Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About Xcellerator

  • Rank
    Hak5 Pirate
  • Birthday 01/08/1996

Profile Information

  • Gender

Recent Profile Visitors

3,685 profile views
  1. Pretty sure he was only referring to the USB Armory when he was talking about inotify-tools. There aren't any LEDS on the Turtle for inotify-tools to interface with.
  2. Hi, these are some good questions. I'll do my best to answer clearly! I don't own a Tetra/Nano yet (still on the MKV) but most of these are general questions. 1. SFTP can be used, but there's no need to run an SFTP daemon on the pineapple. You can use SCP which is just a file transfer protocol over SSH. Use it just like you would "mv" or "cp" in Linux. scp root@ /home/me/directory/to/save/to/ 2/3. In networking, the Gateway is the address that outbound traffic is sent to. So for your personal machine, it would be set to whatever router you're using to connec
  3. For many (generally older) devices, if there's two APs with the same ESSID (or BSSID in some later implementations) then it is simply a race condition to see which one is associated to. It essentially boils down to which one has the stronger signal (in most cases this will be the same as which is closer). Karma is excellent at grabbing these devices because it just replies to all probe requests (the packets spat out by a client asking which of its known APs are nearby), therefore Karma will most likely win the race condition and get the association. However, if the target device is already as
  4. Although the pineapple does indeed only have two wireless radios, (namely wlan0 and wlan1), you can plug in a USB wireless adapter (as long as its supported see here: http://wiki.wifipineapple.com/#!compatible_wifi_cards.md) and it will show up as wlan2 (as you'd imagine). The best use for wlan2 is to use it for your connection to the AP as it suffers less from the rate-limiting issues in wlan1 (I think its due to a timing issue over the internal bus, correct me if I'm wrong anyone..). This frees up wlan1 for things like deauthing, packet captures, etc..
  5. Also you'd be surprised how much more efficient the PineAP/Karma suite is if you also use wlan1 to deauth everyone except your pineapples MACs. (If you don't already do that anyway..). But I think most places treat deauthing the same as jamming so you're getting into even muddier waters than you were before... Anyway, I'd much prefer an extension to the Mk5 rather than a Mk6. If it's not then the expansion bus and the "slices" all came to pretty much nothing. (I know you could still do it yourself, but as far as I'm aware, there isn't anything serious as far as the expansion bus goes...).
  6. A raspberry pi is a pretty good idea too. The standard OS for the pi is called "Raspbian" which is just an ARM version of Debian (which is what Ubuntu, Mint, Elementary, etc are all based on). So with that you could use iptables as I mentioned. I've just found http://makezine.com/projects/browse-anonymously-with-a-diy-raspberry-pi-vpntor-router/. Which looks quite interesting. I think this is pretty much the best way to set up a Raspberry Pi to do what you want (and it looks quite fun too!). They use Raspbian in it too, so you can still use iptables (just make sure your firewall rules don't co
  7. Hmmm... Sounds very annoying. I've been thinking about your question though, its quite an interesting one. I guess in Windows you could use the built-in "Windows Firewall" to block ALL inbound/outbound connections except for those from a VPN that you've got running back home? Pretty sure you can do that in advanced firewall settings in control panel. Your machine would basically ignore everything that didn't originate from a specific IP address (in this case it'd be your machine running a VPN back home). So in effect you would HAVE to tunnel EVERYTHING through that VPN to be able to access any
  8. Hmm, as far as books go, it depends on how in depth you wan to get. I suggest getting your head around receivers first (because after that, transmitting becomes very simple). The people behind RTL-SDR published a book called "The Hobbyists Guide to RTL-SDR" which is excellent. It assumes no knowledge on behalf of the reader and will get you set up and receiving signals very quickly. Then there is also Richard Lyons' "Understanding Digital Signal Processing" textbook which is quite heavy on maths but cuts no corners whatsoever. Finally, Mike Ossmann has a series of videos out called "SDR with H
  9. If you've not done much with radio before, I'd suggest starting off with the Yardstick One and an RTL-SDR for transmit/receive respectively. It handles the modulation all on-chip so you don't need to have an in-depth knowledge of all of the maths thats going on. For that reason, the Yardstick One isn't an SDR (its not *software* defined!). Then you should upgrade to the Hack RF which is a true SDR and all the modulation and (almost) all the maths is handled by the host computer.
  10. IMO, its unlikely to be a new pineapple. In the announcement at DefCon a couple of years ago when the MK5 was announced, Darren made it pretty clear that the MK5 was the LTS version as far as Hak5 were concerned. Darren and Seb between them have also said several times that they haven't got any plans for a MK6 any time soon and I'd imagine that it takes quite a bit longer to design and build and get a new one approved. Just my two cents, put my money on either a slices module (the bit at the end looks kinda touch-screeny) or FW 3.0..
  11. It looks like Ubuntu is automatically loading the builtin kernel module for the dvb tuner. Try running sudo rmmod dvb_usb_rtl28xxu and see if it works. It it does, then you can make the change permanent (after reboot) by creating "rtlsdr.conf" in "/etc/modprobe.d" and put blacklist dvb_usb_rtl28xxu in it. Hope that helps!
  12. You've been clear that you aren't interested in learning how the platform works but that is exactly what everyone here on the forum is open to helping you achieve. I really don't know what you're expecting to get from us and I don't think there's anything else I can do for you.
  13. No, there is not any such disclaimer just as there isn't a disclaimer when you buy an oven saying that you need to be a cook. Nonetheless, if you buy an oven, you either already know how to cook or are going to learn how to cook. The same logic applies to the pineapple. When I said "click-and-go", I apologise for any confusion if you thought I was referring to your post. I meant from the way that you describe how you want the pineapple to work makes it sound like you just want to click a few buttons and expect things to happen. As anyone on this site will tell you, penetration testing (and in
  14. I feel I should point out that the pineapple is a tool for professional penetration testers. It's not designed to be just a simple "click and go" that the average computer user could pick up and start stealing gmail passwords from their neighbours. Not trying to sound rude, but the overall impression your posts seem to have is that the pineapple isn't as simple as you expected. I'd highly suggest getting familiar with linux if you haven't already and then SSH into the pineapple to see exactly why your connection keeps dropping off. I don't mean to say "go work it out yourself" - I mean that i
  15. Oh, I see what you mean! That is much nicer than using nano. (I've never had any trouble using nano to edit /etc/sudoers as I sudo'd it first?) I've never really been able to get along with vi. Apple are still likely to be pretty slow at patching this. If it was a serious RCE then we might see a different reaction, but in the real world, people are so precious of their Macs that its gonna be so hard to get the physical access to a machine that you need to exploit this. (Thats Apple's justification, anyway!).
  • Create New...