sud0nick Posted March 5, 2015 Share Posted March 5, 2015 (edited) This thread is for the Injection Set feature in Portal Auth. Any questions pertaining to injection sets may be asked here but any other feature of Portal Auth must be discussed on the official support thread. This first post will serve as a repository for links to injection sets. If you create one and would like to share it then please send me a private message with the link and I will post it here after a brief review. To start things off here is the default injection set that comes with Portal Auth. Injection Sets: Default (infotomb.com/jhh5p)Free WiFi Week (infotomb.com/cpcw3) It appears the files have been deleted from InfoTomb. If you would like to download them you can go to my website (http://www.puffycode.com/download/PortalAuth/InjectSets/) or you can download them directly from the Injects tab of the infusion. Edited August 28, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
fringes Posted March 6, 2015 Share Posted March 6, 2015 Just curious... Is this going to result in you hosting copies of copywrited software for redistribution? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 6, 2015 Author Share Posted March 6, 2015 (edited) No...how would you ever come to that conclusion? Edit: The only reason I can think of why you would ask such a question is maybe you think I will be sharing cloned portals. Injection Sets are not copies of portals they are simply extra code created by a user to inject into a portal. This can be useful during a pentest because maybe the company has a portal for public WiFi on their network and while cloning you want to include your own custom login form. Instead of being stuck with the default you now have the option of choosing which set to use before cloning. Other users here can create their own, export them, and share with other Pineapple users to include in their clones. It is a quick way to modify a portal while cloning it so you can get your Pineapple up and running as quick as possible. Edited March 6, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
cheeto Posted March 6, 2015 Share Posted March 6, 2015 Will the creation of injection sets require programming skills? or can it be done with photoshop --> export css? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 6, 2015 Author Share Posted March 6, 2015 This is the breakdown of an injection set: injectjs.txt injectcss.txt injecthtml.txt auth.php backups/ injectjs.txt injectcss.txt injecthtml.txt auth.php backups only exist if you click the Back Up button for each file. This is so files can be restored back to their backed up state if you somehow mess up your code. InjectJS is a file of JavaScript code InjectHTML is a file of HTML code InjectCSS is a file of CSS code and auth.php is the PHP file you will use to log credentials Some programming skills will be necessary to create a fully functional Injection Set. However, if you build something with a GUI and it allows you to export code to a file you can simply copy and paste it into the injection set. The whole point to this feature is those who know how to create web based login forms will be able to share what they have built. I will try to build some sets in the future to contribute to the repository. Quote Link to comment Share on other sites More sharing options...
fringes Posted March 6, 2015 Share Posted March 6, 2015 No...how would you ever come to that conclusion? I didn't mean to offend. Thanks for the clarification of what an injection set is and isn't. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 6, 2015 Author Share Posted March 6, 2015 I didn't mean to offend. Thanks for the clarification of what an injection set is and isn't. Don't worry about it. I wasn't offended just kind of confused at first as to why that would be asked. Quote Link to comment Share on other sites More sharing options...
fringes Posted March 6, 2015 Share Posted March 6, 2015 Ok, I can read back through all the posts, but I'm just going to ask instead risking the ire of those that already know the answer: Has someone done a begining-to-end demo of using Portal Auth, especially using injection sets, to clone an example portal, and publish it via evil-portal? I've seen some pretty slick videos here lately, and I'd like to see one that demonstrates one or more common scenarios. Quote Link to comment Share on other sites More sharing options...
cheeto Posted March 6, 2015 Share Posted March 6, 2015 don't expect to see too much information on the portal injects as it's rather new. sud0nick might make a small tutorial on how to use it. But as he said, some programming skills might be necessary. I guess I'm screwed. :( As for portal auth, it's perhaps the easiest infusion out there however to use it, you need access to a portal site. I shouldn't mention any commercial name of places that have them, but they're almost anywhere from Cafe's to hotels etc.. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 7, 2015 Author Share Posted March 7, 2015 Ok, I can read back through all the posts, but I'm just going to ask instead risking the ire of those that already know the answer: Has someone done a begining-to-end demo of using Portal Auth, especially using injection sets, to clone an example portal, and publish it via evil-portal? I've seen some pretty slick videos here lately, and I'd like to see one that demonstrates one or more common scenarios. I'm working on one now and should have it online soon. I don't know if it will cover what you consider to be common scenarios but it does take you the process of creating, modifying, exporting, and importing injection sets as well as cloning a portal. I'll post it on the official support thread when it's ready. Quote Link to comment Share on other sites More sharing options...
