Jump to content

Search the Community

Showing results for tags 'Guide'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 11 results

  1. Hello Friends, It's been quite a while! Please find a new 2022 update guide for the HAK5 C2 service below. Notes: This installation guide is written ONLY for Ubuntu 18.04/20.04/22.04 LTS. Step 1. Update, upgrade, and clean your machine. sudo apt -y update && sudo apt -y upgrade && sudo apt clean Step 2. Install required packages. sudo apt -y install unzip ufw Step 3. Open ports depending on your needs (20, 2022, 80, 8080, 443). sudo ufw allow 22,2022,80,8080,443/tcp && sudo ufw enable && sudo ufw reload Step 4. Download and unzip the community ZIP files in the tmp directory. sudo wget https://c2.hak5.org/download/community -O /tmp/community && sudo unzip /tmp/community -d /tmp Step 5. Move the c2_community* file to usr/local/bin, and create the require database directory. sudo mv /tmp/c2-3.2.0_amd64_linux /usr/local/bin && sudo mkdir /var/hak5c2 Step 6. Create a new systemd service to run the Hak5 C2 script. sudo vim /etc/systemd/system/hak5.service Step 7. Utilize a template below, or build your own. Template A (https) [Unit] Description=Hak5 C2 After=hak5.service [Service] Type=idle ExecStart=/usr/local/bin/c2-3.2.0_amd64_linux -hostname IPAddressORHostname -https -db /var/hak5c2/c2.db [Install] WantedBy=multi-user.target Template B (http) [Unit] Description=Hak5 C2 After=hak5.service [Service] Type=idle ExecStart=/usr/local/bin/c2-3.2.0_amd64_linux -hostname IPAddressORHostname -db /var/hak5c2/c2.db [Install] WantedBy=multi-user.target Template C (http / port 80) [Unit] Description=Hak5 C2 After=hak5.service [Service] Type=idle ExecStart=/usr/local/bin/c2-3.2.0_amd64_linux -hostname IPAddressORHostname -listenport 80 -db /var/hak5c2/c2.db [Install] WantedBy=multi-user.target Step 8. Reload the systemd daemon, enable the service, and start. sudo systemctl daemon-reload && sudo systemctl enable hak5.service && sudo systemctl start hak5.service Step 9. View the status of your service in order to view your key. sudo systemctl status hak5.service NOTE: If you receive the ERROR "http: TLS handshake error from acme/autocert: missing server name" this is due to you utilizing the IP Address of the machine, when you enabled a hostname. You can resolve this by utilizing your domain name instead, and creating the correct DNS records through your service provider. Step 10. Visit your website and fill in the required information to finalize. Step 11. Sign into your Hak5 C2 website. Step 12. Add devices, export logs, and more! Note: Please ensure you close any unused ports after completion. ACME/AutoCert utilize port 80/8080 for authentication, but you should be able to close these ports once again until needed to recert.
  2. I wanted to try getting this python script for the kr00k POC running on my Tetra. Finally got it all working, mainly had issues with cryptodomex, after a while I realized it was a simple package called python3-cryptodomex.. derp. You'll need python3 installed, I'm unsure if this is installed default or not, but you can install with the package manager (opkg). I only included the PIP commands for python3 because I needed them specifically for python3, and was running into issues with it installing via opkg install python3-pip, but it may need a specific version, this way worked perfect, so I didn't research much further into it. I also needed to upgrade setuptools in order to build scapy properly. Here's the commands you'll need to use via SSH: opkg install python3-cryptodomex wget https://bootstrap.pypa.io/get-pip.py python3 get-pip.py pip install -U setuptools pip install scapy git clone https://github.com/hexway/r00kie-kr00kie.git && cd ./r00kie-kr00kie I've also added it to my gist for future reference. You need to comment out line # 516 of r00kie-kr00kie.py in order to prevent it from killing your remote SSH sessions. Once that's all done, you should be good to go! Hopefully this is useful for someone.
  3. Hi, I'm selling my WiFi pineapple Tetra New not used at all only opened the box with its full field guide! Going for 149£. shipping fee may apply for worldwide shipping. Selling it because I do not need it and have never used it. Can send full pictures
  4. Hey I got myself a Bash Bunny. I bricked it by accident (who would do this on purpose?) and I cant get it to work again. I already tryed the Ultimate Unbricking Guide but it doesnt seem to function. If I'm doing something wrong please tell me. Thanks
  5. I am completely and utterly disappointed. i have been searching for weeks to find out how to preform a arp-poising MITM attack to sniff plain text credentials, the best thing i could find was Responder. There is no guide on how to use this explicitly on the WiFi Pineapple. I have basically paid $250 for a box. The last person to ask about this did not get anywhere in terms of help either. Please Can somebody in this entire forum show me how i can configure Responder to work on a Wireless network. Like from the ground level. What options do i select, do i connect in client mode (Wlan1, Wlan0) ect. Please, this was a big investment for me.
