Search the Community

So it appears almost nobody can get the signal owl to do anything it is supposed to. I am new to Hak5 products but have been a youtube fan for some time now. Have to admit very disappointed in the signal owl and my first hak5 product. That being said I think it has potential and would like to start a discussion about anything you can get to actually work. There are so many posts talking about the problems with this product. Just like many others I seem to be able to run payloads but they will not save any output. They create folders but are always empty. Also the basic garbage SSID spammer does nothing. Which is confusing because other payloads seem to work just not save the data. I was pretty excited to thinking the Garbage spammer may work... Not a chance.... I wish the LED status indications on this devices were move distinct. Different colors instead of 1 color and different speeds. I also have the bash bunny, the rubber ducky and the shark jack. I have not played with them yet. I'm bound and determined to get the signal owl to successfully do something before I move on to any of the others. I believe some of the problem with this tool is lack of good videos on DARRENS part lol. Huge fan just busting chops. The bash bunny, usb rubber ducky and shark jack all seem to have tons of documentation and videos which should make them much easier to build, test and deploy. So my question is: What have you got to work? If you ran into a problem and got it fixed what was the solution? 1) I got ssh to work. I can run the python interpreter through ssh and move files around and see the thumb drive connected. This is pretty cool and fun to play around with. - I had a problem getting it into arming mode at first. As stupid as it sounds you have to push the button incredibly quick or the signal owl bugs out and acts as if it restarts instead.

Hello! We're happy to introduce the 1.0.1 update for the Signal Owl. It introduces some bug fixes and changes on entering Arming Mode to improve the user experience. 1.0.1 Change Log: General Simplified device mode selection. The device now starts in ATTACK mode by default. Enter ARMING mode by pressing the device button at any time while in ATTACK mode. Fixed a bug in USB Storage Mounting, which sometimes would cause payloads and firmeware upgrades to fail. Fixed a bug in the LED helper, which would sometimes prevent payloads from updating the LED. Fixed a network device driver bug and interface misconfiguration caused by some external wireless adapters. Fixed a bug in the device reset button, which made it difficult to perform factory resets. You can grab the update via the Hak5 Download Center and follow the Hak5 Docs Signal Owl Update article to get on the latest version. Cheers, Marc

Hi, I am trying to do a replay attack on a remote control that I have. I can capture the signals fine but when I go to decode it the wave form looks very strange and very difficult to decode. The remote sends the same string 10 times. Maybe I'm missing something? I don't know. I would love some help from anyone and your answer would be greatly valued 🙂 Please see the following pictures Zoomed in The whole string zoomed out

Hi, can anyone tell please if he has detected à signal in 440 MHz when he try to capt 437 MHz signal with 10 MHz sample rate with gnu radio. then this is à problem with the hackrf or another thing. thanks.

Hi all, So my latest endeavour, in preparation for doing the CEH course in the near future, and because I'm a curious nerd, was to pen test my own Wi-Fi. However, I'm having major issues with how difficult it is to pick my Wi-Fi up from any reasonable distance. Initially, my goal was to drive to a couple of nearby locations and see how easy it was to locate my Wi-Fi from 50m, 100m, 150m, etc. I haven't even got as far as pen testing it, just wanted to test viable locations for doing so and to give myself a good idea of the distance at which someone could connect. I am using an RPi3, an Alfa AWUS036H, and I tried both a Yagi and a 7dBi Alfa Panel Antenna. My issue is with picking up the Wi-Fi from even a small distance. I currently have a couple of Wi-Fi hubs in my home, and I chose to pen test a BT Hub 6, which has very good signal strength itself. One of the best, apparently. However, I was only able to pick up a signal from 50m. 100m and I couldn't even find my Wi-Fi! As a prime example, there is a road lay-by 150m from my home, so I thought this would be a perfect spot to pull over and test the signal strength. I assumed I would defiantly get a signal from 150m away using the above hardware, but I didn't. Not even a sign of it! The path to the house from here is not line-of-sight. It is blocked by around 2 houses and a bunch of shrubbery/small gardens. I understand the implications of this on signal strength, but to be honest, I was not expecting a complete signal loss at only 150m, blocked or not! I'm shocked that this hardware can't manage to pick up a Wi-Fi hub at more than 100m! Any ideas? Thoughts?

