bored369

Looks like I didn't know any of the details cause it looks like you can access the inject.bin on the storage device with the twin duck firmware. I was just watching this video (which uses the twin duck firmware) and looks like you can see it:

Fully aware of the dangers and won't be using it anymore. No need to apologize, it's all good and I'd been meaning to look into getting a little more power capacity into the tactical case anyway. Plus good info for others if they want the same or a small form factor battery that works with the nano (since the juice batteries not currently available for purchase in the hakshop). Also the quick responses from you and foxtrot (in IRC) saying the same has me more than sorted and happy with the customer experience y'all provide!

I don't know the tech details on it but i'm pretty sure it's one of two reason (or both): 1. the firmware is setup so it uses part of the space on the sd to run the HID injection stuff like the default firmware does 2. you wouldn't want someone to have easy access to the payload file since it's supposed to look like it's just a regular flash drive and a file like "inject.bin" would seem pretty suspicious

Twin Duck firmware is so it will also show as a storage device but the payload script is still going to be inaccessible through that storage device. It just gives you a storage device so you can plug the ducky in, then when it's running the script it has a location it can copy files to if you are needing to do that in your script. It also makes it nice because it looks even more like a usb drive to the end user if you left it in and they are searching around or as part of your social engineering to get them to insert it. So you'll still need the sd card reader either way. As far as the sd card reader falling apart, that didn't happen with the one I got in the field kit but I think I saw a post about it happening to someone else and I want to say they managed to get it back together easily. Here some pics of sd card reader put together if you want to use that as a guide: http://imgur.com/a/iibbl

So my Pineapple Juice 4000 finally started to burst at the seams: http://imgur.com/a/eRMZ6 I've had it since launch and been running it pretty hard and long hours and had started to notice it swell, but now it's to the point I don't think it's safe to continue to operate. So I went on a search to find a replacement that: A. I trusted the battery company reputation (edit* not saying I don't trust the hak5 batteries, I fully do. It's batteries that I can purchase elsewhere I normally don't trust because they lie about mAh and amp output regularly.l) B. would still fit in the nano tactical case C. would still use the nice usb adapter After a lengthy search on Amazon looking at various slim battery packs and trying to find one that met those needs, I found this: Anker PowerCore 5000 https://www.amazon.com/gp/product/B01EKXR67M It took a week for them to even start to ship it to me, but arrived day after they finally did. I must say it's awesome!! http://imgur.com/a/pgmaE Claims 5000mAh so extra 1000mAH (which anker is pretty good about being legit on those numbers but i'll have to wait to full charge to test that portion) Claims up to 2amp output (PortPilot detects as 2.1amp) The curved back actually seems to make it fit even nicer into the tactical case (but my memory maybe jaded because of the time I've spent with the swelling on the Pineapple Juice 4000) Hak5 team don't worry about a replacement Pineapple Juice 4000 but if you want to I never say no to extra battery packs ;). I'm not that concerned about it and don't think it's really defective honestly (it does still work and charges fine). I think (purely IMO) that's just what happens to batteries when you used them in enclosed spaces for long periods of time and expose them to high heat (both using the nano and charging which almost 100% of the time was in the tactical case).

That's because it's showing up as a HID device (as it is supposed to on the default firmware (there is twin duck firmware where you can have it as a storage device as well but the payload script still won't be accessible outside of the sd card itself)). You need to use an SD card reader and then you can edit the payload script. I haven't watched it but Darren did a quick start video here: Which I found the link for on this page: http://usbrubberducky.com/#!resources.md which also gives you a ton of good stuff about the ducky.

