bored369

What IP address was auto assigned? It's been a bit since I reset my LanTurtle but I believe you have to maually assign a 192.168.1.2 in that mode, it should only be doing DHCP in standard mode. Which could mean you aren't getting it into factory reset mode and I'll admit it is a bit tricky to get it in that mode with the location of the button without using a usb extension cord to make it easier.

Hold the reset button on the back for like 5-7 seconds with it powered on. That will perform a factory reset (or if you can try using the menu option in the interface but the button is easier for me to remember where it's located ;) Second step get a microSD card. Then install all the modules you want to SD card when installing them. There is very little space on the nano and it starts acting sporadic when it runs out of space. But microSD cards are really cheap now and that will give you tons of storage space to do whatever with. I've never tried the usb drive on it, but I believe it's supposed to be just plug and play especially if it's ext4 already. It may be a power issue possibly, but depends on how you are powering the nano and what the usb drive is trying to pull. As for the random ponder, I would recommend enabling the pineAP stuff to handle adding all that stuff to the pool. I don't believe there is a module to just scan and then add all of those found to the pool (also technically not something it was designed to do, since there is little application for such actions in legitimate penetration testing, but you are right little bit of coding and it should be pretty easy to set it up yourself for that purpose if you want)

Unlikely that it would copy at the block level to virtualize a harddrive, but depends on how you go about it. Maybe there is a way but things like disk2vhd only copy at the file level as far as i'm aware. If whatever you use does do block level copy you are right in thinking the size of the virtual drive would be much larger than the currently consumed space, more likely would be the full size of the disk. Browser cookies would be at the file level so those would be there (unless they were deleted, then same thing as above applies) I mean you could put a backdoor in the vm and maybe screw the system up if you wanted to stop it, but nothing would stop them from just using a copy of the virtual drive file to run each time and then you would need to do that every time or have something in place to lock access to the system. But remember with physical access to a machine (or virtual drive in this case) there's normally little you can do to stop someone from getting in. Best suggestion would be to use full disk encryption with a strong passphrase and strong passphrase for actually logging into the system and don't share it with people you think might clone your system without your knowledge. The bigger issue you need to solve is being able to trust who is using your stuff, if you don't you're already fighting a loosing battle.

The github has everything: https://github.com/hak5darren/USB-Rubber-Ducky/tree/master/Firmware/Images c_duck and compositeduck images are twin duck firmwares i believe

it won't fit the yagi and would have to be a small laptop (my 10" fits in the one they don't look like they sell anymore) *edit* (the 10" laptop doesn't fit in the one they still sell though) here's a pic of the 3 bags i've gotten from hak5 with the tetra and my 15" laptop for size comparison: http://imgur.com/a/zPHii I'm not sure why they stopped using the bag on the left for the tetra tactical, that's been a great bag. The one on the right doesn't look like is in the shop anymore and was a little more spacious than the middle one (the current tetra tactical bag), but not by much. I do like the middle one, but I don't use it anymore because the one on the right fits everything i had in that one plus a little more. The yagi won't even fit in my full sized backpack, so i'm not sure what you are looking for to get that in...maybe a gym bag or duffel bag would be better suited?

1. yes and more since it has a larger band it can utilize (plus you can get the portapack and that makes it twice as awesome) 2. both the YS1 and the HackRF are half-duplex meaning they can only do one or the other at one time, so you could use the RTL-dongle (what's in the SDR kit) to receive the signal and the YS1 to transmit or you could use the YS1 to send a jamming signal (to block a keyfob from working) and use the rtl-dongle to receive the code the keyfob sent, then when the keyfob is pressed again you record the second signal with the rtl-dongle, stop the jamming with the YS1 and then transmit the first code again (thereby leaving you with an unused rolling code to transmit later) You can use the HackRF, YS1, or the RTL-dongle to receive but the RTL-dongle being designed for listen only does recieve signals better than the hackRF, but it's more limited in the band it can use. 3. I don't believe so, I could be wrong though, I've only used it for receiving so far. Honestly if you are just getting into it, get the SDR mobile kit is the way to go, you really need to learn more about what you are getting into so you can choose what you want to do with it and then be able to pick the tool that is best suited for the particular job. It's inexpensive so if you decide it's not for you, you're not out that much. And although I highly recommend the hak5 shop and want to support them, this one is a much better (upgraded chip & heatsink case) rtl-dongle http://amzn.to/1SLPS6F and you get two antennas with it. It's currently out of stock (so is the hakshop), but you could order it from the worldwide if you want one right now. http://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/

