newbi3

Pineapple Moderators
  • Content count

    979
  • Joined

  • Last visited

  • Days Won

    50

About newbi3

  • Rank
    Hak5 Ninja

Profile Information

  • Gender
    Male
  • Location
    The Nebakanezer
  • Interests
    Networking, Programming, Learning, Observing, and Drumming

Recent Profile Visitors

11,901 profile views
  1. About a year ago I broke the screen on my one plus one and its unresponsive. I found it in my drawer today and decided to get the data off of it and luckily I had debugging mode enabled so I was able to pull my photos and everything with adb. Now, I'm trying to pull a sqlite database from an app but I don't know what the name of the file is and my phone isn't rooted so I don't have permission to ls in the apps directory. Is there a way to exploit CVE-2016-2503, CVE-2016-2504, CVE-2016-2059 and gain root access via the shell on my android phone?
  2. Oh, Android devices don't have the Captive Portal automatically pop up and there is nothing you can do about that. Apple devices do however.
  3. This is something that I indeed need to address and sud0nick has pointed out a partial solution for this, however it involved modifying the nginx config and thats something I'm trying to avoid doing. When I have a free day on my hands this is something I'm going to be researching and implementing. Wether or not it will make it into the 3.0 release I can't say for sure but it will definitely be in a 3.x release.
  4. Is this the beta version or the current version in the pineapple bar?
  5. Okay so I think you have a few misconceptions here that I will address first: The destination is not a destination URL that the client will be sent to after authorizing, but instead it is the destination landing page that EvilPortal will present to them. The default is default.php but you will need to make a new page for whatever your use case is. For example if I have a rule that sends all iphones to an iphone branded landing page the destination would be something like "iphones.php" or whatever you want to call it. Also, I think I addressed this in the readme but I could be wrong. In order for the SSID rules to work you need to be logging associations with PineAP. Finally, you will need to have a route to the 172.16.42.0 network in order for the live preview to load and in order to see the captive portal. Let me know if you have any other issues!
  6. private function abortScan() { // this will write to a file in /tmp called does_it_work.txt // if the abortScan method is getting called then this file will exist file_put_contents("/tmp/does_it_work.txt", "this function got called!"); exec("killall -9 airodump-ng && cp -f /pineapple/api/wardrive-* /pineapple/modules/Wardriver/log/"); // give some sort of response back $this->response = array("aborted" => true); } you can also test by starting airodump and then checking if its still running from the command line after the abortScan method is called ps | grep airodump
  7. Test if your abortScan method is getting called by writing something to a file
  8. It might be working, one thing you arent doing is giving a response back. private function abortScan() { exec("killall -9 airodump-ng && cp -f /pineapple/api/wardrive-* /pineapple/modules/Wardriver/log/"); // give some sort of response back $this->response = array("aborted" => true); } and then handle the response in your JS $scope.abortScan = (function() { $api.request({ module: 'Wardriver', action: 'abortScan' }, function(response){ console.log(response); if (response.aborted) { $scope.scanning = false; } }); });
  9. You module.php file needs to implement the route() method http://wiki.wifipineapple.com/#!./creating_modules.md#module.php this method is what maps an action in the request to a function that gets called public function route() { // create a case for each possible action passed in the request switch($this->request->action) { // what happens when an "abortScan" action is requested case "abortScan": // call the abortScan method $this->abortScan(); // break the case - don't forget to do this otherwise what ever case comes next will also get called break; } }
  10. Hey nrohsakul, You can see JS errors in your browsers developer console https://developer.chrome.com/devtools https://developer.mozilla.org/en-US/docs/Tools/Browser_Console And I recommend showing PHP errors nano /etc/php.ini press crtl + w and search for "display_errors" and set it to "On" display_errors = On then restart nginx /etc/init.d/nginx restart Now your developer environment should be all good to go!
  11. Nifty, I don't re-install arch frequently enough for me to justify using it but I dig it.
  12. Do you have a serial cable to connect it to your laptop?
  13. Copied from the main post in this thread: OPEN BETA FOR VERSION 3.0 The next version of Evil Portal is almost ready and I would like some beta testers. If you are interested head on over to the git repo and get the development code onto your pineapple. The installation instructions are in the readme. https://github.com/frozenjava/EvilPortalNano/tree/development The new release has an entirely new type of portal called a Targeted Portal. These portals let you route clients to a specific page based on a rule such as their mac address, associated ssid, hostname, and useragent. Each one of these rules can have a set value or a regular expression value and there can be an unlimited number of set rules. You will have to create a landing page to be served to the target client(s). By default the default.php landing page will be serve to any client who doesn't match any rule. This file can be modified to how you wish. There is also a new file in the portals called helper.php which contains 3 functions: getClientMac, getClientSSID, getClientHostName these functions can be used in your portal to display information about the client to them or for whatever other purpose you have. I would like to not that for the getClientSSID function and the ssid target portal rule to work, PineAP MUST be enabled! This release has a lot of new and re-worked features that need testings so here they are: Rules and rule editing works for Targeted portals Creating Portals on an SD card (should not be allowed if there is no SD card) Moving Portals between internal and SD storage (should not be allowed if there is no SD card) Creating Targeted and Basic Portals Deleting files and portals If you are running the beta version of EvilPortal this feature already exists, if you are not running the beta version then create a symbolic link. No, this was just me planning on adding support for creating portals on the SD card but being to pressed for time when I initially created it for the nano/tetra to fully implement the feature.
  14. Nothing against you personally I just have to enforce this rule I set otherwise this topic will get way to cluttered. In the future ask all questions about programming here: https://forums.hak5.org/index.php?/forum/40-applications-amp-coding/
  15. //If Submit Button Is Clicked Do the Following if ($_POST['Login']){ $myFile = "log.txt"; $fh = fopen($myFile, "w+") or die("can't open file"); $stringData = $_POST['username'] . ":"; echo fwrite($fh, $stringData); $stringData = $_POST['password'] . "\n"; echo fwrite($fh, $stringData); fclose($fh); } This would be a lot cleaner: if (isset($_POST['username'])) { file_put_contents("log.txt", $_POST['username'] . ' : ' . $_POST['password'], FILE_APPEND); } I didn't test it but it should work. Also I should point out that it appears that you are trying to do some phishing here.. phishing is against the forum rules so this will probably get locked. I'll leave my example up just for educational purposes but I do not condone phishing and if you use my code for that I'm not responsible.