  6. Hey folks, So I'm on an active gig and I have two turtles deployed at a client. I burned all of yesterday trying to follow a bunch of walkthroughs of how to get openvpn setup (I think I have the server mostly setup), so rather than burning any more days of this gig trying to get the client part on the turtle working, I was hoping to basically copypaste some sort of simple config from someone who already has it setup. If anybody has a quick, bullet-point list of the steps required that would be super useful. I fathom that in the future (the very near future) these steps could be rolled into a deployment shell script that would permit someone in a pentest/redteam role to rapidly deploy a brand new server on an ec2/digitalocean VM and quickly reconfigure the turtle - this is especially helpful if you end up playing cat-and-mouse with the blueteam and they find/block your hosts in a short turn around. Any help would be appreciated!
  7. why don't someone write a book "learn hacking with wifi pineapple" ..in which it should contain how to hack and also how to protect us from getting hacked ,..for beginners
  8. First i want to say that i don't want to be competitive against the Hakshop and if you can u should buy a real USB Rubber Ducky from them, cause it's really made simple and the chip they use is much faster in executing or typing the payloads But did you ever wanted to make your own USB Rubber Ducky? Well now you can using a regular USB stick, i must start with mentioning that it can not be done with all the USB sticks you will need one with a specific Nand chipset on it. More specific the Phison 2251-03 (2303) So now you are probably wondering where do i get that specific usb stick then, well you may have one laying around! You can check it using GetFlashInfo You can download it from this LINK On github there is also a list with all know compatible devices, but most off them are not for sale anymore. So what do i do then ? Well come and visit my website and find the guide on how to make your own USB Rubber Ducky using a normal USB Stick or buy a clean USB stick with the Phison 2251-03 chip on it It's all explained with screenshots and text I tried to post the whole guide and screenshots here cause i want to help this community out, but it wont let me cause it uses to much pictures. So find the guide here http://www.pentestingshop.com/pentesting/make-your-own-usb-rubber-ducky-using-a-normal-usb-stick/ Hope you all like this and please let me know what u think about it. Develectron
  9. First i want to mention that I'm a Huge fan for years! So what i want to ask actually is that i have made my own web shop and trying to sell some Pentesting equipment and guides around it on how to use it, and how to do some basic pentests but since it's somehow hacker related i can not so easy to do on advertising. Cause i heard from a friend that google somehow ranks that kinda traffic lower than other good websites. Like the Hak5 webshop is almost like all the time on the top here (From Belgium) if I search google for hakshop the Hak5 webshop is on the first place and even if i search hackshop so with "CK" the Hak5 webshop is on the 3th place. But i dont have allot off money to put in advertising cause google ad's cost really way to much for me to invest in. So since i dont have money to put in advertising and made a guide on how to make your own USB Rubber Ducky using a normal USB Stick (BADUSB) my question is if that i can make a post about it on the Hak5 forum under the USB Rubber Ducky section? I really don't want to be cooperative against the Hakshop so now also another question is if it's okey for the Hak5 team that i made this post on my webshop and used the USB Rubber Ducky Encoder and the name in my title? Again huge fan off the show for years now so not offended if u tell me i cannot, but i thought that i maybe should ask it first So that i don't get in trouble. Thanks in Advance Develectron
  10. hello, anyone can help me to create a script to download a picture and put it to wallpaper. thank you
  11. I've been getting questions, on how I was successful at creating the community edition firmwares. Background After using usblyzer or busdog to record various dumps of USB traffic from devices like the Ducky, HID keyboards, and Mass Storage devices. I spent hours checking the USB protocol for how it interacts with computers. Learning that different OS's have speed tolerances, descriptor packets are formed in a specific way, learning about EP (Endpoints). I had proved that the Ducky could cope with other languages or keyboards,by programming the Ducky for the UK keyboard-map (where I was currently working at the time), I then moved to Germany briefly, so started to write a DE-encoder with some help from the community. Hoping for more community support, I changed my focus to firmware rather than the encoder. I wanted Mass Storage Support, so left the encoder development for the research below in writing firmware. Later, Dnucna came along with his Encoder improvements (He's a better Java programmer than me). Firmware Development Basically, it involved research, and a fair amount of time pouring over Atmel's data sheets, and project examples. Atmel's framework, contained a few bugs, so I was constantly getting stressed over strange errors. These were slowly getting fixed as I queried these errors with Atmel Tech Support, and progressively downloaded updated frameworks. I started on ASF-2.11 for initial HID, the latest composite only worked on ASF-3.1+ the code never really