Brief: HackRF receiver/transmitter for 0Mhz-6ghz --general purpose SDR not the best at receiving but good for the price (others you may look at would be limeSDR, bladeRF, USRP forget which model exactly) YardStickOne receiver/transmitter for sub-1ghz (limited ranges) --specific purpose SDR things like garage doors, keyfobs, other general wireless control gizmos normally operate in this range UbertoothOne receiver for bluetooth (2.4ghz band) --mainly for bluetooth, but works for anything on the 2.4ghz band if you want to analyze or figure something else to do with that data SDR MObile Kit receiver only (25Mhz-1.7ghz) --best thing to get introduced into the SDR field, learn to listen and figure out what you are listening to and you will find out if you like things like antenna & radio theory; lots and lots of projects can be done with this (lots of the projects can be found on rtl-sdr.com along side of everything hak5 has done on the shows with them) You can find out more info about the SDR mobile kit stuff on that rtl-sdr.com blog and you can find more about the other ones at https://greatscottgadgets.com/ plus GSG also has an awesome lesson section about getting into the HackRF and the information can be applied to pretty much all the SDR devices in one manner or another

It's a Catch 22: If hacking were easy, more thing would be secure. It's why WEP has been replaced by WPA2, even further replacing default router open SSIDs with randomized SSIDs w/ randomized WPA2 passphrases. It's why HTTP was replaced with HTTPS and even further sites that implemented HTST and/or apps with secured communications built in. It's why keyfobs have implemented rolling codes and time-based tokens. etc, etc... All of those are good things and as penetration testers what we want to see from the industry when vulnerabilities are discovered and exploited. You want to do things that have already largely been addressed and secured (at least more-so than before). The real current danger that people don't think about is the metadata trails they are leaving and posting publicly. Just having data going through the pineapple you are able to link a device to certain activity and if you know your target able to connect them to things they may want to keep under the radar or private. DNS queries are all still open and available to review (which is why you would want to encourage VPN usage on public wifi or questionable security APs) This states where you are going and what you are doing and surprising provides a lot of data on your interests and habits. There's also still a lot of things that don't go over encrypted channels and the fact that a large majority still use the same passwords for all of their logins can have devastating effects. I didn't even have to show my uncle that I could do anything, just tell him about the possibilities that could be done and he goes on to tell my mom that I maybe reading his emails right now. But the point was that I made him aware of the dangers he never thought of and at least now thinks about security more than just haphazardly connecting and focusing on what he wants to do. He now turns his wifi off if he's not using it on his phone (even at home), he will us mobile data even if there is an available wifi nearby, he uses different passwords for different sites. Awareness is what you really are going for and anyway you can make more people understand that their security needs to be in their own hands and minds is a win over trusting others to take care of it for them.

A. You'll need to be careful doing this and make sure you post disclaimers that they may be involved in demonstrations and to turn off their wifi if they don't want to participate as well as announcing it prior to starting the presentation and then again when you are about to start/show off the demonstration. Remember what you are showing them (even for educational purposes) is very illegal in most jurisdictions. B. Search for the MANA attack on the forum, someone has been working on implementing that on the pineapple and seem to be getting good results. C. I think the point he brings up are actually more important than what you are going for in terms of shock value, a good presentation gives listeners a point of view they may have never thought of before and the fact that their devices could be used to track them plays well into the surveillance state of the world today imo. D. i might would focus on the fact it's not just using public wifi that is the problem and that having their wifi on when they are not using it in general is the largest concern. I've had several demonstrations where I said "hey could "yourName iphone" check your wireless and let me know what you are connected to?" Then when they realize pulling their phone out of their pocket which they haven't touched during the talk but yet they've been compromised and by name even their face says it all at that point.

