Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


1 Follower

About Skinny

  • Rank
    Hak5 Zombie

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Huntsville, AL

Recent Profile Visitors

1,497 profile views
  1. No. I was just wondering why you have no other network interfaces showing up. Besides the plunder bug, do you have any other network interface available on the machine?
  2. Are you running it on a Windows box or Linux?
  3. I am curious if anyone has gotten the Inject Raw Frames feature at the bottom of the PineAP page to work. I have tried several different frame types and attempted to receive the transmission from several different boxes (Mint Linux running on a VM and Pentoo running on my laptop). I have PineAP running with no other options on and a fresh firmware load. I am attempting to send an RTS frame. I copied the hex from Wireshark as it appears below. 000012002e48000000308f09c000e7010000b400a20084fcac5ac95f3c37866ef748 The Inject Raw Frame module then said to take out the radio header information, which I did. b400a20084fcac5ac95f3c37866ef748 The frame breaks out as follows: b4 = Type/Subtype a200 = Duration 84fcacffffff = Recv MAC address 3c3786ffffff = Transmitting MAC Address Every time I click Inject Frame, I see nothing on either receiving unit. I see plenty of traffic, just not these frames. I have these receiving hosts set to the same channel and they are both in promiscuous mode. If anyone can pick out what I'm doing wrong, I'd love to know, or If you have an example that has worked for you, I'd love to see that as well. Thanks for your help.
  4. I've finally got it working! But it's an unusable solution for the field. I opened it up and used the serial connection header to connect to check the wireless interface. I fully connected the device with the micoSD card inserted and plugged through an HDMI connection. The results of looking at the network interfaces were as follows after a full boot: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN qlen 1000 link/ether 00:10:20:30:40:50 brd ff:ff:ff:ff:ff:ff 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN link/gre brd 4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 5: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 74:ee:2a:a9:16:9e brd ff:ff:ff:ff:ff:ff 6: p2p0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 76:ee:2a:a9:16:9e brd ff:ff:ff:ff:ff:ff wlan0 wasn't coming up. Right now the microSD card in the crab has a config file that is only programmed to setup the wireless capability. The device.config file is present as well. The strange thing is that if you run 'ip link set wlan0 up,' nothing happens, but if you run 'ip link set wlan0 down', the interface springs to life and connects to the AP. Unfortunately, whatever script that was supposed to trigger the c2 functionality had already passed. So I rebooted the device and waited until this spot where the booting process slows down: [ 20.840703] audit: auditd disappeared [ 21.304272] init: avc: denied { set } for property=tmp.exec_ubus scontext=u:r:system_app:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service [ 21.424438] init: avc: denied { set } for property=tmp.exec_ubus scontext=u:r:realtek:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service At this point I typed in 'ip link set wlan0 down' quite quickly. A couple seconds later, cloudc2 picked up the callback and all was well. So it works, but only on my lab bench top as it is impractical to have the device open in the field for installation. I don't know much about OpenWRT right now, but I suspect some kind of boot file needs to be re-written. The unfortunate thing is I can't seem to get vi, vim, or nano to run in order to edit anything yet and I'm about to run out of time to work on this for awhile. Hopefully someone can look into this oddity and beat me to fixing it.
  5. The battle continues. I now have 3 screen crabs that all have the same issue. After running them for the 1st time, they never seem to connect consistently again. I have tried many different avenues to get consistent behavior, but the fact remains that the screen crab does not connect to the AP. I've tried 2 separate APs with similar results. Here is what is happening over the air. The screen crab will send out a Wildcard probe request, the AP will respond, and that's about all that happens. After that, the crab just starts sending out probe requests again. This sequence repeats all throughout the packet capture.
  6. Just to follow this up, usually this behavior will occur if you have the HDMI input and output switched on the crab.
  7. Are you feeding the signal into a monitor, a TV, or something else?
