winter_soldier

The leds are visual debug aids, they do different patterns on different firmwares default duck_X.hex: green = usb comms, red = sdcard error From memory, on twin duck, (its been awhile???) led0 (green color?) signifies sending/receiving USB packets from computer to ducky led1 (red color?) signifies receiving chars from inject.bin or sdcard-data, solid red means can't read sdcard? so long as you don't have solid red, i think everything should be fine.

quick google - found this, written by the man himself: http://amarketplaceofideas.com/wp-content/uploads/2015/04/The-USB-Rubber-Ducky-Draft.doc

http://linux-sunxi.org/A33

Dirty hack in the interface (Configuration module) to select a country code, to re-assert the correct channels and frequencies for your currently occupied country. I noticed the team have patched the Network panel to dynamically display the channel array in a nice dropdown box. I assume you already know linux and how to patch code, or can take this patch and make your own modifications; standard disclaimer: use at you own risk, simples! diff -Npaur pineapple/modules/Configuration/api/module.php pineapple-new/modules/Configuration/api/module.php --- pineapple/modules/Configuration/api/module.php 2016-09-15 13:57:11.000000000 +0100 +++ pineapple-new/modules/Configuration/api/module.php 2016-09-15 13:55:39.000000000 +0100 @@ -49,6 +49,13 @@ class Configuration extends SystemModule $this->disableLandingPage(); break; + case 'changeRegion': + $this->changeRegion(); + break; + + case 'getCurrentRegion': + $this->getCurrentRegion(); + break; } } @@ -135,4 +142,16 @@ class Configuration extends SystemModule $this->response = array("success" => false); } + private function getCurrentRegion() + { + $currentRegion = exec('iw reg get|head -n 2|tail -n 1|cut -b 9-10'); + $this->response = array("currentRegion" => $currentRegion); + } + + private function changeRegion() + { + $region = escapeshellarg($this->request->Region); + exec("iw reg set {$region}"); + $this->response = array("success" => true); + } } diff -Npaur pineapple/modules/Configuration/js/module.js pineapple-new/modules/Configuration/js/module.js --- pineapple/modules/Configuration/js/module.js 2016-09-15 13:55:39.000000000 +0100 +++ pineapple-new/modules/Configuration/js/module.js 2016-09-15 13:55:39.000000000 +0100 @@ -7,6 +7,8 @@ registerController("ConfigurationGeneral $scope.newPasswordRepeat = ""; $scope.showPasswordSuccess = false; $scope.showPasswordError = false; + $scope.customRegion=""; + $scope.currentRegion=""; $scope.timeZones = [ { value: 'GMT+12', description: "(GMT-12:00) Eniwetok, Kwajalein" }, @@ -36,6 +38,15 @@ registerController("ConfigurationGeneral { value: 'GMT-12', description: "(GMT+12) Auckland, Wellington, Fiji, Kamchatka" } ]; + $scope.getCurrentRegion = (function() { + $api.request({ + module: "Configuration", + action: "getCurrentRegion" + }, function(response) { + $scope.currentRegion = response.currentRegion; + }); + }); + $scope.getCurrentTimeZone = (function() { $api.request({ @@ -137,6 +148,25 @@ registerController("ConfigurationGeneral }); }); + $scope.changeRegion = (function() { + var tmpRegion; + if ($scope.customRegion.trim() !== "") { + tmpRegion = $scope.customRegion; + } + $api.request({ + module: "Configuration", + action: "changeRegion", + Region: tmpRegion, + + }, function(response) { + if (response.success !== undefined) { + $scope.getCurrentRegion(); + $scope.customRegion="00"; + } + }); + }); + + $scope.getCurrentRegion(); $scope.getCurrentTimeZone(); }]); @@ -195,4 +225,4 @@ registerController('ConfigurationLanding }); $scope.getLandingPageStatus(); -}]); \ No newline at end of file +}]); diff -Npaur pineapple/modules/Configuration/module.html pineapple-new/modules/Configuration/module.html --- pineapple/modules/Configuration/module.html 2016-09-15 13:55:39.000000000 +0100 +++ pineapple-new/modules/Configuration/module.html 2016-09-15 13:55:39.000000000 +0100 @@ -43,7 +43,23 @@ </div> </div> </form> - + <br/> + <form class="form-horizontal"> + <div class="form-group"> + <label class="col-sm-2 control-label">Region:</label> + <div class="col-sm-3"> + <input type="text" class="form-control" ng-model="currentRegion" disabled> + </div></div> + <div class="form-group"> + <label for="Region" class="col-sm-2 control-label">Region Code</label> + <div class="col-sm-5"> + <input type="text" class="form-control" placeholder="00" ng-model="customRegion"> + </div></div> + <div class="form-group"> + <div class="col-sm-offset-2 col-sm-10"> + <button type="submit" class="btn btn-default" ng-click="changeRegion()">Change Region</button> + </div></div> + </form> <br/> <br/> @@ -101,4 +117,4 @@ </div> </div> </div> -</div> \ No newline at end of file +</div>

its openwrt barrier breaker, first step would be enumerating the kernel config

4cap - means 4x caps lock can't remember seeing S003 ? maybe someone (or the requestor) could shed light here? I thought these were Special Requests? or Sponsored developments ?

