Jump to content

Aaron Outhier

Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Aaron Outhier

  1. Oops, I had scrolled to the bottom of the page and thought that was it. Didn't notice until now there is a page 2...
  2. Anyone else notice in that last pic the Link Quality is 70/70, but the Signal level is -28 dBm? I'm no expert, but that seems pretty weak for being 12 feet away. I would expect almost double that, unless the transmit level on the source is lower than I'm expecting.
  3. Is it possible one side or the other is too far away from your Pineapple? If so, you won't be able to see packets for that device...
  4. I think it would help to know more details about your setup? For example: Is C2 server connected to the VPN server? Or perhaps C2 is the VPN server? If you don't know what I mean here, just skip it. If the VPN is separate from/external to the VPN, then is your computer connected to the VPN? Also, are any of your Hak5 devices connected to the VPN? Finally, if the VPN were disconnected, would any of the other components be on the same network? I suspect a routing issue, but impossible to say with current information. Please do not post any public or Internet-facing ip addresses or domain names in your response. Also, please redact any personally identifiable info.
  5. From what I understand, the local PD can't help with the hacked phone portion of it. Try the FBI. If you want to press charges, then the police can help you. You'll want some evidence of wrong doing first however. Still, it won't hurt to ask them.
  6. Client isolation puts up a firewall between the various devices in that network. It doesn't prevent sniffing. It really can't prevent sniffing. Although you could use a captive portal of some kind to limit access to only customers with a code/voucher, that is an advanced topic, would be difficult to implement, and is beyond my time & patience thresholds right now to assist, but still possible. That still won't prevent sniffing, but would help prevent session stealing and duplicate logins. Might also help you track down and shut down misbehaving clients. That would be quite a bit of work if you are a small shop. Note that client isolation will also prevent you, say, from using a network printer or a NAS drive. Bottom line: Use a guest network with client isolation for your guests. Use a WPA2 (or 3) secured network for yourself. If you can manage: Use wpa2 security for your guest network, and write the code on a whiteboard inside your shop, and change the code every day. Use a random code generator for the daily WPA2 password. Set it to about 12 characters, Alphanumeric. Very few special characters are allowed in a WiFi passcode. Better to avoid them.
  7. The individual in question probably has remote access to your computer. There are many folks you could contact about finding out how, and gathering evidence. I would suggest your local FBI office, as they are in charge of cyber crimes. That said, shut down your computer/laptop etc. and find a another PC to find the FBI's cyber terrorism or cyber crimes department. Make a report. If that's to much for you or you don't want to deal with that, then skip that and go straight to step 2: Try disabling your WiFi/Ethernet connection, and start backing up your stuff. You'll want to reinstall your operating system. I know that's a pain, but it's better than not knowing what this person is up to. If you're not online, then he can't watch you, and interfere with your backup. If you are online, then he can make your life a living <you know what>! If he thinks you're going to shut him out, there's no telling what he'll do. He could delete your backup, or even your originals. Check out AOMEI Backupper. They have a tool to make a backup USB disk that you can use to backup your stuff. There is both a professional version, and a free version. Either use that to make an offline backup onto a USB Hard Drive, or just start dragging files on to the drive directly. Use a different PC to make the drive, or download the program elsewhere, and install on your machine while it is offline. After the backup, shred/wipe all data from your boot drive, and reinstall a fresh copy of windows. You can download the Media Creation Tool from Microsoft to make either a Bootable DVD, or a bootable USB drive. Again, use an uncompromised PC, and don't insert it into your machine with Windows running and te WiFi turned on. Apologies for scaring you, but I want to drive my point home: If someone else has control of your computer, then can you truly say it's your computer?
  8. Forgot to mention as part of my above rant: The entire /lib/modules folder is missing!
  9. Ok, so I'm getting an error at modprobe usb-storage: modprobe: ERROR: ../libkmod/libkmod.c:557 kmod_search_moddep() could not open moddep file '/lib/modules/3.4.39/modules.dep.bin' This is causing the USB drive to not be mountable. I'm not sure if this is by design, but either way, it appears there are very few modules available, including usb-storage. Perhaps @Foxtrot or @Darren Kitchen will comment soon? It seems to me, and this is just my 2 cents, but I believe Hak5 products are supposed to be extensible. We're supposed to be able to add functionality as required. And, while Hak5 can't give individual attention to every small issue, the issue above might interfere with some advanced operations.
  10. It is possible, but not officially supported. You can of course ask for help in the forums, as you've already discovered. If you're trying to access the flash drive on the host PC, it'd be easiest to create an empty folder inside the udisk, and then mount the USB drive inside of it. If you need remote access to it (ssh, etc), then your example should work.
  11. In my studies, I learned long ago, that the forward and back slashes were often confused. Someone explained how to keep them straight: We type from left to right. If you imaging a man running from the left side of your screen to right, he can lean back "\" or forward "/". If I had a nickel for every time I have heard someone say h t t p colon backslash backslash, I'd spend much more time at the nickel arcade, and less time correcting them... Apologies. I don't intend to offend. There are just too many folks spending their "valentimes" day at the "liberry", in my personal opinion.
