Not one of the hak5 products is working properly

[Pentester1975]

I just tried many of your products all used as mentioned in all your video’s and forums. 

Not one of all the products I bought from hak5 is working properly.

it is doing nothing at all. Me on the other hand am busy all day with factory resetting and new configuration.

i mean all of them. Really

im a totally not satisfied customer and I wonder if you are able to get any of your products to work as you show us.

i wonder if there is a totally satisfied customer at all.

All the explanations in your video’s and books, just do not make the cut.

your a not clear in the books. Explain it to us if we a kids of 7 year old and don’t leave information behind. 

Ever seen your own forums. There are so many questions the same. I think you have to get your act together. 

Besides that is your service getting real bad

[Pentester1975]

Nano!??? The nano is probably the worst of your devices. The firmware sucks big time. 

De-authenticate. On recon or any other. “Start pineapp” 

it does not save the information chosen.

it does actually nothing at all then being a antenna 

[GermanNoob]

@Pentester1975,

I don't know which products apart from the Pineapple Nano you tried. But if you don't get them going you are probably a very poor pentester if at all...

As you can see from the comments and the help of other users, the products work just fine. But unfortunately a lot of Skiddies are buying the stuff and think they are now hackers or pentesters. In many threads you will see, that people often don't understand the basics of networks, bash, etc. No product in the world will make you a pentester or hacker! You have to do it by yourself!

By buying a formula 1 racing car you will not become a formula 1 driver. If you expected something else, it might be the best to ask Hak5 (in a kind manner) if they would take back your gadgets. 

And before the trolling starts: No, I'm not paid by Hak5, but I use several (not all) of their products...

[Pentester1975]

I'm not exactly a kid and i you might think i'm a poor pentester, maybe i am. However i learned all about computers and hacking since 1993. I have no problems what so ever with the Kali Linux programs and they all work fine. Oh and i do "help :-)" anonymus pretty often when needed.

a view years ago i also wanted to learn about WiFi testing, you have dumb-asses all over the internet so lets do WiFi and find some more.The pineapple does work, but so far i did not get any use full information with any of the payloads.

De-Authentication is not working on either the Nano and Pineapple. I have tried to get in my own airport and in my neighbors network. Although everything done according the books, i ended up with a factory reset and had to start over.

The rubberducky is doing exactly what it should do and with a large password list (although the string copy past takes a looooong time). tested on a windows machine it really is typing the passwords fast, lightning fast. It is almost unbelievable how fast it is going through a 139mb password list (rockyou.txt)

i just received the BB and was not been able yet to test it on a windows machine. i wait for a good moment on a public computer to see how that goes.

However the WiFi thing is really pissing me of, so forgive my emotional posts before this one. The Nano is just not doing anything than recon and network. Attacking a target is simply not possible, because it keeps telling me to start PineAp. Although i keep pressing the button, it is not starting Pineap. So i do it manually and save the settings. I try again. find the targets and do the same thing over again. And yes, start Pineap pop ups again. The payloads coming with them (download from hak5) just don't start. Any setting results in nothing.

Dump is not working, wireshark and pineapple work just fine, Nano and WS, ??????? The Nano is configured right, i assume,  because i can ping it, go to it and program it. It is in the network with it's own ip 172.16.42.1:1471 no problems so far, I use the dubble USB wire to attach it to my Kali machine. All ok.

the software on the Nano, it is just not working at all and not do anything.

I'm lost in my nano and it really can rune my day.

ps sorry Darren, your a great guy

[GermanNoob]

OK, so let's start working on your issues...

According the BashBunny: Why don't you install an virtual machine with Windows to test your payloads? I personally find that very useful, just to see if I messed up something before going to the real targets...

Am I assuming right, that you own a WifiPineapple Nano AND a WifiPineappleTetra? I'm just confused as you are talking about Pineapple and Nano... I have a WiFiPineapple Nano, updated it to the actual software not long ago and I can assure you it works fine... To get more specific, I suggest you just open a thread in the right forum and explain what you are trying to achieve and which modules you are using. biggest problem for newcomers: Check your filter settings! 

Best regards!

[Dave-ee Jones]

The Hak5 products aren't the kind of products that you start learning pentesting with - they're products that you buy when you know what you're doing and how to use them effectively.

