Jump to content
EnkOde

O.MG Cable - Getting Started

Recommended Posts

Hey guys, I just wanted to share my experience with getting this cable set up and running. First, I just want to say i'm extremely disappointed that Hak5 released this device without proper documentation or support. Absolutely nothing on docs.hak5.org

I digress. So here's what i've learned so far.

How to set up

So like most people, I don't read the little cards that come with the products. I unwrap, head to docs.hak5.org and jump in. Well, with the O.MG cable, READ the card. It shows you the site to go to in order to get started

https://o.mg.lol/setup/

Make sure to download the firmware

https://github.com/O-MG/O.MG_Cable-Firmware/releases

So I downloaded and ran the setup script using defaults. Plugged it into the windows machine, opened my wifi settings on my phone to connect annnnndddd.... nothing

Turns out, to connect you actually have to select the "AP" option during setup, and NOT STATION. Guess what? This was actually in the README.md lol. So moral of this story... READ THE DOCUMENTATION AS DIRECTED

USAGE

So I tried again. Plugged the cable into the victim machine and tried to connect to it through my phone. Voila, i'm connected. Then just surf to 192.168.4.1 on your phone browser to get to the interface. 

SCRIPTS

So, apparently the O.MG cable doesn't come with any useful scripts preloaded. While in the O.MG interface, I went to LOAD > Example Scripts. Nothing particularly useful. They are exactly what they claim to be... just samples of scripts. But if you know powershell or cmd, then by studying the scripts you can figure out how to write your own. Just remember that anything you want typed into the terminals/command prompts, has to be proceeded by the word STRING as shown in the example scripts. 

I GOT 99 PROBLEMS, AND LAUNCHING CMD IS ONE

So launching an example script the first time worked. It opened a run box, ran some powershell, then disconnected. Awesome. So I decided to modify one line of the script to just launch cmd.exe and run ipconfig. Annnnnddd... didn't worked. As many times as I tried, running the script didnt launch the cmd. You hear the windows "error beep". Run script again, same thing. Reboot pc, run script, it works the first time, then again get the windows error beep. This is one piece thats not only annoying, but I really cant figure out why it does it. Ill provide my sample script below. Give it a try. It runs IPCONFIG, stores the results in a text file.

CUSTOM SCRIPT

GUI R

DELAY 2

STRING cmd.exe

DELAY 1

ENTER

STRING ipconfig /all > C:\tools\test.txt

ENTER

DELAY 3

STRING exit

ENTER

FUTURE UPDATES

Since Hak5 hasn't provided much support for this product, lets use this threat to consolidate future settings, issues, etc

- EnkOde

www.pwnpalace.com

facebook.com/pwnpalace

Share this post


Link to post
Share on other sites

Can the cable grab passwords on android devices such as initial unlock password or website passwords? 

Also does the device need to be plugged in while the user unlocks their device or website in order to receive that information? Do I also need to be present and logged in at that exact moment to receive that information or will it be stored and i can look at it later? 

Thank you for the help

Share this post


Link to post
Share on other sites

Like you said they don't have much info listed about the cable, sorry to trouble you but it seems like you know how the product works. 

Share this post


Link to post
Share on other sites
1 hour ago, Understudy said:

Can the cable grab passwords on android devices such as initial unlock password or website passwords? 

Also does the device need to be plugged in while the user unlocks their device or website in order to receive that information? Do I also need to be present and logged in at that exact moment to receive that information or will it be stored and i can look at it later? 

Thank you for the help

The cable is meant to be used to attack computers, not the mobile device it’s attached to. The guise of a “charger cable” is meant to get the user to trust the device. So no, you can’t attack the phone UNLESS you develop a payload that uses the affected pc to relay the attack. 
 

The cable works on WiFi. You must be within range to connect to the cable via WiFi in order to conduct your attack. 
 

The cable only has enough storage to store and run your payloads. If you’re looking to dump information such as hashes, you must add commands to your payload that will exfiltrate the data to an external source

For more info, visit the devs site or www.pwnpalace.com/o-mg

Share this post


Link to post
Share on other sites

ok understood. I thought what I was viewing on the videos on YouTube was the cable posing as a charger and watched it backdoor iPhone and Android devices via the charging connection either via keylog scripts or plain image mirroring on the master device. 

