Jump to content

Everthing on Hak5 server?


Ron SwartzAnon

Recommended Posts

Forgive me for feeling suspicious but I trust no one, especially companies and governments.

I'm new to Hak5 and I've read through a lot of the sight and I see a recurring theme. "Hosted on our server's" like it's a good thing.

 It may be I guess but the untrusting part of my brian (95%) is saying that seems strange. Why would they still want you tied to there server's year's after you obtained there products.

 Why can't you use these item's without the umbilical cord attached? Or did i miss something that says you don't need there server's to use your products?

How do I know that your server's aren't collecting data from our target's for later use or putting clients at risk if your server's get compromised?

Go ahead and call me paranoid but I'll be standing when many fall's.

  • Like 1
Link to comment
Share on other sites

10 hours ago, Ron SwartzAnon said:

Forgive me for feeling suspicious but I trust no one, especially companies and governments.

I'm new to Hak5 and I've read through a lot of the sight and I see a recurring theme. "Hosted on our server's" like it's a good thing.

 It may be I guess but the untrusting part of my brian (95%) is saying that seems strange. Why would they still want you tied to there server's year's after you obtained there products.

 Why can't you use these item's without the umbilical cord attached? Or did i miss something that says you don't need there server's to use your products?

How do I know that your server's aren't collecting data from our target's for later use or putting clients at risk if your server's get compromised?

Go ahead and call me paranoid but I'll be standing when many fall's.

Hi Ron,

Nice post😎 You raise some good points. I think that in the digital world everything and everyone using it will leave a trace. No different to this post, but, I do get your views. If no computer data existed there would still be data. When born a certificate is created and the birth recorded; when registering with doctor/GP/dentist etc., records are created and whether that is done the old fashioned way or digitally in today's world. 

So, I guess if you are worried about using the devices and leaving a trace, well, I think you could go off grid, but that will not delete the digital footprint that you have already left. From mobile/cell devices to wifi/internet you will always leave a forensic trail, but that can be masked/TOR/Proxy etc., then you might feel better, but you still need to go through Hack5.......as you pointed out.

Hope this helps in some way😎

PS. Nothing wrong with being paranoid😈

Link to comment
Share on other sites

15 minutes ago, INFOTRACE said:

Hi Ron,

Nice post😎 You raise some good points. I think that in the digital world everything and everyone using it will leave a trace. No different to this post, but, I do get your views. If no computer data existed there would still be data. When born a certificate is created and the birth recorded; when registering with doctor/GP/dentist etc., records are created and whether that is done the old fashioned way or digitally in today's world. 

So, I guess if you are worried about using the devices and leaving a trace, well, I think you could go off grid, but that will not delete the digital footprint that you have already left. From mobile/cell devices to wifi/internet you will always leave a forensic trail, but that can be masked/TOR/Proxy etc., then you might feel better, but you still need to go through Hack5.......as you pointed out.

Hope this helps in some way😎

PS. Nothing wrong with being paranoid😈

Good point's.

More or less I was attempting to be gentle about my question but more to the point... What's the underlying purpose to this design? Why did they design it to where you will be dependent on there server's? I believe everthing is done with an underlying purpose and usually with companies it's monetary.

Non of this will keep me from buying or using there products or "service" but it would be nice to know all I could about how It all work's and why?

It would be nice to know what they do with your information and if they keep dump file's. 

Do you truly own the device you buy or is this like Microsoft that leads you to believe you own your computer when in reality each update takes it over bit by bit. Next thing you know you have to pay yo use something that was previously free.

Link to comment
Share on other sites

1 minute ago, Ron SwartzAnon said:

Good point's.

More or less I was attempting to be gentle about my question but more to the point... What's the underlying purpose to this design? Why did they design it to where you will be dependent on there server's? I believe everthing is done with an underlying purpose and usually with companies it's monetary.

Non of this will keep me from buying or using there products or "service" but it would be nice to know all I could about how It all work's and why?

It would be nice to know what they do with your information and if they keep dump file's. 

Do you truly own the device you buy or is this like Microsoft that leads you to believe you own your computer when in reality each update takes it over bit by bit. Next thing you know you have to pay yo use something that was previously free.