Unfortunately, I do agree that there is too much repetitiveness when it comes to questions - everyone asks similar questions because Hak5 have done something with their product that isn't clear, or the product doesn't do what it says it does out-of-the-box, which is where DIY configuration comes in.

The Rubber Ducky is probably the biggest product on the Hakshop, so it has a bigger support-base that's also outside of Hak5, which would explain why it works a bit better than other Hakshop products. The BB works out-of-the-box (to a certain extent), however it does have it's firmware problems (especially in the latest 1.5 firmware), but I would still take it over the Rubber Ducky purely because it's more than just HID.

I don't own any Pineapples myself so I can't help greatly, but I would imagine that they would be similar to the BB in that the firmware needs to be updated for most of the payloads to work correctly, but that's just me spitting out the obvious (not to mention what others have probably already spat out).

 

[PoSHMagiC0de]

I would be the first to admit I ignore a ton of questions on here that resemble yours mainly because most of them are from skiddies who have just bought a product hoping it is a "hack-in-the-box" (I trademark that name because a sec company here where I stay actually made something that can be classified as such hehe), meaning they can just plug it in and it does it all for them without them learning.  So, forgive some members if they quickly jump down your throat.  I may be guilty of this time again too.

With that said, I understand your frustration with the wifi nano.  I too have issues with some payloads.  I do not blame the product itself.  It does work.  I do say documentation on payload creation and even the authors documentation tends to think everyone had first hand knowledge of their module's construction but that is just developer glass box syndrome.  I even suffer from this at times, take a look at the documentation for my BBTPS for the Bashbunny hehehe.  I admit I need to improve it.  I updated recently and actually put work in on using modules in it rather than using it or its pineap and using my laptop as the device to do all the MiTM stuff and had issues with PortalAuth and EvilPortal.  I recently saw a post where someone had to ssh into bunny to add the sd card to the path statement.  So, undocumented bugs and issues are another small issue I see.  Of course I have little understanding of OpenWRT so this makes me working on payloads for the Pineapple and the PacketSquirrel a little more difficult too so I blame my knowledge as well since everyone else is running these payloads.  Though, i did get the nano expecting my machine to do most of the work due to horse power.  So, yeah.  For the Nano, you might want to ask on their forum if you have issues with payloads first before bagging.  There are a lot of post like that already and most of the people who do bag have been the skiddies.

So, though I am on the same page as you, the Nano does have uses and modules do work.  it is probably due to, like me, we are not that deep into the tech of the product to resolve the issues or some people on the Nano forums are keeping and not pinning common issues so they are seen before people post.  I do put that back on the forum.  Sorry, I have requested some pinned articles due to repeated questions and they have not been pinned and the repeat of the questions keep coming so the forum does deserve some of the flak.

[C1PH3R]

On 2/11/2018 at 1:37 PM, Pentester1975 said:

I just tried many of your products all used as mentioned in all your video’s and forums. 

Not one of all the products I bought from hak5 is working properly.

it is doing nothing at all. Me on the other hand am busy all day with factory resetting and new configuration.

i mean all of them. Really

im a totally not satisfied customer and I wonder if you are able to get any of your products to work as you show us.

i wonder if there is a totally satisfied customer at all.

All the explanations in your video’s and books, just do not make the cut.

your a not clear in the books. Explain it to us if we a kids of 7 year old and don’t leave information behind. 

Ever seen your own forums. There are so many questions the same. I think you have to get your act together. 

Besides that is your service getting real bad

I have not had any problems at all. (except shipping costs)

[Forkish]

On 2/12/2018 at 6:52 PM, Dave-ee Jones said:

I don't own any Pineapples myself so I can't help greatly, but I would imagine that they would be similar to the BB in that the firmware needs to be updated for most of the payloads to work correctly, but that's just me spitting out the obvious (not to mention what others have probably already spat out).

really? the fact you don’t own any of the products, yet contribute and help out people with what you can blows my mind. that may not be saying much but god damn..

[Dave-ee Jones]

36 minutes ago, Spoonish said:

really? the fact you don’t own any of the products, yet contribute and help out people with what you can blows my mind. that may not be saying much but god damn..