I've had this pack for 2 years and i'm pretty rough on backpacks. it's got great back and a laptop spot that fits my 15" asus without any problems, plus you can fit a ton in it https://www.amazon.com/gp/product/B00865N7YM

Dang meant to post this earlier but: Working well! Tested the process and went as follows with the portaPack: 1. Powered on Tetra 2. Made sure module was updated 3. Went to module page, showed as hackRF not detected 4. Plugged up the portapack, switched to hackRF mode 5. Used the module refresh button and hackRF showed as detected Also pretty cool to note using the pineapple reboot doesn't lose power to the usb so you don't have to go back in to hackRF mode at those times. Also tested and Tetra can do 20M samples reliably and Nano can do at least 15M samples even with PineAP running and active on both. The nano maybe able to do more, however it can't do the hackRF recommended maximum of 20M (min recommended is 2M *edited) (at least with PineAP running). Careful if you enable the last two RF gains to 32 each like I did, the tetra required extra power at that point, but was stable after hooking up a battery while connected to my usb3 hub ports. haven't tried it with the gains on the nano yet. Checked the cs8 file and looks like it should be I believe.

So you were screaming the same when Airplanes/Helicopters were invented? Or Google Maps Satellite view? Or Street-view? Or just Cameras in general even? Your right to privacy is only susceptible to how private you maintain yourself. If you have your curtains open, people can legally stare or take pictures from a public space. And public space starts at the height of grass/objects/buildings according to the FAA. Sorry, but you don't control the air around you. Jamming in general is illegal according to the FCC. Shooting a drone is the same as shooting a plane according to the FAA. If you want privacy maintain your own privacy (via curtains and putting things away), don't just expect it. You can try to build bigger fences or put a net above and around your entire property but I'm sure your going to run into other regulations that will prevent such actions as well. Otherwise get involved with your local government and see if you can enact laws to prevent things like that (such as peeping tom laws). Just be prepared for Federal regulations to take precedence if you are in their jurisdiction. You're far better off finding the owner of the drone and asking them to stop. Being a drone flyer myself I would be happy to avoid it or even just explain to you I wasn't even looking at your crappy backyard but at the horizon or my backyard from a distance.

It was late when I was testing so not sure the specifics are correct but IIRC I plugged up the portaPack, entered hackRF mode and then install dependencies and it detected as expected on the tetra. I believe on the nano i installed the dependencies then plugged up the the portapack and entered hackRF mode, i believe i tried the the refresh button and it didn't detected it but going out of the module and back in did (again not sure on the specifics exactly but i won't be able to test again until later this evening)

I tested with mine in the portaPack (foxtrot you should look into it, like i said in IRC it's an awesome add-on), but it found my hackRF as expected. You do have to put it in hackRF mode from the portapack first however.

shop@hak5.org and support@hak5.org have been referenced by Sebkinne before, but they also have a few addresses you could contact on their shop's contact page here: https://hakshop.myshopify.com/pages/contact It does look like there are one or two others that have had this issue posted in the forum as well. Their team is small so it might take some time to get back to you, but that's because they provide awesome individualized service. I'm sure they'll get you taken care of!

1. no downside that I know of or found so far, i run mine on 192.168.1. 2. no way to change in gui, would have to be done in ssh Edit /etc/config/network to change it. Also you can change the port in /etc/nginx/nginx.conf, you would want to use iptables to block the port still.

The tetra does have SMA connectors (the nano has rp-sma though). The tetra also has amps built into it, so it would be the best for long distance. Using a yagi from the hackshop works just as expected with the trade-offs, I've had 4 connected to the tetra once or twice. It won't work well for 5ghz stuff though. I'm not sure if you need two per adapter or if you can get away with just one, but I would guess it only adds more strength and direction if you add the second one.

As far as I understand with any electronics you have two factors: 1. Volts 2. Amps Volts normally needs to be close or exact as the spec for the device requires. Amps needs to be at least what is required (to work efficiently anyway) but you can provide more, it just won't pull those extra amps. I've had my tetra hooked up to four batteries and have more than a few times run it like that for close to 42/46 hours at a time depending on what i was running/clients/etc. No issues at all with mine so far.

