Jump to content

Skinny

Active Members
  • Content Count

    113
  • Joined

  • Last visited

  • Days Won

    14

About Skinny

  • Rank
    Hak5 Fan ++

Contact Methods

  • Website URL
    http://skinnyrd.com

Profile Information

  • Gender
    Male
  • Location
    Huntsville, AL

Recent Profile Visitors

1,184 profile views
  1. Well it looks like 6 lines of resolution makes a huge difference and that I am very unlucky. I switched everything to 1080p and things started working. I must just have a knack for screwing up resolutions and picking. I also check 1366x768 and it worked fine where 1360x768 does not. I think I'll just go through the full spectrum to see what works and what doesn't. This does make things a little tricky on engagements, but we'll see what our success rate is as it's deployed. @Darren Kitchen, thanks for all your help and have a great day!
  2. Thanks for the response @Darren Kitchen, I plugged it inline with a secondary monitor and outputted from my laptop at 1360 x 768 and at 800x600. Neither worked. I have also tried changing the microSD card, switching out the laptop to a laptop that is operating at a lower resolution natively (1360 x 768), and tried my other 2 screen crabs. In every scenario I am getting the same results. I'm not sure what is going on. In every case, the secondary monitor displays perfectly. I'm not sure what is left. Thanks again for your help.
  3. Hope everyone had a great new year. I am having a bit of a problem getting the screen crab to work. I have followed the 3 steps indicated on the Getting Started card. Video is being fed through the box with no problems. The issue is that no screen captures are occurring. I formatted the micro-SD for ExFat. I reverted the config file back to the default config after an unsuccessful setup. The LED seems to be stuck on cyan regardless of how it's setup. I took @Darren Kitchen's earlier advice and added the DEBUG_LOG ON line to the config file and it appear that the crab thinks it's not getting a video signal. I've pasted the debug file for reference. Any ideas? Thanks for your help. -Skinny Util: exec [stop adbd]|Util: stop adbd shell exited value: 0|Util: exec [stop logd]|Util: stop logd shell exited value: 0|Util: exec [source system/bin/crab && upgrade_check_on_boot]|Util: Service start shell exited value: 0|Util: exec [source /system/bin/crab && do_gpio_setup && leds_off]|Mirror: NEW HDMI Status; Input: false|Mirror: HDMI REMOVED|Mirror: PREVIEW STOPPED|Util: RunThread shell exited value: 0|Util: exec [source /system/bin/crab && upgrade_framework 1.0.6]|Util: crabframeworkupgrade shell exited value: 0|CrabFramework: Crab framework up to date|Util: exec [source /system/bin/crab && red]|ShellThread: setCPU Shell Thread Starting|Util: exec [source /system/bin/crab, source /system/bin/crab && sleep 120 && do_cpu_setup]|Util: Main setLEDsNow() shell exited value: 0|Util: exec [source /system/bin/crab && wait_for_sd_location]|Util: waitforSD shell exited value: 0|Util: exec [source /system/bin/crab && led_off]|Util: Main setLEDsNow() shell exited value: 0|SDREADER: NO FILE AT PATH|RunThread: ERROR LOADING C2 DEVICE CONFIG|RunThread: Loading Crab Config from SD|Util: exec [source /system/bin/crab && locate_sd && touch /storage/7AAD-3ED9/version.txt && echo 1.0.6 > /storage/7AAD-3ED9/version.txt]|Util: versionfile shell exited value: 0|CrabConfig: CONFIG OPTION LED|CrabConfig: CONFIG ARG ON|CrabConfig: LED MODE CONFIG OPTION SET TO: ON|CrabConfig: CONFIG OPTION CAPTURE_MODE| CrabConfig: CONFIG ARG IMAGE|CrabConfig: CAPTURE MODE CONFIG OPTION SET TO: IMAGE|CrabConfig: CONFIG OPTION CAPTURE_INTERVAL|CrabConfig: CONFIG ARG 5|CrabConfig: CAPTURE INTERVAL CONFIG OPTION SET TO: 5|CrabConfig: CONFIG OPTION STORAGE|CrabConfig: CONFIG ARG FILL|CrabConfig: STORAGE MODE CONFIG OPTION SET TO: FILL|CrabConfig: CONFIG OPTION BUTTON|CrabConfig: CONFIG ARG EJECT|CrabConfig: BUTTON MODE CONFIG OPTION SET TO: EJECT|CrabConfig: CONFIG OPTION DEBUG_LOG|CrabConfig: CONFIG ARG ON|CrabConfig: DEBUG LOG CONFIG OPTION SET TO: ON|CrabConfig: WIFI IS NOT SET IN CRAB CONFIG|CrabConfig: WIFI CONFIG MISSING, ENSURING WIFI DISABLED|Util: exec [source /system/bin/crab && disable_wifi]|Util: wifi config shell exited value: 0|SDREADER: NO FILE AT PATH| Util: exec [source /system/bin/crab && magenta]|Util: Main setLEDsNow() shell exited value: 0|Util: exec [source system/bin/crab && wait_five_for_button_press]|Util: startup image mode listener shell exited value: 0|Util: exec [source system/bin/crab && wait_five_for_button_press]|Util: startup video mode listener shell exited value: 0|Util: exec [source /system/bin/crab && magenta]|Util: Main setLEDsNow() shell exited value: 0|Util: exec [source /system/bin/crab && led_off]|Util: Main setLEDsNow() shell exited value: 0| SDWatch: SD Watch Thread Starting|Util: exec [source /system/bin/crab, watch_sd_location]|ButtonListener: Button Listener Thread Starting|Util: exec [source /system/bin/crab, wait_for_button_press]|RunThread: C2 WIFI IS DISABLED, NOT RUNNING|LEDRunner: LED Runner Thread Starting|Util: exec [source /system/bin/crab, led_off]|Util: LEDRunner shell exited value: 0|RunThread: STARTING NEW CAPTURE THREAD|CaptureThread: CAPTURE THREAD START|CaptureThread: Signal Check request sent|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL|Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL|CaptureThread: NO VIDEO SIGNAL|CaptureThread: STARTING IMAGE CAPTURE|Util: exec [source /system/bin/crab && get_current_temp]|Util: tempcheckexit value: 0| Util: tempcheckshell output : 59796|CaptureThread: CURRENT TEMP: 59796|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/61|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/61.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL|Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL| Util: exec [source /system/bin/crab, white]|Util: exec [source /system/bin/crab && no_signal_log]|Util: LEDRunner shell exited value: 0|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL|CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 197ms|CaptureThread: Capture sleep 4803ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/62|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/62.jpg| Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL|Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0| CaptureThread: CRAB HAS NO VIDEO SIGNAL|CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 191ms|CaptureThread: Capture sleep 4809ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/63|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/63.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL| Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL| CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 191ms| CaptureThread: Capture sleep 4809ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/64|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/64.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL|Mirror: Response sent:NOSIGNAL| CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL| CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 192ms|CaptureThread: Capture sleep 4808ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/65|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/65.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL| Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL| CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 190ms|CaptureThread: Capture sleep 4810ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/66|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/66.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL| Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL| CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 242ms| CaptureThread: Capture sleep 4758ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/67|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/67.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL|Mirror: Response sent:NOSIGNAL| CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL| CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 483ms|CaptureThread: Capture sleep 4517ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/68|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/68.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL| Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL| CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 458ms|CaptureThread: Capture sleep 4542ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/69|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/69.