[Everthing on Hak5 server?]

I'll end my involvement in this thread on a celebratory note.

E-MAIL CONFRONTATION THAT MY 2 ORDERS HAVE SHIPPED!

thanks for the help peeps.

[Everthing on Hak5 server?]

4 minutes ago, Foxtrot said:

Hi,

Just wanted to clear up any chance of misinterpretation on what is connected to Hak5 servers, etc.

The WiFi Pineapple Web Interface that you refer to is stored on the WiFi Pineapple itself, and is served from it's own web server locally. The WiFi Pineapple UI will reach out to Hak5 owned services, but only if you explicitly state so. Things such as updating the firmware, downloading modules and loading bulletins will initiate a connection to our servers. The buttons in the UI that do this are marked with such 'warnings' (basically just so you're aware it will be reaching out, if you're on an engagement).

This goes for all of our hardware products.

The Cloud C2 is different from that however, and will for licensing purposes reach out to our infrastructure periodically. The news/bulletins on the Cloud C2 homepage is also hosted on our servers.

I hope this answers any questions. We don't acquire any data (for example, client reports from engagements as you mention).

Thank you. This is what i needed to understand. Nothing personal but i like to know where info is going and stored because i feel it would be my responsibility if something goes wrong.

Being secure with info is the name of the game.

[Everthing on Hak5 server?]

8 minutes ago, PoSHMagiC0de said:

You can or you can ssh into it and work on the command line if you are L33t enough.  It has an internal web interface on the Pineapple.  It is not served from their site.  I believe the dashboard does connect to their portal which just to pull down news.

I see. That's much better. Thank you.

[Everthing on Hak5 server?]

34 minutes ago, INFOTRACE said:

Thanks as always for an informative response. I know that members appreciate it😎

Yes it's appreciate. This is a nice and helpful community.

[Everthing on Hak5 server?]

40 minutes ago, PoSHMagiC0de said:

Yeah.....

I read through this thread twice and still got lost.  If I read it correctly from the original question, it is asked why Hak5 products are tied to their servers.  Well, they are not.  The BashBunny, RUbbr ducky, and all their stuff does not require you to speak back to their server.  If you want new firmware and stuff, you can download it and install it but usage does not require..nor does it..talk back to Hak5.  The Cloud C2 might and if it does, it will be for product registration since that is one of their only products that has a free and paid tier so it has licenses.

So, I do not know of any Hak5 hardware that has a mandatory umbilical back to them.  Support you get is all manual.  Manual calling/emailing them and manually downloading and installing updates.  Hmm, I think the Pineapple speaks back to their server but only to return if there are updates and I believe there is an option to turn that off.

I think its the web interface. That's what my question Is based on. Im waiting for my order to arrive so Im going on what i have seen and read.

 With the wifi pineapple nano you need to use Hak5 web interface to use it? Is this not correct?

Thank you for your answers.

[Everthing on Hak5 server?]

9 minutes ago, Forkish said:

I can understand the point of view. I don’t use most cloud services because I don’t want my stuff used for their own business purposes.  Hak5 though touts itself as a purveyor of white hat products. With that in mind, in theory, none of the information is yours to begin with. It’s all your clients. leading to the fact that they will have signed paperwork explaining your (your pen testing business’) privacy policy and data retention policy which would (should) cover those issues. If I were to ever use these products on anything other than myself (wife still gets angry I break the wifi at least twice a week), I’d be happy as a clam keeping other peoples stuff on the cloud to make my job easier. I believe that’s the angle anyways.

Lmao. Breaking stuff is the best part.

Thank you for your reply.

Why Is there no option to host it on your own servers? No matter who's info it is, if it's under me and my responsibility I want full control over it.

 

[Everthing on Hak5 server?]

15 minutes ago, INFOTRACE said:

Hi Ron,

Nice post😎 You raise some good points. I think that in the digital world everything and everyone using it will leave a trace. No different to this post, but, I do get your views. If no computer data existed there would still be data. When born a certificate is created and the birth recorded; when registering with doctor/GP/dentist etc., records are created and whether that is done the old fashioned way or digitally in today's world. 

So, I guess if you are worried about using the devices and leaving a trace, well, I think you could go off grid, but that will not delete the digital footprint that you have already left. From mobile/cell devices to wifi/internet you will always leave a forensic trail, but that can be masked/TOR/Proxy etc., then you might feel better, but you still need to go through Hack5.......as you pointed out.

Hope this helps in some way😎

PS. Nothing wrong with being paranoid😈

Good point's.

More or less I was attempting to be gentle about my question but more to the point... What's the underlying purpose to this design? Why did they design it to where you will be dependent on there server's? I believe everthing is done with an underlying purpose and usually with companies it's monetary.

Non of this will keep me from buying or using there products or "service" but it would be nice to know all I could about how It all work's and why?

It would be nice to know what they do with your information and if they keep dump file's. 

Do you truly own the device you buy or is this like Microsoft that leads you to believe you own your computer when in reality each update takes it over bit by bit. Next thing you know you have to pay yo use something that was previously free.

[Everthing on Hak5 server?]

Forgive me for feeling suspicious but I trust no one, especially companies and governments.

I'm new to Hak5 and I've read through a lot of the sight and I see a recurring theme. "Hosted on our server's" like it's a good thing.

 It may be I guess but the untrusting part of my brian (95%) is saying that seems strange. Why would they still want you tied to there server's year's after you obtained there products.

 Why can't you use these item's without the umbilical cord attached? Or did i miss something that says you don't need there server's to use your products?

How do I know that your server's aren't collecting data from our target's for later use or putting clients at risk if your server's get compromised?

Go ahead and call me paranoid but I'll be standing when many fall's.