Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by flipchart

  1. if the computer is not bitlocker encrypted, you don't even need his password to access the data. Simply take the harddrive/ssd out of the computer into a harddrive case and access the data like you normally do with external harddisks: https://s.click.aliexpress.com/e/_ApZIwK If you happen to have a large 3.5" disk you should get some connector with an integrated power supply: https://s.click.aliexpress.com/e/_ApMtIm This should do the trick. Maybe you are lucky enough to find a backup of the Huawei Phone on the computer to restore your pictures... I wish you success!
  2. Hi Francis I am very sorry for your loss! To keep my answer short, I can tell you, that the Rubber Ducky won't help you. The Rubber Ducky can only automate your manual typing as it acts as a keyboard which can be programmed. What you need is a real forensic company. Unfortunately I do not know any company doing these kind of service near you, but a good company should be able to access at least the Win10 data, as long as it is not bitlockered... all the best flipchart
  3. I just encountered the same Problem here. Changed cables, power supply, Adapters and so on, but the Screen Crab keeps telling me that there is no signal, even though there is. The signal comes from a Lenovo X270 in its Docking station via HDMI to the Screen Crab and further via an HDMI to DVI Cable to a Lenovo Thinkvision L1951pwd. It worked in the beginning with a few (3-4) screenshots but now no more. (I have to say that some screenshots were broken jpegs) Tried another monitor and it works fine, HDMI 1.4 also connected via DVI adapter. The Lenovo Thinkvision is super old but already supports HDCP, maybe this is the problem. That would explain why it first worked but now, as the OS and the monitor got "to know each other" they probably swapped for HDCP... #noIdea
  4. Ok, ScreenCrab.apk is a system app having this in its Manifest: android:sharedUserId="android.uid.system" And system apps with sharedUserId need to be signed with the same key as the system (as far as I understood). So there is currently no chance for me in getting this apk easily modded and working... Well, then, lets think around the other corner: ScreenCrab does store images offline every 5 sec. Why not write a script which uploads all these images to an sftp? Unfortunately, there is no curl on the ScreenCrab - but we have busybox with very useful tools like "mt" (Control magnetic tape drive operation) šŸ™‚ But thankfully there is a precompiled curl - statically linked - available here: https://github.com/moparisthebest/static-curl Direct link: https://github.com/moparisthebest/static-curl/releases/download/v7.75.0/curl-armv7 Now all that's missing is a wrapper handling the file uploads and a wrapper checking the wrapper is always running... BTW: File transfer to the ScreenCrab can be done by having an http (no ssl) server serving the files and downloading them from the ScreenCrab with "busybox wget http://..." -> https://chryzsh.gitbooks.io/pentestbook/content/transfering_files.html
  5. I just wanted to know what the latest FW of ScreenCrab is, and if there is an update how to update it. thanks... šŸ™‚
  6. ok, one step further: The sinner is "ScreenCrab.apk" which can be found at /system/priv-app/ScreenCrab/ScreenCrab.apk I decompiled the app online at http://www.javadecompilers.com and found in sources/org/hak5/screencrab/p004c2/Device.java this function: private String getWANInterfaceName() { return "wlan0"; } so my eth1 should be called wlan0 or I have to try to change this string in this apk. As I am not an Android Developper I first tried the renaming of the interface with some adjustments of my script: #!/system/bin/sh # wait for eth1 /system/bin/svc wifi disable while [[ $(/system/bin/ip a | /system/bin/grep -m 1 -o eth1) != "eth1" ]]; do /system/bin/sleep 1 done /system/bin/ifconfig eth1 down /system/bin/sleep 1 /system/bin/ip link set eth1 name wlan0 /system/bin/sleep 1 /system/bin/ifconfig wlan0 netmask up /system/bin/sleep 1 /system/bin/route add default gw /system/bin/sleep 1 /system/bin/ndc resolver setnetdns wlan0 /system/bin/sleep 1 exit 0 But so far wihtout success. Any help is appreciated, this is also why I attach the ScreenCrab.apk . @mods : If this violates any rules feel free to delete the attachement, I am just desperately seeking for help for my ScreenCrab <-> Ethernet project. Thanks for understanding! ScreenCrab.7z
  7. ok, got a step further: busybox vi /system/etc/mkshrc ================ add line to the end =================== /etc/eth-setup.sh & ======================================================== -> /system/etc gets mapped to /etc busybox vi /system/etc/eth-setup.sh ======================================================== #!/system/bin/sh # wait for eth1 while [[ $(/system/bin/ip a | /system/bin/grep -m 1 -o eth1) != "eth1" ]]; do /system/bin/sleep 1 done /system/bin/ifconfig eth1 netmask up /system/bin/sleep 1 /system/bin/route add default gw /system/bin/sleep 1 /system/bin/ndc resolver setnetdns eth1 /system/bin/sleep 1 exit 0 ======================================================== The "autorun" gets handled by the mkshrc script which by default gets loaded as there is a shell presented on tty... This now works, but C2 only works over WiFi. @darren & Team: How can I enable C2 connections, even if there is no WiFi (e.g. only my LAN)? Please help... please...