Thank you, and your comments are great as well. 

It will be interesting to see how it all goes.

Have a great rest of the day........oh and thanks for being gentle😊

Cheers 😎

Link to comment
Share on other sites

I can understand the point of view. I don’t use most cloud services because I don’t want my stuff used for their own business purposes.  Hak5 though touts itself as a purveyor of white hat products. With that in mind, in theory, none of the information is yours to begin with. It’s all your clients. leading to the fact that they will have signed paperwork explaining your (your pen testing business’) privacy policy and data retention policy which would (should) cover those issues. If I were to ever use these products on anything other than myself (wife still gets angry I break the wifi at least twice a week), I’d be happy as a clam keeping other peoples stuff on the cloud to make my job easier. I believe that’s the angle anyways.

Link to comment
Share on other sites

9 minutes ago, Forkish said:

I can understand the point of view. I don’t use most cloud services because I don’t want my stuff used for their own business purposes.  Hak5 though touts itself as a purveyor of white hat products. With that in mind, in theory, none of the information is yours to begin with. It’s all your clients. leading to the fact that they will have signed paperwork explaining your (your pen testing business’) privacy policy and data retention policy which would (should) cover those issues. If I were to ever use these products on anything other than myself (wife still gets angry I break the wifi at least twice a week), I’d be happy as a clam keeping other peoples stuff on the cloud to make my job easier. I believe that’s the angle anyways.

Lmao. Breaking stuff is the best part.

Thank you for your reply.

Why Is there no option to host it on your own servers? No matter who's info it is, if it's under me and my responsibility I want full control over it.

 

Link to comment
Share on other sites

50 minutes ago, Forkish said:

I can understand the point of view. I don’t use most cloud services because I don’t want my stuff used for their own business purposes.  Hak5 though touts itself as a purveyor of white hat products. With that in mind, in theory, none of the information is yours to begin with. It’s all your clients. leading to the fact that they will have signed paperwork explaining your (your pen testing business’) privacy policy and data retention policy which would (should) cover those issues. If I were to ever use these products on anything other than myself (wife still gets angry I break the wifi at least twice a week), I’d be happy as a clam keeping other peoples stuff on the cloud to make my job easier. I believe that’s the angle anyways.

Hi Ron,

Great points raised and with clarity. We cannot have everything and short of creating your own product to provide yourself with the services, I am sorry to say that the status quo remains.

I, for one, am a great Hak5 fan and can see the need to be linked in with the guys, as the benefits of updates and research for new products continuously going on, I think they provide an excellent service and worth every penny (IMO). 

Twice a week you say, breaking the wifi, my goodness that really is going some 🤓  

Cheers 😎 

Link to comment
Share on other sites

48 minutes ago, Ron SwartzAnon said:

Lmao. Breaking stuff is the best part.

Thank you for your reply.

Why Is there no option to host it on your own servers? No matter who's info it is, if it's under me and my responsibility I want full control over it.

 

Yeah, total control you say🙃.........I don't think it can be done. If you use the internet to store/transfer data, or use a cloud/dongle to store data, then it is reasonable to suggest that third parties will be involved, and everyone once a piece of business/control (IMO). 😃

Cheers 😎

Link to comment
Share on other sites

1 hour ago, Ron SwartzAnon said:

Lmao. Breaking stuff is the best part.

Thank you for your reply.

Why Is there no option to host it on your own servers? No matter who's info it is, if it's under me and my responsibility I want full control over it.

 

*twangy voice* shiiiiiittt, this stuff is all open source. You can do anything you want withh it. It just takes knowledge and energy. The hak5 teem made it easy for people like me who panic trying to set up SSH keys on more than one device. If you’ve got the know_how to create your own droplet server forwarded to your own server via vpn/ssh/forward-ported/tech-lingo then you can do it. Roll your own FW for the hak5 stuff; tweak it; break it; fix it ans break it again. That’s the beauty to this open sourced/hak5 stuff. 

