Jump to content

Skinny

Active Members
  • Content Count

    110
  • Joined

  • Last visited

  • Days Won

    14

About Skinny

  • Rank
    Hak5 Fan ++

Contact Methods

  • Website URL
    http://skinnyrd.com

Profile Information

  • Gender
    Male
  • Location
    Huntsville, AL

Recent Profile Visitors

1,080 profile views
  1. Thanks. This just saved me some headache.
  2. Hi Everyone, I'm currently doing an assessment of a literal black box with a USB port. I thought about using the Bash Bunny to extract information to see what system is being used on the other side of that port. When I plug in the Bash Bunny, I get a solid green light. I am trying to run the LinuxInfoGrab payload. This payload executes on any laptop test system I use but will not execute when plugged into the black box. I'm thinking one of two things. Either the port is strictly just power or it connects to a system that is running an OS other than Windows or Linux (VxWorks maybe???). The reason I say it might just be a power port is because when I plug the bunny into a USB battery, I get a solid green light response as well. However, I've never used the bunny in a system that is not Windows or Linux. If anyone has any insight, I'd love to know your ideas. Also, if you know of a payload that might tell me what's going on with that mystery port, I'm all ears. Thanks for your help! Skinny
  3. I'm not sure I follow what you mean by daisy chaining a second non-PoE switch. The laptop isn't taking any power from the PoE switch, but it is most definitely causing an imbalance on the line. The connection from switch to phone it extremely fragile in this case. If I disturb the line at all by plugging into the Tx or Rx side of the passive tap, the phone momentarily drops off the network. When stability returns to the line and the phone recovers, the capturing laptop has problems and will not see the traffic or will only see it sporadically. The new design places some blocking capacitors on the tapped conductors in an effort to keep any inadvertent DC draw occurring due to the presence of the laptop. So far this solution has worked.There are a few more cases I'd like to test to make sure the solution is as robust as I hope. To replicate the problem I'm seeing, try to capture traffic using the Throwing Star LAN tap with a gigabit VoIP phone connected to a gigabit PoE switch.
  4. Solved it! Had to build out the tap circuit a little more to take care of the PoE power. I think the phone and switch was having a bit of a loading issue with the capture laptop being on the line. I'll be conducting some stability tests to make sure this solution sticks.
  5. Has anyone used a passive network tap (i.e. throwing star tap or diy) to capture traffic while connected to a gigabit PoE switch? I'm targeting a VoIP phone and am getting spotty results. Here are the details: Phone: Grandstream GXP2130 Switch: Netgear GS108PE Tap: Similar schematic to the throwing star tap The phone boots just fine using PoE with the tap in line and negotiates a stable 10/100 Mbps connection as expected. When plugging into the receive side of the tap, the phone drops the network connection momentarily but recovers. It's inconsistent but sometimes I can capture a small amount of traffic in Wireshark. On the transmit side, I get absolutely nothing. If I disconnect the phone from the PoE ports and plug it into the regular gigabit ports, I have more success. Both transmit and receive can be captured, but the phone has be powered from a normal wall power outlet for this to occur. I'm curious if anyone else has had the same experience? I would really like to be able to capture traffic while the phone is plugged into the PoE port. Also, if you have a PoE switch that is not gigabit, do you have similar issues? Thanks for any help at all! -Skinny
  6. Thanks @Sebkinne! I saw in the video there was a label that said "Rat" box. Any plans to support catching custom payloads/beacons/callbacks in future versions?
  7. @m40295 Thanks for the help. Any idea is there is a recovery mechanism if the C2 server crashes?
  8. Hi Guys, Great job on putting together another interesting product. I've just finished watching the recorded livestream and have not tested the software yet, but I do have some questions before I walk into a meeting tomorrow where this platform is bound to be discussed. Can you adjust how often the devices callback to the C2 server? If not, how often does this transaction occur? I noticed that http and https is a supported callback protocol when Darren was setting up the server in the video. Is there also support for DNS? I thought I might have heard Seb mention it. What happens if the C2 server crashes? Must all the devices be reloaded with a new config file or is there a recovery mechanism? Asking for those cases where it may or may not be possible to re-enter the target location? If I'm thinking about everything above in an erroneous fashion, please forgive my ignorance. Thanks for any help you can provide.