  12. Umm, you do realize that forward slash is / and back slash is \ right? Or have the two been switched since the 1980s?
  13. Hello, I have installed and configured my openvpn server in the cloud with this script: https://github.com/Nyr/openvpn-install I have both my LAN turtle and my packet squirrel setup to connect to my openvpn server. It would be great if I could configure routing between networks. I see there is info on doing this with access server, however, I have about 5 vpn clients, so the limit of 3 clients on access server won't work for me. Plus, I had already configured everything before I even heard of access server. Basically, I have a LAN Turtle on my home network by itself, and I keep my Packet Squirrel with me (although it would be nice to be able to reverse that setup if needed). How can I setup routing to allow easy access to my home network on the go. Besides my Packet Squirrel, I have an iPad, a MacBook Pro, a Linux Laptop, a Windows laptop and other devices, etc. The Packet Squirrel is so I can connect my client's computers and access my network resources, without having to install and configure VPN software just to remove it again afterword. I am aware of the security concerns regarding connecting unknown machines to my network, and have those issues under control. Is there an existing guide to set this up that doesn't involve OpenVPN access server? If not, can someone help me with this setup?
  14. Hello, I am wondering if the 802.11AC module has been released and is out of stock, or has it not yet been released at all? If the latter, have you just been busy with other things, and not had time to invest thus far, or have you encountered difficulties getting it launched? Also, is it going to require soldering or voided warranty, like with the Kismet Mods? I would love a simple plug-in solution that is discrete and doesn't fill the USB port. I've already bought an Alfa AWUS036ACH WiFi AC module, even before the Mark VII was announced. I planned to use it with Kali, but since it works with the MK7, I'll try it out. I'm going to be ordering an Mk7 soon. Need to put some cash into the bank first.
  15. Ok, It's probably the Pineapple. It may need to be factory reset. Something seems out of whack. Chrome is usually quite stable. That said, before you reset it, try again with a different browser. Either open the site in Edge, or grab a copy of Firefox, Opera, etc. You don't need to keep them or use them permanently. Just check if the behavior is the same or different there. If you have the same issues in a different browser, then reset the Pineapple. I hope that helps. --Aaron
  16. Hmm, well this is kind of obvious and you probably did this already, but just in case: After disabling adblocker, refresh the page. you can also try clearing your browser cache. I might be barking up the wrong tree. Out of curiosity, what browser and OS are you using?
  17. I am having a similar issue. Streaming toggle is on. Crab is connected to WiFi, and C2 says it is online. TV displays picture just the same with and without the crab. Images are being saved to the crab's MicroSD, but C2 says waiting for signal. It worked fine before the C2 upgrade to 3.0 .
  18. It is possible to modify the built-in software, but doing so would void your warranty. Be very certain you want to mess with it before you go any further. Also, be sure you backup any modified files to the SD card before going any further. If you open the cover on the crab, I believe there are terminals for a TTL serial port. You will need a TTL serial device from ebay, or a similar marketplace. DO NOT TRY TO USE RS-232!
  19. Do you have some kind of Ad Blocker installed in your browser? If so, you'll need to either exclude the Pineapple's address from ad blocking, or disable the ad blocker altogether.
  20. Perhaps it is different on the Mark VII, but on my Nano, holding down the button does a factory reset. During setup, I need to quickly press and release the button, not hold it down. If I were to hold the button during setup, I would have the same problem you are describing.
  21. One thing I'd like to mention though: There are lots of open WiFi signals around - McDonalds, Starbucks, and many others. One trick folks use takes advantage of the fact that many people save such open hotspots in their list of routers to connect to automatically. That way, any time the come across such an establishment, they don't have to do as much clicking. By mimicking the names of such open APs, you can get clients to connect, before they even know they're connected.
  22. Alas, no. It's not so simple as that. The password on a WiFi network isn't a simple password in the usual sense. It is used as a base to generate a 64-character encryption key. That is in turn used to authenticate a device to the network. The original "password" isn't actually used, however, both sides need to supply the same original password. To put it more simply: The client has to use the same password that the router is expecting. They won't be able to communicate otherwise. It isn't possible for a router (or WiFi Pineapple) to determine the password in use by a client directly. The only way to discover a key in use is by observing and capturing the initial key exchange between an existing router and a client device. Nice idea though. Also, although I believe it is possible to have a Pineapple broadcast a protected AP, it isn't an option in the Web interface at this time. You would need make such changes from a command line via ssh.
  23. Ever since the upgrade to Version 3.0, my ScreenCrab hasn't been sending images to C2. The images display on my TV just fine, and a quick check of the SD card, shows screen captures at 10 second intervals, as configured. However, C2 says "waiting for video signal" on the configuration tab, and the loot tab says "no loot available". I have already tried removing and re-adding the ScreenCrab in C2, as well as wiping the SD card, and reconfiguring config.txt from scratch and copying over the new device.config file. Anything else I can try??
  24. So, I have about 18 pages of keylogging history in my keycroc tab in C2. I want to wipe the history on both the device and in C2, without resetting anything else. I've already deleted the respective files on the keycroc, but how do I convince C2 to forget all keystrokes?
  • Create New...