I decided to create something graphical. Got hung up on some miner details. I'm trying to pass the value of a QString to in main to a system call in void. Basically take a bunch QComboBoxes and use them to build system call. Which was the simplest way I could think of to make a Linux GUI for a command line program. Keep in mind this is not quite done. I figure someone will take interest because it's a GUI for msfvenom / veil-evasion when it's done. Here's some of the code for the main window. #include "mainwindow.h" #include "ui_mainwindow.h" #include <QtCore> #include <QtGui> #include <string> #include <QString> #include <QComboBox> int i; MainWindow::MainWindow(QWidget *parent) : QMainWindow(parent), ui(new Ui::MainWindow) { ui->setupUi(this); QStringList payloads; payloads << "Select Payload" << "auxiliary/coldwar_wrapper" << "auxiliary/pyinstaller_wrapper" << "c/meterpreter/rev_http" << "c/meterpreter/rev_http_service" << "c/meterpreter/rev_tcp" << "c/meterpreter/rev_tcp_service" << "c/shellcode_inject/flatc" << "cs/meterpreter/rev_http" << "cs/meterpreter/rev_https" << "cs/meterpreter/rev_tcp" << "cs/shellcode_inject/base64_substitution" << "cs/shellcode_inject/virtual" << "go/meterpreter/rev_http" << "go/meterpreter/rev_https" << "go/meterpreter/rev_tcp" << "go/shellcode_inject/virtual" << "native/backdoor_factory" << "native/hyperion" << "native/pe_scrambler" << "powershell/meterpreter/rev_http" << "powershell/meterpreter/rev_https" << "powershell/meterpreter/rev_tcp" << "powershell/shellcode_inject/download_virtual" << "powershell/shellcode_inject/psexec_virtual" << "powershell/shellcode_inject/virtual" << "python/meterpreter/bind_tcp" << "python/meterpreter/rev_http" << "python/meterpreter/rev_http_contained" << "python/meterpreter/rev_https" << "python/meterpreter/rev_https_contained" << "python/meterpreter/rev_tcp" << "python/shellcode_inject/aes_encrypt" << "python/shellcode_inject/aes_encrypt_HTTPKEY_Request" << "python/shellcode_inject/arc_encrypt" << "python/shellcode_inject/base64_substitution" << "python/shellcode_inject/des_encrypt" << "python/shellcode_inject/download_inject" << "python/shellcode_inject/flat" << "python/shellcode_inject/letter_substitution" << "python/shellcode_inject/pidinject" << "ruby/meterpreter/rev_http" << "ruby/meterpreter/rev_http_contained" << "ruby/meterpreter/rev_https" << "ruby/meterpreter/rev_https_contained" << "ruby/meterpreter/rev_tcp" << "ruby/shellcode_inject/flat"; QStringListModel *model = new QStringListModel(); model->setStringList(payloads); ui->comboBox->setModel(model); QStringList encoders; encoders << "Select Encoder" << "cmd/echo" << "cmd/generic_sh" << "cmd/ifs" << "cmd/perl" << "cmd/powershell_base64" << "cmd/printf_php_mq" << "generic/eicar" << "mipsbe/byte_xori" << "mipsbe/longxor" << "mipsle/byte_xori" << "mipsle/longxor" << "php/base64" << "ppc/longxor" << "ppc/longxor_tag" << "sparc/longxor_tag" << "x64/xor" << "x86/add_sub" << "x86/alpha_mixed" << "x86/alpha_upper" << "x86/avoid_underscore_tolower" << "x86/avoid_utf8_tolower" << "x86/bloxor" << "x86/call4_dword_xor" << "x86/context_cpuid" << "x86/context_stat" << "x86/context_time" << "x86/countdown" << "x86/fnstenv_mov" << "x86/jmp_call_additive" << "x86/nonalpha" << "x86/nonupper" << "x86/opt_sub" << "x86/shikata_ga_nai" << "x86/single_static_bit" << "x86/unicode_mixed" << "x86/unicode_upper"; QStringListModel *model1 = new QStringListModel(); model1->setStringList(encoders); ui->comboBox1->setModel(model1); QStringList platforms; platforms << "Select Platform" << "openbsd" << "javascript" << "bsdi" << "python" << "netbsd" << "nodejs" << "freebsd" << "firefox" << "aix" << "mainframe" << "hpux" << "irix" << "unix" << "php" << "bsd" << "netware" << "osx" << "android" << "java" << "ruby" << "linux" << "cisco" << "solaris" << "windows"; QStringListModel *model2 = new QStringListModel(); model2->setStringList(platforms); ui->comboBox2->setModel(model2); QStringList arch; arch << "Select Architecture"; QStringList format; format << "Select Format" << "asp" << "aspx" << "aspx-exe" << "dll" << "elf" << "elf-so" << "exe" << "exe-only" << "exe-service" << "exe-small" << "hta-psh" << "loop-vbs" << "macho" << "msi" << "msi-nouac" << "osx-app" << "psh" << "psh-net" << "psh-reflection" << "psh-cmd" << "vba" << "vba-exe" << "vba-psh" << "vbs" << "war" << "bash" << "c" << "csharp" << "dw" << "dword" << "pl" << "powershell" << "ps1" << "py" << "python" << "raw" << "rb" << "ruby" << "sh" << "vbapplication" << "vbscript"; QStringListModel *model4 = new QStringListModel(); model4->setStringList(format); ui->comboBox4->setModel(model4); QString var1 = "gnome-terminal -e \"msfvenom --payload \""; QString var2; var1 = ui->comboBox->currentIndex(); QString var3; var1 = ui->comboBox1->currentIndex(); QString var4; var1 = ui->comboBox2->currentIndex(); QString command = var1 + " " + var2 + var3 + var4; } MainWindow::~MainWindow() { delete ui; } void MainWindow::on_pushButton_clicked() { system(""); }