Now if the complaint is that they don’t make it easy for you. Lacking the features to click a few buttons and bam, you’ve got a folder served to the web behind proxies and double encryption encapsulated tunnels.. Well, as my Pappy used to say, ‘Git good’.

 

Edited by Forkish
Link to comment
Share on other sites

29 minutes ago, Forkish said:

*twangy voice* shiiiiiittt, this stuff is all open source. You can do anything you want withh it. It just takes knowledge and energy. The hak5 teem made it easy for people like me who panic trying to set up SSH keys on more than one device. If you’ve got the know_how to create your own droplet server forwarded to your own server via vpn/ssh/forward-ported/tech-lingo then you can do it. Roll your own FW for the hak5 stuff; tweak it; break it; fix it ans break it again. That’s the beauty to this open sourced/hak5 stuff. 

Now if the complaint is that they don’t make it easy for you. Lacking the features to click a few buttons and bam, you’ve got a folder served to the web behind proxies and double encryption encapsulated tunnels.. Well, as my Pappy used to say, ‘Git good’.

 

Nice 'twangy voice' 😆

Link to comment
Share on other sites

Yeah.....

I read through this thread twice and still got lost.  If I read it correctly from the original question, it is asked why Hak5 products are tied to their servers.  Well, they are not.  The BashBunny, RUbbr ducky, and all their stuff does not require you to speak back to their server.  If you want new firmware and stuff, you can download it and install it but usage does not require..nor does it..talk back to Hak5.  The Cloud C2 might and if it does, it will be for product registration since that is one of their only products that has a free and paid tier so it has licenses.

So, I do not know of any Hak5 hardware that has a mandatory umbilical back to them.  Support you get is all manual.  Manual calling/emailing them and manually downloading and installing updates.  Hmm, I think the Pineapple speaks back to their server but only to return if there are updates and I believe there is an option to turn that off.

Link to comment
Share on other sites

15 minutes ago, PoSHMagiC0de said:

Yeah.....

I read through this thread twice and still got lost.  If I read it correctly from the original question, it is asked why Hak5 products are tied to their servers.  Well, they are not.  The BashBunny, RUbbr ducky, and all their stuff does not require you to speak back to their server.  If you want new firmware and stuff, you can download it and install it but usage does not require..nor does it..talk back to Hak5.  The Cloud C2 might and if it does, it will be for product registration since that is one of their only products that has a free and paid tier so it has licenses.

So, I do not know of any Hak5 hardware that has a mandatory umbilical back to them.  Support you get is all manual.  Manual calling/emailing them and manually downloading and installing updates.  Hmm, I think the Pineapple speaks back to their server but only to return if there are updates and I believe there is an option to turn that off.

Thanks as always for an informative response. I know that members appreciate it😎

  • Like 1
Link to comment
Share on other sites

40 minutes ago, PoSHMagiC0de said:

Yeah.....

I read through this thread twice and still got lost.  If I read it correctly from the original question, it is asked why Hak5 products are tied to their servers.  Well, they are not.  The BashBunny, RUbbr ducky, and all their stuff does not require you to speak back to their server.  If you want new firmware and stuff, you can download it and install it but usage does not require..nor does it..talk back to Hak5.  The Cloud C2 might and if it does, it will be for product registration since that is one of their only products that has a free and paid tier so it has licenses.

So, I do not know of any Hak5 hardware that has a mandatory umbilical back to them.  Support you get is all manual.  Manual calling/emailing them and manually downloading and installing updates.  Hmm, I think the Pineapple speaks back to their server but only to return if there are updates and I believe there is an option to turn that off.

I think its the web interface. That's what my question Is based on. Im waiting for my order to arrive so Im going on what i have seen and read.

 With the wifi pineapple nano you need to use Hak5 web interface to use it? Is this not correct?

Thank you for your answers.

Link to comment
Share on other sites

4 minutes ago, Ron SwartzAnon said:

I think its the web interface. That's what my question Is based on. Im waiting for my order to arrive so Im going on what i have seen and read.

 With the wifi pineapple nano you need to use Hak5 web interface to use it? Is this not correct?

Thank you for your answers.

