Jump to content

kuyaya

Active Members
  • Posts

    282
  • Joined

  • Last visited

  • Days Won

    16

Everything posted by kuyaya

  1. Also Mark V ist die 5te Generation und Nano/Tetra ist die 6te (neueste) Generation
  2. kuyaya

    Is HAK5 dead?

    I totally agree with you. Nicely said again 🙂 A bit off topic: Nice that you have a cool boss like that. I'm studying so it's a bit different in my case. I once asked the administration if I could make a "pentest" (not really a pentest in my opinion, that's why it's in ""). I would set the Wifi Pineapple somewhere on the campus where the most people are and would let it run for 7 days. I would name it "KF-Campus" (the ssid of our real campus wlan) and the captive portal would also look the same as on the normal KF-Campus (obviously, it would be an evil portal). So there wouldn't be a difference, there would just be 2 KF-Campus. Anyways, they didn't allow it 😢.
  3. You added the ejection of the bunny in this post
  4. Yes, my script just dumps what is in the db file, but that was not what I wanted. So you got quickcreds to work? I gave it up, since i don't know what I'm doing wrong. I'm working on a payload using impacket. I'm working on it.
  5. Your issue is that every time you plug the bashbunny in, it enters recovery mode, is that correct? Or is that solved now? + The bunny is set to read-only and the LED doesn't work correctly. Is that right? Could you give me an overview of everything that isn't working? It's completely fine, my fault if I was a bit harsh, sorry. I didn't express myself correctly.
  6. You can use 2 different ways to upgrade firmware. With the bunnyupdater and without the bunnyupdater. Do I really have to search it by myself.... Here it is https://downloads.hak5.org/bunny
  7. Hey guys, I have a question My "problem" is to escape the $SWITCH_POSITION This command here Gives that output But why is that the case? There are two \ in front of the $switch position. If you would only write one, it would just output $SWITCH_POSITION without any \, that makes sense, I understand that. But shouldn't it print out "payloads\$SWITCH_POSITION" because the switch position is escaped? Why does it print out switch1? The $SWITCH_POSITION should be escaped, shouldn't it? And what should you write when you want to print out "\$SWITCH_POSITION"? Because the code above does not work for that.
  8. Try that: ssh into it, then "udisk_reformat" and after the reformat, update the bunny (without the bunny updater) to the latest firmware.
  9. kuyaya

    Is HAK5 dead?

    I thought shannon doesn't work anymore with Hak5. She still continues Threatwire but she wouldn't participate in the shows (as far as I remember). Maybe she get a bit more views on the Hak5 channel.
  10. kuyaya

    Is HAK5 dead?

    Hm, you think that they don't want to do it anymore, even when they could?
  11. kuyaya

    Is HAK5 dead?

    You're right. I also think patreon wouldn't be an option, that wouldn't create as much money as they would need. But there has to be a way....
  12. I always thought that windows 7 scripts also work for windows 10. Have you tried it? What do you mean with "where can i start to study?" Can you write that in understandable englisch again please?
  13. kuyaya

    Is HAK5 dead?

    True. Why did they even stop making the Hak5 shows?? It's too sad to be true. Second point I also agree. There aren't many good posts nowadays. I think it's also a shame that they have payloads in their github repository who doesn't work. I mean, those are not made from hak5, but why don't they just take them out? Better a smaller repository where every payload works than a bigger where only some work. I try to make payloads where everyone can help improve, give new ideas and work on it to make it better, but I have a feeling like nobody is interested and I find that very sad. The only one who helped a bit was Bob123 on the Respashes payload. Most of the posts are just "<payload name> doesn't work, help me" without even a real description of the problem. But I'm optimistic. I think that when the Hak5 shows come back, interest and good discussions will also come back (to the forum). I would really love to hear a response from Darren. And not a response like "we're coming back soon" or "we're working on new products, expect us coming back". I mean a real statement. I think we deserve that.
  14. kuyaya

    Is HAK5 dead?

