loozr
-
Posts
134 -
Joined
-
Last visited
-
Days Won
3
Posts posted by loozr
-
-
hehe, I wish I could write in code like you! ;)
Updated from your github, and I have to say that the new layout is great! And I love the alternative arguments! Really great work!
If only the reaver was actually working... Still no phun. I have no idea what might be the cause. I should maybe reflash the pineapple, but I think I'll wait until someone else either confirms or denies the problems I'm having..
Cheers!
-
It's kind of weird, because that test worked flawlessly.. logread printed
Sep 25 18:00:44 Pineapple user.notice root: test php is ok
[/CODE]Ok, I won't bug you anymore when you are working on something good! ;)
-
Yes, I have tried jerking around with the command in your module, but can't figure it out. :P
Anyways running the following where 00:00.. is replaced with my network
reaver -i mon0 -b 00:00:00:00:00:00 -a -vv >> /pineapple/logs/reaver00:00:00:00:00:00.log | at now &
[/CODE]Does not write anything to screen, (as expected) but creates a logfile in /pineapple/logs/reaver00:.....log and that logfile states
[CODE]
[+] Waiting for beacon from 00:00:00:00:00:00
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 9
[+] Switching mon0 to channel 10
[+] Switching mon0 to channel 11
[+] Switching mon0 to channel 12
[+] Switching mon0 to channel 13
[+] Switching mon0 to channel 14
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[/CODE]So reaver is running when started manually via ssh, but not from the module.. :(
-
Well, I just have to say that what I have discovered might just be in my setup, but I'm kind of doubting that your module actually kick my reaver in action at all. This may be a followup error because of my hack in reaver_vars.php for all that I know.
Looking through your module files I actually found those logfiles, but the thing is that they are empty. So I did test the reaver module manually and it's working as it should. But your module is unable to start reaver, or so it seems.
What happens when I start the attack from your module is that it flashes quickly in the output that the attack is started, and then goes blank. And nothing ends up in the mentioned logfiles. Also ps does not show anything called reaver.
I've tested in Chrome and Firefox. And the pineapple is 2.6.4, reaver 1.4 installed on usb.
It would be nice to hear from others, if this problem is only for me or not..
And yeah, loozr indeed! ;) Cheers!
-
I' maybe a bit stupid here now, but Reaver module is not reporting reaver as installed. Even though I can run both reaver and wash from commandline. I tried to remove the reaver module, and install it again, but still don't detect reaver. Not even after a reboot.
Do I have to have an external usb wlan interface plugged in for this to work? Or have I missed something else?
The output from reaver module
reaver is not installed... <input type="button" onclick="install_reaver()" value="install reaver" />
[/CODE]That put aside I really like the looks of your module, and especially that loading animation ;)
EDIT
Just as a hack I made Reaver module report reaver as installed by changing the following line
[CODE]
$is_reaver_installed = exec("which reaver") != "" ? 1 : 0;
[/CODE]into
[CODE]
$is_reaver_installed = exec("which reaver") != "*" ? 1 : 0;
[/CODE]In reaver_vars.php
EDIT 2
The AP scan is working flawlessly, and its great that it's enough to click your chosen network and all details is filled in automatically.
But how is the output from reaver supposed to be? Is it refreshed every second or something like that? Or is it only showing output every 5 min or something? The thing is that I can briefly see an mac address, and after that the output section is completely white.
-
Just a question, what is the command to install reaver to USB?
A suggestion would be if you could add a link to install reaver to usb, or if you could write a little text in the module, describing the install to usb. Just because I'm lazy ;)
-
Great work Hackrylix! :D
Going to test it a little bit tonight!
-
As long as the pictures ain't too hardcore, I'd say it's great! :D Both of the ideas!
I think it's funnier with only the plain site with explicit sounds, then the user might not understand where it's coming from, and they might geek around a bit before they understand and close the browser.
-
Thanks for the command Peter. But I have discovered that the phyX is not static, I guess that this is rooted before the iw setup and brings up the devices..
Think I have babbled a lot here.. Guess I just have to boot pineapple, and then insert the usb interface. Until there might be an update that is. :)
-
Thanks for the feedback. After adjusting the id value everything worked as normal. Using your method I was able to do both gmail as well as doing a proof of concept for paypal.
