marc
-
Posts
48 -
Joined
-
Last visited
Posts posted by marc
-
-
I'm wondering if it's easily possible to remote enable/disable infusions/executables running on the Pineapple. Preferably by PHP.
--edit: Solved, using PHP's exec to run some bash.
-
I've searched around a bit, but forgive me if this has been covered by someone else.
Is there a custom DNS infusion for the Pineapple?
-
Received my rubber ducky yesterday and I'm having great fun playing with some payloads. Sadly I don't have a win7 box to play with outside of my VM, and the Mac keyboard layout as well as being in the UK isn't the greatest thing in the world, but still loving the device. I recommend getting yourself a USB hub that also has a microSD slot; it makes for much faster payload writing and testing.
Here's an idea.
Given that the rubber ducky doesn't receive any info from the system itself, it completes its commands without receiving any feedback. As this is the case, longer payloads could be covered up visually with the following idea:
We write a small app that takes the clipboard, displays it fullscreen and always-on-top, and doesn't exit unless a certain key command is pressed. Say CTRL-H.
1. Printscreen is pressed
2. Code is executed to quickly download/run this app, which launches as above.
3. Other elements of the payload are completed in the background. Meanwhile, the printscreen from the beginning is being displayed due to the app running.
4. Eventually, the other elements of the payload are quit on completion, such as command windows etc etc.
5. CTRL-H is pressed to quit the printscreen display app which cuts back to the desktop looking exactly like the printscreen.
This would produce no more visual giveaways than the payload executing this app. Of course, when we have access to the microSD data itself as well as the HID, this should be a lot easier to implement. But it's just an idea to "lock" the screen whilst executing more complex procedures to avoid suspicion.
-
Hi SteveParker,
A sure fire way to do this on Windows XP would be with a U3 USB stick. These however are normally a little more costly than standard USB media as they have hardware changes allowing them to have a virtual CDROM partition.
Not only this, but Windows Vista and upwards I believe won't give autorun functionality like XP did.
As CanadianTaco said, the USB Rubber Ducky could work, but this would not be cross platform unless each one is flashed according to what OS the user is running which I assume is not possible in your case. This would also be quite pricey.
I don't think there is a good answer to give you, but I would recommend your client against this. However, I fully understand he wants it made easy for the users.
In terms of the promo code, this is easily done by loading a variable in PHP via the URL. Something like http://website.com/order.php?promo=C0DEH3R3. To auto open this URL would be impractical given you want OS-independence, so I would recommend just having subdirs on the root of the USB so that the user can choose themselves until a better solution could perhaps one day be offered.
-
You want to upload ip.shtml somewhere on the web, and then in Gonzor's exe, tell it the URL of where it is.
-
Merry christmas guys,
You'll enjoy v3, we promise!
-
Someone who is too unintelligent to understand anything like U3 technology, Gonzor's clear instructions, rpk's clear instructions on where to find gonzors payload, does NOT deserve to use gonzor's payload.
Gonzor's payload is awesome, and i do not think it should be available to idiots.
Im not pointing fingers, I'm just saying. A lot of work went in to this, for non profit, education, and for other's fun. Please obay the devteam, and let us help you, and try to have common sense.
Can we all move on ?
-
OK, did some testing today. I worked out that disabling the network dump and the messenger dump prevents the no disk error. There may be other things which cause it, but please see my screenshot above to see which options I am not using anyway, and therefore didn't test.
As far as I know, the "no disk" error is given if the network passwords dump and messenger passwords dump are on. If just one of them is on, one "no disk" error will occur. If both are on, two will occur. If neither is on, it is completely silent, (with my AV disabled to stop an alarm when SBS.exe is called).
-
Cool, seems a nice solution to the time of dumping the logs. I guess you would make it delete the payload when it is finished?
-
Yeah, or just hit CTRL ALT DEL twice when logging in normally to access the username input screen.
