Hello all I have been a very busy bee over the last few weeks; I recieved my Hak5 toys about the same time PwnPlug updated their release. Sorry Hak5 but since I owned the Pwnplug first I out the toys away and started my upgrade/configuration of the plug. Now that I finished that up I was able to start playing with my new toys. What new toys you ask – well I did a little shopping and purchased a Pineapple Mark IV and a Rubber Duckey from Hak5 (thus the title of this post).
I dedcided to start playing around with the rubber duckey (hence forth referred to as the Duck) because I had jsut finished with the Pwn plug and this was further from the plug than the pineapple. I know what you are thinking – why spend all that money on the Duck when teensy is so much cheaper (and arguably you can do more with the teensy)? Good question, I figured: 1. I was already going to buy the Pineapple so why not give Hak5 more $$ 2. I liked the simpiler “language” and thought I would be able to go form own to pwn a lot faster 3. If I liked this and it was something that was going to stay in my “bag o’ tricks” then it would be easier to justify to myself buying a $20 second one (approx. cost of teensy) rather than a $70 one (approx cost of the Duck) and lastly 4. If they ever get the ability to use storage and still function like a keyboard (a ways off if even possible) that would be awesome. In the package, I recieved a microsd card, the duck, a real rubber duck (the toy), and a microsd card reader, and a usb case for the Duck. In a few minutes I had compiled my first “app” and was able to pwn my box. Yes, the programming “language” is that easy. The hardest part was getting the delays correct so that it didn’t go too fast.
Now for my first impressions on the Duck/Hak5 (in no particular order): 1. fast and convieniant shipping 2. everything you need right out of the box to include a nice case to make th e Duck look like a normal USB drive. 3. The documentation was somewhat lacking (single print out) would have expected something a little more “professional” and a little more informative – perhaps package some of the payloads on the MicroSD card so we could have a “starting” point. 4. Community support seems to be sparse as compared to the teensy and the availabilty of public payloads is almost non-exstant. On the flip side, it is pretty easy to copy a teensy program to run on the Duck.
I really like the HID attack space and will work on getting a few duckey payloads created to share with everyone. Ideally, if I can get it working right I would like to put something out similar to Kautilya for the Duck.
Enough about the Duck, for now, on to the Pineapple Mark IV. The Mark IV is a great little fun tool that I only have had the chance to play with a little bit but so far I am hooked on the potential. In the package I recieved the Pineapple, power cord, stickers, and a LAN retractable cable. Now this might sound a little silly, but I liked the stickers – not to put on the pineapple (although I will) but so I could put it on the power cord – no more of “which darn cord is it?’ – I have lots of toys and am a bit of a pack rat so I tend not to get rid of stuff even if it is old/broken and you wouldn’t believe how many power adaptors I have.
The Pineapple shipped with version 1.1.1., although the latest is 2.3.1 and the upgrade was a little painful. Not because it is all that difficult but for two simple reasons: fragmentation and failures. Fragmentation – the documentation was again one sheet and didn’t really tell you where to go for an upgrade. So I clicked on over to hak5 and then over to www.wifipineapple.com (redirect to their github) but nothing there had the instructions on how to upgrade so I went to Google and then to the forum and found their updated site cloud.wifipineapple.com. With all the different places to go it wasn’t clear on which was the deffinitive spot. If you order one go straight to cloud.wifipineapple.com and save yourself some grief. Failures – the retractable lan cable they provided doesn’t work, and of course since it was “fresh” out of the package I jsut assumed it was working and banged my head one everything around the setup of the connection (note to self check cables sooner nest time). Now I will say this, once I got everything squared away the upgrade was a snap and the new gui/functions well worth it. The Pineapple makes it scary too connect to any wifi so I am sure I will have a lot of fun with this treat. More to come as I play around with it.
Enjoy and keep it legal.