fringes Posted March 8, 2015 Share Posted March 8, 2015 Great, thanks. Watcching it now. Quote Link to comment Share on other sites More sharing options...
stunner2xx Posted August 14, 2015 Share Posted August 14, 2015 Can someone make a video with the Mark5 and the latest firmware? I have been on this for a while and cant seem to make it work Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 10, 2015 Author Share Posted September 10, 2015 (edited) I need some input from the community for a new injection set. I'm making one that is similar to the default but instead prompts the victim to download a Network Client program to proceed. This "Network Client" can be any payload that you upload to the Pineapple through the Portal Auth infusion. You can gather network information, create a reverse shell, or anything you can think of. The main issue I need help with is verifying the victim actually downloaded and ran the payload application. Here is how I would do it for myself: 1. Create basic application that does nefarious stuff in the bg and displays an access key to the victim. 2. After victim clicks download button from the cloned captive portal a window appears with a text field for them to enter the access key. This key would be the only way for the victim to access the content of the cloned captive portal (or network if the Pineapple is already authenticated with the portal) forcing the victim to run the application first. 3. The static access key would be stored in a file on the Pineapple for the auth.php script to verify the victim entered the proper key. If it's correct they can access the network. If not, alert them to run the application and enter the access key. The only problem with this setup is it's not dynamic enough to distribute to all of you. What if you don't want to use my payload? What if you want to change the access key? It would result in the whole injection set being worthless. I also don't want to remove those options entirely because I don't want the victim to be able to bypass the cloned portal. So, do you guys have any ideas? Edit: Here are some screenshots to give you an idea of what I'm talking about. Edited September 10, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
DataHead Posted September 12, 2015 Share Posted September 12, 2015 (edited) Depending on the code needed, why not use python as the payload delivery language for such authkey, create a file somewhere on the target, and have the actual payload read from said file, and then use cx_freeze to make an executable of the python delivery system (or similar python to binary converters if needed). That way users of the payload can adjust the very payload to their needs. This method of payload delivery should be sufficient for most target operating systems. And hell, could even target android with using stagefright (or other vuln if users need root or system privs), then with android and an apk with the proper permissions, can get some juicy info from the phone to make sure users are entering the real username credentials for said Gmail account. I also remember seeing an apk pakager for python scripts... somewhere.. python4android will take care of most access to proper permissions and such etcetcetc :-) I'm sure you can get a general idea of the implementations scope from what I'm saying. Just my 2 cents. Edited September 12, 2015 by DataHead Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 12, 2015 Author Share Posted September 12, 2015 Good stuff, DataHead! I actually started to move forward already by creating a payload in Python and compiling it with py2exe for the target machines which, I think, is what you are getting at. If I understand you correctly, cx_freeze could become a dependency of Portal Auth, the user would be able to modify the python scripts directly and compile them on the Pineapple, then if something needed to be changed such as an access key it would be trivial enough even for non-programmers. I've never used cx_freeze before but I just looked it up and I'm guessing it is the same as py2exe but creates platform independent executables? Quote Link to comment Share on other sites More sharing options...
onion2346 Posted September 12, 2015 Share Posted September 12, 2015 Hi, quick question, not sure if this is the right thread to post in but... in portal auth, i click on the "activate now" button after saving/creating a copy of the "freewifi" infusion (just named it freewificopy) that is already provided there... and then how i understand that is suppose to transfer this over to evil portal where i can find it under libraries > saved portals? however when i do all this and then check in evil portal it simply says "you have no saved portals to view" please help am i missing something or what? Cheers, onion Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.