I wouldn't say any - I own the PS and BB.

I haven't been helping much with other devices (as I don't own them), but you can apply general knowledge to them as the devices are based off of the knowledge (Pineapples are basically wireless routers, BB is basically a Linux box, PS is just OpenWRT scaled down, etc. etc.).

Also, as I said in your quote of what I said, it's just me spitting out the obvious or regurgitating what someone else has said. :P (Now everyone knows my secret..)

But thanks for the kind words, I appreciate it :D

Edited February 14, 2018 by Dave-ee Jones

[Pentester1975]

Well I entered the library with my bb. I tried to loot some stuff from the machine, regular password and WiFi shit. Btw w7 on machine, free accessibile.

i did not get any, that might of cause, there is nothing in there to loot, or the last payload update need another fix.

my code is as far as understand the file and adjust. Writing I get into that.

it would be great if, it there would be a list with windows Registries and other important stuff to use with bb or other hak5 devices.

since I’m not in coding yet, this means get already exist. In t@ case forgive my stupidity 

[Pentester1975]

Oh btw, I’m the kind of person, who just walk up to any computer and smite the bb in there no matter if anyone is around. That’s why I like it to work

[Broti]

Aren't library PCs state property?

[Dave-ee Jones]

1 hour ago, Broti said:

Aren't library PCs state property?

Mmm, I don't know if that's illegal or not - fiddy/fiddy really.

[Rkiver]

If he is in the US, they are.

Unless it's a private school of some sort, in which case they belong to that facility.

But either way, without explicit written permission, that's illegal, and we really cannot and will not help.

[Pentester1975]

On 19-2-2018 at 12:28 AM, Broti said:

Aren't library PCs state property?

No it ain’t here. They have pc’s Free to use for anyone studiying. I might be old, but still keep learning about digital security every day.

hak5 is a study object. I’m trying to figure out the best way to use for pentesting. Using the BB or nano library is also study. 

And im not hiding the stuff.

The BB is new for me. There are companies who ask me to test the BB on their network. Some of them actually have the USB ports protected, you don’t see that much.

so if the company wants the security checked, i just use the BB, I walk in just a day, nobody than IT knows about it and i have to check if I can get any info from the computers. 

Sometimes it is just a question, like can I use your pc for a moment to check my docs on the BB.

now Darren has put a payload online and I adjusted that with some lines places in the same forum. I merged it with Darren’s payload and that actually already worked on my own pc’s.

so I’m going from there now. I now want to learn all about using that.

but WiFi testing is still a thing a want to know all from. I do know I miss something on the way. I try to figure everything out for weeks and weeks. Sometimes 24 hrs. I just can’t get it to do what I’m seeing it doing in the video’s.

most probably Darren is showing off on BlackHat 2018 ?. And it will work again like it did last year. I can’t wait to see the video’s of that.

so I’m a kind of hooked on Hak5. I love the concept, I love the way how transparent and open they work.

so after so much time, I get a little frustrated and just open my mouth, in this case my fingers.   

[Pentester1975]

16 hours ago, Rkiver said:

If he is in the US, they are.

Unless it's a private school of some sort, in which case they belong to that facility.

But either way, without explicit written permission, that's illegal, and we really cannot and will not help.

We have it a little different where I come from. If it is public the law says anyone can use it without permission, because the law already tells people it is free to use.

 

[Rkiver]

2 hours ago, Pentester1975 said:

We have it a little different where I come from. If it is public the law says anyone can use it without permission, because the law already tells people it is free to use.

 

Public law to use, I doubt it's law to interfere with.

[Dave-ee Jones]

12 hours ago, Pentester1975 said:

No it ain’t here. They have pc’s Free to use for anyone studiying. I might be old, but still keep learning about digital security every day.

'Free to use' doesn't mean 'free to exploit'.

I'm sure they wouldn't take to it very kindly if you told them you had successfully managed to grab all cached passwords on the computer, especially since many other people would use them for their own personal use like email, facebook etc.

[Pentester1975]

14 hours ago, Dave-ee Jones said:

'Free to use' doesn't mean 'free to exploit'.

I'm sure they wouldn't take to it very kindly if you told them you had successfully managed to grab all cached passwords on the computer, especially since many other people would use them for their own personal use like email, facebook etc.

