Jump to content

Struthian

Active Members
  • Content Count

    111
  • Joined

  • Last visited

Posts posted by Struthian

  1. PS - I hit this when playing with the crocctl-ipinfo address identifying example provided with the product?  Did Hak5 actually try their own examples with this firmware release? I foolishly thought that an example would work.   Here is an idea - use quack scripts to test your releases.

  2. It appears that in the language.json files that there are two entries for the number characters. I am thinking that one entry is the key scan code for the keys on the number key pad and the other is for the top row numbers.  Really same names for two things?  Quacking a string should behave as if typing that string.  Of course there should be a way of quacking numeric key pad keys as numbers or commands.  What we have here is wrong and if there is some theory it was right - not documented.

    I lost a chunk of my life realizing this problem - I should have checked in to this forum sooner. I do feel a little foolish not figuring it out sooner on my own. I don't like to feel foolish even when I was.  I am thinking that this could be solved with a new language.json file but I think Hak5 should provide the file.

  3. On 8/3/2020 at 4:19 PM, hopewellrocks said:

    Is it possible to build an inexpensive pentesting gadget?

    You have to be creative.  I would use have-a-heart traps to capture jack rabbits, prairie dogs, ground hogs etc. and set them loose.  

    • Like 1
  4. On 7/29/2020 at 6:52 PM, Tony999 said:

    I just bought the pineappple tetra and cannot get it to connect to the internet. I have tried wifi and cable at different OS's such as Windows 8.1 and 10 also linux mint. I have been looking at all the help files on the net but nothing seems to work. I did get the setup working so everything is set , but as soon as I try to go to the internet it keeps telling me no "internet connection". Can anybody please take my the hand and help me. I really would appreciate that.

    Tony

     

     

     

    How exactly did you try and "go to the internet"?  What steps did you take, from what point of operation?  Did you try Wifi or did you try  a wired connection?

  5. There is no "internal antenna".  You must use both antennas at all times or you could ruin your nano.  It is never a good idea to run any RF transmitter without a load.  Use the antennas provided.  Putting only one outside on your roof will not work. Putting two outside on your roof might work but they would have to be similarly spaced to when on the Nano. You would also have loss in the feedline to those  antennas, especially if you didn't select the feed line carefully.   It actually would be easier to put the nano and it's antennas up on a pole but take it down to avoid damaging it due to weather.   If you are asking about 2 antennas, read the doc and method of operation a lot more carefully.

    Deauthing equipment that is not your own or for which you have no permission is unethical and illegal.   Therefore, it is hard to see a legit reason for you proceed.  I might add that if you do deauth an entire neighborhood the chances of getting caught go way up. I actually know how I would catch you in your little experiment if called upon to do so.   Practice on your own stuff or that of your friends. Do it indoors.

  6. Yes - describe what you mean by "hosed", carefully, methodically and also describing what your goal ultimately is.

    2.7 is not hosed. It's the best.  When you blame the tool you are cutting yourself off from solutions.

    Nobody cares if you think it's "Hosed".  People may care if you describe what you want to do and how you go there.  It would also be more helpful to you if you looked at problems others had and how they got solved. You may get some ideas that way.   It's not a "pick your poison" situation - but neither is it fulfilling goals you can't even explain.

  7. 8 hours ago, JediMasterX said:

    my Pineapple is just dead meat, seems like its dead for a while now... seems like the product and most importently the cummunity is no longer there... wake up HAK5 😓

     

    JMX

    "Dead meat" is not a very diagnostic description.  What have you done to it? How did you attempt a reset?  Don't tell people to wake up if you can't really articulate what is going on.  Look at the reset process.  Follow it.  Make sure it is powered properly according to the documentation. Start following the process exactly.  Attempt to access it (and explain what happened), then if that doesn't work, follow the reset process.  Never expect people to care what you write when you didn't write anything descriptive yourself. That is important to any community.  

  8. When it's not plugged in or when the led's are turned off.  What else did your friend try to do? Access it's flash disk?  What position was the switch in?

  9. 1) You posted 31 minutes ago and then wanted people to have answered you by 4 minutes ago.  That's not reasonable.