Neat idea. The battery life btw will be no more than half of what the 4000mah pack that comes with the tactical nano provides. So around 4 hours or so at the absolute most, but I'm guessing it also uses that battery for it's internal operations (wifi/sd/etc) so it will probably be much much less.

UBS Armory would also be an option, it's designed for a similar application (password manager being one of them). But being a full linux system on a usb you can customize and use it in a number of ways. The cost compared to the nitro key atones for those abilities though.

The developer answers a lot in the google groups from what I've seen. Otherwise I'm not sure how much the community is really active around it, but it runs arm linux that are fairly active and run just the same on armory as anything else I've seen really. I use it for cold storage bitcoin wallet and have been looking at doing the encrypted storage Interlock thing but haven't gotten around to it yet. I'm not sure how well it would do as a pen testing box if you are using it heavily, I would think overheating maybe a concern. My Pi2 with active cooling works really well for that, but if you are looking for usb powered only you're going to have to take some sacrifices I think.

I don't know of another one, but I have the armory and really like it. I don't use it for a pentesting setup though, I have other purposes I'm using it for. They do have a compatible Kali build for it though.

Depends on what OS image you load your sd card with. If you use the noobs stuff you'll need a display to get everything setup then normally you can ssh into the various OS options there. If you load an OS directly and don't use the noobs setup deal, you normally can ssh directly in. So if you use this link you can install raspbian directly and you can ssh in to set everything else up from there https://www.raspberrypi.org/downloads/raspbian/ If you use the noobs link it mentions at the top you'll need a display initially.

as Foxtrot mentioned about the band, no it won't. I think you are referring to the ProxyHam or the replacement project HamSammich, but for both of those they don't just scan that range. You have to install a device at the free wifi you want to access and then you can pick that retransmitted signal up at greater distances, however your speed is going to be severely limited (dial-up modem speeds) and really isn't for what you are trying to do. You also have to be aware of transmitting signals and the regulations surrounding that stuff. There's some more details at this link about those projects but I'm sure you can find more information out there http://www.pcworld.com/article/2968232/security/hackers-show-off-longdistance-wifi-radio-proxy-at-def-con.html The pineapple isn't going to be able to cover a great distance or provide very good speeds if you wanted to set it up as an extender, but like Foxtrot also mentioned that is not the intended design of the pineapple. The best thing you can try would be a directional wifi antenna, but you would need to make sure you wifi card has an external antenna connection and you would need to make sure those connections work between the card and the antenna. At most though that's only going to get you an extra neighborhood block or so and you'll still see slower transmission rates. Something like this would be good https://hakshop.myshopify.com/collections/wireless-gear/products/16dbi-yagi-antennabut again you have to make sure your card has an SMA connector or you'll have to get an adapter for it to work with that antenna.

I don't think you are going to be able to crack even WEP passwords on the nano, there's just not enough processing/memory power to do so. The Site Survey module will let you capture handshakes and then you can upload those using the online hash cracker or crack them on another system. I'm not sure if it does WEP though. I'm sure the reaver/pixie dust module will come soon enough for WPS attacks, but in the meantime you can get wifite installed through SSH and working and it has most all of those attacks with it as well as the WEP/WPA captures. There was another post somewhere about the process to go about that somewhere as well i believe.

1st I would Pine AP is not all this device can do. There are so many penetration testing scenarios you can setup with this device and modules, it would be hard to list them all out here. 2nd in my various penetration tests I've ranged anywhere from 20 on average to 56 clients being the highest. So that mode still has some legitimacy to it, but it depends a lot on devices I've found. My partner and I have the same exact phones and their phone will almost always connect to the pineapple when I'm playing around with it or testing new scenarios. I've yet to see my phone automatically connect though, it's very strange and I don't know why or how it happens. Needless to say though this device with the Pine AP functionality and all the additional modules still has a very viable use in 2016 and going forward I believe.

You'll want the virtual OS device drivers if you are only going to use it for the virtual system.

If you data plan supports USB tethering, that's what the WIfi Pineapple connector app in the play store is basically for.