The idea is, any site that uses HSTS (a small list found here: http://dev.chromium.org/sts) won't work against sslstrip. So if you're running sslstrip you might as well redirect those sites to a phishing clone.
I am not sure whats hard coded, and I haven't tried any of these sites beyone http://pineappleip/site.html
So no idea if they would work in the real world yet.
Aha, thanks for pointing that out! I had no idea there was such a thing.. Only noticed some sites not loading through sslstrip.
-
I am attempting to do gmail and I am running into some problems...
I followed your guide exactly, changing action which now looks like this:
<form novalidate="" id="gaia_loginform" action="error.php">
[/CODE]I then went and found the input type for username/password. Which looked like this:
[CODE]
<div class="email-div">
<label for="Email"><strong class="email-label">Username</strong></label>
<input type="email" spellcheck="false" name="Email" id="Email" value="">
</div>
<div class="passwd-div">
<label for="Passwd"><strong class="passwd-label">Password</strong></label>
<input type="password" name="Passwd" id="Passwd">
</div>
[/CODE]and updated it to this:
[CODE]
<div class="email-div">
<label for="Email"><strong class="email-label">Username</strong></label>
<input type="text" spellcheck="false" name="name" id="name" value="">
</div>
<div class="passwd-div">
<label for="Passwd"><strong class="passwd-label">Password</strong></label>
<input type="password" name="pass" id="pass">
</div>[/CODE]I'm assuming its some of the java script that is occuring later, but I am not sure how to work around it. Can someone take a crack at this and let me know what I'm missing here? Here is a copy of the entire gmail.html file. http://pastebin.com/ThRMP10g
Thanks guys!
I took a look at the gmail, and made it work. Only difference is that I used the Norwegian version of https://accounts.goo...erviceLoginAuth Its not the same as gmail, but it's pretty similar, and I think it might be the same way to do it.
Anywho, it seems you did quite right, but you shouldn't change the "id=" value. Only change the "name=" value. Otherwise I did the same as you.
EDIT
Just remember, it seems that both Chrome and Firefox is "hardcoded" with the address to gmail, so DNS spoof seems to not work.
-
The thing is that every site is different, and may work in different ways, so there is not one way to do all sites. I'm not sure how to get gmail to work, but if you find out, it would be nice if you could post here what you did, in case others are wondering about the same.
I guess the best guide to learn to phish, is to learn coding. I guess html, php and javascript would cover most sites.. Sorry I don't have a better answer for you.
-
Although I have not spoken with Whistlemaster about it, I'm afraid this solution won't be part of his module, simply because I'm not sure the writer of logex would agree to this. That said I would be glad if Whistlemaster would integrate something similar into his module! :) Maybe something that's not as hacky ;)
Regarding your problems with sslstrip I can't seem to replicate your difficulties with "/" at the end of URL's... Someone else would have too look at the google toolbar though, since I'm not sure whats going on there..
-
Ok, for some time I have been wondering if it would be possible to clean up the sslstrip logfile a bit to make it easier to read. I first tried some simple grep commands to just get the lines I wanted, and it made it easier to read the logs. However I was not satisfied and searched the net for better solutions. I found a project called logex. This is a python script made by.. I'm not sure who he is, but at least I have linked to his project page :)
This script is actually quite great, it strips only what I'm interested in and creates a html page to view the interesting parts.(although I would like it to print the md5 from sites using that for login)
With that log parser script working I was on my road to hapiness, but thought that it could still be a bit easier, and started to look into the php, and javascript of the sslstrip module. I'm not fully satisfied with my solution, but it's ok for now. Thought I might share if anyone else is interested. And remember, none of what I'm presenting here is mine, I simply put together bits and pieces from things already made by others. Credits goes to the writer of logex, and Whistlemaster for sslstrip module.
Another thing to mention is that I have no clue what I'm doing, I just made it work, so this might not work in your setup. YMMV B)
That said, it would be great if you could share what solutions you are using, or if you have any input regarding the logfiles.
How a logfile usually looks like
Edited History page
Cleaned logfile
To do this yourself.
sslstrip installed on usb.
edited sslstrip.js in pastebin
edited sslstrip_actions.php in pastebin
edited sslstrip_data.php in pastebin
Copy/create/edit "log_ex.py" , "sslstrip_actions.php" and "sslstrip_data.php" to "/usb/modules/sslstrip/". The "sslstrip.js" should be created/copied/edited to "/usb/modules/sslstrip/js/".
