Jump to content

Search the Community

Showing results for tags 'android'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. Hi everyone, I'm currently working on a project involving a DIY Portable EMP Jammer. I tested the device on a Samsung S7 (with LineageOS, distance 0.3-0.5 mm). It didn't have the effects I wished for, but some other effects that I think is interesting. I documented recorded the test with my phone. Effects on test device: 1. Open random applications. 2. Random zero touch button press. 3. Cant no longer connect to wi-fi. LoL Effects on unintended device (Android 9, distance approx 100 cm): 1. Camera flickers a little. 2. The phone sends an huge amount of QUIC-packages. 3. Gets blacklisted by my DOS-protection on my router. So my conclusion is: It seems possible to simulate a UDP overflow attack with electromagnetic fields on devices using QUIC protocol. The issue: I have a hard time figure out in which ways and if it's possible to utilize on that reaction. Anyways do anyone have any input on this, or think it sounds interesting? Best regard Paraply
  2. Hi Let's start with the scenario. Say you'd like to connect the Bash Bunny to another device that doesn't accept ACM. One such scenario is when connecting to mobile device like Android. These devices communicate through a protocol but only over a USB data connection. (Unless I'm misstaken) So none of the currently available attack modes support this. I'm sure there are more scenarios where this is applicable. And forcing other drivers to be loaded by the target would enlarge the possible attack surface. My questions are therefor if it is possible to add new attack modes? And if so, what steps are required to make this possible. Or if anyone have been able to connect to an Android device through USB. (Not by enabling ADB over ethernet/Wi-Fi, opening a port and issuing the command "adb connect". When connected correctly over USB issuing "adb devices" should list the target)
  3. Hey everyone, I am new, but i have a general android question and i am looking for pointers. You can run Kali, Debian and some other Distros in a chroot or proot in Android devices. My question is could i do it the otherway around? Like have /e/ running as Main system and run Android in a chroot. Or have it handled in some manner so that i could have a contained googlefied Android and a more anonymous Main system?
  4. I was playing around with the ducky and an android phone and wrote a payload to forward an email to the address specified. There are two version one for Gmail and one for Samsung Email. Use GUI + E to find your default app. I put a comment in for a loop so if you wish to forward more than one. GMAIL: REM Forwards the first email in the primary section REM Only works for phones. REM Does not work tablets as menu bar stops tabs REM GMAIL SHORTCUTS https://support.google.com/mail/answer/6594?co=GENIE.Platform%3DAndroid&hl=en&oco=1 DELAY 1000 GUI e DELAY 1000 TAB DELAY 500 TAB DELAY 500 ENTER REM LOOP FROM HERE DELAY 500 CTRL r DELAY 1000 TAB DELAY 500 SHIFT TAB DELAY 500 BACKSPACE DELAY 500 STRING your@email.com CTRL ENTER DELAY 1000 REM Moves to the next email RIGHTARROW REM GOTO LOOP SAMSUNG: REM Forwards the first email DELAY 1000 GUI e DELAY 1000 TAB DELAY 500 TAB DELAY 500 TAB DELAY 500 TAB DELAY 500 ENTER REM LOOP FROM HERE DELAY 500 SHIFT TAB DELAY 500 LEFTARROW LEFTARROW LEFTARROW LEFTARROW RIGHTARROW RIGHTARROW ENTER DELAY 500 STRING your@email.com DELAY 500 SHIFT TAB DELAY 500 SHIFT TAB DELAY 500 ENTER DELAY 500 REM Moves to the next email TAB RIGHTARROW RIGHTARROW LEFTARROW ENTER REM GOTO LOOP
  5. Hello all, Been messing around with my Wifi Pineapple Nano, and looked at the "Wifi Pineapple Connector" app. The play store link in the setup instructions is a dead link, and I can't find it on the play store. Upon some Googling, I saw this forum post where a developer said that the app was deprecated. If this is true, I believe that the link should be removed from the setup instructions. No real harm to me, I was just curious about what the app did. Thank you.
  6. Hi all! Not up to mischief, but can't be bothered to configure a batch of Android smartphones by hand. I'm looking for example scripts to charge my creativism. Looking for syntax to: swipe, upload and install .apk amongst other Yes I used Google and search button, but can't find a complete list of commands to use for android between the numerous hits using a phone as a Duck. Greatfull if you could mention some links.