-
GonZor, since the last release, I now get the "no disk" error. I believe the options are Try Again, Continue, and something else, or something similar. I did it on a friends PC, and didn't have enough time to grab a screenshot, just enough time to click continue, and pull the thing out. The machine was running Vista. I will try to get you any other specs that I can, but I believe I get this error on my other friends laptop too, also with Vista. Here is the screenshot of my SBConfig setup:
http://brapperbrap.tripod.com/sb.png
However, all that was dumped was:
System Info
External IP
VNC
HackSaw
Nothing else was dumped, and there were no other errors.
I hope you can help here.
-
External IP dumper FTW!
And soon our new IP updater will be done (yeah I know, Its taken ages to get finished. I have been really busy and my main computer has died, I'm still in the process of fixing it.)
No worries. My end is pretty much done, just a small amount of tidying up needs to be done. Hey, I appreciate the payload anyway, and understand we all live lives away from the computer. (Most of us.) So no rush at all GonZor, hope all is well :).
-
The long awaited V2. 0 is now out of beta, sorry for the delay.
- [li]Fixed VNC (confirmed working - new password is "easy")[/li]
Hrrm. I've tried both "hacked" and "easy" as VNC passwords with no success. Did I miss another VNC password, specified elsewhere or later in the topic?
EDIT: Found a reference in the Tutorial topic to "yougothacked", which worked.
Thanks,
-dr. k
I was the one with my friend who modified the reg file for the password "easy". The problem was, in the actual VNC Server, the password limit was 8 characters long, and therefore "yougothacked" sometimes screwed up in the registery. We then changed it to something easy to remember, "easy". I am not sure what reg file you are using, but we believe we only changed the entries which changed when we changed the server password. Another reason it may not work is the port forwarding issue.
While the HakSaw Antidote sufficiently removes HakSaw, VNC is left behind. While I can manually remove VNC, is there any specific guidance for doing so? I.e., are there any files I wouldn't otherwise expect associated with VNC that also need to be removed to eliminate all traces of its' installation?I think its WINVNC.EXE and VNCHOOKS.REG in the %systemroot% folder. I am not by a Windows machine to check for you though, or have the bat files handy.
-
Nice tutorial and opinions on the RATs.
External IP dumper FTW!
-
Have you tried to turn on/off autostart in the actual U3 software itself?
-
Good point.
I guess the worry is that people who are used to the U3 launcher could suspect something or realized that you have modified the USB stick when seeing this pstart load up rather than the U3 launcher they are used to.
To be honest, I don't use the USB stick for portable applications at all, but just for the switchblade and storing/moving temp documents, so I will go with the majority for GonZor's next release.
-
Thanks for the help there remkow.
My mistake though. I actually meant "explain" as in "explain why this is your opinion," not to explain what he meant.
-
Explain?
-
I would prefer the U3, although I will go happily with the majority :).
-
As always, an awesome revision to the payload. I cant wait for all our new features and that.
I vote for the dyndns with VNC. As much as our updated reg file works, its hopeless without someone being in DMZ or no forwarding.
-
Whoa. All magicians in the house, give me your MSN Messenger (preferably, or iChat/AIM) addresses !
Sorry, for this offtopic stuff.
Me and Gonzor are working on a new part of the payload. I wont give much away, I'll let Gonzor do that, but it seems to be quite useful, and I'm sure more will be told as we develop it.
-
-
Same here Erdnase. I've been a semi-professional working magician from a 14 year interest in magic :).
-
Some websites regarding this error:
http://wook.wordpress.com/2007/06/25/excep...6bf9c-75b6bf9c/
http://forums.techguy.org/business-applica...ocessing-3.html
http://my.opera.com/opera-usb/forums/topic.dml?id=187458
Seems something to do with Norton and/or quicktime.
Can everyone who is getting this error please tell me what AV they have (if any), and their status with quicktime being installed?
Remote toggle for Pineapple
in WiFi Pineapple Mark V
Posted
Thanks newbi3. I'm grepping PIDs to kills in PHP exec to stop where appropriate and copying the start commands in the infusion widgets to start which is working fine.