Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

800 profile views

cyrus104's Achievements


Newbie (1/14)

  1. Using the pineapple on an engagements from different vantage point doesn't let me know the best location and rf leakage. Is it possible to out put pcap in the same way that kismet does using a PPI header. This little love for post-processing and checking for RF leakage and possible red team engagement locations. If it's too hard to integrate this directly into pine AP, can there be a default way to run kismet in the background all the time or at select times. Having this integrated into the pineapple software seems like the cleanest solution allowing the pineapple to also retain all original functionality
  2. @emptyhen, Super interesting results. The SJ is connected to the same switch the VM is bridged to. I swapped over the port and that didn't do anything different. I put the SJ in arming mode, change the IP with ifconfig, ressh'd into the SJ and ran the nmap command manually and.... on the first try it got all 13 hosts on the network. I tested it about 3 more times and it got all of them. I reboot the unit and put it into attack and it's back to 4-5 hosts. Yeah, the ports you have listed is about all that can be expected with the battery constraints.
  3. With my nmap runs on a Kali vm, I get some variants too, sometimes none other times 1-3. Because everything is on a local lan, it's never been bad enough to not register 75% of devices using the basic scan. I have made the changes to includ ehte host timeout and max retries but that hasn't really helped out. For the usage that I have, I'd be happy with turning on -sV and -A but this thing doesn't have the battery life to do that.
  4. @emptyhen, I did see that they are planning to make the change which is great. I am struggling right now with the fact that I can run the same scan several times and get different results. Specifically on the default payload which is a ping and I can run a basic ping test using nmap on my machine and get like 12 machines up and the SJ only gets 2-5 at different times... and it's never gotten my NAS. I'm a little worried because I'm not sure I can trust the results of using it. 2-5 our of a reliable 12 is bad! I've tested flashing the older 1.0.0, 1.0.1, and current 1.1.0 all with the same random results.
  5. I would be very interested in a community version of this as well and would be happy to test making changes to my unit to see if I can resolve a few issues that I'm seeing as well.
  6. Odd my searches didn't turn this up but @Flatlinebb had this problem and did all the troubleshooting months ago.
  7. @emptyhen, I removed my PR as @Darren Kitchen submitted a complete rewrite of the default payload. While this new payload doesn't trigger the issue that we are seeing, most of the other sample payloads in the github do fall victim to this issue. I wanted to capture the fix you came up with here, please correct me if I don't get it right. In /usr/bin/shark_framework you modified line 120. from: echo "bash -C '$payload'" | at now to: echo "bash -c '$payload'" | at now You mention you chmod +x payload.sh, what about doing a chmod +x payload* at line 110? @Darren Kitchen / @Korben, The updated sample payload is vastly different than all of the other examples that utilize functions and are laid out in a easy to read / modify way. If possible can the change above to shark_framework be made? This would allow the sample payload to be reverted back to the original one which is inline with the other payloads in the git repository. Thanks
  8. Interesting, I didn't run it outside of attack mode. With the few changes that were made rm'ing the file before writing it and updating the file creating to "echo 0 > $SCAN_FILE" it's working for me if I keep $SCAN_FILE or if I delete every time. I'm not sure why the touch is even needed, echo 0 > will create a file if it doesn't exist. I will unmark it as solved. There are some underlying issues that might benefit from being looked at by a dev.
  9. I created a PR for the github repo of this payload.
  10. Glad to see it's not just me on this one. I also tested all the commands manually and they work (with an update the create file command). I went so far as stripping every single line out of the file besides the ones dealing with the counter and ran it on a linux vm install and it increments the counter every time I run it. I will try and add the same thing you did. I figured that because it was running as root there wouldn't be an issue with the writing of the file.
  11. Got it fixed, used Chrome Inspect to see that fonts.gstatic.com was being blocked by a Pi-Hole list.
  12. I tested installing Cloud C2 several times for testing and have noticed the images are not rendering properly. I'm running CloudC2 on Ubuntu and Debian, both fully updated. I've tested Firefox and Chrome inside the Debian VM and Windows host with Firefox and Chrome. All of these combinations have resulted in the same rendering issue as below. My start up line for my VMs with one interface is: community-64 -hostname $local_ip Thanks for the help all.
  13. @Darren Kitchen / Hak5, Great product, I'm running into an issue that I thought your code mitigates but isn't working properly. First time I run the SJ it works as expected, when I disconnect and run it again (same network or different vlan) it fails. I say fails but it gets to the pulling dhcp (cyan / magenta) and after that it switches to a quick cleanup and then finish. If I do a cleanup and remove the loot files, the second run will work as expected but I need to do a clean up. I am using the example Nmap-C2 from the hak5 github. It looks like you handled this with the SCAN_FILE (/etc/shark/nmap/scan-count), oddly on the SJ I never see this file increment. I see the lines below: In setup() # Create tmp scan file if it doesn't exist SCAN_FILE=$SCAN_DIR/scan-count if [ ! -f $SCAN_FILE ]; then touch $SCAN_FILE && echo 0 > $SCAN_FILE fi In run() SCAN_N=$(cat $SCAN_FILE) SCAN_M=$(( $SCAN_N + 1 )) In finish() echo $SCAN_M > $SCAN_FILE Any thoughts on why the SCAN_FILE next increments would be great. I've cat'd it out after each run and it's always blank or zero. Thanks a bunch
  14. @Darren Kitchen, I'm sure you guys have thought of this but I wanted to get your thoughts on a joint project over USB-C (3.x or 4). As you well know developing a new product takes time and I figured you could start looking into this now if you haven't started. With new monitors moving toward USB-C, a joint product that acts as an inline monitor (Screen Crab) that then provide Key Croc capabilities. Right now, I think most are using TB3 but with USB 4 coming out that will provide enough bandwidth. I'm sure there are plenty of issues with this idea such as... what if the target isn't daisy chaining their keyboard/mouse into their monitor that then has one USB-C connection to the PC.
  15. I would like to see about compiling my own version of the Tetra openwrt. I've been looking through github but none of the hak5 repositories have changed to account for the newer versions. I have also looked at openwrt chaos, daily, and lede only to see some hints of the nano but not enough to build it with a full pineapple gui nor to build a tetra. Any help is much appreciated.
  • Create New...