  8. Meanwhile, I'm still having trouble with the WiFi radio. I now have 3 screen crabs in my possession. I grabbed a brand new one and placed an SD card inside of it with a config file, containing just the WIFI SSID and password, and the device.config file from c2. The screen crab worked great. It connected to the AP and called back to C2 perfectly. After letting it grab a few screenshots over the course of several minutes, I pressed the button and let the light go green. I removed the microSD letting the light go red. I disconnected power from the crab. Next, I placed the microSD back into the screen crab and connected power. The crab came on, the light went blue, but it never connected to the AP and therefore never connected to c2. I cycled power again, but still no connection. I then repeated everything above with another mint condition screen crab. It did the exact same thing. Now I have 3 screen crabs that are in the same situation. Just by cycling power after the first run, it will not reconnect to the AP. Unfortunately, I can't find a reliable setup or course of action to get consistent behavior.
  9. Instead of editing it, erase everything in the file except for the WiFi SSID and Password. The only reason I say this is because of the line under #3 on the screen crab instructional page: https://docs.hak5.org/hc/en-us/articles/360033503594-Configuring-Screen-Crab-for-Cloud-C2 See if it makes a difference. Also, after you change it, let it fully reboot, press the button, let the LED turn green, unplug power, and then boot it again. I've found that sometimes it takes 2 boots before things start working. I'm not sure why.
  10. @zenn1999 Mine also gets very warm. It started out working two days ago when I set it up for another infrastructure, and then stopped working yesterday. I went into the office and grabbed two more. I'll test them Monday to see if they are having the same problem and get back to you.
  11. Here's what I did: The problem is that it doesn't work all the time, but it's worth a try. I'm beginning to think it might be a hardware issue, but I'm not sure. I'm about to get my hands on another unit to see if it behaves differently.
  12. Thanks for the response. I gave it a shot and it looked promising but still failed out at the end. Configuring kmod-libphy. Configuring kmod-mii. Configuring kmod-usb-net. Configuring kmod-usb-net-asix-ax88179. Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-usb-net-asix-ax88179: * kernel (= 4.14.176-1-342af9e4f67b3447c53216ab8e3b12a1) I was trying to install a driver for an Ethernet adapter I was working with. Looks like it was going well for the dependencies but then failed to actually load what I wanted. <<<UPDATE>>> Strangely, I rebooted the Owl and went back in to try the process again. This time is says there was a successful installation: opkg install kmod-usb-net-asix-ax88179 --force-depends Package kmod-usb-net-asix-ax88179 (4.14.176-1) installed in root is up to date. Now I just need to figure out how to bring up an Ethernet interface as it appears that does not happen automatically. Looks like it's not as simple as ifconfig eth0 up.
  13. Your devices aren't going to auto connect to the Pineapple if you are spoofing an access point that requires WPA2 encryption. WPA2 encryption is a mutual authentication. You devices are looking to exchange encryption information with the Pineapple (the spoofed SSID), but the Pineapple cannot provide that information. So your devices believe that it cannot be the SSID they are accustomed to connect to. The SSID you want to spoof is a public one that someone's phone may have used before. To get this to work for your devices, delete out your current AP/SSID from the programming of both devices. Reset your AP to use no authentication. Connect your devices to your AP. Now use the pineapple to spoof the SSID. Try your deauth attach now. Also remember that it helps if the Pineapple is closer to your devices than the AP is. If this doesn't work, just shut off your AP and see if they will connect to the pineapple automatically.
  14. One more added bit of strangeness, if your password has a $ symbol in it, change it to something without the symbol. Once you get it to connect once, you can then use the $ once again. I got everything working by setting up my APs guest network and then connected that network to the regular one. I set an easy password on it. The config.txt file was changed so that the easy password was surrounded in "quotes" as specified above. I restarted the Screen Crab twice and on the second time, it connected. After it connected, I changed the config.txt to my normal SSID where I have a $ symbol in the password. The device was restarted with the changes. The Screen Crab successfully connected to my normal network SSID, but only after successfully connecting it to the first. Incidentally, my C2 server changed IP addresses this morning because I was using DHCP. I had to go through all this all over again this morning. That included changing out the device.config file as expected.
  15. Is the regular AP an open access point or does it require a password?
  • Create New...