Ok let me explain it more clear. There computers for employees only, which I do not touch because that would be a crime, and there are open computers connected to the free WiFi with anything on it and they actually let u use an usb stick. So nothing will be stolen. Just plain stupid working screens connected to nothing.

so I’m not an idiot doing illegal things. The computers are to use as best fit. I mean a skiddie can add a virus or a rat inside. 

 

[Dave-ee Jones]

9 hours ago, Pentester1975 said:

Ok let me explain it more clear. There computers for employees only, which I do not touch because that would be a crime, and there are open computers connected to the free WiFi with anything on it and they actually let u use an usb stick.

Let me explain more clearly: There's a difference between using a USB stick to store documents and using a USB stick to grab all credentials and stored data on the PC.

Most people that use that computer use the internet to log into Facebook, check email, look for employment etc. etc. which 99% of the time includes logging into some portal. Many of these people don't understand how a computer works and will often leave their data (like saved passwords etc.) on the device, meaning that when someone like you comes along just looking to have a bit of fun by testing their new toy has suddenly just broken a few laws about personal security and exploiting someone else's property.

9 hours ago, Pentester1975 said:

Just plain stupid working screens connected to nothing.

Except for the internet? I would say it's connected to everything.

9 hours ago, Pentester1975 said:

so I’m not an idiot doing illegal things.

Have you looked into it? Many people have said stuff ignorantly like you have and been taken to court for less and lost.

9 hours ago, Pentester1975 said:

I mean a skiddie can add a virus or a rat inside.

That they can, doesn't mean you should do it.
Anyone can throw a rock at someone's window to get in their house, but does it mean they should do it? Does it mean it's right? I would argue no.

If you got into a fight in court about personal security, the person who breached the other person's security will lose - unless they've done something so bad that the person who breached their security is completely out of the question.

[The Power Company]

Think about it in terms of the library itself: the various resources are all free and available for public use, but there are limits to what you can do with them. If you try to steal the books, bring a marker and scribble over the pages, burn them etc, you still can face penalties. The bathrooms are free to use but if you bring a wrench and unscrew all the plumbing, dump all the unused toilet paper into the toilets and clog them, install hidden cameras under the toilet seats to take pictures of people's balls, or shit on the floor, you can still face penalties. I am not versed in the computer laws of every country but in the US at least, just because something is available for you to use does NOT make it yours to tamper with, even if you think you are doing a service to the owner by proving it is vulnerable.

[PoSHMagiC0de]

Simple explanation for this situation is this.  Although the computers in the library are for public use, they are owned by the library.  When they break, the library has to requisition public funds to get it fix.  Either they have to call in a contractor or the city IT department has to fix it.  So, it has private ownership even if it is a public service.  I know somewhere around that machine there is a terms of service.

So, it would be like if my neighbors gave me money (taxes in gov terms), I used that money to put in a drinking fountain in my front yard that everyone can use (open to the public).  If it has plumbing issues and stuff, I will have to pay to fix it since I bought it and am the owner..even if the neighbors help by giving more money.  Ultimately it will be in my name (library machines are property of the library or city).  So, does that mean I am not going to call the police if I see one of the neighborhood kids pissing in it?  Does public use mean he can piss in it?  Pretty much when you try and compromise the library machine or do anything outside the intended use of the service, you are essentially pissing in it and if you are caught they will call the police on you.  Now, I would be weary about doing illegal things on those machines too.  They are property of the city, in extension the gov.  That means that traffic can be monitored by any number of agencies and the library has cameras.  Your agent calls out at a certain time, they have that timestamped and camera footage of you sitting at the machine.  Now they only have to find you.

Plus, the most you will probably get from the machine at great risk is folks browsing porn sites.  :-P

[thoregem]

1. The library computer likely has protections against people doing this sort of thing, which is why it isn't working

2. It's illegal, which is why everyone else (including myself now) are telling you to stop. So stop trying to break other people's property, whether it's intentional or unintentional. 

[Rkiver]

Everything I see about this has me thinking the following.

 

The products work fine. OP doesn't know how to use them, or where to use them, and their comments regarding that it's fine in a Library etc proves it.