I would say yes.......it offers great support and there are more than enough people on here to assist you. Just take your time and ensure you read the instructions fully. Setup can be a bit tricky at first, but that is usually a PICNIC (Person In Chair Not In Control) issue and not the device 😎

  • Like 1
Link to comment
Share on other sites

4 minutes ago, PoSHMagiC0de said:

You can or you can ssh into it and work on the command line if you are L33t enough.  It has an internal web interface on the Pineapple.  It is not served from their site.  I believe the dashboard does connect to their portal which just to pull down news.

Better option as always on the money buddy......😎

  • Like 1
Link to comment
Share on other sites

8 minutes ago, PoSHMagiC0de said:

You can or you can ssh into it and work on the command line if you are L33t enough.  It has an internal web interface on the Pineapple.  It is not served from their site.  I believe the dashboard does connect to their portal which just to pull down news.

I see. That's much better. Thank you.

Link to comment
Share on other sites

Hi,

Just wanted to clear up any chance of misinterpretation on what is connected to Hak5 servers, etc.

The WiFi Pineapple Web Interface that you refer to is stored on the WiFi Pineapple itself, and is served from it's own web server locally. The WiFi Pineapple UI will reach out to Hak5 owned services, but only if you explicitly want it to do so. Things such as updating the firmware, downloading modules and loading bulletins will initiate a connection to our servers. The buttons in the UI that do this are marked with such 'warnings' (basically just so you're aware it will be reaching out, if you're on an engagement).

This goes for all of our hardware products.

The Cloud C2 is different from that however, and will for licensing purposes and updates reach out to our infrastructure periodically. The news/bulletins on the Cloud C2 homepage is also hosted on our servers.

I hope this answers any questions. We don't acquire any data (for example, client reports from engagements as you mention).

  • Upvote 2
Link to comment
Share on other sites

Just now, Foxtrot said:

Hi,

Just wanted to clear up any chance of misinterpretation on what is connected to Hak5 servers, etc.

The WiFi Pineapple Web Interface that you refer to is stored on the WiFi Pineapple itself, and is served from it's own web server locally. The WiFi Pineapple UI will reach out to Hak5 owned services, but only if you explicitly state so. Things such as updating the firmware, downloading modules and loading bulletins will initiate a connection to our servers. The buttons in the UI that do this are marked with such 'warnings' (basically just so you're aware it will be reaching out, if you're on an engagement).

This goes for all of our hardware products.

The Cloud C2 is different from that however, and will for licensing purposes reach out to our infrastructure periodically. The news/bulletins on the Cloud C2 homepage is also hosted on our servers.

I hope this answers any questions. We don't acquire any data (for example, client reports from engagements as you mention).

Foxtrot..........excellent, straightforward, and spot on advice (as always). This clears the confusion and it is 'open' and 'transparent', which I believe should dispel the scaremongering currently threading itself through the forums like a sceptic vile of a poisoner's concoction............that is why I trust the Hak5 guys to dispel those lies and keep this forum in good order. 

Thanks again Foxtrot, for this and all your other comments and posts😎

Link to comment
Share on other sites

4 minutes ago, Foxtrot said:

Hi,

Just wanted to clear up any chance of misinterpretation on what is connected to Hak5 servers, etc.

The WiFi Pineapple Web Interface that you refer to is stored on the WiFi Pineapple itself, and is served from it's own web server locally. The WiFi Pineapple UI will reach out to Hak5 owned services, but only if you explicitly state so. Things such as updating the firmware, downloading modules and loading bulletins will initiate a connection to our servers. The buttons in the UI that do this are marked with such 'warnings' (basically just so you're aware it will be reaching out, if you're on an engagement).

This goes for all of our hardware products.

The Cloud C2 is different from that however, and will for licensing purposes reach out to our infrastructure periodically. The news/bulletins on the Cloud C2 homepage is also hosted on our servers.

I hope this answers any questions. We don't acquire any data (for example, client reports from engagements as you mention).

Thank you. This is what i needed to understand. Nothing personal but i like to know where info is going and stored because i feel it would be my responsibility if something goes wrong.

Being secure with info is the name of the game.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...