Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Posts posted by nik321

  1. 4 hours ago, sysadhoc said:

    hey man, pretty new here, but hell I thought I would give replying to this a shot... if anyone wants to correct what I am saying please go ahead, I am here to learn like everybody else.

    The problem you are having starts with the way that encypted wireless traffic works... first off you have two parties, they start an encrypted session by sharing with one another their "key", but hell, lets just make this simple... lets say name... son.. and dad..

    Now, son and dad trust one another.. and they are able to share a secret code that mom doesnt understand. so everytime son wants to talk to dad... he says "hey dad, this is son... is that you?" and dad says " his son, this is dad".... thereafter they can talk without mum knowing what they are saying.

    If the response was to be mom... or sister... or stranger on the street... obviously son wouldnt say anything.

    This is the VERY simplified reason that you cant kick someone off an encrypted wireless connection and get them to talk to yours instead...


    So... why cant we just call ourself dad? seems simple right?? well... in addition to dad saying he is dad... and son saying he is son... there is a secret that they both share... a secret word.. this secret word is, of course encrypted... but... it is possible to "sniff" the encrypted password and work out what it is by comparing a "dictionary" with its encrypted version of the word... its going to take time, and brainpower, but it is possible.

    Thats pretty much the long and short of it... you have a starting point now, and hopefully an understanding of how it works... is it impossible using your tetra to penitrate WPA2 networks... absolutely not. But its a hell of a lot easier to intercept traffic on unencrypted (open) networks at $randomwifihotspot.

    The reason nobody replied is because in the short time I have been here, I have seen this question pop up a LOT. and it basically comes down to handing someone with no experience a potentially devistating tool, end epowering them to learn why its not working.

    Good luck,


    Firstly, welcome here!! 

    Secondly, this reply was awesome mate. Great read. I understand what you are saying and I understand the theory behind it now. It was a good example. From watching the Kah5 videos of Darren in his video labelled "Primer to PrimeAP" - I didn't realise to accomplish that it had to be on an OPEN wifi... As like I stated... How many Wifi's now-a-days are NOT wpa2 encrypted?

    But it makes perfect sense now.

    Lets say... On someones phone... They have their HOUSE wifi auto connect... So as soon as then get home, it auto connects to their home router which is WPA2 encrypted... but ofcourse it just auto connects because its remembered... but lets say that same phone had JUST come back from starbucks who has an open wifi... And that phone has connected to starbucks (so obviously that is ALSO saved in the phone)

    If you set up the TETRA... Would the TETRA pick up the signals for that starbucks wifi? because ofcourse the phone has it saved already and will be sending out probe requests to find it... or would it only work IF i shut the home router off, meaning it couldnt actually connect to it? In other words, if a device is already connected to wifi... Does it stop sending out probe requests for other saved wifi's?

  2. On 7/14/2017 at 4:15 PM, highxenburg said:

    By default, the Source Address in PineAP is 00:00:00:00:00:00 (instead of the MAC of wlan0...).

    Once I set Source Address in PineAP to wlan0, everything starting working as desired operation.
    I would check that first.

    Ok I will try this thank you

  3. On 7/14/2017 at 4:36 PM, Decoy said:

    So there could be a number of reasons for this. Have you tried practicing at home first? Can you associate with the Pineapple manually? Try forgetting your encrypted home AP to avoid auto-connecting to it so you can test. I would start by turning off auto-enable for PineAP if it's on, make sure all check boxes are clear on PineAP page, save settings, then click the arrow at the top, and save settings for boot. Clear any SSIDs currently in the pool, and from filters. Reboot the Pineapple. Then, once the Pineapple is rebooted, confirm it has internet connectivity, and then Enable PineAP before checking any boxes. Once enabled, check of "Allow Associations", "Log Probes", and "Log Associations". Then click the Save button below. This should now allow Associations for any Probes for Open WiFi, and respond to all of them. You will not get auto Associations from WPA/WPA 2 encrypted AP requests. Let me know if this works for you.

    Yes sir, practicing at home was my first initial test. But forgetting my home AP would delete the object? Nobody at work is going to click "forget" on their works wifi are they? 
    What you said at the end about wont get Auto Associations from WPA/WPA2 AP requests? Well doesn't this just defeat the object? Where I live, I rarely ever see Wifi that us in encrypted these days... Especially office wifi.

  4. So the other week I posted TWO threads about my Pineapple Nano and Tetra.

    I have not recieved much information on the posts from anyone.

    I am just wondering why nobody is able to give me an answer for the fact neither of my devices are capturing clients?

    I have watched the YouTube vid by Hak5 on "Going from prime to primeap" - Where he shows you adding the MACs to the Pool, also adding the SSID to the pool, enabling deamon and every check box, and then deauthing everyone off the network...

    The deauth DOES NOT WORK. And I am not receiving ANY clients?

  5. Please can you just shed a little light on this for me.

    I too am having the exact same problem with my nano and tetra... no matter how many times I deauth... Nobody gets deauthed off my router... I mean i have the clients in the filter list set to enabled (all the clients on my router) - I also add the SSID to the pool.... I have deamon set with all the tick boxes... But no matter what I do, nobody gets deauthed and i never capture any clients???