    2) Nano or Tetra?  "setting it up" - exactly what did you do?  Was your network wired or wifi or both?  It is very unlikely that a NEW pineapple was tampered with.  Was it new?  In retail packaging?  Did you consider the procedure in Hak5 documentation to reset it?  That's a good idea anyway given your confusion.   The Pineapple is a hacking device. If you "set it up" without thoroughly reading the instructions you are damn right - it could do all kinds of things to your wifi network.   That's its purpose and to then show vulnerabilities that can be corrected.  The pineapple is a very complex device.  My suggestion is that you read all the docs, watch all the videos and proceed methodically in exploring what it does.

    3) Going forward, be methodical, write the steps you took and what you expected. THAT is how to seek help for something like this. "Setting it up" - quite frankly that is absurdly vague. It would also help if you could describe what you expect it to do.

  10. One use case the Pineapple does not have is to smash into every wifi device without reason or purpose.  The purpose of all Hak5 products is to describe poor or thoughtless configurations so that the rightful owners can fix that.  Often Wifi devices are configured so that they can't be so easily attacked.  One example would be a target that does not have multiple configured access points. That limits what is possible.

    If the Pineapple is used carefully and as described and still "does not work" - then the target is secure from what the Tetra does.  If someone has a fantasy of pranking all their neighbors, that's really not what pen testing is.

    If you want to test a Hak5 product without harm to others, configure some devices and try attacking them.  That's a great way to learn and to develop skills in an ethical way.

  11. 16 hours ago, JWitz86 said:

    A bunch of disorganized boastful posts? Kinda harsh don’t yah think? 
     

    what exactly was I boasting of? Feel free to email me, and I am happy to provide details. I wouldn’t want anyone completing work on an illegal/unethical basis.

    Nothing harsh here.  Legit business persons can describe what they do in an organized and methodical manner. You haven't. Reasonable to suppose you cannot.  Send email?   No - describe your business as a business person would - without evasion.  Stating you are "legit" is not the same as showing it.  I don't think you can.

  12. Here is a possible suggestion https://www.bioennopower.com/collections/12v-series-lifepo4-batteries/products/12v-3ah-lfp-battery-black-w-pvc-pack

    These batteries are used in Amateur Radio.  My question for Darren is whether the Tetra can take 14 volts which is what these batteries do when fresh.  The battery will produce better than 12 volts for its entire ampere hour rating.  They also can function for thousands of fully discharge cycles, effectively lasting forever.   Modifying the cable from the wall wart with anderson power poles (or some other DC connector) would also be needed.

    • Upvote 1
  13. 6 hours ago, JWitz86 said:

    What do you mean? I don’t own any system no..? I’m a business guy own a couple businesses in town. Nothing to do with any of this, no. 
     

    sorry hopefully I understood that correctly 

    Prove it.  An actual business guy who is legal and business like can identify his business.  You didn't.  Just a bunch of disorganized, boastful posts.  Why would anyone who is in their right mind want to work with you, much less provide you with their own business contact information?

  14. I would like to SSH in, suspend an attack underway (keyboard would still work for the person using it).   I could then mount udisk, grab the loot, make changes.  Another command would resume the attack. That command should  have the option to resume the suspended attack or load a new  payload.txt and start with that.

    A command to return to attack mode would be useful when connecting by serial port.

  15. Promotions mention multi-vector attacks.  I get that the firmware may have future developments and so I speculate on what they could be.  The CROC can emulate storage or ethernet devices but can it log traffic through those devices or match access?   If the storage device connected had "bait" files, could it log someone's looking through them, what they might copy and so on?  Can the Croc use it's Wifi to be like the Turtle, but with Wifi not the ethernet port?     Could someone connect a USB ethernet adapter and then the Croc can intercept what goes through it?  I am also excited for whether a USB hub could be connected to the CROC and multiple devices get handled through it.  