  9. @Merlintime & @Sebkinne thanks for the help. I was unaware that the defaults had changed. My applications are so niche and none of them entail me trying to filter. After I read both of your posts, I had to read the wiki Filters paragraph 3 times to wrap my head around how they work. Maybe I've been living in Alabama too long ?? If I'm reading this correctly, when just collecting SSIDs to the pool, I want to use Deny in Client Filtering because this filter only denies interaction with the clients listed. If no clients are listed, then I can interact with any client, thus allowing me to collect SSIDs. Conversely, if I place the filter in Allow, I can only interact with those clients listed. If no clients are listeds, I can interact with no clients. With SSID filtering, when in Deny mode, clients are denied interaction with those SSIDs listed in the filter, however if no SSIDs are listed then clients can interact with any SSID in the pineapple pool. In Allow mode, clients can only interact with those SSIDs listed in the filter. If no SSIDs are listed, then no interactions can occur. Thanks again for pointing me in the right direction guys.
  10. @Just_a_User I do have Log PineAP Events checked. @Sebkinne Hi Seb! The filters are set to the default mode. Allow for Client Filtering and Deny for SSID filtering. I was under the impression that these only really mattered when trying to get someone to associate to the Pineapple, not when just collecting SSIDs.
  11. @Just_a_User I did as you suggested and performed a firmware recovery on the Pineapple. Then I upgraded to 2.3.2. It still would not put SSIDs in the pool. Just to make sure it was not a hardware issue, I unpacked a second Nano that was still in the box and updated to the latest firmware. Still there is was no SSID capture. I finally did another firmware recovery but this time did not upgrade to 2.3.2. I left it at 2.0.2. The Pineapple is acting like its old self again with no problems. All I can conclude is that something is not right with 2.3.2. Your thoughts?
  12. Hi Everyone, I recently upgraded my firmware to 2.3.2 and ran some tests using PineAP. I checked every box except Allow Associations and enabled the daemon. I did some typical device checks and found that my Pineapple was not capturing SSIDs to the pool. I know that many devices don't share their PNL easily, so I spun up the laptop with Wireshark, put the Pineapple on a battery, and went for a drive. Although there were many SSIDs being revealed through devices' probe requests, the Pineapple did not capture a single one to its pool. Has anyone else had a similar issue? Any help would be greatly appreciated. Thanks!
  13. Fantastic! This encoder just saved me a ton of time. I had a massive script and the java encoder was taking forever. This worked so much better.
  14. It's been a slow month for devices but here is the latest update: Nook Color (BNRV200) Apple iPhone 5s (ME305LL/A) The Nook's behavior was unexpected. After associating with the Pineapple, it sent a deauthentication packet to kick itself off the Pineapple after not finding a way to reach a particular Barnes & Noble website. It couldn't find the website because I normally use the Pineapple in a manner that doesn't not let the client have an outside connection. You can find the updated spreadsheet here: https://docs.google.com/spreadsheets/d/1VO0VSm6n79BndK2KMqmokSVlPaOMQQAH0vkEyQRZIxY/edit?usp=sharing
  15. Be careful in your assumptions. Not every bad actor cares about the encrypted traffic. Some of them do not care for banking information, the latest Facebook update, or the last email received. The information and capabilities that the Pineapple can provide can be leveraged to devastating effect in malicious hands. Not all sites of interest have SSL encryption. Someone's browsing habits can help establish a pattern of life. Not to mention can be fantastic fodder for blackmail. If an attacker gets a room in a hotel next to a the room of a prominent politician and said politician happens to have a certain taste in sexually deviant websites, associating his or her MAC address with salacious photos can cripple a career. If you give this presentation to an audience, ask them if they would approve of their significant other knowing their browsing history for the past 2 weeks. In addition, a MAC address associated with an individual's name makes for a great tracking mechanism. Retail stores have toyed with targeted advertising to your phone based on the MAC address that walks in to an establishment. With a handful of pineapples, I could keep track of when you leave home, when you arrive at work, when you arrive at the gym, or when you visit your mistress. If I set them up correctly and place them well enough, I might be able to get your phone to associate through the pineapple before you arrive at any of these places thus following your browsing habits at these places. Another interesting fact is that you can use the Pineapple to force newer phones to give up the SSIDs they've associated with (older phones would do this automatically). If you tell me you've never been to "X" establishment / city / country and the Pineapple makes your phone spit out SSIDs from a particular region or area, you're busted. The great thing is I can do this without letting you connect to the Pineapple at all. I use the Pineapple on a daily basis and depend on people walking out the door and not shutting off WiFi before they leave their house. For my specific application, I just want the device to talk. I don't care what the client device sends, as long as it stays connected and makes packets. The Pineapple enables this activity. If I can achieve this, I win. Know that there are many edge cases. 95% of the Pineapple's use falls neatly into the infosec / pentest arena it was meant for, but there are plenty of other esoteric ways of leveraging this device that can have serious consequences for a victim. Good luck with your presentation.
×
×
  • Create New...