You mean like this one: https://forums.hak5.org/index.php?/topic/913-hacking-where-to-begin/ You'll note it links to several outside sites (there's no reason to remake the wheel). Past that the main thing I love about hacking is solving problems (as I'm sure most into it do as well) So you aren't going to find a lot of down to the point things, you want to learn about everything so you know how it all works and then you can take advantage of that knowledge and how it all works to do things you want to get done. That's really what most "hacks" are all about.

I would start by searching the forums here, then fall back to google. For your example there is a main thread for that module in particular: https://forums.hak5.org/index.php?/topic/37369-official-occupineapple/#comment-271259 And if you search google, there are a few more items explaining it's usage (even a hak5 episode on it though it may be for an older pineapple version most concepts will still apply) https://www.hak5.org/episodes/hak5-1210 Otherwise most of the modules are well known linux tools that you can google and you'll know how to use them based off all the other information out there about those tools. (nmap, tcpdump, etc.) Also all the modules have their own post for that module normally on this forum so you can go there for support (just don't ask for web programming help on the evilportal module thread ;)

i think it's more of a where to even start with these questions....(google would probably be the best option, since you seem to need the most help on concepts not really usage) Obviously you want to learn, so i don't want to discourage that, but you may need to take a step back and realize you have a lot of research and base knowledge you need to do what you want to do. The most important thing to know is this a penetration testing tool and should only be used in legal authorized penetration tests, If you are just doing this for a hobby (which your questions seem to indicate) you are only going to be using this tool on your own networks/devices and if you indicate you aren't using it in the fashion mentioned then you will receive no help on this forum. 1----No reaver doesn't crack encryption. reaver brute forces pin attempts on wps and then can provide the pin and password if a successful attempt is made. Google reaver to learn more about what it does specifically. 2----Yes, but it also depends on how those credentials are transmitted (i.e. they could be transmitted encrypted from client out and back) Being on the encrypted network is like being on a wired connection. Wifi encryption on secures the data over the air, it doesn't do anything with data being transmitted over the network itself. google more about how networks work in general and what wifi encryption is. 3----Yes, but more than likely someone is just going to think their router is broken and call their isp to come fix it. Especially in a corporate network environment, a home user might go and try to and search for something else to connect to but depends on the user. 4----I don't know what the canany is but mobile data on a network is just like any other data on a network, it's just coming from a mobile device. (with that in mind google the names of the modules and look more into the tools they are using and when you know how those work you'll know more about how you can use that specific module) 5----see the () part of 4 The last four sentences I'm not even sure what you are saying or if they should be one number or not. I'm assuming you want to know more about how pineAP works in general and for that I would search on this forum and find out more about pineAP that way. So I applaud you for your initiative but I would highly recommend you learn all of the basics before you try to just turn on the pineapple and try to run with it.

How so? I mean the Tetra is a lot stronger and more powerful than the Nano in general, so it would make sense that certain aspects would work out better.

you can ssh in and install it and run it from there, there's another post on the forum explaining that already somewhere As for where to start, read/search over the forums tons of people have already got a lot of neat projects going on and you can gather ideas that way. Otherwise, install some modules google the names and you'll learn how to configure/use them. that should get you off to a pretty good start.