They made it appear like the cable was attacking the phone plugged into it not a computer. 

Share this post


Link to post
Share on other sites
43 minutes ago, Understudy said:

ok understood. I thought what I was viewing on the videos on YouTube was the cable posing as a charger and watched it backdoor iPhone and Android devices via the charging connection either via keylog scripts or plain image mirroring on the master device. 

They made it appear like the cable was attacking the phone plugged into it not a computer. 

No sir. Think of the cable as a bash bunny, except made to not look obvious so the victim themselves will plug it in without suspicion and developed for on the fly payloads

Share this post


Link to post
Share on other sites

So why are people worried about plugging in their phones to these cables if it can't attack the phone or get their unlock password or web passwords?

They have me so confused on this issue and what is actually capable of doing unless you're also saying that you can run payloads on their phones via the wireless charger. 

Share this post


Link to post
Share on other sites
36 minutes ago, Understudy said:

So why are people worried about plugging in their phones to these cables if it can't attack the phone or get their unlock password or web passwords?

They have me so confused on this issue and what is actually capable of doing unless you're also saying that you can run payloads on their phones via the wireless charger. 

Easy answer. It’s because all reports in the media are implying that it attacks their phone. The dev never said that, but that’s the wild assumption going around. Either way, that’s not a bad thing. If people continue to think it attacks their phones, they’ll be more cautious about what they plug in

Share this post


Link to post
Share on other sites

I've also seen reports that some charging cables are stealing people's information in public places when attached. How are they managing such a task? 

How can any device plugged in just steal your unlock password or website passsords

Share this post


Link to post
Share on other sites
3 minutes ago, Understudy said:

I've also seen reports that some charging cables are stealing people's information in public places when attached. How are they managing such a task? 

How can any device plugged in just steal your unlock password or website passsords

There is a payload for macs called LockScream that can actually do this via the O.MG cable. But anyway, if you have any other questions, feel free to visit that site or the devs Slack channel

Share this post


Link to post
Share on other sites
Posted (edited)

I have a little problem and a question. Question first...where should i save the payload? In one of the slots or the boot slot? I used the slot 1 first (Its says switch with the "Load Madul" [guess it means module])..nothing happens. Am I missing something? And what is that "load madel"?) But nothing happened when i replugged the cable. I then  load the payload again, to see if it was saved..it was.  ...so i guess it means i should put it in the boot slot (and then call other scripts in the slots if needed)? And How do i program the cable, without using the payload on myself (in case of a descructive payload)
Or do i miss something, like setting a trigger? How do i start the payload?

The problem i got i similar to OP..when i test run the payload from the interface, i get different outcomes each time. My simple test code was just

GUI R
DELAY 1
STRING notepad.exe
ENTER
DELAY 2
STRING Hello KeYboardZ          (testing keyboard layout)

That simple code gives me weird results sometimes..like it opens the comand promp and types otepaeeeeeeeeee.exe (that extra eeeeee happend quite often), no matter the delay time, it prints just half the text.
The ipconfig payload from OP doest work at all..always with a different outcome..often the file it should save to is a weird mix of letters/symbols, not the given path (i tested with D:/Calbeloot.txt)

Any ideas..or at least what i do wrong with setting up a payload..its saved to slot 1, but nothing happens, and i dont want to touch the boot slot unless im 100% positive that i have to.

 

And a firmware question..whats up with that 5.9 valentines firmware? Is that a April fools..or legit? I flashed to 1.4 to be save.

