nickfrosty

To help speed up the transfer speed, you could use a normal flash drive instead of a twin duck. The script will look for any drive labeled "DUCKY", so simply label your normal flash drive to "DUCKY" and either don't use the twin duck firmware or don't label the mass storage drive of the twin duck something else. Then when you run the payload, just make sure your normal flash drive is plugged in first and the drivers for it are loaded. Then you are good to go!

Sorry whistlemaster, but I think I'll go with profit! You never know when you are going to be in a life and death situation when those 6 bytes could mean the world!

Ahh, I see what you're saying. My question is, whats the difference in the way that the web ui handles them? Because the line with the custom test param works fine on my pineapple, and it seems like it wasn't on yours. As far as I could tell, there isn't a difference because of how the refresh_small functions is coded. It really only checks for "sys" as the second param, and if it's not then it just marks it as a normal infusion. So I guess I just assumed it would handle it fine on other pineapples. function refresh_small(name, type){ var id = tile_list[name]; updateTile(id, name, (type == 'sys' ? "system" : "infusions"), ""); } But I will certainly just remove the parameter :)

That line is in the toggle function, which is why I asked the question.

That's what I was thinking originally. What do you mean it doesn't work? Can you elaborate?

Ohh! Sorry about that. I just resubmitted the infusion. I thought about including the apk in the infusion but I decided against it for a few reasons. Mainly because I didn't want to take up the precious memory space of the pineapple and I figured this way you can easily download it (and get the newest app updates) from your android device when you aren't using the pineapple or aren't connected to the internet on the pineapple. All that being said, if people would prefer me to include the apk in the infusion, then I can most certainly do that to. :)

It makes it easier to manage your pineapple from an android device. Instead of having to zoom around when needed, the app displays the pineapple in nice android lists.

Just to let everyone know, I just published the Android Controller! Here is a link to the new thread: https://forums.hak5.org/index.php?/topic/30184-android-controller/

Introducing Android Controller v1.0.0!!! Easily control your Pineapple from an Android App. Full instructions to install the infusion/app are included in the download package (for those who need them). Downloads: http://dl.nickfrosty.me/wifi-pineapple By request, the source code for the Android application is also available for download. :) Currently, you have to manually install the infusions as it is pending acceptance to the Pineapple Bar. Once accepted, I will update this post. If you find any bugs or have any issues/recommendations, feel free to post them to this thread or message me. There is also a contact email in the download package. Enjoy! UPDATE =========== I have also written a short blog post about the Android Controller on my blog. Here is the link if anyone is interested: http://www.nickfrosty.me/blog/2-wifi-pineapple-android-controller-v1

Ahh! Well, for the most part it uses the same commands that the core infusions use to control the pineapple, but then displays any content that the android app needs or wants in the json format so the app can parse it all and display it to the user.

Ok man, will do. Thanks! It uses an infusion that I made. Well as of right now, the app won't be a replacement for any ssh/scp clients. However, I do plan on adding a ssh/scp client into the app later down the road. And even thought you you can't ssh with the app, you can still execute commands very easily.

But then how am I suppose to keep my NSA listening techniques from you?!? Hahah. I hadn't really considered sharing the source, but if you want then yeah sure, why not!

How recently did you watch the video? What were some of the things that they were talking about in the episode?

Well..... I can neither confirm nor deny....

You should be able to connect to your phone's hotspot just like connecting to any regular access point. There is another post here https://forums.hak5.org/index.php?/topic/27142-mk4-usb-wifi-dongle-internet-sharing-how-to/ that explains extremely well how to accomplish what you want. Good luck!

Awesome! I will be sure to let you know when it is ready. It is pretty close though. It should only take another day or two I hope! It doesn't require root :)

Hey everybody! I thought I would share the little project of mine. I have been working on an android app that lets you control your pineapple! It's not really that fancy yet, but it certainly gets the job done. It makes managing the core of the pineapple from an android phone or tablet so much easier and a whole lot less clunky than using a web browser. It comes in two pieces: the android app and a pineapple infusion. The infusion is what the app uses to talk to the pineapple. I wanted to find out what some people thought about my little project, so I've added the links for some screenshots of the app. http://nickfrosty.me/app_screenshots/Screenshot_2013-08-25-17-26-48.png http://nickfrosty.me/app_screenshots/Screenshot_2013-08-25-17-27-27.png http://nickfrosty.me/app_screenshots/Screenshot_2013-08-25-17-27-14.png http://nickfrosty.me/app_screenshots/Screenshot_2013-08-25-17-28-53.png http://nickfrosty.me/app_screenshots/Screenshot_2013-08-25-17-28-12.png http://nickfrosty.me/app_screenshots/Screenshot_2013-08-25-17-28-39.png It still has some bugs to be worked out, but if anyone is interested in getting it then I am more than happy to share when it's ready!

So I was having some fun messing with CURL in my terminal and a custom PHP file on my local server. At first I was getting the expected output of the the host, client ip, the referrer, the user agent, and some other stuff. But then I decided to test out some Tor stuff, so I uploaded this PHP script to my website and then set the socks5 option of CURL to use Tor. That all worked fine. But when I set the host header using CURL, it freaked out. My terminal spit back some odd html code which included an iframe to "searchdiscovered.com". I was wandering why this happened. Viewing the page on my site worked fine and gave the expected output, even when running Tor. I can also set the Host header to whatever while on my local server just. This is what terminal spit out to me: <head> <style type="text/css"> * { margin: 0; padding: 0; } html { height:100%; } body { text-align: left; width: 100%; height: 100%; font-size: 62.5%; font-family: Helvetica, arial, sans-serif; color: #000; background: #fff; margin: 0; border: 0; padding: 0; } </style> </head> <body> <iframe src="http://searchdiscovered.com/?pid=5POJ5651L&dn=derp" width="100%" height="100%" frameborder="0"></iframe> </body> I had used this command (with the address redacted) # curl -H "Host: derp" http://site.com/test.php Any ideas why this is happening? PS: I can provide the php script if requested, but it is all simple PHP to display some $_SERVER values.

I'm a PHP coder. I have made many websites, and even make PHP / Web Dev tutorials on my YouTube channel. My main website is http://www.nickfrosty.com - My main personal website. I am actually remaking this entire site. I hope it will be done by the end of the weekend. Another I own is http://www.subblaster.com - It helps people get YouTube subscribers And another is http://www.shrtr.me - It's a URL shortener using JavaScript, jQuery library, and PHP for the back end server interactions I have quite a few others that I am working on but are far from production quality. Let me know what you think :)

Hey everybody. First time poster long time viewer and follower of Hak5. But I just had a question for everybody. I was wandering if it is at all possible to somehow read rainbow table files (the *.rt ones) as if they were some sort of text file. And I don't mean with a rainbow cracking program like Rainbow Crack. For instance, say opening the .rt file and the editor would show the plain text value and the encrypted hash. I have done some extensive Google searches on this but to no avail. I have tried some text editors and some other types of editors. Any suggestions?