https://docs.hak5.org/hc/en-us/sections/360002377413-Development) and the open source module repository on github (https://github.com/hak5/wifipineapple-modules) – so anyone is able to contribute to a module. Outside of the community developed modules, if there is a bug or feature request having to do with the core of the WiFi Pineapple – or really anything that you think would make it a better product – I absolutely welcome that feedback.
  3. If you haven't already, I advise reaching out to us directly - see https://shop.hak5.org/pages/support
  4. Adding any key combination is possible by editing the language file. Here's a quick how-to on adding CTRL-SHIFT-ENTER, as an example. 1. Download the official Hak5 JS Ducky Script encoder from https://downloads.hak5.org/ducky2. Download a keymap json file from the Hak5 github at https://github.com/hak5/bashbunny-payloads/tree/master/languages3. Edit the keyboard layout file downloaded in step 2 with a text editor and add the desired key map.For example:"CTRL-SHIFT-ENTER": "03,00,28",4. Save the modified keymap file5. Open the jsencoder.html file downloaded in step 1 from a browser6. Click Change Keyboard Layout7. Click Choose file, then select the file saved in step 48. Write your payload as normal, now using the newly created keyboard combo.For example:DELAY 3000GUI rDELAY 500STRING powershellCTRL-SHIFT-ENTERDELAY 1000ALT yDELAY 1000STRING echo hello worldENTERUse this technique to add any valid keyboard combination. This works similarly on the Bash Bunny by using the command QUACK KEYCODE 03,00,28
  5. It's difficult to say with certainty based on what you've said. It sounds like from what you've said that it hasn't crashed - it's still recording images locally. When the Screen Crab was connected to your Cloud C2 server, it would have reported its LAN IP address. Are you able to ping it on the same network?
  6. The power specifications for the Shark Jack is 2.5W (5V / 500mA). The charger you linked is out of spec and may damage the device.
  7. This can be done by using the MAN_ and SN_ options in ATTACKMODE. These were added in firmware v1.3 - see the changelog at https://downloads.hak5.org/bunny for usage.
  8. Thanks for the details. I can say with confidence that 800x600 isn't supported, however I am not 100% certain as to that odd 1360x768 resolution. I have a display I can test which outputs the more common 16:9 1366x768 - however I am unsure right now if I have something that'll do that resolution to test with. I'll check tonight when I get home. Just to validate that there isn't anything wrong with the device, can you test with a standard 1080p signal and verify that the LED goes blue when using the default image capture config.txt ? Thanks!
  9. @SuperSavvyTech you are correct that the battery should last some 10-15 minutes. This can be verified using a simple uptime payload similar to: while true; do uptime >> /root/loot/uptime.log; sleep 10; done I'm really sorry your Shark Jack battery isn't performing as expected. At the factory all Shark Jack devices undergo a burn-in test as part of the QA process whereby the battery is fully cycled before being charged to a level suitable for shipping. In the vast majority of cases this process identifies any underperforming batteries - which are then replaced. While a finite number of charge cycles is inherent in lithium batteries, the issue you are describing indicates wear far too premature. Please contact support at https://shop.hak5.org/pages/support and we will get you sorted in short order.
  10. You are correct that you are seeing a NO SIGNAL light. If the Screen Crab doesn't think it is getting a video signal, my first place to look is at what video signal is passing through it and if it's a supported resolution.
  11. You can manually perform a firmware recovery from the serial console using the update_recovery script, which I believe is in /usr/loca/bunny/. Standard precautions apply.
  12. If you just got your Bash Bunny and you're looking for information on getting started and grasping the fundamentals, there's no better source than the official documentation at https://docs.hak5.org There you can learn the ins and outs of the device language, switch positions, mass storage, serial connection, internet connectivity, software updates, payload development and much more. There are even video guides covering specific payloads as examples. Once you've reviewed all of that, please feel free to ask specific questions here in the community forums. Welcome!
  13. By default the check in interval is set to 5 seconds, which provides for a snappy response at the cost of higher data transfer. Feel free to change the interval from the settings menu.
  14. A packet filtering bug was introduced in OpenWRT 19.07 which caused issues with DWAll. We implemented this OS base on firmware 2.6.0. The bug was fixed in 2.6.2 - so it's safe to say the module will work on 2.6.2 as well as firmwares before OpenWRT 19.07 which include 2.5.4 and before.
  15. Yes, it's running Linux and that serial console will get you a root shell - so feel free to hack it to your heart's content. Just keep in mind that we won't be able to support the device should you open it up.
  16. What resolution are you passing through the Screen Crab?
  17. I use a Samsung Evo 512 GB card. I've seen 'em recently as low as $27. Not bad for half a TB.
  18. Magenta is typically used for LED SETUP - which is the phase when networking is established for most payloads. It sounds like the payload it running, however the setup phase has not passed as the networking requirements have not been met. I recommend checking the payload. What payload is this?
  19. Contact support at https://shop.hak5.org/contact and we'll get it replaced.
  20. Yes, any converter that'll translate to HDMI should work. I've had good experience with a number of inexpensive converters from the likes of Anker and Cable Matters.
  21. Good to hear that the Screen Crab is working out for you. Regarding advanced deduplication like you mentioned, that's a cool idea but wouldn't be possible on the device itself out of the box - at least not with its current software. We'll absolutely take the feature request under consideration though. On Cloud C2 the server side this could imagine a new feature which would allow you to assign a threshold by which the two images must match in order to be deduplicated. For instance, if 90% of the two images haven't changed then dedupe. That too we'll consider. Just so that I understand you correctly, you're looking to dedupe on server, not on device? If you're looking to get the most from your 256 GB MicroSD card, in addition to the deduplication option I recommend setting the log rotate feature.
  22. Awesome. Looking forward to seeing the payload in action 🙂
  23. Demon - Hello to a fellow former phone phreak. I'm of the red box generation as the last analog trunks were being replaced during my experience, so 2600 Hz tones were far less useful. 🙂 Anyway, your Shark Jack will work on just about any modern OS - not just Linux. We provide the sharkjack.sh as a convenience to our *nix fans, but you could do very similar these days on Windows as SSH and SCP are built into powershell. If you charge the Shark Jack, then flip the switch into arming mode (middle position) it'll boot up in a way that makes it start a DHCP server, offering the connected computer an address in the 172.16.24.x range. By default most computers will attempt obtain an address from the network (a network of two, your computer and your Shark Jack). Give this a try and see if you can then ping the Shark Jack at If you get replies from the following command, you should be good to go by manually moving files via SCP. ping Here are a few articles that should help you in your journey: https://shop.hak5.org/blogs/shark-jack
  24. No, unfortunately doing so will overwrite the bootloader thus rendering the device incapable of software-based recovery. In this case your best course of action is to contact support to inquire about an express replacement for accidental damage. https://shop.hak5.org/pages/support
  • Create New...