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL| Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL| CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 512ms|CaptureThread: Capture sleep 4488ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/70|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/70.jpg| Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL|Mirror: Response sent:NOSIGNAL|CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0| CaptureThread: CRAB HAS NO VIDEO SIGNAL|CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 480ms| CaptureThread: Capture sleep 4520ms|Util: exec [source /system/bin/crab && get_next_capture]|Util: GetNextCapexit value: 0|Util: GetNextCapshell output : /storage/7AAD-3ED9/LOOT/71|CaptureThread: Capture Request Sent/storage/7AAD-3ED9/LOOT/71.jpg|Mirror: REQUEST RECEIVED|Mirror: NOSIGNAL|Mirror: Response sent:NOSIGNAL| CaptureThread: Response:NOSIGNAL|Util: exec [source /system/bin/crab && no_signal_log]|Util: NoSignalLog shell exited value: 0|CaptureThread: CRAB HAS NO VIDEO SIGNAL|CaptureThread: capture interval 5000ms|CaptureThread: Time spent capturing 370ms|CaptureThread: Capture sleep 4630ms|Util: ButtonListener shell exited value: 0|ButtonListener: Button Listener Thread Complete|RunThread: MAIN CALLBACK: BUTTON|RunThread: SOFT RESTART: false|RunThread: STOPPING: false|
  4. Thanks. This just saved me some headache.
  5. Hi Everyone, I'm currently doing an assessment of a literal black box with a USB port. I thought about using the Bash Bunny to extract information to see what system is being used on the other side of that port. When I plug in the Bash Bunny, I get a solid green light. I am trying to run the LinuxInfoGrab payload. This payload executes on any laptop test system I use but will not execute when plugged into the black box. I'm thinking one of two things. Either the port is strictly just power or it connects to a system that is running an OS other than Windows or Linux (VxWorks maybe???). The reason I say it might just be a power port is because when I plug the bunny into a USB battery, I get a solid green light response as well. However, I've never used the bunny in a system that is not Windows or Linux. If anyone has any insight, I'd love to know your ideas. Also, if you know of a payload that might tell me what's going on with that mystery port, I'm all ears. Thanks for your help! Skinny
  6. Thanks @Sebkinne! I saw in the video there was a label that said "Rat" box. Any plans to support catching custom payloads/beacons/callbacks in future versions?
  7. @m40295 Thanks for the help. Any idea is there is a recovery mechanism if the C2 server crashes?
  8. Hi Guys, Great job on putting together another interesting product. I've just finished watching the recorded livestream and have not tested the software yet, but I do have some questions before I walk into a meeting tomorrow where this platform is bound to be discussed. Can you adjust how often the devices callback to the C2 server? If not, how often does this transaction occur? I noticed that http and https is a supported callback protocol when Darren was setting up the server in the video. Is there also support for DNS? I thought I might have heard Seb mention it. What happens if the C2 server crashes? Must all the devices be reloaded with a new config file or is there a recovery mechanism? Asking for those cases where it may or may not be possible to re-enter the target location? If I'm thinking about everything above in an erroneous fashion, please forgive my ignorance. Thanks for any help you can provide.
  9. @Merlintime & @Sebkinne thanks for the help. I was unaware that the defaults had changed. My applications are so niche and none of them entail me trying to filter. After I read both of your posts, I had to read the wiki Filters paragraph 3 times to wrap my head around how they work. Maybe I've been living in Alabama too long ?? If I'm reading this correctly, when just collecting SSIDs to the pool, I want to use Deny in Client Filtering because this filter only denies interaction with the clients listed. If no clients are listed, then I can interact with any client, thus allowing me to collect SSIDs. Conversely, if I place the filter in Allow, I can only interact with those clients listed. If no clients are listeds, I can interact with no clients. With SSID filtering, when in Deny mode, clients are denied interaction with those SSIDs listed in the filter, however if no SSIDs are listed then clients can interact with any SSID in the pineapple pool. In Allow mode, clients can only interact with those SSIDs listed in the filter. If no SSIDs are listed, then no interactions can occur. Thanks again for pointing me in the right direction guys.
  10. @Just_a_User I do have Log PineAP Events checked. @Sebkinne Hi Seb! The filters are set to the default mode. Allow for Client Filtering and Deny for SSID filtering. I was under the impression that these only really mattered when trying to get someone to associate to the Pineapple, not when just collecting SSIDs.
