Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

Everything posted by Struthian

  1. Each are stealthier in different situations depending. The Squirrel is smaller, easier to hide but if seen might be viewed as unusual. The Squirrel with dual ethernet ports has a broader "middle" for exploits or investigations than the Turtle which is limited to USB on one side. The Turtle is more mature and has a bigger library of payloads. The Turtle SD supports an SD card and thus the potential for a larger area to store exfiltrated data while still being stealthy. Adding a thumb drive to the Squirrel would add to it's weirdness if actually ever noticed. The Squirrel depends on a
  2. In some cases Hak5 Sells cases, especially the EDC for Tetra. My suggestion is that you sell field kit cases and especially to persons who already bought most of what was already in it and through Hak5. So, the Hak5 elite case would be available who have ordered most or all of the Hak5 Elite kit. Some of us just don't plan ahead. Note even a week ahead ... :-)
  3. Everything you report suggests the site is not on the up and up. I would report it to the FBI, no harm in it. They can figure out what is going on. ISP's and government agencies do not necessarily respond with what they are doing in response. It doesn't hurt to tell more people. Without probing and doing things that might be considered illegal - i doubt there is much of a way to determine specifically what is going on behind the scenes. However, the FBI has those means and can get that authority.
  4. In your scaffolding, AUTO_ETHERNET could be only for OS determination. After GET TARGET_OS - one could execute another ATTACKMODE to be used in common with all OS's. Geoff
  5. It might be fun but here is the problem - it would look weird and it might not fit innocuously into your pocket. One could build (and people have) devices similar in purpose to Hak5 products starting with such things as arduinos, raspberry pi's and other things of that ilk. One would have to create some software or pull something out of open source to do it. Of course if you modded a Hak5 product, you would also have to improve or add to the Hak5 software to get the mod to be useful. So we have the look weird problem either way. I have thought of burying devices within entertaining
  6. I own a ducky, a bunny, a squirrel and a turtle. You are right that the ducky is faster but it is also less versatile and harder to set up than the Bunny. The ducky has the advantage, when fully assembled of looking like a flash drive and more normal. Probably the greatest super power of the ducky is leaving a bunch around where someone finds them, connects it to their computer and gets hacked. The bunny has more tricks but I consider it also a useful tool for developing ducky code. You will be able to cycle the bunny faster as you get the script right. Because the Bunny is also more v
  7. No, not doing that. I am doing something far more interesting. A payload that does the same thing in different OS environments is quite desirable and would be easy with the features I requested. Actually in dedicated or kiosk set ups, you don't know what the OS beneath is all the time. I also can't imagine they would be hard to add.
  8. Thank you PixL. That's helpful. I did reading first - hopefully enough. No torches and pitch forks yet. I live in a very dense neighborhood of mostly wood frame homes, so it's a collateral damage rich environment for sure. aaannnd, my work area is about 40' above the ground. You made me think of one factor in all this, the Pineapple, experimental targets, and AP are within a foot or two of one another. Yes, I have PineAP with the SSID hidden which I think is the default. I'll look into NetworkingPlus - that sounds like just the thing. Since I wrote what I did before, I've made a
  9. Thanks for the work around. I do think that it is a bug. If the user has asked to shutdown, then anything keeping that from happening should be ended too. I don't see why what you recommend can't be in the shutdown sequence.
  10. For AUTO_ETHERNET, it would be great if there was a result or environmental variable which told us which type it selected. That would be a hint on which operating system.
  11. Installed... worked. What would be great is an alternate partition for ATTACKMODE STORAGE. If this partition were write only, with some fake files, it would hide exfiltration from the target user.
  12. I have the latest firmware. When I ask the Tetra to shutdown in its web page - the blue light remains dim and the red one keeps blinking - for at least 10 minutes. I then just pull the plug. This occurred after disabling PineAP and Profiling. So - nothing should have been running (I guess?) when the shutdown was requested. Is this a bug? How long is correct to wait before shutting down?
  13. Thanks Seb for the great answers. I have the info I need. I would suggest that if Hak5 continues to sell the boost kit, and/or recommends that dongle for use with the Tetra, they include a caution: the antenna connectors for the dongle, look the same (without glasses) but are not compatible. I could see someone damaging a connector if they were less than gentle. Just a thought for documentation going forward.
  14. In order to get better acquainted with my Tetra, I have been trying to hack my own computers. Things are different than what I expected. I have two SSID's. As it happens, one is for 2.5 ghz and the other is 5ghz. I have a variety of different wireless devices but I focused on one which is a laptop running windows 10 with only 2.5 ghz client capability. Naturally it is securely connected to the 2.5 ghz AP. More or less following the wifi pineappling book - I did recon. I initially added the two SSID's to the "Profiling filters" and also to the Filters "SSID Allow mode". I also a
  15. I suggest that you look at entry level books for the different languages. The one that looks most interesting and fun is the right one for you to start. Ultimately, you should know them all. You should also learn BASH. As you spread out, look for common ideas present in them all. Understand similarities and differences. It's this which makes one more or less suitable for a particular task.