  8. In case anyone out there is working in the same direction: mount -o remount,rw /dev/block/mmcblk0p1 /system mount -o remount,rw /dev/block/mmcblk0p1 /system lets you persistently edit files in /system which will be symlinked to /etc and the like on boot... rc.local does not work (tried with x permissions and simple touch command to writable /data) the solution probably lies here https://android.googlesource.com/platform/system/core/+/master/init/README.md Any help is appreciated!
  9. Hey Guys I am trying to use my Screen Crab over Ethernet... So far I found this USB-C gigabit adapter with integrated power delivery port to work: https://www.delock.de/produkt/65402/merkmale.html?setLanguage=en After having fiddled around with this weird OpenWRT Installation on the Screen Crab, I've found the following commands to work and get the ethernet up and running: ifconfig eth1 netmask up route add default gw ndc resolver setnetdns eth1 after this I can ping and lookup dns records. The commands are entered by using the onboard serial connector within my Screen Crab (yes, warranty voided) Does anyone have any hints on how to get these commands run at boot?
  10. binwalk -e helps a lot, often you can simply edit the binary file, as the config is part of the last few bytes and ascii šŸ˜‰
  11. Hey @stilia.johny Sorry for the delayed answer, the notification ended up in the spam folder... šŸ˜ž yes, the Mark V is still available, I'll PM you with detail (y)
  12. Ok, I got the SOLUTION! : STATIC IP AND CUSTOM MAC: # Set Static IP & Custom MAC uci set network.lan.proto='static' uci set network.lan.ipaddr='' uci set network.lan.gateway='' uci set network.lan.dns='' uci set network.lan.netmask='' /etc/init.d/network restart ifconfig eth0 down ifconfig eth0 hw ether 12:00:15:b7:13:37 ifconfig eth0 up This way you set your static IP, restart network to commit the changes, take eth0 down, set MAC and put eth0 back up again. If you restart the network, you get another random MAC. Thank you for all the support šŸ™‚ especially @kdodge && @lespacefish
  13. Well, the shark jack is an openwrt, so the networking should be defined in /etc/config/network. And then there is the NETMODE command... But luckily the NETMODE command is just the following script: root@shark:/etc/config# cat /usr/bin/NETMODE #!/bin/bash function show_usage() { echo "Usage: $0 [DHCP_CLIENT|DHCP_SERVER]" echo "" } case $1 in "DHCP_CLIENT") uci set network.lan.proto='dhcp' ;; "DHCP_SERVER") uci set network.lan.proto='none' /etc/init.d/odhcpd start ;; *) show_usage exit 0 ;; esac so i tried to setup everything with uci in the payload: uci set network.lan.proto='static' uci set network.lan.macaddr='13:37:13:37:13:37' uci set network.lan.ipaddr='' uci set network.lan.gateway='' uci set network.lan.dns='' uci set network.lan.netmask='' /etc/init.d/network restart This works, except for the MAC address... I kind of think that the network restart also assigns a random MAC, but I am not yet down there...