    First point I agree, threatwire is the only active show. I don't know why they don't make shows anymore. I always thought that they are working on new products, I don't know if that is true or not. If so, I would prefer having more hak5 shows and less new products ( nothing against new products, I just love the hak shows ). Second post I disagree. The forum isn't dead at all. Almost everyday there are new topics / responds to topics. Some sections are more active than others. The most active sections are the Pineapple nano, bash bunny and rubber ducky ( personal experience), the least active is the Plunder Bug. I visit the forum minimum twice a day. I don't how it was 3 years ago, as I joined early 2019 (a bit more than a year), but I hate it when people say that something is dead when it isn't. Anyways, I would also like to hear a statement or a response from one of the Hak5 team.
  15. Hey, great you found your way to the Hak5 Forum. What really confuses me are those several points (how they could do this): 1. I assume that you have 2-Factor Authentication on, else you would be really dumb. Sorry but this is your banking account. It is hard to trick 2FA but it can be done, for example with a phishing site that also crabs your cookies. That means they got your cookies and the cookies tell your E-Banking website that you've logged in 2 minutes ago and you don't have to do 2FA right now. 2. I'm not an expert, but I think it is really hard to trick the ip address and that it still fits with the geological place. Idk how they did it, but I have an idea. My theory on how they did this: I think you got tricked and they got access to your pc. Else, I couldn't imagine how they should trick all systems. My guess: they got your login password of your computer somehow. How did they got it? I don't know, maybe you got phished and your facebook password is the same as your computer password. Or they phished your Microsoft password, and with that they can also login to your computer. You can remotely log into a computer as long as you have the login credentials and the other computer is turned on. After they got access to your computer they logged into your banking account from your computer. Idk how your settings are but some people don't have to do 2FA from their personal devices each time they log in. How did they got your bank password? That's easy if they have access to your computer. 2FA is very important. That would also explain why it came all from your IP-address and your location. Because it was your computer who did it, he was just remotely controled. What I recommend you to do: First of all, let your antivirus do a full scan of your computer. Maybe they did place a keylogger on your PC in case you would reset your passwords. If that would be the case, they would also have the new passwords, which would make your whole security crumble. Sometimes keyloggers also don't get detected by AV's, so be sure to look at the processes on the task manager from time to time and check if there are some suspicious apps running. Second: Untrust all devices you have. By that I mean that your phone probably knows that your computer is a trusted device and won't message you if someone logs into a account of yours (from the computer). I would reset all passwords, untrust and re-trust your devices, and turn all possible security features on (for example 2FA). Just do a reset, like you would buy a new phone. I don't mean to do a factory reset or delete all files, just renew your accounts and passwords. I know this is a lot of work and it is very boring, but it is only for your security. If you see again suspicious activity on your banking, immediatly block it. It saves you a lot of money and work. let me know if there is anything else you would like to say cheers
  16. Great, update is out! Now you can rely on the LED FINISH. I did this with a very easy while loop. You can look it up in the payload.txt. But that didn't work and I asked myself why. Then I did research and I found this post. This guy had the same idea as I. The reason it didn't work is, that if you create a file in the bunny while SSH, you can't see it in the explorer. Example: Got it? Now, there should be a testfile in explorer, but there isn't. Try it yourself, if you don't belive me. It also doesn't work the other way around. If you create a file in the loot folder by hand or with powershell (both does the same), it does show up in the bunny but the bunny can't recognize it. Example: See that? It just doesn't work together. It doesn't work from bunny to explorer, and also from explorer to bunny. The reason why this is even necessary is, that the while loop checks if there is a "done" file. If that isn't the case, it stays in LED ATTACK (yellow led). The second last part of the .ps1 file is, that it should create a "done" file in the /loot/LaZassword directory. But that wouldn't work, because the bunny wouldn't recognize it, as I explained above. That's why the last part of the .ps1 file is the ejection of the BB. Then the BB syncs with the explorer and recognizes the file, which breaks the loop, which then makes and LED FINISH. And you don't even have to laborious eject the BB by hand. That's great, isn't it? When you eject the bunny, you can't access him through explorer anymore, but he can still run commands. You can also still connect with PuTTY, that's why this method works. After the ejection, the bunny deletes the done file (if not, the loop would only work 1 time because there would be a done file, even when the payload isn't finished yet) and does an LED FINISH. @PoSHMagiC0de You brought me the solution, so I wrote you to the creds on my LaZassword payload. Is that okay for you? Please message me if not.