  16. I have worked in retailing hand held amateur VHF/UHF radios which have LiOn batteries.  I recommend to my customers that they fully charge new radios using the charger that comes with it and until the radio tells you it is charged (as defined in the instruction manual) before first use.  Conversely if someone takes their brand new toy and uses it until the battery dies - the battery (in my experience) may never be quite right.   LiOn batteries (unlike older technology) does not have a "memory" effect.   Therefore discharging LiOn batteries to "Condition it" from time to time is a bad idea and of no real use.

    I have the Shark on order and expect to play soon.

  17. Further experimenting.  It appears that if one disconnects a "good" keyboard and then reconnects it - that works.  However, if one disconnects a good one and then connects one of the ones that seem to not work, then goes back to the good one - it doesn't work.  Can someone confirm this?  If so it appears that keyboards that won't log cause some internal error that prevents further function.

     

  18. My keycroc worked just fine with a mac keyboard (a pretty old one) but a USB keyboard.  After the update, which I did today, the same day I got the Croc, it didn't work.  The croc behaved as if there was no keyboard connected.  The keyboard just fine without the croc.

    Next I tried a Logitech wireless keyboard, which shares a receiver with a mouse.  The Croc worked with that keyboard as expected.  HOWEVER - when I moved the mouse, it's movements came out as jumbled text in the computer.  I would have to say that with such a keyboard, this would not be a good thing.

    Finally I tried a very old dell keyboard (which is old enough to drink), has a DIN connector.  I happen to have a DIN to USB adapter.  That worked exactly as advertised with Version 1.3.

    I think 1.3 needs some more work.  To summarize, that which worked before does not work in 1.3.  MAC keyboard on a PC is admittedly unlikely in the real world. Logitech wireless keyboard + mouse is a bit more likely.

    Geoff

     

  19. What I find interesting about this kind of complaint , valid or invalid as it might be, there is no methodical description of use case, process by which you tried to fulfill that use case and problems you encountered with doing so.   Any kind of product that has some complexity will be frustrating without effort.  "No replies required" and yet, there is a post? Why? 

    I am reminded of a recent thread on a Ham Radio board where someone complained of a fiber glass telescoping pole.  These are intended to get a thin, light weight piece of wire up vertically (20-50' depending on model)  in the air.  They are themselves very light in weight (a few pounds) and (if you know what you are doing and watched the video) easy to put up.  So the guy called it junk.  When asked what he did with it, he put a complex 12 pound antenna on it (something the instructions said not to do), erected it the opposite of the instructions and it broke.  Well - that was predictable and not surprising.

    When I do complain about  a product, I am imagining myself as the guy who designed it, probably thought it was useful.  I also realize that the product sells, someone is buying it and finding it useful. Why?  My complaint is for review, for the developer to consider how to make it better or, perhaps to find out that there were other things that are useful to do with it or ways to do things - NOTHING LIKE THAT IN THIS THREAD!  Limited remarks on what they think it does (deauth wrist watch) are just that - limited.  Bringing something to an engagement is not for looks - it is to accomplish a task you agreed to get done.  What is it?  Not stated.

  20. PS - to remedy the issue, with plunderbug disconnected, go to "Device Manager", "Show hidden",  go to "Network Adapters" and remove the Plunderbug one ASIX AX88772C  ... then plug in the plunderbug again and do what I said in the prior post. (or use the powershell script)

  21. I had a very similar issue on Windows 10.  Instead of running the powershell script, I used the alternative method of running ncpa.cpl.  I then unchecked all the protocols for that ethernet adapter as was stated in the instructions.   This was wrong and especially different from what the power shell script does.  The PS script simply disables Internet Protocol Version 4 and Internet Protocol Version 6.  (which forces some others to be disabled too).  When I did *ONLY THAT* and then ran Wireshark "As Administrator" (which may not always be necessary)  it worked just fine.  Turns out that disabling Npcap protocol made the adapter invisible to wireshark.  Another one - didn't examine further and don't know, keeps the plunder bug from working the second time it's connected. Interestingly, the Screen capture Hak5 uses in that instruction does not include NPcap in the list of protocols but does say "All of them".  My recommendation is that in the instructions - just tell people to uncheck the two TCP protocols and leave the rest alone.

     

×
×
  • Create New...