  14. @kdodge : No, there is no /etc/network/interfaces, not even an /etc/network folder... I really did not manage to set a static MAC and IP. Anyone else having an idea?
  15. I am getting pretty tired now... I really tried hard, i must be missing something: As I do not want to fire off a DHCP request, i selected NETMODE TRANSPARENT. With the following ifconfig commands I tried to achieve static IP and hw address set: # Change MAC address ifconfig eth0 down ifconfig eth0 hw ether 00:XX:XX:XX:XX:XX ifconfig eth0 netmask up route add default gw and I always get a random MAC. When I select NETMODE DHCP i get my custom MAC but an IP from DHCP... I was already looking for a way to set the shark random MAC to my custom MAC, but there must be an easier way... what am I missing?
  16. @lespacefish thank you for sharing! Any idea what I can do if I do not want a dhcp but only a static IP *and* the custom MAC?
  17. most of these cheap chinese cameras have limited functionality and are very bad in terms of security... (not saying the more expensive ones are better šŸ™‚ ) What you can do is dumping the memory, usually the firmware is on a SOP8 Chip which you can dump via a BIOS ROM reader (https://s.click.aliexpress.com/e/_dYbO35F ). Then unpack it with binwalk and edit the password which is hardcoded in the firmware. Then simply pack it and write it back to the chip... Boot the camera and there you go! there are many cool things you can do by editing the firmware this way. Like import additional features or remove the cloud feature of the vendor... Just always keep a copy of the original firmware, in case things go south šŸ™‚
  18. Thanks for this! Have you had your key for more than a year now! šŸ™‚ I just need to know as I have to file the annual cost of our future cloud c2....
  19. Thank you for your response! @Darren KitchenI have seen that, but if I don't need additional support, will the server continue to run with my licence? Will I be eligible for newer versions or will i be stuck with my version?
  20. What happens if you, after the pine disconnected, manually restart the CloudC2 Connection? maybe you see something in the output of the script...
  21. @Darren Kitchen any info on this? Or am I just too stupid to read the docs? šŸ˜›
  22. Hey Guys Is the cloud c2 licence for 500 respectively 250 USD for lifetime (with 1 year support) or just for one year? Thanks for a quick respnse (I am about to get funds ready for a "Hak5 gear-up" at my company... šŸ™‚ )
  23. Hey Guys I just found my old Mark V in its original box, with all the cables, the quickstart guide, a pineapple sticker and the additional USB to Pineapple Cable (Juice Cable)... But I simply have no use for it anymore. If anyone is interested in it (for collection/for use or whatever) I would be willing to swap it for something else from hak5 or anything you come up with that makes my pentesting/HAM heart happy... Pictures: (sorry, attachement quota filled with one image and cannot delete it anymore... ;( ) https://ibb.co/KNMY7qm https://ibb.co/3Tr8tV1 https://ibb.co/JpfG58J https://ibb.co/MNrcYdj https://ibb.co/3vn2WbW https://ibb.co/d6xx5P6 https://ibb.co/HtGrwyL
  24. build your own, delete unneeded stuff or copy the functions needed: https://github.com/nmap/nmap https://svn.nmap.org/
  25. Plunderbug does not work on iOS Devices... It works only on Computers and some Android devices with root access: https://shop.hak5.org/products/bug And the Plunderbug is not primarily thought to be a standard network interface card (NIC). Plunderbug is thought to intercept between the two network ports it has. But you can also use it as standard NIC. Read the docs below and have a look at the mode changing (2nd link) https://docs.hak5.org/hc/en-us/articles/360019046533-How-to-tap-an-Ethernet-link-with-the-Plunder-Bug https://docs.hak5.org/hc/en-us/articles/360018810834-About-Mode-Switching-on-the-Plunder-Bug
  • Create New...