  11. @Just_a_User I did as you suggested and performed a firmware recovery on the Pineapple. Then I upgraded to 2.3.2. It still would not put SSIDs in the pool. Just to make sure it was not a hardware issue, I unpacked a second Nano that was still in the box and updated to the latest firmware. Still there is was no SSID capture. I finally did another firmware recovery but this time did not upgrade to 2.3.2. I left it at 2.0.2. The Pineapple is acting like its old self again with no problems. All I can conclude is that something is not right with 2.3.2. Your thoughts?
  12. Hi Everyone, I recently upgraded my firmware to 2.3.2 and ran some tests using PineAP. I checked every box except Allow Associations and enabled the daemon. I did some typical device checks and found that my Pineapple was not capturing SSIDs to the pool. I know that many devices don't share their PNL easily, so I spun up the laptop with Wireshark, put the Pineapple on a battery, and went for a drive. Although there were many SSIDs being revealed through devices' probe requests, the Pineapple did not capture a single one to its pool. Has anyone else had a similar issue? Any help would be greatly appreciated. Thanks!
  13. Fantastic! This encoder just saved me a ton of time. I had a massive script and the java encoder was taking forever. This worked so much better.
  14. It's been a slow month for devices but here is the latest update: Nook Color (BNRV200) Apple iPhone 5s (ME305LL/A) The Nook's behavior was unexpected. After associating with the Pineapple, it sent a deauthentication packet to kick itself off the Pineapple after not finding a way to reach a particular Barnes & Noble website. It couldn't find the website because I normally use the Pineapple in a manner that doesn't not let the client have an outside connection. You can find the updated spreadsheet here: https://docs.google.com/spreadsheets/d/1VO0VSm6n79BndK2KMqmokSVlPaOMQQAH0vkEyQRZIxY/edit?usp=sharing
  15. Be careful in your assumptions. Not every bad actor cares about the encrypted traffic. Some of them do not care for banking information, the latest Facebook update, or the last email received. The information and capabilities that the Pineapple can provide can be leveraged to devastating effect in malicious hands. Not all sites of interest have SSL encryption. Someone's browsing habits can help establish a pattern of life. Not to mention can be fantastic fodder for blackmail. If an attacker gets a room in a hotel next to a the room of a prominent politician and said politician happens to have a certain taste in sexually deviant websites, associating his or her MAC address with salacious photos can cripple a career. If you give this presentation to an audience, ask them if they would approve of their significant other knowing their browsing history for the past 2 weeks. In addition, a MAC address associated with an individual's name makes for a great tracking mechanism. Retail stores have toyed with targeted advertising to your phone based on the MAC address that walks in to an establishment. With a handful of pineapples, I could keep track of when you leave home, when you arrive at work, when you arrive at the gym, or when you visit your mistress. If I set them up correctly and place them well enough, I might be able to get your phone to associate through the pineapple before you arrive at any of these places thus following your browsing habits at these places. Another interesting fact is that you can use the Pineapple to force newer phones to give up the SSIDs they've associated with (older phones would do this automatically). If you tell me you've never been to "X" establishment / city / country and the Pineapple makes your phone spit out SSIDs from a particular region or area, you're busted. The great thing is I can do this without letting you connect to the Pineapple at all. I use the Pineapple on a daily basis and depend on people walking out the door and not shutting off WiFi before they leave their house. For my specific application, I just want the device to talk. I don't care what the client device sends, as long as it stays connected and makes packets. The Pineapple enables this activity. If I can achieve this, I win. Know that there are many edge cases. 95% of the Pineapple's use falls neatly into the infosec / pentest arena it was meant for, but there are plenty of other esoteric ways of leveraging this device that can have serious consequences for a victim. Good luck with your presentation.
×
×
  • Create New...