  16. Tetra uses SMA connectors for it's antennas. The long range WiFi Dongle included in the boost (and sold in the store) are RP-SMA. The antennas and their connectors look the same except that one has a center pin, to fit in the connector and the other, accepts a pin from the connector on the device. Someone could break a connector not realizing this. I put a piece of tape on the dongle antenna to not make the mistake (don't use metallic tape). I am going to guess that the Long Range Wifi booster follows the same convention as the dongle, since they are sold together in a kit. This ma
  17. While fooling around with Bash Bunny PasswordGrabber and Lazagna, I was testing it on a variety of computers in my home. I deleted the passwords.txt files (of course) and then realized something - what about freespace recovery? Indeed, all those deleted password files for basically every password I have or ever had - was on my bunny. If your bunny is hacked and those files recovered - could be a big problem. This could also happen forensically if some agency gets a hold of it One solution is to use the DOS CMD to run Cipher /W:bunnydrivename . This will wipe the free space of your
  18. I solved it by editing e.cmd so that it formats a legit file name. You can see my post in the other Password Grabber thread. Failure to create the directory was the clue. It never gets to the point it runs Lazagne. e.cmd
  19. The problem I found with the current version of e.cmd is that it does not create a legit file name for the directory. There are also inconsistencies in the use of the base directory. Here is the one I edited so that it works for illustration. I also attached the version of it I created and which works, tested on latest windows 10. If the Virus scanner blocked Lazagna, then the directory would be created. Notice the formatting of drec, then the use of dst instead of drec. Also notice the inconsistent use of loot/passwordgrabber and loot/usbexfiltration I am continuing to investigate
  20. Even shards of a smashed platter can yield data in an advanced lab. Services that destroy drives shred them on site and then take the shreddings and burn them or destroy them chemically. If you want to dIY, burning is necessary to completely obliterate the data. In shredding, the smaller the shards, the less likely the recovery. Obviously the more the shards are mixed from other shreddings the more deterred the data recovery specialists will be. You can also obliterate the data and keep the drive by using the appropriate software. That will rewrite the drive many times with rand
  21. Frankwilly - Develop your spoken and written language skills, learn to write computer programs. Then you will make enough money so the credit card companies will find you. If you want to risk prison, you will have the skills to answer your own question. I don't really know what you seek but if you wish help committing a crime, do the time and make the effort. Then, if you screw up, you can do it in jail.
  22. Your power supply might be inadequate. Make sure that it is a quality supply which produces at least 2A of current. Also, use a sturdy USB cable and, at least for diagnostic purposes a shorter one. There might be other causes, but this would be the first thing I would check. If the wall wart you are using doesn't put out enough current then reboots could happen. Similarly if the USB cable is too long or too narrow in gauge that could limit current at the Tetra's circuits. If the radio is working harder, that would demand more current. That could cause the CPU to stop working and then
  23. I've been a computer systems designer from circuitry to software through several generations of technology for 45 years. I use the word "hacking" more broadly than hack5. It means "finding and creating ways to do things that are novel and not really what was expected by the original designer (of hardware, software, chip, part or just a thing)". Obviously to do that you need to be really lucky and stumble into something or know a lot and/or learn more. The mindset of hacking can be used to do bad things to people and systems. It can also be used to prevent others from doing bad thing
  24. Just try it. Try a payload with ETHERNET_RNDIS. Then try a payload with STORAGE ETHERNET_RNDIS Go to the Device Manager. in the "View" menu, choose "Show Hidden Devices". You will see there are two ethernet devices (in addition to what the computer already has) "IBM USB Remote NDIS Network Device" is the former attack mode. "REMOTE NDIS Compatible Device" is the second attack mode (with storage). If you follow the instructions for "Sharing an Internet Connection from Windows" in the Documentation for the BB, you will see that payloads that use the same attackmode will not work.
  25. I tried using ATTACKMODE RNDIS_ETHERNET SN_0x12345678 in the WIN93 prank. This worked, evidently it didn't show up as the Windows Sharing Internet connection. Removing the SN caused the payload to fail on a PC with Bunny Windows Internet sharing. So, using the serial number allowed me to play with the prank on a machine that was set up for Windows Internet Sharing. I then tried ATTACKMODE RNDIS_ETHERNET VID_0x07B2 PID_0x5120 this is for a "Motorola Surfboard" RNDIS device, I got from a list of USB ID's. This worked in testing on the WIN93 prank payload. However, it created an addition
  • Create New...