  17. Update on the payload incoming.
  18. Yes, I know xd. But I'm not home yet. I meant that I don't know the Winver of my PC by heart. I can look it up this evening. Update: Winver of my PC is 1809.
  19. Factory reset is explained here(wifi pineapple) or here(BashBunny). I did reinstall responder of course, I mean, the payload doesn't give me an error, it just never finishes. The target PC didn't change, and I mean, if it would, that shouldn't make a difference because the payload should work on all PC's shouldnt it? On my laptop I have also Win10 1903, I don't know what version of win10 on my pc is. Anyways, it doesn't work on both. I'll try to experiment a bit and look what I can fix.
  20. Ah, that means my payload is completely useless.... I thought the DumpHash.py would just dump the hashes from the PC, because once I ssh'd into the bunny and ran DumpHash.py and it printed out the hashes. It also worked from a locked machine, but that was only because I ran QuickCreds before. I'm dumb af. The thing is, the quickcreds payload doesn't work for me anymore. It stays in the blinking yellow stage, but it worked like 1 week ago, which is really strange. I did a reset and after the reset it didn't work anymore. Even though I had the same setup. But that means that it is my fault and not the bunny/payload's fault. I'm just doing something wrong and I don't know what. Should I delete my payload from github?
  21. Hm, take a look at that. That looks exactly like your problem. The only difference is, on the turtle there is just the Responder.db stored but on the wrong place. Here it is on the right place but it doesn't has any contents. There is no other directory on the bunny that has something to do with Responder except /tools/responder itself. Proven by typing 'find / -type d -name "responder"' or 'find / -type d -name "Responder"' {sometimes the "r" from responder is written in capital letters, sometimes not.} Now I need help from somebody where it works, because I don't have access to my BB right now. Can someone please post the Responder.db here? I think it would be even better if we would have the whole working responder here. So if your responder works, please post the whole directory here or upload it somewhere on a free-file-upload-site. If you're too busy then just post the Responder.db. That would be really helpful.
  22. How do you know that DK has let this unit slide into oblivion?? When did he say that? Mine works perfectly. Also I find that the setup is really easy and it works fine. I love it. Best wireless pentest tool in my opinion.
  23. Is your issue solved? Or is it still persistent?
  24. First of all, use the search bar. You would find this: This topic was posted in november 2019 and is still very accurate and not outdated. But ok, I'll answer your questions. 0. You probably think of the bunny like that: A malware device that will hack your computer but it mostly gets detected by AV's. That is completely wrong. The BB is a linux system in a USB-stick. It doesn't have to do anything with malware. That's the same like if you would download malware on your computer and then you would tell me that your computer is a malware computer that will hack other computers. But, you can use your computer ofc also for hacking. 1. Yes it is worth getting a BB in 2020. Why wouldn't it be worth? Tell me pls. Tell me the negative points, because I don't see any. It's the best hak5 product in my opinion. 2. No, the BB won't be detected by the AV. Look, the BB isn't something dangerous. It is a trusted device, or more like, it takes the clothes of a trusted device. The BB itself ins't "dangerous" and won't be detected, there would be no reason for that. But I mean, if you would put a virus program on the BB, it may be detected, but that's the same as on a regular USB device. If you put WannaCry on an usb-stick, your AV will go crazy. 3. No, it doesn't turn to a DedBunny. I mean, that is just one guy here who got a dead bunny and all the other 600000 (idk how many) are working. There are always some black sheeps in the horde. And we don't even know what this guy did with the bunny. Maybe it fell into water or something. Maybe it isn't even the bunny's fault. 4. I'm using mine since december 2018 almost every day. That's around 400 days. Some days I'm using the bunny for more that 5 hours (im not kidding xd) and some days I don't use it at all. And it still works perfectly. It does have a long live. But there's also a topic for that in the forums, you could use the search bar 😉. Last words: 95% of the people who have issues getting the bunny to work are using it wrong (e.g. wrong setup or something). On almost every topic it isn't the bunny's fault. And I would recommend you to write your own payloads, as some of the payloads on the hak5 github don't work. Note: Those aren't hak5's payloads. Those are community payloads.
×
×
  • Create New...