see the above. Also you could just double-tap the Lock buttons?

the nfc-explorer/PN532 is good for mifare type HF cards some parallax kits are LF EM4x, don't see to many of those systems around.

depends on your rfid token/card?

Im short on time at the moment, I'll need to look into the tetra to see what the difference is? think someone ordered one in the office, hopefully it will arrive in the next few weeks? else its slaving over a firmware image?

you most likely need the wpa_supplicant client, and probably need to build a config file from the command line? there may be an example or two here, let me know if you work it out?

get your isp to change your ip - he's watching your connection

First I refer to the rules of the internet: http://knowyourmeme.com/memes/rules-of-the-internet And a call-out to my sadly missed mentor and friend. We do not hack in-discriminatory for we are all one on the internet; we should not separate ourselves buy color, or creed; because in the end on the internet you are either a one or a zero ( 1 or 0 ), in the end we need both to communicate and share information. Knowledge is power and we need to learn to share this; not to hold back; hide; or make fun of or abuse; we are the generation of hackers where 'hacking' has a bad name twisted by the corporations and the media. We do not hack for profit (though at times it is fun (within legal boundaries and signed contracts)), but we do it for the betterment of ourselves to help improve each others lives, to teach, and love one other. We hack to modify and improve, to better ourselves and others, to make knowledge available freely accessible. If some one does something interesting/cool congratulate them, and learn from them. There should be no shame, disgust or hate. If anything he set out to do was to drive enthusiasm, knowledge and learning i will try to continue this as we all should. RIP my missed friend

On OSX there is a hidden GUI client https://ambroselittle.wordpress.com/2013/11/09/mac-wi-fi-scanner-in-os-x-mavericks/ or command line client http://osxdaily.com/2012/02/28/find-scan-wireless-networks-from-the-command-line-in-mac-os-x/ thats enough for checking the signal and use wireshark for sniffing packets, sadly no injection. But I find it enough for 8021x and WPA/WPA2 (if you can capture a handshake) Otherwise I use an alfa networks card, and virtual box vm to perform the injection I need.

Your going to have to work inside a mobile telephony company. Google Penturalabs & telephony , for some more interesting posts...

May want to read this first https://forums.hak5.org/index.php?/topic/37095-questions-about-client-mode-mac-windows/?p=270079

patch binary isn't on the pineapple you may have it installed on you linux host (or 'apt-get install build-essetenial' should do it). Hopefully Darren/Seb will mainstream these patches for ease of use? First download the required folder via ssh/scp (for example Configuration): local$ scp -r root@pineapple:/pineapple/modules/Configuration . assuming you copied the configuration patch to config.patch in a directory outside Configuration local$ cd Configuration local$ patch -p1 < ../config.patch (if it borks for whatever reason due to paths) just ensure its the right file e.g.. Configuration/api/module.php Then re-upload the patched binaries back to the pineapple local$ scp -r Configuration root@pineapple:/pineapple/modules/

Could be PSU issue? If no beeps: Running fans and drives and motherboard LED's do not necessarily indicate a good PSU. In the absence of a single short beep, they also do not indicate that the system is booting. At this point, you can sort of check the PSU. Try to borrow a known good PSU of around 550 - 600 watts. That will power just about any system with a single GPU. If you cannot do that, use a DMM to measure the voltages. Measure between the colored wires and either chassis ground or the black wires. Yellow wires should be 12 volts. Red wires: +5 volts, orange wires: +3.3 volts, blue wire : -12 volts, violet wire: 5 volts always on. Tolerances are +/- 5% except for the -12 volts which is +/- 10%. The gray wire is really important. It should go from 0 to +5 volts when you turn the PSU on with the case switch. CPU needs this signal to boot. You can turn on the PSU by completely disconnecting the PSU and using a paperclip or jumper wire to short the green wire to one of the neighboring black wires. If the system beeps: If it looks like the PSU is good, install a memory stick. Boot. Beep pattern should change to one long and several short beeps indicating a missing graphics card. Silence, long single beeps, or series of short beeps indicate a problem with the memory. If you get short beeps verify that the memory is in the appropriate motherboard slots. Also, if your CPU is overclocked,over-volt'ed it could have burnt out?