changed just the Atmel framework, and the lower base calls. At first I was scared about bricking the Ducky, as I didn't want to overwrite the Ducky's bootloader! (How you can repeatedly flash the Ducky, I downloaded a lot of documentation and programmed a simple bootloader just incase I erased it. When I took the risk and plunged in and ref lashed, I though shit..... its bricked! But then it came to life :) looks like Jason had set some fuses protecting the bootloader, thus i did not have to worry about bricking the Duck. Now I could focus on programming and flashing firmware, debugging USB traffic concentrating on developments. I could guess (from using google) that the hardware that the chip was based on the EVK1104 demo board. I could have bought one, but decided to go right ahead and attempt flashing the Ducky, using the EVK1104 sample projects I got a feel for the code and what calls were necessary. HID - Multi OS support First I concentrated on speeding up the Ducky - secret to multi OS support. I played around with various settings from Atmel's examples and had mixed results - too fast I would loose keys, too slow and the Ducky was unimpressive. also all HID codes needed a signal button-down and button-up. When Jason and Darren released their Source, it confirmed my initial guesswork. And Jason's state-machine for managing key presses was impressive and fast (with low error rate), so decided to keep this part of the code - as DuckyScript and the Encoder were dependant on this relationship - any change could add complexity, and potentially break their good relationship. MSC Support I was working in an organisation, with data-leaks were a problem, the company employed device control software to limit USB access, and enforce the use of encrypted USBs. I though *BANG!* I could probably program the Ducky to bypass this software, and use the Ducky to move data. After 2 months of more reading/trial and error I had a working prototype :) Or so I thought, the device was registering as a USB drive in device-manager, but windows mounted no drive. Chatting with Tech Support I had messed up the boards clock settings (imported from their example). Not knowing these actual values, a began bruteforcing the values/settings; this was a painful and long process. Then one day I returned to the Hak5 forum to see Darren released the HID source-code, reading the code it involved learning how Darren/Jason was using the clock, and I quickly realised my mistake. Making the necessary changes - I had the first Ducky that supported Mass Storage. After some more months, I then created the community website and dumped the firmware online. As the support for the Ducky appeared to have dwindled, and people were complaining about the use of a Duck (initial costs were $80), so I could least give people the option of using their Ducky's as flash-drives. Around this time Darren enquired about composite devices. So I moved onto combining both the HID and the MSC firmwares. Multi Payload Support It was a long process and without any success at composite I took a step back. Rumors of data-exfiltration via keyboard LED lights was an interesting research project, but i decided to look at controlling payloads dependant on the keyboard LEDs. Many chats with Tech Support on endpoints and the ability for keyboards to sense key presses yeilded no results. In the end I stuck my head down and realised only the status of LED lights are read by the AVR library. So I tied different files (inject.bin, inject2.bin, etc) to the status of these lights; again no success. The trick was getting the Ducky to acknowledge the change in file, and execute the different commands. Upon accidentally hitting the GPIO (reset button) I realised that it did actually work. Hence the naked-duck was born, as you needed access to the GPIO. Later developments, enabled me to perform the reset in software, removing the need for the GPIO button as a reset. Composite Just before Xmas I updated the ASF framework to 3.1+. Suddenly the composite code sprung into life. The idea was to release the code at Xmas, I gave demos out to a few private test subjects and thus had some time to test this feature in the real world, and had a chance to resolve bugs. One clever person noticed the code change in the SVN (hinting at composite support); so I decided to come clean and release the test-code early. My plan then changed to reveal the improvements in the New Year.... this is when I released the Firmware 2 Enhancements. Future Improvements To this day I am still playing around, hopefully I can work out some nice features and introduce these into future projects/releases. Summary of Steps Goto Atmel website http://www.atmel.comDownload Atmel Studio (windows only & version 6.0) (Atmel Studio 6.1 is beta and breaks the code!!!) http://www.atmel.com.../atmel_studio6/Look for documentation on chip, and example projects (EVK1104 or UC3B1) AT32UC3B Complete Datasheet doc8360.pdf doc8445.pdf doc8446.pdf Example code: http://asf.atmel.com...tml/index.html http://asf.atmel.com...ard__group.html http://asf.atmel.com...msc__group.html http://asf.atmel.com...msc__group.html Prepare to have lots of chats with Atmels Technical Support when things go wrong???? Also worth joining Avrfreaks.net (they do some limited 32bit stuff, but mainly 8bit support for lower spec avrs). So if you want to repeat what I've done, have a crack at writing your own code, or potentially improve the firmware / features of the Duck. You now know at least how I did it! ~~Snake
  • Create New...