Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by chrizree

  1. You have set: #### OPTIONS INTERFACE='eth0' #interface of the outgoing interface eth0 is the internal interface, right? eth1 is the one that should get an IP from the network, at least on my PS. Also not sure what INTERFACE is used for. I'm not aware of that it is an internal parameter of the PS and it's not used anywhere else in your payload code. Haven't used it myself so it's news to me and I can't find it in the PS docs. May be correct though. Also be aware of that ip -o -f inet addr show | awk '/scope global/{sub(/[^.]+\//,"0/",$4);print $4}' will list both interface
  2. Check the sources.list entries (or whatever the Croc uses). Jessie is older than Stretch and will not offer/provide anything "stable". Jessie had EOL on June 30 2020 and it's defined as "oldoldstable". Stretch is "oldstable" and not default release. Buster is the current stable one, but I would not recommend messing around with changing any of this "just like that".
  3. Is that really the mentioned JSON file? Isn't it the Bash Bunny JSON file that is used along with the JS encoder for the Ducky? https://downloads.hak5.org/ducky https://github.com/hak5/bashbunny-payloads/tree/master/languages Line 290 in the jsencoder html file, if using default lang (US) change 'F10': '00,00,43' to 'F10': '02,00,43' Or the line in one of the alternative lang files (json) "F10":"00,00,43" to "F10":"02,00,43"
  4. Is your password containing uppercase letters? Try to type them all as lowercase and see if it works. I seem to remember that it was an "update feature".
  5. did you order the programmer? where does it say in the shop that the cable is automatically bundled with the programmer? it's a separate product, right?!
  6. What are you trying to accomplish? I guess you want to mimic those gathered SSIDs using your Mk7. Have you set up filters on your Pineapple so that it's possible to access your Mk7 using those SSIDs? Are you too close to the real SSIDs so that your connection attempts are actually trying to connect to the real SSIDs instead of your fake ones?
  7. You could ask in the C2 section of the forum, but there's not really any command to actually install the C2 server, it just starts the server. You have to be more specific in order to offer any help to solve your issues. What OS are you running your C2 instance on? Is it locally or in the cloud/on the internet? Using https or not? Started as a service or not? What video have you been watching? Etc...
  8. I don't know if it's a good thing to advise not to buy Hak5 devices on a Hak5 forum, but of course there are alternative paths to glory. Since I own a lot of Hak5 devices, I can just say that they are good. Bugs is always a part of the picture, especially when it's new devices such as the Mk7. Anyway, you could start with a simple PC and a home grade router as well. Learn the basics of networking first and you will be ready to use other tools soon. There are myriads of resources out there to dive into in order to elevate your knowledge. Even though Hak5 stuff is designed to be easy to use, the
  9. I can't answer to why you haven't got any reply from the Hak5 shop, but if your kit included a Mk7 Pineapple, then I'm very sure you have to stand in line and wait. There are also some other products that are out of stock at the moment if visiting the shop, so if your kit included some of those as well, then you will have to wait for those too. Nothing will be shipped until everything in the order is ready. Even though there could be some improvements to wish for when it comes to order status updates, I'm very sure that Hak5 won't trick you, you will get your stuff eventually. I know that ther
  10. Can you ping your local C2 server from your Mk7? Are necessary ports open on the C2 server making it possible for the Mk7 to communicate with the C2 instance?
  11. OK, I can't replicate that scenario sadly. The dates in my PineAP log is the expected date and time.
  12. I quote myself: "Get an ovpn file from your VPN service provider (or Tunnelbear to follow this example). Either it's one file only with certs and keys included, or a client config file along with separate key and certificate files. If the files are not included in one (1) file only, then the other files needs to be referred to in the config file. They probably already are if the VPN provider has chosen to keep them as separate files, but I often want to add absolute paths to those files." In other words... you need to get a relevant ovpn file from ExpressVPN and use that along with y
  13. Have you tried (re)formatting the SD card or tried another SD card?
  14. Can you explain the steps you take to produce the output, exactly what logs that are correct and incorrect, etc. so that it will be easier to track/find the source of your issues
  15. ok, great news, splitting things up to verify each part separately is always a good approach when experiencing issues similar to this situation, I can't see any problems for you to get it all working as intended
  16. ok, but I was primarily interested in your iptables rules, have you run the bb.sh script with success? I.e. gotten the status "found" and the ASCII art that tells you that the Bunny is connected to the internet. You have no route that includes
  17. try to edit the cmd file temporarily and skip the date/time stuff in the folder creation and run it once and see if it works better, that date/time stamp most likely needs to be modified before it can be used, i.e. the script needs to be altered so that it creates a date/time output that can be used without issues, just create a directory in the script called "test" as a subdir to slurp: set dst=%~d0\slurp\test You can also add PAUSE or SLEEP s (where s is number of seconds to sleep) to the end of the script so that you can catch the output I'm kind of rusty when it comes to Win
  18. I'm sitting with my Bunny attached to my PC right now and it's working all fine. I don't think it's something wrong with either the Bunny or the bb.sh script unless you have been doing something special that would have impact. Have you looked through your IP tables rules on the PC?
  19. And if you run the commands "manually" on your victim PC (content of e.cmd), do you get the desired results (I know, it won't be the exact same result since it won't be storing anything on your Ducky, but it will make it possible to catch some errors)? If you're not on a US (or US like system with that kind of date format), the folders created will be named with something that looks like a mess. Not that it should stop anything, but it could need some "remapping" to look proper. I don't really think that you have a missing Documents folder on your "victim" PC, but it could for sure be a reason
  20. On what drive do you store the script? Are you using stock Ducky firmware or have you flashed some alternative variant?
  21. If you only have access to one (1) physical computer, then I would go with an environment of VMs. If you are afraid of "polluting" your ordinary installation, then I would get an alternative hard drive and change the drive when pentesting. If that is too much work, then you can isolate both attacking and victim virtual machines in a virtual network on the PC. The risk all depends on what you are about to do. If it is things that wouldn't harm your host, then I would go virtual. I haven't dual booted since the 90's. There's potential risk of the guest breaking out and accessing the host when ru
  22. The most common way in Windows for an ordinary user is to set it using the GUI, but you could use netsh and it would look something like this: netsh interface ip set address "Local Area Connection" static or netsh interface ip set address name="Local Area Connection" static
  23. You should use the Docs site instead of the old wiki. In this particular case, it doesn't matter that much when it comes to the factory reset procedure since it's the same in both places. https://docs.hak5.org/hc/en-us/articles/360010555853-Factory-Reset However, since you mention bin files, is it really the factory reset that you are doing? A bin file should only be needed in the firmware recovery process. Since you have titled the thread "Firmware Update", I guess you are actually doing the firmware recovery, not the factory reset. And... using a bin file for a Nano on a Tetra is not su
  • Create New...