Is this RFID? or the proposed IOT area of research?

I've identified that it only works when it has also seen clients associated to those APs you've identified.

Another patch for networking - not the best, but indicates channels available before (purposefully changed the Region to US for this pic): after setting the Region to JP (Japan): diff -Npaur pineapple-new/modules/Networking/api/module.php /pineapple/modules/Networking/api/module.php --- pineapple-new/modules/Networking/api/module.php 2016-01-03 17:00:01.000000000 +0000 +++ /pineapple/modules/Networking/api/module.php 2016-01-16 14:54:13.000000000 +0000 @@ -76,6 +76,10 @@ class Networking extends SystemModule case 'disconnect': $this->disconnect(); break; + + case 'getCurrentChannels': + $this->getCurrentChannels(); + break; } } @@ -262,6 +266,12 @@ class Networking extends SystemModule $this->response = $interfaceArray; } + private function getCurrentChannels() + { + exec("iw phy0 info |grep -A 14 Frequencies|grep -v disabled|awk '{gsub(/[][]/,\"\"); print $4}'|awk NF=NF RS= OFS=,",$currentChannels); + $this->response = array("currentChannels" => $currentChannels); + } + private function saveAPConfig() { $config = $this->request->apConfig; diff -Npaur pineapple-new/modules/Networking/js/module.js /pineapple/modules/Networking/js/module.js --- pineapple-new/modules/Networking/js/module.js 2015-12-31 14:08:46.000000000 +0000 +++ /pineapple/modules/Networking/js/module.js 2016-01-16 14:54:13.000000000 +0000 @@ -47,12 +46,12 @@ registerController('NetworkingRouteContr }); $scope.getRoute(); - }]); registerController('NetworkingAccessPointsController', ['$api', '$scope', '$timeout', function($api, $scope, $timeout) { $scope.apConfigurationSaved = false; $scope.apConfigurationError = ""; + $scope.currentChannels=""; $scope.apConfig = { selectedChannel: "1", openSSID: "", @@ -93,6 +92,17 @@ registerController('NetworkingAccessPoin }) }); + $scope.getCurrentChannels = (function() { + $api.request({ + module: "Networking", + action: "getCurrentChannels" + }, function(response) { + $scope.currentChannels = response.currentChannels; + + }) + }); + + $scope.getCurrentChannels(); $scope.getAPConfiguration(); }]); diff -Npaur pineapple-new/modules/Networking/module.html /pineapple/modules/Networking/module.html --- pineapple-new/modules/Networking/module.html 2015-12-31 14:08:46.000000000 +0000 +++ /pineapple/modules/Networking/module.html 2016-01-16 14:54:13.000000000 +0000 @@ -55,9 +55,16 @@ <form class="form-horizontal"> <div class="form-group"> <label class="col-sm-3 control-label">Access Point Channel</label> - <div class="col-sm-5"> + + <div class="form-group"> + <label class="col-sm-2">Available: </label> + <div class="col-sm-7"> + <input type="text" class="form-control" ng-model="currentChannels" disabled> + </div><br><br> + <label class="col-sm-2">Select: </label> + <div class="col-sm-4"> <select class="form-control" ng-model="apConfig['selectedChannel']"> - <option ng-repeat="channel in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]">{{ channel }}</option> + <option ng-repeat="channel in [1,2,3,4,5,6,7,8,9,10,11,12,13,14]">{{ channel }}</option> </select> </div> </div> @@ -265,4 +272,4 @@ </div> </div> </div> -</div> \ No newline at end of file +</div>

