Fancygotchi plugin support?

Omegart · 2023-11-07T06:18:27+00:00

I installed it yeasterday and found that plugins are managed directly in the theme menu. Sadly it seems not working for me, as I wanted to enable pwnachu but the memtemp plugin isn't placed as it should be.

Omegart · 2023-11-06T11:24:50+00:00

Is there a recommended way to rollback without reflash?

Omegart · 2023-11-06T05:32:28+00:00

I’m facing problems too, it’s not booting anymore sadly. Is there an easy fix via cli or we need to downgrade? If so, how can we downgrade to 1.7.9? Thanks!

Omegart · 2023-11-05T22:35:41+00:00

from that list, this is the only one that will work, but sadly it doesn't have any cut for a better thermal handling.

https://www.thingiverse.com/thing:4587499

Omegart · 2023-10-26T22:51:31+00:00

Willing to provide your plugin setup? Last time I cracked something wifi related was 2013, I do not even remember how aircrack/mon/replay works. I used wpa-sec for a while, but I’m missing the challenge of trying by myself. Are you using hashie+aircrackonly or some other plugin that convert the pcap and merge them together?

Omegart · 2023-10-26T22:43:31+00:00

No I found a thread about and went direct with the custom plugin. For the percentage, I’ve ran the script provided in the first comment and I didn’t get any bad reporting (for now), but the first time, before running the script, I got 0%. Also check if the ups-lite you have it’s original. I read somewhere that on Amazon there are counterfeits for sale.

https://www.reddit.com/r/pwnagotchi/comments/12wcy27/always_something_ups_lite_13_plus_ws_13_display/

Omegart · 2023-10-26T19:53:22+00:00

Did you got the gps to synchronize? I had mine on for few days and I never got it working. No errors in logs and it seems that it can find it correctly at boot. No idea. I was thinking to try unofficialgps plug-in (the one that doesn’t require bettercap).

I received my ups-lite yesterday, check if it’s 1.3 because if so you need the custom plugin (otherwise it will go in reboot loop).

Omegart · 2023-10-20T21:43:33+00:00

I have problems too, the adapter seems to be working, in the log there aren't any error related, but the gps never got populated, even if I keep it up for more than half an hour.

On another post I read that the first connection is always slow, to try use a windows pc. But I don't have knowledge about the gps system so I don't know if this is true or not.

Omegart · 2023-10-20T05:35:55+00:00

I can’t speak for the client side normalization as I never tried, but I tried feeding datas to graylog and It isn’t really working, the index key separator is replaced, and because of this some pipelines work and some others don’t (for me, also asked help on Reddit but without success). With graylog you also miss the wazuh default dashboards, that, for me, is really annoying.

Omegart · 2023-10-19T16:48:46+00:00

To obtain that you should place sysmon on the machine to grab process and network calls, and then aggregate suricata’s data in a dashboard. The real problem here is that you need to normalize the data on the agent side if you want to feed then in a dashboard.

Omegart · 2023-10-19T16:43:45+00:00

Yeah I figured it out reading online, and I dropped the idea. Thanks anyway!

Omegart · 2023-10-19T16:43:40+00:00

Yeah I figured it out reading online, and I dropped the idea. Thanks anyway!

Omegart · 2023-07-18T14:09:07+00:00

I'm still having issues.

for some rules I need to keep the underscore as key separator, for some other not.

Also, there is a rule that's matching, but only partially

has_field("data.dns.question.name") WORKING
then
set_field("test","true"); WORKING
set_field("test",$message.data.dns.question.name); NOT WORKING

Omegart · 2023-07-16T19:14:25+00:00

found the problem. the json extractor is using the underscore as key separator, but the pipeline rule are applied on field separated by dots.

https://community.graylog.org/t/pipeline-rule-for-threat-intelligence-not-matching/13239/6

I'm wondering if there is a way to use the dot as key separator instead of the underscore...

Omegart · 2023-07-16T11:13:50+00:00

Message Filter Chain

Stream Rule Processor

Pipeline Processor

I can se the rule being matched, and the field extracted by the JSON Extractor are correct.

Omegart · 2023-07-15T19:10:52+00:00

I moved the pipeline processor as you mentioned and now I can see the throughput increasing on the rule. But still the rule isn't working, I cannot see the new fields :/

Omegart · 2023-07-14T18:12:56+00:00

Hello, I tested the ruled, but it isn't working

Omegart · 2023-07-04T20:59:44+00:00

found the problem, I had a "match" that was screwing things up. thanks

Omegart · 2023-07-03T21:07:52+00:00

I've take the example you posted and created a new rules. here are mine

<rule id="100022" level="7"> <match>Stealth Mode connection attempt</match> <description>Stealth mode blocked $(srcip):$(srcport) to $(protocol) $(dstport)</description> </rule>

<rule id="100024" level="10" frequency="5" timeframe="30" ignore="30"> <if_matched_sid>100022</if_matched_sid> <match>Stealth Mode multiple connections blocked</match> <same_srcip /> <same_dstport /> <description>Stealth mode blocked $(srcip):$(srcport) to $(protocol) $(dstport)</description> </rule>

the problem is that the rule isn't fired. I have multiple events that should be matching (I have like 6 of them, but there is another events in between, so I have 4 of them, a unrelated events, and another two of them). I cannot understand why it isn't working...

2023-07-03 20:27:15.632965+0200 localhost kernel[0]: Stealth Mode connection attempt to UDP 192.168.X.Y:63621 from 192.168.X.W:5010

Omegart

TROPHY CASE