  6. When I click deauth... it goes green and say successful but nobody actually gets deauthed off my router??

    Plus my pineapple (both nano and tetra) never capture any clients?? The only way they capture clients is if I make my target connect to my pineapples AP?? Which seems stupid... The method of beaconing out SSIDs does not seem to work at all

  7. 14 hours ago, Lord_KamOS said:

    Have you captured and started broadcasting any  SSID's ?

    Yes, of course this can change with future updates, but i was working with PineAP a few days back and got both samsung S7's and iphone 7 connected.


    Yes I did end up capturing SSID's because they started showing up in the pool automatically. I did have all the PineAP boxes ticked which is left of the pool.


    And then once I saw this... I went back to recon to deauth everyone off the router so they would auto connect back to my pineapple thinking they was actually auto-connecting back to their router... But this happened and no clients were captured? And at the time I had my phone out connected to my router via my phone (this is why i asked if it works for mobile devices)


    • Upvote 1
  8. So i have set my Nano up. I have updated to the lastest firmware. I have gone into recon mode and clicked scan over 15 seconds. I have picked up my router that all my devices are connected to in the house. 

    I went down the list of associated devices and added them to the filters. I also turned filters to allow...

    I went into the PineAP and ticked all the boxes.

    I then went back to the recon page and Deauthed my router...

    But it is not connecting any devices? How come this is? I am still browing the web on my phone (i tried both on the windows and connected to an android and both times no associated clients)


    I am however sending out a spoofed AP named Open Wifi... But that is not my goal? My goal is the make every device connected to my router, actually connect to my pineapple and then into my wifi? But no devices are being captured?

    P.S. Will the nano also pick up mobile phone devices? I have had some problems in the passed with MITM techniques not actually picking up mobile phones (pref new ones like the s7 edge and the iphone 7) 

    • Upvote 1
  9. 22 hours ago, ThoughtfulDev said:

    I know the DownloadFile command runs just fine (remove everything after the ;). The file should then be in your temp folder (named update.vbs).

    The error is the line after the ';'.

    This line tries to run the update.vbs located in the temp folder but if you want to run a.exe in powershell you cant just type a.exe you have to use ./a.exe (you understand my point?)

    Aaaagh!! Thank you so much friend! I am going to try this out! Your help has been amazing and I thank you for trying to help me overcome this. Big thanks to you mate!

  10. 14 hours ago, ThoughtfulDev said:

    What you are describing is the Twinduck firmware (have a look at the wiki).

    It will mount your Ducky as a USB Drive and as a HID. So it will execute keystrokes while being mounted as a USB Drive.

    You can of course write the output ofthe ipconfig command to your usb drive. will look something like (in cmd):

    for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do ipconfig > %a/ip.txt

    Note that your sdcard must be labeled DUCKY for this to work.

    This sounds very promising. Thank you very much.

  11. Hello fellow Hak5 enthusiasts! 

    I just wanted to run a quick question by you.

    Would it be possible to set the rubber ducky up in such a way that...

    When you plug the ducky in, it runs a script to check for the IP in the ipconfig in windows CMD, and then save the ip to a file within the USB?

    While also, the ducky acting as a USB drive? So as its doing its thing with ipconfig, you can also browse to files on the ducky that I have saved... Possibly an Image file?

    So it tricks the target into thinking this is just an ordinary usb drive with a picture on it... But in the back ground, grabbing the IP?

  12. 11 minutes ago, Lord_KamOS said:

    I am not sure, and sadly i cant test it right now, but maybe you can look into the twinduck firmware. I find it more effective just mounting sd card and run the payload from the duck itself.


    This is something that also interested me! I would prefer to be able to host the payload on the pendrive as well as the inject.bin > I like the idea of it all being contained in its self. I will take a look a the twinduck firmware setup on YouTube. Thank you for this.

  13. 3 minutes ago, Lord_KamOS said:

    x86 should works just fine on x64


    Oh really? So I can still go ahead and make the payload for a 32 bit computer (like in the video) and still run it on a 64 bit machine? ok that is interesting. Thank you. I do know about 32 bit being cross compatible with 64, but not the other way around. 

    But besides that. Is there a reason that the ducky script, once opened up in powershell, is not actually pulling my payload (website.com/bob.exe) or my vbs file (website.com/ggg.txt - As made in the video) from my website?

    (You also commented on my other help thread for the turtle. Thank you for being active and trying to help me with my endeavors.)

  14. On 2/16/2016 at 9:55 PM, Darren Kitchen said:

    Awesome! Glad to hear it ^_^

    We did something similar at SXSW for Domain.com last year. Setup a bunch of MKVs in pelican cases beaconing hilarious marketing messages. Fun stuff!

    Hey Darren, for this to work, do they need to connect to the AP your pineapple is sending out? 

  15. So I literally just finished copying this tutorial ...


    And everything went smoothly... Apart from when I plugged in the duck... Nothing happened on my Kali MSF... No shells were caught?

    I should first off mention that my target machine was actually a 64 bit windows, so i had to change the msfvenom -a to x64 and change the payload to windows/x64/meterpreter/reverse_tcp...

    But besides that everything went ok... So because the shell wasnt being caught, I decided to open up powershell my self, and manually type in the code that the ducky inject.bin is trying to run in powershell.... and i got this error...

    So I think the reason nothing happens when I plug the duck in, is because in the background (because obviously it is commanded to be hidden in the inject.bin) this is happening... making MSF not catch a shell...


    Please could anyone take a look at this and help me overcome this error please. I would be forever grateful! Thank you hak5 enthusiasts! <3

  • Create New...