Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About uintdev

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. As there is no USB mass storage autorun, the 'flash drive' may need to be able to 'act' as a HID (keyboard input) and initiate USB mass storage at the same time. In terms of Hak5's products, the USB Rubber Ducky (with 'twin duck' firmware flashed onto it -- SD storage access is a little slow) and the Bash Bunny can do that. As those involve keyboard input, some UI elements (i.e. cmd or run prompt for entering the command -- depends on the chosen method) will show very briefly.
  2. For rooted, zANTI is good. zANTI 2 has a lot of nice functionality regarding MITM (including being able to modify requests and responses without a proxy). zANTI 3 kind of removes some features like the one I explicitly mentioned but adds in nmap integration (you can use nmap in Termux anyway, among other typical and popular packages that will not require root). Do note that I have not checked out the latest version being offered by default (if any newer was release ever since), so I have no idea how it is at the moment. There are other software out there which can have similar features or
  3. Information is scarce regarding the "trust asset version," but from what I can tell, it is to do with a version of a component that is part of Apple's trust store. It is not a certificate. https://discussions.apple.com/thread/250858614 http://fluco.org/tech/downloads/SSL certificate installation instructions for IOS.pdf
  4. To make this barebones as possible, here is a working example but in cURL (note: this is a POST request -- it checks if the CSRF cookie value matches up with what is POSTed): curl 'https://samperson.itch.io/desktop-goose/file/1957163' -H 'Cookie: itchio_token=a' --data-raw 'csrf_token=a' If successful, this would return a JSON response. This includes the key named 'url' and 'external'. The 'url' key will have a value containing the 'generated' valid URL to the download (it does expire). You would then use that URL to download the archive. Do note that as itch does use Cloudflare, i
  5. Bruteforcing hasn't really been effective since many major Android versions ago (bad attempts eventually adds on to the lock-out time). These days, user data on Android devices is encrypted with either full-disk or file-based encryption. When booting up and reaching the lock screen, you need to enter the pin or password to decrypt that data with the information you provided (hence why biometrics cannot be used at that stage). This means, unless you can figure out the correct code.. well.. just hope that Google helped out with backups.
  6. From my experience, not even formatting it to ext4 worked. As others had suggested, going in via SSH and using the 'reformat_usb' command did the trick. Although that resulted in me having to copy the upgrade file over as root to the flash drive on a standalone PC using a GNU/Linux distro (Virtualbox was being a little buggy with mounting the drive to begin with). Or just use the manual upgrade method for the WiFi Pineapple as suggested above. Less effort.
  7. For what you are wanting to do, as far as I am aware, it would not be possible on the USB Rubber Ducky. It uses HID. It can use mass storage as well if you program the device with the Twin Duck firmware but the data transfer will be very slow and there would still be no way of detecting all major desktop platforms. Using a Bash Bunny would be ideal as that would allow you to determine the platform used (USB Ethernet & nmap) and quickly exfiltrate user data via mass storage in the same script (either by using HID to issue copy commands or setting up a hidden reverse shell that would th
  8. Not certain about the requirements, but last I heard, it was recommended to use a really low capacity micro SD card with the USB Rubber Ducky.
  9. Even if you were to go with PS2 only, you could always get an adapter for that. Not as convenient and fast but in theory it should work. If we were talking about modern laptops then no worries about exposed PS2 ports. You might have the ability to disable USB completely via BIOS as well as setting a unique BIOS password.
  10. Update on this. rt3070 rt5370 rt28xx (Needs firmware v1.1.)
  11. With a firmware update, it's technically possible. Although there might be limitations (i.e. storage being too small to install the appropriate kernel module(s)). Even if it was 100% possible to add such support without issues, would those who are developing for the Packet Bunny find it to be worth adding in for this specific product when it's mainly for USB mass storage?
  12. Have you tried putting the commands in quotes? For example: Q STRING "foobar"
  13. Having the string encoded with base64 would add on more characters to type out (including the base64 decode function). If I were to encode the PowerShell part (without the variables becoming an IP and a port number): it would be 458 characters long base64 decoded but 611 if base64 encoded (this includes escaping so it could be slightly shorter). This is without the function required to decode base64. I figured having it harder to read in a small window would be somewhat good enough (won't be in full view, goes by fast, Windows may lock up cursor during keyboard input). It
  14. Minimum on mine was 15. Perhaps it's to do with the display configuration. The changes have been made in v0.1.3. I have to say, this one really gives it a boost. Thanks.
  15. v0.1.2 is out. 'cmd' is now directly ran by default (avoiding that very noticeable window with a deep blue coloured background).
  • Create New...