Jump to content

[Support] Portal Auth


sud0nick

Recommended Posts

so i couldnt get it to work. says drive space is full.

root@Pineapple:/# df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 3200 3112 88 97% /
/dev/root 12032 12032 0 100% /rom
tmpfs 30904 440 30464 1% /tmp
tmpfs 512 0 512 0% /dev
/dev/mtdblock3 3200 3112 88 97% /overlay
overlayfs:/overlay 3200 3112 88 97% /
/dev/sdcard/sd1 14497704 360396 13409968 3% /sd

this is what happens when i run the other commands

root@Pineapple:/sd/infusions/portalauth/includes/scripts# ./check_depends.sh
Not Installed
root@Pineapple:/sd/infusions/portalauth/includes/scripts# ./install_depends.sh
md5sum: can't open 'beautifulsoup4-4.4.0.tar.gz': No such file or directory
sh: 63d1f33e6524f408cb6efbc5da1ae8a5: unknown operand
MD5 of BS4 does not match
Link to comment
Share on other sites

  • Replies 262
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

  • 2 months later...

I know I already responded to you on Twitter but I'll reiterate here.

Your issue with nodogsplash being removed has nothing to do with PA but you should try to refresh the small tile for Evil Portal to see if the dependencies are actually missing. I've run into this problem many times where EP throws a message that says depends are missing but if I refresh the tile all is well.

You can clone websites that are not captive portals by entering the URL of the site in the Test Site field in the Config tab. Everything should work well but I have run into network timeout errors on larger sites.

Check out my video on Portal Auth that describes every aspect of the infusion. It's a little long but teaches every part of it.

Link to comment
Share on other sites

  • 2 weeks later...

This is a very interesting infusion and im looking forward to its first stable version.

Just wanted to confirm something;

Is it possible or at least planed to use this infusion to clone and harvest unique password/username based portals?

I saw your demonstration from the pineapple 5 where you cloned a Starbucks portal that would require a user to get a password from a downloaded exe.

My question is, could you clone something along the line of an offices's internet filter or a collage university portal. A portal that everyone has their own username and password to.

And gather their username/password then push them to the web. The portal would have to look exactly like the original with just the 2 text boxes, without any popups as not to raise any red flags from IT admins who might get pulled onto the network by pineAP. (that would be a red flag in itself)

Example:

<spoiler> <--- i have no idea how these work

result-authscreen.png

</spoiler>

Link to comment
Share on other sites

This is a very interesting infusion and im looking forward to its first stable version.

The current release is a stable release.

Just wanted to confirm something;

Is it possible or at least planed to use this infusion to clone and harvest unique password/username based portals?

I saw your demonstration from the pineapple 5 where you cloned a Starbucks portal that would require a user to get a password from a downloaded exe.

My question is, could you clone something along the line of an offices's internet filter or a collage university portal. A portal that everyone has their own username and password to. And gather their username/password then push them to the web.

You can absolutely do this, however, you will not be able to clone the database that contains the expected usernames and passwords. If that were the case we wouldn't need to trick the user (except to maybe get a plaintext version of a hashed password). The demonstration you are talking about shows a special injection set I created to grant users an access key to further portray a valid captive portal. The .exe they download to get that key executes a root shell on their system so you can access it. This functionality is not dependent upon any particular captive portal and can even be used on a cloned website.

You can definitely clone the portal pictured in your post and use that to get the user's credentials. However, Portal Auth will not automatically send those credentials to the original portal so you will have to first authenticate your Pineapple on that AP or by some other means (i.e. 3G/4G modem) to give your target users internet access after they give you their credentials.

Link to comment
Share on other sites

The current release is a stable release.

You can absolutely do this, however, you will not be able to clone the database that contains the expected usernames and passwords. If that were the case we wouldn't need to trick the user (except to maybe get a plaintext version of a hashed password). The demonstration you are talking about shows a special injection set I created to grant users an access key to further portray a valid captive portal. The .exe they download to get that key executes a root shell on their system so you can access it. This functionality is not dependent upon any particular captive portal and can even be used on a cloned website.

You can definitely clone the portal pictured in your post and use that to get the user's credentials. However, Portal Auth will not automatically send those credentials to the original portal so you will have to first authenticate your Pineapple on that AP or by some other means (i.e. 3G/4G modem) to give your target users internet access after they give you their credentials.

Thanks,

From knowledge ive gathered, all passwords for the portal I plan to clone are all 6 chars long, and are a mix of random numbers and letters. (users are a mix of the persons first and last name so brute forcing isnt an option)

Im sure its possible to put some extra java in there that keeps them on the page if the password entered isnt exactly 6 chars long.

That will hopefully prevent any wrong passwords being entered, or ITs attempting to inspect the portal by entering random info.

Link to comment
Share on other sites

Thanks,

From knowledge ive gathered, all passwords for the portal I plan to clone are all 6 chars long, and are a mix of random numbers and letters. (users are a mix of the persons first and last name so brute forcing isnt an option)

Im sure its possible to put some extra java in there that keeps them on the page if the password entered isnt exactly 6 chars long.

That will hopefully prevent any wrong passwords being entered, or ITs attempting to inspect the portal by entering random info.

It should go without saying but I hope what you are doing is all legal and with the permission of the owners of the AP / portal. If not then I recommend you don't do it.

Link to comment
Share on other sites

  • 6 months later...

Sud0Nick - This tool looks absolutley great. I was just wondering if something like this existed. I have unwrapped my nano and got it all installed unfortunatley im in a wifi blackspot so need to go hunting for some portals to try this on. I was wondering a few things:

- Do you host a repository of cloned portals? It would be great if there were a way to download some templates so I could popup in the middle of somewhere, throw up a generic portal 'a la xfinity' without the need to clone it myself?

- Is there a way I can test this without needing to find my local startbucks etc? I guess I would need to host a captive portal myself form my laptop - I could do this with NDS from Kali I guess, but again there would be limited content for PA to clone.

 

Great work on this one.

Link to comment
Share on other sites

1. I do not host a portal repository.

2. You don't necessarily need to clone a "portal" as you can point the Test Site field setting to any URL and clone its page.

Since you mentioned you're using the NANO you will want to look in this thread for the latest information about the module.  This thread we're in pertains to the old MK V version of Portal Auth which I no longer update.

Link to comment
Share on other sites

Sud0nick - thanks for the quick post back. I guess that the portal repo would be welcomed by many, is there an aversion to hosting one - if you aren't willing to host one do you have an objection to anyone else doing so? To the rest of the modules users would you want one and contribute if we hosted one?

Link to comment
Share on other sites

I will not endorse a portal repo.  It would quickly become a place for social media phishing templates which have no value in a legal pentest.  If someone chooses to clone Facebook and attempt to steal people's creds that's on them but I won't encourage that behavior.

Link to comment
Share on other sites

6 hours ago, sud0nick said:

I will not endorse a portal repo.  It would quickly become a place for social media phishing templates which have no value in a legal pentest.  If someone chooses to clone Facebook and attempt to steal people's creds that's on them but I won't encourage that behavior.

This. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...