Search the Community

First off, my web dev skills are greatly rusty these days. It's been a while since I've had the chance to work on anything. Anyway, I was thinking about a way to use the MKIV for a targeted phishing attack. The Idea: A captive portal for harvesting domain credentials of a targeted company (for legitimate pen testing engagements). Using Karma (and possibly a deauth flood), clients connect to the MKIV. DNSSpoof forwards all requests to the local index.php which checks if the client has a valid session. If session is valid, it redirects the client to their requested URL. If session is NOT valid, it redirects the client to captiveportal.html where they are prompted to login with their domain credentials. Submitting the form POSTs to process.php which opens creds.txt, writes the entered credentials, builds the session, and redirects to success.html. Success page makes the client feel good and then redirects to the originally requested page. Implementation: I have attached* what I have done so far for anyone that wants to help out. I currently have a few of the pages done up. Index.php is properly redirecting to captiveportal.html, but when I submit the form I just get a blank white page for process.php. It doesn't look like it ever writes out the credentials or builds any session info. Drawing blanks on that for now. Any thoughts, feedback, code is appreciated. I'd like to eventually get this to the point that it can be wrapped up into a module/infusion for quick and easy implementation. This way, attacking companies with better wireless implementations becomes easier. You no longer have to use freeradius-wpe to capture the challenge/response and then crack. Why waste that time when you can just ask them nicely for their credentials? *It won't let me upload any of the files, so I threw it up in on github here: https://github.com/vidkun/captivePhish

Hi! Today I recieved a new Alfa Ap121u and a USB UART TTL adapter. I went this route as I am not in the US and the shipping / customs was just too much. I would love to donate tho if possible. So, by using the awesome Wiki pages and Mr-Protocol's video guide I was up and running within the hour.! Not bad from delivery to pineapple.! :P Had the issue in Putty that was getting no output from the router on com port, but changing out the TX and RX order got things on the way. I done the clean flash, with firmware 1.1.1 and upgraded to 2.5.0 using the pineapple update from the webpage. Easy. I also managed to setup my 4gb flash drive to use as storage and to install add-on modules/infusions. I shared the internet connection easily within windows 7, and the pineapple is online and loving it. So now im up and running, I would like to ask some premiliary questions. How can I set up the pineapple to capture credentials of the 'victims' that connect.? I have been using Backtrack 5 and the easy-creds script which uses Ettercap, sslstrip and urlsniff to capture passswords sucessfully in my Lab. I would like to achieve the same ease with the pineapple. (without backtrack!) I have had a look around on the Pineapple Bar and downloaded some exellent 'infusions' such as Ettercap, sslstrip, jammer, sitesurvey, (many thanks to whistlemaster) your a STAR! :) So to clarify, i would like to setup my shiney new yummy pineapple with the ability to automatically capture credentials, passwords e.t.c, and save the logs to a usb drive. Can you please guide me on how to setup please? many thanks for the fantastic work and community. I look forward to hearing from you. cheers!