Jump to content

zoro25

Active Members
  • Content Count

    81
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by zoro25

  1. Hey REDD I just wanted to say thanks for this and all of the work you've put in to making the sharkJack a better tool
  2. I've done some searches on the forums and this has been asked many times however there has never been a definitive answer on the support for the Alfa AWUS036ACH This is one of the most popular adapters for Kali and while I know the PineApples are not Kali Os they do run linux flavors for which the Alfa AWUS036ACH has driver support. Has anyone managed to get the Alfa AWUS036ACH to show up on the PineApple and if yes then please post steps and if not then are any of the Hak5 team able to give a reason for the lack of support given how popular this adapter is.
  3. @nest are there plans to link facial recognition to https://t.co/hEW9dj8Cuz it seems backward that I have to relink… https://t.co/nRpvfOP2NQ

  4. A Krack module would be nice - - - -just putting it out there
  5. Yes it seems that there is a bug on the latest firmware where tools are not being installed, I'll attempt the same recovery method to get this working. In my case I had responder installed but I removed it and after no tools will install :-(
  6. This is nice, it would be great if @Darren Kitchen or someone on the Hak5 team could do a video of how to config and use something like this. Put their main tools , PineApple , BashBunny, Ducky, Squirrel together to make a full-on Pentest Rig. A lot of us have all these tools but don't use them together in one set up as you've done.
  7. http://newosxbook.com/liberios/ - and Link to Morpheus who did the hack https://twitter.com/Morpheus______ This was released 2 days ago and works with all IOS 11 devices, However Cydia hasn't been updated to work with IOS 11 so any tweaks or sideloading of apps may not work just yet, but with this you can easily get SSH access into the device and play with binaries and command utilities you may want. I suggest using a spare device for any type of ARM/IOS hacking. Also expect this to be patched very soon.
  8. @firt @kickstarter @elonmusk Been there and had the same thing happen, @kickstarter won't do anything, In my case,… https://t.co/wtR4kI6fKI

  9. As a person who worked on one of the most popular IOS and Android apps (tens of millions of users on both platforms) I can confirm that both Google and Apple check updates especially if any update requires extra user permissions If no extra permissions are requested then once approved (and it will certainly be checked before being allowed in their app stores) they will just do random checks on the app. Any IOS/Android exploits are too valuable to be out in the wild, the going rate for an IOS current version hack is $1,000,000 and there was one shown just a few weeks ago (it won't be rele
  10. If you really are interested then I would recommend this book http://zygosec.com/Products by Billy Ellis. He also has a decent youtube channel where he walks through the latest exploits with tips and tricks for reverse engineering Arm based software. https://www.youtube.com/user/pr0Hacks2014/videos
  11. It's been shown that the same Israeli company (Cellebrite I think their name is) that helped the FBI to bypass the IOS security on the San Bernadino shooters phone can also bypass later firmware as well. Also, their CEO claims they can also bypass the current firmware (however have stated that they won't give any details or show that hack working as it's only for their 3 letter agency type customers). My guess is that there are a large number of zero days for IOS which are floating around but only released to top paying bidders.
  12. there will be a new firmware release for the PineApples within the next 4 days or so, I would wait and give that a try to see if it fixes your issues, if not then it seems that a return/replacement unit may be needed.
  13. Just saw that you already mention Builtwith, That's who I use to profile things like this. https://builtwith.com/hak5.com They also have a browser plugin, It's very easy to use their API or just scrape for an app you would write yourself. I also use TCPIPUtils for looking up networking info, (subdomains etc) https://www.tcpiputils.com/browse/domain/hak5.com I then also do a few other things, but builtwith and TCPIPUtlis are my main 2
  14. zoro25

    XSS Help

    Also, I would suggest looking in the console of your browser for errors when injecting. As already mentioned without knowing the app or js/html of page it's hard to give a working payload However, you can try either -->'";</ScriPT><sCriPt><confirm()</scRiPt> Which may better break out of the HTML and is nice and short (similar to what you tried but I included single and double quotes and also the end of a comment just in case you end up in a comment section. Or you can try a polyglot injection payload, (these will usually set off a WebApp Fi
  15. While I've not done this on the pineapple, only on websites I've tested. My advice would be to take a look at RFD attacks (Reflected File Download attacks). It should be possible to set up a vulnerable page/site using EvilPortal or something similar on the pineapple and then your link should auto-download and run shell commands on the users device. (works on both win and nix but I've only tested against windows users) I'm not going to walk you through the whole attack but it's easy to do and requires little to no input from a user (it's also possible to bypass all brow
  16. @CrookdHillary @MatthewKick No idea where you get your 0-6months as Cornell law , https://t.co/tPgUmFHu6X states 5 years max

  17. @testertested Never feel bad about screwing up, we all that (in one way or another). The fact that you realized it… https://t.co/syGpmMyjPX

  18. Okay Alexa install the PineApple skill. or Hey Google run the KrackAttack again SSID Comcast123 Who needs shell commands or the terminal anymore when we have digital assistants :-)
  19. Sorry to be a bit of a dick, but can you clarify "short order", Are we talking days, weeks, months? I understand that new bugs pop up that needs to be fixed as newer features are added but I'm guessing there is some internal date that could be given (feel free to pad the date with extra time to fix the unknown - unknowns)
  20. @Bonsaiuser Just to let you know that @Sebkinne is supposed to be working on a module for this (or maybe a newer firmware). Feel free to make your own but you might want to reach out to him first.
  21. @mattbarcomb I've worked at 3 companies where this is encouraged @CPM__UK @Microsoft & @Skype, 1 of the 54 likes th… https://t.co/2S6ycD1qvk

  22. I think you guys are missing the R&D costs, If you look at Seytonic he pushes (or sells) Malduino but the Malduino uses DuckyScript as it's language. Who invented DuckyScript . Hak5 , OKay so it's not massively hard to come up with a new simple scripting language or even using the Malduino for USB automation, but no one else did it in a small easy to use package. That's what Hak5 brings, ease of use and some resemblance of support (I say resemblance as most of the support is from the community so it's hit or miss) . Sure you can do a lot of the pineapple stuff via a
  23. I didn't read it as a worm but to attack machines attached to a switch, (let's say 8 devices) As previously mentioned it's going to be hard as it sounds like he's looking for persistence. Those 8 machines could be any OS/IOT devices so yes you can MITM them to grab credentials etc, but getting persistent access is going to be hard as this usually means exploiting some kind of bug in the underlying OS or software running on the device. (see the earlier reply from PoSHMagiC0de) I think you should instead be looking at how to exploit 1 device on the switch with high certainty using th
  24. Does anyone know anything about that "Friday thing" mentioned in today's Hak5 video? or what I'm guessing is a new PineApple firmware release or at least a new Krack module ****EDIT**** (after watching it back it seems that the Friday thing may have been last weeks Packet Squirrel announcement, I watched the recorded streams but didn't see anything new pineapple or Krack related)
  25. @smartthings @nvidiashield Thanks for the clarification

×
×
  • Create New...