  7. Hello guys, Before I start, I want to say that I looked on all the forums for a solution and tried multiple options until I started writing this. I have tried to make an exploit for Android. Everything works fine until I open the apk on my test phone where after I installed it by bypassing the security restrictions, it doesn't do anything. On msf it doesn't show that it's connected to a device. As well, regardless if I stop the exploit, kill it and remove it, the server is still up and contains the file. I need a solution since I believe that this is caused by the recent changes in metasploit and android 9.
  8. Hi dear friends. I watched to this video. But I dont know, which payload he was use in this video. So, what do you think about it? Which payload must be it?
  9. I'll be attempting to use my pineapple nano on an android that has no cell service at the moment. I don't want to pay a monthly bill on a phone that i may only use 2 time's a month so what would you all suggest in the way of connectivity? I was thinking the pay as you go or buying a hotspot device with a pay as you go. I don't trust that any of these services would be fast enough. Have any of you tried anything like this and have a suggested best pick?
  10. Can you make videos on automation in non-rooted android smartphone remotely?? We know, we can write a bash/shell script and send it to someone remotely via link, if he/she clicks on link, the script will automatically execute. Can we do same in non-rooted android smartphone too?? For an instance, can we send a link to someone with a non-rooted android smartphone , if he/she clicks on link, automatically his/her email account will open, automatically a message will be written in email and it will be sent automatically. Is it possible?? I think it is same as rubber ducky
  11. Hi all, Looking for a RSS reader for android. I'm specifically looking into apps for offline caching. Something with browser integration and high customizability would be great. I know most readers would do the job just fine, but I would appreciate some user experience instead of trying every single reader. Thanks in advance!
  12. There are soo less commands for android in metasploit. It would be okay But i didnt find the command i needed the most. It was something like vnc_start . I dont remember but i used it in windows a long time ago and i got to see what the victim is doing etc. So how will i do it for android too.? Please help me out in this
  13. So i bought the LG phenix 4 and im like why can't my pineapple app connect to the server??? do i need a diff phone?
  14. Put together a quick and dirty bash bunny script. Allows unknown sources on Android device, grabs apk via webrowser, installs and opens. https://github.com/JakeBernier/bashbunny/blob/master/android/web_delivery/payload.txt Also working to get adb delivery method working. Curious if anyone knows of a Android keyboard shortcut that will quickly up settings to speed this up?
  15. Hello Everyone! I have a Samsung Galaxy S7. It is running on Android version 8.0.0 and Samsung Experience 9.0. I have access to the phone but I've locked myself out of the private mode. Although the pin number can be more digits, I only used four. I'd like to know if I could use the Rubber Ducky USB and brute force my way into it but there are a few concerns… 1) My delay is 60 minutes before I can try another code. Is there a way to bypass the wait time? 2) I have numbers that I like to exclude because I've tried them. What code would I input to skip these numbers? 3) I’m pretty sure the code is between 1000 and 1999. Can I make a section of code to try these numbers first? 4) Is there a way to display the Pin that works or see when the code stops so I have it? 5) I'd also like to know if there's a better way. I've seen ADB as a suggestion but I’m not sure how to use it or navigate to the private folder to pull files. Thank you for your help!
  16. Can i run a payload(meterpreter)(metasploit) on android with rubber ducky or bash bunny over (wan)
  17. I was pointed to this by an LE contact: http://insider.foxnews.com/2018/02/07/google-tracking-you-tucker-carlsons-report-silicon-valley-surveillance-capitalism The kit used by the reporter - anyone know what it is? I can tell that these are being used: The device in the middle is a Throwing Star Lan Tap: https://greatscottgadgets.com/throwingstar/ The device on the right is an Intel CPU stick: https://www.amazon.com/Intel-Compute-Computer-processor-BOXSTK2m3W64CC/dp/B01AZC4IKK The rest of it looks like probably standard WiFi, maybe a large battery to power the whole setup. I'd guess SSLstrip or something similar to penetrate https, but what about the software being used? Anyone know what it might be? I also assume this kit isn't a package, but if so, the LE guy wants one :)
  18. Hi, I just ordered my Bash Bunny, and while I'm waiting for it, I'm gathering info for my project. On the github, there is a payload to loot data from a Windows host and I would like to do the same for an Android phone. The idea will be to use adb to extract the data, but if the Debug Mode is not on (mostly the case for normal users) you can't really use adb. I have a Galaxy S5 mini (Android 4.4 I think) to test my code on. The idea is to proceed like below: 1/ Being able to steal data from an -unlocked- phone with Debub mode enable (I think this part is easy :) ). 2/ Being able to steal data from an -unlocked- phone with Debub mode disabled. 3/ Being able to steal data from a -locked- phone with Debub mode disabled. Do you people have some kind of idea about how to do it? Like exploit a flaw to use adb or inject an app. I'm sure we can find something :)
  19. This is my first post, but I've had some trouble finding much searching myself, so i thought i'd maybe give it a shot here. I have been trying to find an android phone, thats cheap, yet stable enough to use with WIFI pineapple nano and as a display device for RPI 3, as well as powering a nodemcu. Now finding a cheap android smart phone, is as easy as walking into any gas station. The issue at hand is the stabilty of these devices. Sometimes they work well for a few weeks, and sometimes i have issues right off the get go. I've had a phone that continued to crash during setup, I never got past that point with it. Now i haven't tried using any of the devices I listed with a phone like such yet, but it seems like a way better idea then using a device that i've actually put money into, that I have personal information on, used social media with .etc Of course you cant be 100% anonymous using the internet or any device, but starting clean and being able to just start fresh without really hurting your wallet would be useful. Anyways. I was just wondering if anyone else has thought or acted on this sort of idea.