I've captured a few handshakes with site survey. I don't have to reconnect anything. I normally go Capture on->Deauth on->once i see clients have dropped (since i'm doing a test lab and can see the clients drop)->Deauth off If it doesn't capture a handshake when i see them reconnect I leave the capture on and start again from Deauth on->-> I haven't not gotten a handshake yet. Seems pretty easy. Plus you can always SSH in and do the same airbase-ng suite commands you can do on kali (you can even install wifite if you want to go that route)

I believe it is correct you can't force most devices to connect to an open wifi point with the same name of an encrypted one they are expecting. If they have an open wifi they have connected to in the past and your signal is stronger than the one they are connected to they should automatically connect you first (normally, may need some deauthing and various things about ensuring your signal is stronger than the one they were previously connected to) You can however use the pineapple to capture the handshake and then setup an encrypted AP with the same password and work magic from there.

of course you had to post this right as i was finishing step 3 lol

In the http://pasteboard.co/dOZFbOBOC.jpg image you show as sharing internet with "Ethernet" which from http://pasteboard.co/dP100p3f4.jpg image "Ethernet" is your unplugged local ethernet port on your computer. You would want that to say "Ethernet 2". Since you are using windows to do this you'll want to take these steps: 1. Set "Ethernet 2" back to automatically assign address. 2. Uncheck your "Allow other users" box on your WiFi properties and make sure you Ok out of all your open dialogs for that adapter (same for your "Ethernet 2") 3. Go back and check the "Allow other users" box on your WiFi properties again but make sure you select "Ethernet 2" then OK out of all the dialogs again. 4. Change the now statically assigned "Ethernet 2" ip settings to what you have in the http://pasteboard.co/dP1jHPZkB.jpg image again, but you actually don't need to specify the DNS even. (I don't think it hurts but it's unnecessary as it will just pull from your WiFi adapter's dns settings.)

Pretty awesome work! Thanks for the info, pretty cool to see how some devices connect to pineapple and what's required!

That won't fit in the nano tactical case, a little long and far too thick. But if it's actually 22000mAH, you'll get far more usage than 10 hours with the nano (it looks like 10 hours was the time it takes to charge the battery pack itself, which is resonable for that size). My 5000mAH I referenced gets guaranteed 5 hours of usage, so a 22000mAH should be at least 20 hours of usage if not more. Rav is generally reputable battery maker, but if you read over that battery thread Darren commented on that i referenced, you'll see a lot of battery manufacturers out-right lying about that mAH number and you won't really know until you can test it yourself. I trust Anker the most as far as battery packs go (I have a lot of them and have tested several brand names over the years), so if you want one about that size I would recommend this one: https://www.amazon.com/gp/product/B00X5RV14Y/

If you want a battery that lasts longer and fits in the tatical case for the nano, I found this one that I'm really liking: https://www.amazon.com/gp/product/B01EKXR67M/ It's 5000 maH and I can get about 6-8 hours usage out of it, depending on what I'm using the nano for. It doesn't have passthrough charging still though.

Were the emails you sent to shop@hak5.org? That would be the best address as I understand for contacting about order issues. Someone else had an issue when they paid with bitcoin mentioned on the forum here and that was the address to contact mentioned in that thread. Also it should be noted that they can take a couple of days to respond (small biz with few staff takes some time). If you haven't emailed that address I would start there, but you don't need to email numerous times just make sure you got one there. Otherwise posting here is the next best step but give it some time and they will get you sorted.

I don't believe any of the pineapple juices are even capable of that. Very few battery packs have the ability to do passthrough charging and if you find one that does you are normally paying a premium for it or it's one that supports charging laptop-like jacks with 12/16/18v options etc. I have several batteries and the only one that supports passthrough is the largest one that has the ability to charge laptop-like jacks. Actually here's a post from Darren confirming that fact:

Check this thread they have some good info on it: https://forums.hak5.org/index.php?/topic/37253-good-wardriving-gps-small-enough-to-fit-with-the-nano/ you could also search the forums for gps and wifi pineapple there's a few other threads about this topic.

Hmmm, that does not look correct you are right it may be rebooting over and over again. The serial port UART stuff you'd be able to find out more about it and what's going on.