Thanks in advance

Edited by Sizzlik

Share this post


Link to post
Share on other sites

I’ll answer one of the questions, as MG now has a thread on here for the cables. The latest firmware should fix the issue you’re having with repeat characters. For answers to your other questions, go check out the O.MG Slack channel, as the devs are very active in there

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, EnkOde said:

I’ll answer one of the questions, as MG now has a thread on here for the cables. The latest firmware should fix the issue you’re having with repeat characters. For answers to your other questions, go check out the O.MG Slack channel, as the devs are very active in there

Yep..i made a slack "account"..as for the firmware, i tried 5.9 Valentine now, No problem with repeating chars anymore, since the same script wont work at all..i noticed the cable seem to type faster now, but something might be wrong with DELAY or so..since it only manages to open notepad, but doesnt type in it (payload already done?)..no matter if i run the script from pc or mobile.
And it stops the AP (thats mentioned somewhere)..so the 5.9 is useless for me.
I went back to 1.4. Its annoying to always replug the cable for every test.

Also keyboard layout is not yet implemented, but worked on.

As im here now i ask here...what id the demonseed capable of? I bought it with the cable, just for soldering practice and the lulz, not knowing what the cable itself can do in the end...

Edited by Sizzlik

Share this post


Link to post
Share on other sites

The AP disconnect is a minor issue. To remedy it, simply turn on auto-reconnect on your device. As far as the demonseed, I can’t answer that as I don’t own the kit

Share this post


Link to post
Share on other sites

I'm with you.  Everyone isn't a wizard like Mr. Kitchen.  Just took my Pineapple Tetra out of the box and I can't figure out how to plug the USB Y cable into the Pineapple and my computer?  You have 3 plugs on the Y cable; 1 - Micro USB, 1 - Single USB "A" and 1 - Split USB "A".  Which one do you plug into where to load the firmware using a laptop?

Thanks, Paul

Share this post


Link to post
Share on other sites
1 hour ago, Big Blue RV said:

I'm with you.  Everyone isn't a wizard like Mr. Kitchen.  Just took my Pineapple Tetra out of the box and I can't figure out how to plug the USB Y cable into the Pineapple and my computer?  You have 3 plugs on the Y cable; 1 - Micro USB, 1 - Single USB "A" and 1 - Split USB "A".  Which one do you plug into where to load the firmware using a laptop?

Thanks, Paul

I’m not sure I understand your question 

Share this post


Link to post
Share on other sites
On 2/27/2020 at 3:48 PM, EnkOde said:

Hey guys, I just wanted to share my experience with getting this cable set up and running. First, I just want to say i'm extremely disappointed that Hak5 released this device without proper documentation or support. Absolutely nothing on docs.hak5.org

It is not a product that hak5 developed, they are just selling it. MG developed it. That's why they also have no documentation, because it is not their product.

 

On 4/14/2020 at 12:33 AM, Big Blue RV said:

I'm with you.  Everyone isn't a wizard like Mr. Kitchen.  Just took my Pineapple Tetra out of the box and I can't figure out how to plug the USB Y cable into the Pineapple and my computer?  You have 3 plugs on the Y cable; 1 - Micro USB, 1 - Single USB "A" and 1 - Split USB "A".  Which one do you plug into where to load the firmware using a laptop?

Thanks, Paul

First of all, wrong topic here mate. There is a wifi pineapple section.

I think I understand your question, but I'm sure you don't have to be a wizard to figure out how to plug a USB Y cable correctly into your computer/laptop😉. It is shown in the setup below.

As far as I understand, you don't know how to install the firmware. Did you even read the manuals??? Did you watch a single setup video??? Everything is well documented. And because you don't have the energy to google by yourself, I did it for you. Here's a Tetra windows setup link. 

I assume that you aren't on linux as you would probably have more knowledge. But if you are on linux, there is also a tutorial on that: https://www.youtube.com/watch?v=gqMW0NeODAQ

Sorry for being harsh but I hate it when people complain and don't even have the effort to do a little bit of research. There is a difference between not understanding something and complaining about something that you didn't even google.

 

For those people who don't understand what it does, here's a little information of what the O.MG Cable really is

First of all, the O.MG cable is NOT meant to attack a phone. It is meant to attack a computer. The media just presents as it would attack phone, because of its appearance of a cable. The O.MG Cable is basically a rubber ducky, but it has one big advantage: you can control it wireless. It is a wireless rubber ducky in shape of a cable. As far as I know, it can only do HID Injection, that's why I would rather compare it with the ducky and not with the bunny.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...