Jump to content

Didier Stevens

Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Didier Stevens

  1. My Shark Jack stopped working shortly after I received it. Now I have a replacement unit. That one doesn't run so hot when charging:
  2. You don't need programming skills to achieve this. Open payload.sh, and search for this line at the beginning: NMAP_OPTIONS="-sP" Customize it with the nmap options you want.
  3. I'm experiencing issues with the various WiFi payloads on my Signal Owl with firmware 1.0.1. They don't work (BTW, the Bluetooth payload does work). The reason is that the wlan0 interface is missing. I have to add it and turn it on by adding the following commands to the beginning of the payloads: Do you experience the same issues? Or do these payloads work unmodified with firmware 1.0.0?
  4. After one hour running inside coat pocket, Bluetooth payload.
  5. I guess that with "the suggested tool that is missing", you mean the following script: https://github.com/hak5/sharkjack-payloads/blob/master/sharkjack.sh Looking inside this script, the upgrade process is essentially: copy firmware to /tmp/upgrade.bin sysupgrade -n /tmp/upgrade.bin
  6. Here are 2 thermal imaging pictures of my Shark Jack after fully charging. Top pic:
  7. Confirming it is random. First I have this: Then after Shark Jack reboot this:
  8. I just did some packet captures of a Shark Jack nmap scanning (using my Packet Squirrel 🙂 ), and to me it looks like the MAC address of the Shark Jack is randomized.
  9. I tested my Shark Jack and found 3 scans that, AFAIK, were not initiated by me. Looks like 3 test scans that were left in the loot folder and got shipped with the Shark Jack. Just wanted to known if other owners of a Shark Jack observed this too? To be clear: I'm not worried about this, just curious.
  10. Don't know if this is the right place, but here goes ... In the recon page, I would like a comment field, allowing me to add/edit a comment per scan (this is not a request just for the Nano, but other pineapples too). I have too many scans now in my recon.db, I can't remember where they were done exactly, and I would like to be able to identify them with a comment. For example: "Brussels office". I looked for the source code to add this myself, but AFAIK, this is not open-sourced. I can find the modules and openwrt on GitHub, but not the WiFi Pineapple code.
  11. No, it's actually 10,000,000 bytes and not 1,048,760 bytes. From the tcpdump man page: http://www.tcpdump.org/tcpdump_man.html And it's 1024 :-)
  12. I don't really like it when packet captures are written to a single file, unless I know the capture file will be kept small. A network capture can create very big files, that take a long time to read and display with Wireshark. And with the PS, you run the risk that the PS is improperly shutdown (e.g. loss of power) and that the capture file on the USB stick gets corrupted. That's why I prefer to configure tcpdump (or dumpcap) to rotate files and create files with a size limit. I changed the sniffing/tcpdump payload as such (bold): -C 10 sets the maximum pcap file size to 10.000.000 bytes. When that size would be exceeded, a new file capture file is created and the old one is closed. -z sync executes the sync command each time a capture file is rotated. This should guarantee that the rotated capture file is actually flushed to the USB disk. I will use my PS with this mod for a couple of weeks, and report back here.
  13. The command is reformat_usb. Remark that this will format the USB stick with the EXT4 filesystem: Hence not natively readable on Windows 10.
  14. I updated with a USB stick formatted for NTFS on Windows 10. No problems.
  15. Yes, it is. Although I had to do this twice. First time I did not pay attention to the time, and I (wrongly) thought the solid blue LED indicated that the firmware upgrade was finished. So I unplugged. And my PS was no longer booting (no LED). I had to use the recovery console to install the recovery firmware, and then do the upgrade again. This time waiting longer. But no problem, it was an opportunity to test the recovery procedure, and also find a small bug in the recovery console (created GitHub issue for this: https://github.com/hak5/packetsquirrel-payloads/issues/24).
  16. FYI: I had the following LED patterns when doing a firmware upgrade from 1.0 to 1.1 Flashing GREEN Solid GREEN Alternating RED/BLUE (6 to 7 seconds) Solid BLUE for several minutes Flashing GREEN Flashing BLUE The solid BLUE for several minutes was unexpected, from Seb's post I expected the RED/BLUE alternating to take several minutes. Anyone observed the same?
  17. Thanks for sharing your network specs Draxiom. I assume your eth0 interface is connected to a 100Mbps device, but that it supports 1000Mbps too.
  18. Anyone knows the hardware specs? Can't find it on the PS page, and the wiki is not up. Most interested in speed of Ethernet ports.
  19. Hi! You shouldn't feel sorry :-) What other Hak5 gear do you have? I have a Pineapple V too.
  20. I updated my HID file dropping method for the Bash Bunny. This is for hardened computers that don't accept removable storage. Steps: create a pure ASCII PDF with embedded file (for example EXE) using my make-pdf-embedded tool create a Ducky script to type out said PDF launch notepad on target machine and type out content of PDF save file as .pdf file open with Adobe Reader extract embedded file if necessary, change extension open file More details: https://blog.didierstevens.com/2017/04/24/bash-bunny-pdf-dropper/
  21. Mine doesn't get hot. 46°C / 115°F just booted in arming mode:
  • Create New...