Hi all, I want to make it clear that I am completely uneducated in this matter. I was wondering if it is possible to triangulate a cell phone without being the government, and if so how. I have gathered that you would need some way of measuring the signal strength of a cell phone. How to do this, I do not know. I thought the hak5 would be the right place to ask about this. Thanks for any help! P.S. I also want to make it clear that there is genuinely no nefarious purpose for this project. It seems like a fun weekend project.

I'm working on a visualisation of wireless signal strengths and wanted to check if i have the correct information. I have read that wireless signal strength ranged from -50db to -100db where -50db is a strong signal and -100db is bad. I've read this on an windows dev site, so my question is; is this only true for windows or it this the standard? Thanks!

Hello, Just got my pineapple and flashed firmware, and watching some videos and have several questions. 1) I see that Dogma is used to transmit beacon frames at very high rates to respond to probe requests. Still it's a timing issue, and wouldn't a laptop connect to the highest signal strength (real AP)? On that same topic, what is the signal strength of the wifi radio on the Pineapple relative to that of a typical wifi router? With the included antennas , what are distance limitations? 2) When testing, if you want to target say 3 laptops, not the entire building, or area, can you specify the mac addresses of three? I saw that it has provision to offer one? 3) Realism.. one thing that concerns me -> if you turn it on, and it populates a large number of ssids, if you look at the wireless icon (which I always do), you would see two of every ssid, the real one, and the non secure one, ie: linksys with a lock, linksys without a lock, .... and a complete list. This certainly is a major tip off, and also very obvious. Thoughts on this? 4) Know about sslstrip (hsts) , dnsspoof, and the comments about dns caching. Yes, you can do things with routing which were mentioned, but there was talk about a new mitm, i believe mitmf project. Anything new in that arena? 5) What infusions for the Mark V are your favorites in pentesting? Thank you! I'm glad to be part of this extremely interesting community.

I'm going to assume the wireless on my board is bad as I've tried the gambit of other fixes listed within these forums. (new cables, antennas, software modifications, etc) With that, is the custom OpenWRT that is used on these devices available to download? Or can I just install OpenWRT and then be able to install the firmware from wifipineapple.com? Or do I only need the firmware from wifipineapple.com? I see I can get a new motherboard from the OEM for $25, but it would be blank on arrival and require that I connect via a serial cable and upload the OS via TFTP, which I could likely handle. Or can I simply ship mine back to Hak5 and $25 for a replacement as I'm past the 60 days I could exchange / return the device? Edit - fixed spelling

Hey all, I got the 9 dBi pole antenna from the hak shop and my question is whether i need to do anything other than substitute the new antenna on a device. Specifically do i need to set power options to optimize signal etc? The reason I ask is that i dont notice a significant increase in the area that I can observe traffic say with an external wireless card in monitor mode or something. Thanks, -SM