  20. Hey all, first post here! I am working on a payload that, when connected to an unlocked Android device, will open the Gmail, attach a number of files, and then send the email. I am having issues with opening the "attach files" menu (the paperclip icon) because I cannot seem to see a way to get the keyboard to tab over to it. Here is what I have so far, tested on a Pixel XL, latest version, with a HP USB Keyboard. Windows + G > Opens Gmail CTRL + N > Create new email someone@domain.com > Enter in the desired destination email. ENTER > Confirms the email address you entered TAB TAB > Moves cursor to Subject Line > Add an email subject. TAB > Moves cursor to body. Text. > Add text to body. Magic happens? This is where I cannot click the paperclip icon, but if I do it on the touch screen, I can finish it out with the keyboard... SHIFT + DOWN ARROW > Selects file(s). SHIFT + ENTER > Attaches files. CTRL + ENTER > Send the email. Any help or thoughts would be greatly appreciated! Cheers!
  21. I walked thru the Windows 10 setup on my PC. Is it possible to do the Android set up on the same device OR would I need a 2nd nano? Can I switch between my laptop and a Android phone for mobile scanning. The windows 10 setup works fine. Don't want to damage it. Thanks for your help.
  22. Evening all. Trying to use my Rubber Ducky to recover a photo library off an android smartphone which is set to not share content via usb. This was done for security reasons because I co-own a small business. Upon dropping my phone I realized I locked myself out of recovering my content...but, key commands entered by an external keyboard can unlock and make changes to an android phone. My phone is NOT locked except for the basic swipe up, I think. Thoughts?
  23. I'm trying to compile wifi drivers for an android device, an LG G, which is running on marshmallow and cm13 . The kernel is 3.4 , i'm not able to get the original one because it's a custom built rom . I did find on github the kernel aimed at the device and the kernel cm13 is based on. both where used to craete the rom , i presume. I'm not certain which one of the two i should use for the wifi_drivers compilation though. I have the original drivers from realtek and source code aimed at the same kernel version i.e linux-kernel-3.4 (android) No kernel-headers-generic available nor $(uname-r) would work (firmware-realtek drivers are available from kali repo(kali chroot env /nethunter 3.15 built from repo with full kalifs - all_OK ! only missing external wifi mon_mode via y-otg, got usb mounting no problem ) I still wish to be able to compile these drivers myself though. I'm not sure if a linux-kernel3.4 armhf is a universal matching kernel (which means i could use ubuntu backports for Zezty and get a linux-goldfish-armhf copy of same version i.e 3.4_0-26) or do i need to use the specific one aimed at the device or even cm13 ? This is where i'm stuck, not to mention a failed compilation over & over ... "lib modules not found .." ..etc I have gnu-arm 4.8 compiler + armhf-cross so tools are not the issue , kernel modules/headers/files is device: 'https://github.com/marxenegls/android_kernel_lge_gee'. cm13: 'https://github.com/marxenegls/cyanogenmod_kernel_grouper'. Also do i just unpack the kernel source and use make to create the header files or do i actually need to install them on my x86_64 Ubuntu laptop in particular build directory where they don't conflict with onboard kernel ? Thanks for any feedback , i'm stuck on this for days now and it's starting to seriously weigh on me
  24. Hi Hak5, are there any plans to release an android app to allow the configuration of the Hak5 goodies? This is something I would be willing to pay for.
  • Create New...