Finally you create a folder named html, i.e. "/usb/modules/sslstrip/html/"
When you are done you will have to have a logfile you would like to clean(doh), then press Clean, and afterwards View. The .html files is placed inside the html folder(kinda obvious;)
-
May not be related to your problem, but what USB hub are you using? And is it powered or not?
Do you have the same problems with other firmwares?
-
The power supply seems to be 6v 2A, but don't you think it would run on 5v? Maybe just not that much amplification?
Would be sweet if someone tested it and reported here what they found :)
Anyways, I'm quite happy with the range after I replaced the pigtail, and honestly I don't think a little extra range is worth 54usd. Then I would rather buy a directional Yagi or something.
-
I posted on here the iw commands to creat a wlan* from phy1 aka wlan1
as far as wlan17 check /etc/config/wireless
I bet there are a few new radios in there;-)
Thanks for your reply peter! And great that you posted the commands somewhere, but I can't seem to find them? I might be a bit tired.. l8
Hehe, I'm sure you're right about the /etc/config/wireless. Will check it when I get back home.
-
Nice guide! B)
But could you please explain to me why I should do this? Why would I need a LAMP server when the pineapples builtin alternative doe's the work for me?
-
Yes the layout look good!
Looking forward to the weekend(no pressure ;))
However, will it be possible to add commandline switches? Like if one would like to run --dh-small for instance? This might not be needed though, just a question
And this will work on 2.6.4+ only?
EDIT
I can see that this will be added later.
-
I have been screwing around a little bit and think that as a temporary hack one might use some iw comands to first delete the logical names of the devices. But unfortunately my knowledge stops there..
If I issue iw <dev> info I can see that ifindex and wiphy don't "match".
root@Pineapple:~# iw wlan0 info
Interface wlan0
ifindex 13
type managed
wiphy 2
root@Pineapple:~# iw wlan1 info
Interface wlan1
ifindex 12
type AP
wiphy 3
[/CODE]I have some understanding of how I can delete the devices via iw, but how do I bring them up again?
EDIT
Another weird thing I just discovered is that for some reason it seems that ifindex is counting upwards. wlan0 ifindex is now 17, and for wlan1 it's 16.(flash 2.6.3)
-
It's the following you are going to change.
<td><input class="inputtext" name="email" id="email" tabindex="1" type="text"></td><td><input class="inputtext" name="pass" id="pass" tabindex="2" type="password"></td>
[/CODE]The first part is username, and the second part is password(which you can leave as is)
Result like this
[CODE]
<td><input class="inputtext" name="name" id="email" tabindex="1" type="text"></td><td><input class="inputtext" name="pass" id="pass" tabindex="2" type="password"></td>
[/CODE]This should do the trick. And I would suggest that you should learn to read some code, and understand what is happening behind the scripts and in webpages. Just get a basic understanding. I have absolutely no education regarding coding, but I use my common sense and logic to try figure out what is happening. This is in my opinion what is most interesting with this. Hacking the script/pages to work like you want it to.
EDIT
Just have to say, this might be a little bit different in the different language verions of the facebookpage. I have only edited the Norwegian page. YMMV
-
So can i do either/or ? like can i just edit my error.php to say
$nam = stripslashes($_POST['email']);
I will play with that then.
Thanks for the reply btw.
Well, sure, I guess you can do that, but if you are going to use several phishingpages this should be consistent. For example if you are going to make twitter page, then you will have to edit that to equal the value you want the script to collect. Bad explanation but I'm hoping you get the point.
-
Although this would be a cool feature, I'm afraid that this would be way too resource heavy for the pineapple. Especially in larger networks.. Then again, this is only my guess ;)
-
Off topic and I guess I really shouldn't say anything since Seb didn't but I think it's enough to ask a question once, in one thread.. If you haven't been answered in a couple of days then you might bump your question, but please don't nag.
Sorry for my butt in :P
Reaver
in Mark IV Infusions
Posted
And now it works! :D
I ran opkg remove reaver, and your module still reported reaver as installed. Then I edited the isInstalled check, i.e. removed * and your module reported reaver as not installed, and gave me options to install it, and I chose on USB.
And when I'm running reaver now, it works! I'm not sure what the cause might be, but installing reaver from your module seems to made the trick in my case!
Thanks for your superb work! B)
Cheers!