Jump to content

Aaron Outhier

Active Members
  • Content Count

    34
  • Joined

  • Last visited

  • Days Won

    1

About Aaron Outhier

  • Rank
    Hak5 Fan +

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, I have been wanting to pick up a WiFi Pineapple and a SharkJack for a while - I am short about $45 US. Imagine my joy when I see I can get a free SharkJack with my purchase! Then, imagine my dismay, when I add the Tetra and SharkJack to my cart, and try to apply the coupon code...
  2. 2 options for this: 1. Setup a Cloud C2 Server, and run an on-demand ssh connection from the web interface, or 2. Enable SSH using the line in the WiFi-connect payload, which can be found here on the forums.
  3. In order to stay connected to your network, the Signal Owl needs wlan0 to stay in client mode, however, running airmon-ng switches it to monitor mode. Monitor mode causes the wireless radio to go into a passive scanning mode. The wlan0 radio can’t be in both client and monitor mode at the same time. This is why your ssh connection drops. Either connect a second WiFi Adapter to the Owl, and use it for your network/Internet connection, or write/change your payload script to run airmon -ng at boot up and log the results to the flash drive.
  4. The flash drive was not ejected properly. Load the flash drive directly into a computer and repair the file system. In the future, make sure you tell the computer to eject the drive before you physically pull it out of your system.
  5. Aaron Outhier

    kismet?

    What!!?? I bought a Signal Owl specifically to run a packet capture with Kismet. Now, I find out support is incomplete?? Any word from Drag0rn on whether he plans to finish his plugin??
  6. I've made some progress tracking a possible cause. I am still double-checking some things to make sure. So far, I believe it is caused by a particular module. @fw0: Could you please list the modules you have installed? Also, if you're willing & able, try doing a backup of anything important, and formatting your SD card (if any), and doing a factory reset. Then test if pineapd stays running before installing any modules.
  7. Well, I just ordered my key-croc and screen-crab combo. In anticipation of their arrival, I am trying to add them to my c2 portal. Unfortunately there is no option for a Key-Croc on the device-add screen.
  8. No, not possible. Apple locks-down their security. Currently not possible to run anything not approved by Apple. Incidentally, it is possible to run this on certain Android phones and tablets: https://www.kali.org/kali-linux-nethunter/
  9. Update: I've been running now for almost 2 weeks. No signs of my being hacked. Looks like a false alarm. My sincere apologies if I worried anyone.
  10. Oh, I forgot: 4th, put the SD card back into the Pineapple, and then try to format the card from the menu. Should work now. Cheers!
  11. When the SD card gets corrupt, it seems it is best to scrub clean the SD card in another PC. 1st, power off the Nano, and remove the Micro-SD card. 2nd, insert the microSD card into a computer running Windows, macOS or Linux. 3rd, if you're running Windows grab and use the SD format tool (google it). ---OR--- if running macOS or Linux, find the device name, and issue the below command - WARNING! THIS COMMAND COMPLETELY OBLITERATE ALL DATA ON THE DEVICE YOU SPECIFY!! Be 100% sure you specify the correct device, and have backed-up any important data from it. You HAVE been warned!! dd if=/dev/zero of=[name of device] bs=4096 Obviously, replace [name of device] with the actual device name, which starts with /dev/ and varies from system to system. If you don't know the correct device, please ask, but specify the name and version of your Operating System. The command will take a while to complete, and you won't see any progress while it runs. Let it finish.
  12. Hello! I'm running my Nano on firmware 2.7.0 and having the most bizarre issue. It's been happening since at least 2.6.2. I try to start the PineAP daemon, but it immediately stops. If I ssh in, and run pineap get_status I get: Failed to connect to socket at path: /var/run/pineapd.sock: No such file or directory Further, a directory listing of /var/run confirms the socket file is missing. Should I attempt to recreate this file manually, and if so, how?
  13. Follow-up: I somehow missed the end of your message the first time through. I would concur with your statement, that the lack of data to support my concern is more likely to cause panic amoung users than to be helpful. I am going to create another VPS, just as I did before, just for the sake of evidence gathering and fact-finding. I will say, that I was able to detect the hacks with the netstat command. If anyone is concerned about whether or not they have been hacked in this manner, they can run netstat | grep ssh and that should show you all ssh connections open on your system. There should be one ssh connection open if you are connected to your cloud server via ssh. This is not a conclusive test to see if you have been hacked or how, but just gives an indication as to a possible hack. PLEASE DO NOT POST RESULTS WITH IP ADDRESSES ON THE FORUMS. If you find anything suspicious, just say so, without details. unless Darren or another admin says otherwise. @Darren KitchenI was not aware of any official channels to report such concerns. My apologies for causing any trouble. I AM trying to help, not hinder. The last thing I want to do here is cause a panic. I am a advocate of the concept/idea that one can't fix a problem if one isn't aware it exists. Let me know, either here or via PM/DM what I should check next. I will make certain that my passwords are secure, and report back in a few days the status. If you want a copy of any logs, or even access to the VPS I am about to create, let me know. I think I am going to create daily snapshots of my VPS also for comparison. Thank you HAK5, for creating such great products!
  14. Darren, I have all incoming SSH connections blocked at the VPS firewall. The only ports that I had open to the public, were 443 TCP and 1194 UDP. i used the openVPN setup script you talked about on one of your shows, and your C2 server running. Everything else running was “stock” Ubuntu software. Further, those were the only two things exposed to the Internet. Somehow, someone got access to my machine via one of those two services, and opened an outgoing reverse ssh connection to somewhere in China. Once again, there is no way they could have made an initial connection via ssh, since the VPS firewall would have blocked it. Since the connections were being initiated by my server, I was unable to block the connection, and had to scrap the server all together. I may try again when the problem is fixed. I did backup my database file before scrapping it. Incidentally, my home router running OPNSense firewall software was also hacked shortly after posting that. it would seem that everyone having to stay home has some side effects.
  15. Is anyone else seeing any additional SSH connections? This can be determined by typing: netstat | head -n 20 The head command just cuts the output to the first 20 lines of output, if you are wondering. Should be plenty enough to see if there are any ssh connections or connections on port 22. I trust you all can figure out how to read the table.
×
×
  • Create New...