Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by flipchart

  1. Nope, ours came with the same cable (USB-C to USB-A). This probably because USB-C to USB-C would produce a false understanding: With some devices you still need an OTG adapter to tell the device to act as USB Host. In those cases the USB-C to USB-C cable would be useless and not working...
  2. yes, plunder is a simple LAN TAP with only 10/100 MBit/s. You can easily put it between your switch and the Uplink of the switch. That way you can collect all devices internet traffic. Plunderbug is very useful when developing and analyzing stuff, where you don't care about the Link going down to 10/100 (which in normal cases would immediately trip of network monitoring) and when you need something small to put somewhere and dont have lots of LAN cables flying around. But together with the mobile application you can discover a whole new functionality of your plunderbug, 😉 which lets
  3. I am not so familiar with Mac OS, but probably you get it going with this stackexchange post: https://apple.stackexchange.com/questions/33097/how-to-change-the-default-gateway-of-a-mac-osx-machine I'd first go for the GUI option, as there you hopefully don't break the several tunnels you have running... 😉
  4. Probably your Computer takes the Shark Jack as Default Gateway. Difficult to tell with so few info. Could you post the output of the following commands with the Shark attached and also not attached? ip r g ip a (I hope those commands run under Mac OS too... :sigh:)
  5. is there any chance we can get the charge level (eg voltage) programmatically? I have seen that the BATTERY command is only returning charging/full/discharging by accessing gpio40 and gpio41, any chance that one of the GPIOs is an analogue input which could return the charge level?
  6. Does this only happen to me, or are videofiles from the Screen Crab not being exfiltrated to cloud c2? I can not enable streaming when the ScreenCrab is in video capture mode. I have tried with 120s and 5s capture interval. Maybe this is related to the issue. Furtheron I see no possibility to download the loot later as there is no shell access. My current Firmware on the ScreenCrab is version 1.0.6
  7. You need to enable "Streaming" in the Configuration of your Screen Crab on Cloud C2. Streaming is not only meant for the live view, but also for the upload to Cloud C2.
  8. @Shelby77 have you tried the steps explained here? If yes, it's probably time to get your hands dirty with JTAG... Unfortunately my only Bash Bunny got stolen last year together with around 4k USD of other material out of my camper, so I can't really help you here...
  9. Actually the fancy switching is exactly how you could solve it without delay! I think even a still image fed through the HDMI port would be enough to get the 5 seconds one needs to pass a door which is being monitored by a guard behind the screen... Please bring an updated version of the ScreenCrab or a tiny addon which can do this!
  10. Thank you for your response, that explains a lot! Yes I will update this thread if I encounter the same problem again. My Server is currently running in a screen session, so if it goes down it stays down and I will for sure notice 😉
  11. and suddenly it works again... 😕 Did you make any changes to the license server? Or was it something on my end that caused this error?
  12. Hey Guys I am playing around with Hak5's Cloud C2 for a couple of days now and suddenly today my server stopped with the message: [!] Invalid or expired license What happened? My License was free and fresh, and how can I restore/recover my devices and settings now? Restarting the server results in the same message and I cannot access the webinterface. My setup sits behind a nginx reverse proxy and I finally got it to work with websockets yesterday. Please Help 😞
  13. You can actually use ProtonVPN which is free... Just sign up for a free account and then Download the OVPN config file here: https://account.protonvpn.com/downloads Select: GNU/Linux->TCP/UDP (whatever you prefer)->Server Configs If you have a free account, you only can access free Servers from Japan, Netherlands or United States.
  14. and today, another few months later: root@shark:~# opkg update Downloading http://downloads.hak5.org/packages/shark/1907//Packages.gz *** Failed to download the package list from http://downloads.hak5.org/packages/shark/1907//Packages.gz Downloading http://downloads.openwrt.org/releases/18.06-SNAPSHOT/targets/ramips/mt76x8/packages/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_core Downloading http://downloads.openwrt.org/releases/18.06-SNAPSHOT/targets/ramips/mt76x8/packages/Packages.sig Signature check passed. Downloading http://downloads.openwrt.org/releases
  15. To all having issues like "Disconnect" in the webbased terminal: I had the same Issues, so I checked the traffic of a connected packet squirrel by connecting a plunderbug. The packet squirrel was able to connect to the Cloud C2 on port 2022 and the TCP connection was kept alive. Then I checked the browser console when trying to open the webbased terminal and saw that for the webbased terminal websockets were used. websockets were not properly passed by my nginx reverse proxy, so here is my new working nginx config: server { server_name c2.mydomain.com; # The internal IP of the VM
  16. About the documentation: You find the "documentation" in your C2 webinterface: Click on the 3 dots in the top right corner Help Adding Devices Further on you need to make sure that your Shark Jack is not halting at the end of your payload, otherwise you wont see it online for longer than a couple of seconds...
  17. Did you make any changes on the server side (parameters, ports, protocol) after downloading the config you have on your microSD now? That caused me quite some troubles 😉
  18. @CaPerryPO : Thank you very much for your detailed explanation! Additionally to your parameters for starting c2_community-linux-64 i needed to add "-https" as well. (without configuring any certificate on the c2 server as this is handled by the nginx) And very important: Whenever you change parameters of c2, YOU NEED TO REDOWNLOAD YOUR device.config AS THE PARAMETERS HAVE CHANGED (!!!) I had some issues with getting the Terminal to work, so my config can be found here:
  19. Yey! Thank you @Darren Kitchen, that's about what I wanted to create today. There is just one downside: Many of our Internet providers nowadays are using carrier-grade NAT (https://en.wikipedia.org/wiki/Carrier-grade_NAT) and to really identify the internet connection one also needs to know the source port and the exact time of a connection... I searched for quite some time to find a service actually providing this information and included the Port information into the logging. I am pretty sure that there should be some more reliable way in obtaining this information (like from an API) but cur
  20. There are various issues with Rubber Ducky doing this: - rubber ducky has no way to detect a successful login so it will continue bruteforcing even if the correct pin has been found - connecting a new keyboard is probably not possible on a locked iPhone/iPad - after some tries the iPhone blocks for 1 minute, later for 5, 15 and 60 (http://apple.stackexchange.com/questions/57160/how-many-times-can-i-attempt-to-guess-the-pin-code-of-the-restrictions-settings) so this will end in trying pins for years and even worse: the rubber ducky doesnt even know when the timer is over or when
  21. Hey Guys I am a longtime user of the pineapple and I really like this product. Now I wanted to configure the pineapple as a wifi network bridge today. After having circumvented the problem with the hidden ssid by using the network manager and another problem with a password containing a $ sign (simply by escaping the char with a backslash) Well, I finally got it to work then, but now I encounter another issue: The idea behind this application I am setting up is, to block all traffic except traffic to a specific IPs. I would like to do this with IPTABLES or somethin
  • Create New...