Patch unlocks additional channels depending on country code: before (mine is hardest to GB for some reason): after: diff -Npaur pineapple/modules/Configuration/api/module.php pineapple-new/modules/Configuration/api/module.php --- pineapple/modules/Configuration/api/module.php 2015-12-21 23:12:02.000000000 +0000 +++ pineapple-new/modules/Configuration/api/module.php 2016-01-10 13:06:40.000000000 +0000 @@ -44,6 +44,14 @@ class Configuration extends SystemModule case 'disableLandingPage': $this->disableLandingPage(); break; + + case 'changeRegion': + $this->changeRegion(); + break; + + case 'getCurrentRegion': + $this->getCurrentRegion(); + break; } } @@ -73,6 +81,19 @@ class Configuration extends SystemModule $this->response = array("success" => true); } + private function getCurrentRegion() + { + $currentRegion = exec('iw reg get|head -n 1|cut -b 9-10'); + $this->response = array("currentRegion" => $currentRegion); + } + + private function changeRegion() + { + $region = escapeshellarg($this->request->Region); + exec("iw reg set {$region}"); + $this->response = array("success" => true); + } + private function getLandingPageData() { $landingPage = file_get_contents('/etc/pineapple/landingpage.php'); diff -Npaur pineapple/modules/Configuration/js/module.js pineapple-new/modules/Configuration/js/module.js --- pineapple/modules/Configuration/js/module.js 2015-12-21 23:12:02.000000000 +0000 +++ pineapple-new/modules/Configuration/js/module.js 2016-01-10 13:06:40.000000000 +0000 @@ -7,6 +7,8 @@ registerController("ConfigurationGeneral $scope.newPasswordRepeat = ""; $scope.showPasswordSuccess = false; $scope.showPasswordError = false; + $scope.customRegion = ""; + $scope.currentRegion = ""; $scope.timeZones = [ { value: 'GMT+12', description: "(GMT-12:00) Eniwetok, Kwajalein" }, @@ -46,6 +48,15 @@ registerController("ConfigurationGeneral }); }); + $scope.getCurrentRegion = (function() { + $api.request({ + module: "Configuration", + action: "getCurrentRegion" + }, function(response) { + $scope.currentRegion = response.currentRegion; + }); + }); + $scope.rebootPineapple = (function() { if (confirm("Are you sure you want to reboot your WiFi Pineapple?")) { $api.request({ @@ -115,12 +126,30 @@ registerController("ConfigurationGeneral }, function(response) { if (response.success !== undefined) { - $scope.getCurrentTimeZone(); + $scope.getCurrentTimezone(); $scope.customOffset = ""; } }); }); + $scope.changeRegion = (function() { + var tmpRegion; + if ($scope.customRegion.trim() !== "") { + tmpRegion = $scope.customRegion; + } + $api.request({ + module: "Configuration", + action: "changeRegion", + Region: tmpRegion, + + }, function(response) { + if (response.success !== undefined) { + $scope.getCurrentRegion(); + $scope.customRegion="00"; + } + }); + }); + $scope.getCurrentRegion(); $scope.getCurrentTimeZone(); }]); @@ -179,4 +208,4 @@ registerController('ConfigurationLanding }); $scope.getLandingPageStatus(); -}]); \ No newline at end of file +}]); diff -Npaur pineapple/modules/Configuration/module.html pineapple-new/modules/Configuration/module.html --- pineapple/modules/Configuration/module.html 2015-12-11 01:10:48.000000000 +0000 +++ pineapple-new/modules/Configuration/module.html 2016-01-10 13:06:40.000000000 +0000 @@ -42,10 +42,27 @@ </div> </div> </form> - <br/> + <form class="form-horizontal"> + <div class="form-group"> + <label class="col-sm-2 control-label">Region: </label> + <div class="col-sm-3"> + <input type="text" class="form-control" ng-model="currentRegion" disabled> + </div> + </div> + <div class="form-group"> + <label for="Region" class="col-sm-2 control-label">Region Code</label> + <div class="col-sm-5"> + <input type="text" class="form-control" placeholder="00" ng-model="customRegion"> + </div> + </div> + <div class="form-group"> + <div class="col-sm-offset-2 col-sm-10"> + <button type="submit" class="btn btn-default" ng-click="changeRegion()">Change Region</button> + </div> + </div> + </form> <br/> - <form class="form-horizontal"> <div class="form-group"> <label for="oldPassword" class="col-sm-2 control-label">Old Password</label> @@ -100,4 +117,4 @@ </div> </div> </div> -</div> \ No newline at end of file +</div>

the idea here is simple, if you can dream it, it is possible

Depends on what your scanning. T1 is a far less aggressive scan when compared to T5, you might want to look into other speed options sS can be mistaken for syn-flood attacks on some basic firewalls and IDS systems, sometimes sT is quicker across network boundaries sU UDP can be very unreliable, combine it with Application triggers -A (aggressive scan) to more accurately determine open ports, but then increases the chances of detection Also nmap inserts a fixed string into all packets any IDS (example Snort) can easily fingerprint an nmap scan, think of alternative scanning engines When in doubt or unsure man nmap

ICS on El Capitan Using the script here as a base : https://github.com/TGYK/OSXwp5 I had to change a couple of strings: 1) 1010* to 1011* to reference El Capitan 2) Change gateway IP to 172.16.42.2 (as 172.16.42.42 is already assigned to the USB interface) 3) Not using ethernet en0, the USB adapter ended up as en9 (I have many usb-adapters and BeagleBones), yours could be different. You'll have to identify your own interface (ifconfig) and adjust the script accordingly. Script is here: http://pastebin.com/jPjD74Q0 I'm a bit lazy, many improvements could be made to this script to make it more user friendly. Also full credit to TGYK.