Decoy
-
Posts
248 -
Joined
-
Last visited
-
Days Won
2
Everything posted by Decoy
-
Apparently Parrot has Nvidia drivers pre-installed too. That's an added bonus.
-
I've been meaning to try out the FruityWifi interface for the Pi. It looks very similar to the Pineapple.
-
This looks like a fire hazard. I like it
-
Yeah, I've been using Kali for a few years. I'm going to Branch out a little though I think. I've honestly never really considered other options. I didn't even realize there were so many: https://fossbytes.com/10-best-operating-systems-for-ethical-hacking-and-penetration-testing-2016/ Some of these I've heard of, but others I never knew about.
-
From what I can tell (and read) it started from a Kali repository. It looks like a lot of the same tools actually.
-
Does anyone have experience with Parrot OS? I've used Kali/Backtrack plenty over the years, but I've recently been exploring other options. Parrot looks good. I've read some articles, and they seem biased based on who wrote it.
-
I actually just bought one of those as an alternative to my Alfa, just to see if that would work. I've been reading various articles on patching the injection flaw. I just can't see how they didn't test this when creating the Kali arm image. I tested my older B+ Pi1, and sniffing/injection works fine on that one. I'll let you know of the patching attempts work.
-
So far no luck on getting it working. Monitor mode works fine, just no injection... I've seen him post that in the Kali forums. Is it legit? I don't like the idea of downloading someone else's custom kernel....
-
Seems to be the same... Laptop (working): ../../../../../../bus/usb/drivers/rt2800usb Pi (not working): ../../../../../../../../bus/usb/drivers/rt2800usb No joy on the Pi. So strange... I am installing the kali-linux-wireless now. Hopefully that will resolve it. I'll keep you updated. Thanks for the suggestions.
-
I did kill all the processes that airmon-ng said might be an issue. I've tried just about everything; however it looks like it might be an issue with the Kernel for the ARM image. I'm going to try building a custom image with the right drivers for it. Thanks for the info, I'll post my findings.
-
Hi everyone. I recently picked up a new Pi 3, and I set it up to run headless with CC through SSH. I'm having difficulty getting packet injection to work for some reason. I know the Alfa cards work, I can use them successfully on my other devices just fine. 0/30 tests failed with aireplay-ng injection testing on the Pi for some reason. Kali 2.0 works fine on my laptop and PC. Anyone else have this issue before? I can pick up APs just fine, I've tried turning off channel hopping, specifically defining an ssid. No joy. Any ideas would be greatly appreciated!
-
True; however it would be nice to have the process automated.
-
Has anyone actually done this for the Pineapple yet? This would be a great module.
-
Run the Ducky payloads, they install all the languages for you. https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/DuckyInstall
-
Awesome, you guys rock. Can't wait to play with the new features!! Keep it coming!!
-
So after the latest episode of Hak5, you mentioned 1.1 was ready to ship. When will this be available, and is there a new feature list?? You guys are awesome for pumping this out so quickly. I'm super excited.
-
Yes, you need to change the keyboard layout to US if you after in the US, and change the UAC bypass key to "y".
-
Yes, I apologise if that wasn't clear.
-
Is it a slow blink or a fast blink? Is your SMB server kicking off? Does the BB have an IP?
-
Something like this (obviously this is a super simple version) - but we can get creative with it. This could be fun :)
-
Right. Or anyone who is dumb enough to run in root all the time, lol. Now it might be possible to pull this off with a little social engineering though. For example, what if you were able to tailor a scenario where the user had to legitimately (or so they think) needed to enter the sudo password. From there - you pipe the password they enter into the actual command they think they're executing - while executing mimipenguin in the background. You would most likely need to have removed the bash bunny at this point, but the shell script could still be running in the background, and utilize some sort of server to receive the password dump.
-
Seems cool, but it needs root to run. You need the password to get the passwords... If only it were as easy to bypass it in Linux as it is in Windows...
-
This Wiki has some good information about valid Attack Mode combinations: http://wiki.bashbunny.com/#!./index.md#Bunny_Script You don't have to put all your attack modes in one line at the same time either. If you want to start as a keyboard, just start with the HID attack mode. Switch to Ethernet when necessary, and then switch to Storage if you want. All that said, I think your combination might be backwards. Try doing this instead, to match valid combo structure and let us know if it resolves your issue: ATTACKMODE HID RNDIS_ETHERNET
-
I think one of the benefits of having a solid open source Community, is so that you have a lot of people making tweaks and giving input so that the payloads work best in as many environments as possible. Payloads are meant to be tweaked to fit the environment you're targeting. All that being said, as someone with a software development background, typically you won't release a piece of software with only one version and have it work perfectly right out of the box. This is why normal programs that you run on your computer need to be updated often. Recon is a huge part of any engagement. You always want to know your target, So you know which attacks you need to bring to the table. Ive had great success with the Rubber Ducky, the Pineapple, and even the latest Bash Bunny; however these tools have a tendency to be picked up by script kiddies who just want these to work without little or no effort, so they can be "hackers". Like Mr. Robot... on TV.
-
Which payload are you trying to run? Are you writing your own?
