korang
-
Posts
117 -
Joined
-
Last visited
-
Days Won
4
Everything posted by korang
-
As a pentester myself for a financial organization. We have used the pineapple to prove how susceptible our own internal devices were to a simple MITM attack. This helped us to get changes made at the desktop level in order to help prevent this. It also showed out network engineers we could set up "rouge" access points in the environment. We know have measures in place to detect these "rogue" access points and send de-auths against them when detected. It can also come in handy to see what devices are calling out to so you can replicate this SSID and perform MITM type attacks.
-
Do we have a general time frame we can start using modules? TIA..
-
Darren Kitchen acclaimed author of TFM.....
-
All I hate to say is I hate the tease..... Just take my money already..
-
Pineapple Juice 1800mAh (Holiday Bundel) Not Charging
korang replied to eXsoR65's topic in WiFi Pineapple Mark V
Just as xrad stated charge with power on and it takes several hours. This has been discussed in other posts. Other the instructions that came with the battery also cover this. -
Skyjack module? Deauth & Hijack Ar.Drones
korang replied to Darren Kitchen's topic in WiFi Pineapple Mark V
I saw this and have an AR.Drone. I want to try this out. -
With the travel kit battery. There is a button on the bottom right. Press that. The led bar tells you the charge level.
-
FBI / Police confiscating the pineapple - Lawyer up and shut your mouth
korang replied to nmap's topic in Everything Else
OK I want to chime in. Yes, the Starbuck's situation is a horrible example. My team have had this argument about MITM in my workplace on legitimate pentests. I personally would prefer the encryption so that if I do collect any sensitive information, ie account logins, I am covered so that no one else can access until I can redact the data properly. We have had many meetings around this and have discussed using encryption to help protect the collected information from being read by anyone not part of the pentest team. I also have stated I would feel better knowing it is encrypted. You accidentally exposing the CEO's password can be a resume generating move. So could you possible run the SD card encrypted and log to it to make sure any legitimate information you collect is protected. Also, we worry n this point because we are in finance and PCI is always hanging over our heads. To add to this. We as a team, have avoided using MITM at this point because we are still trying out how to make sure the information we collect is kept secure. -
Yes. I installed it internal and when I tried to remove and re-install it went back to internal. I noticed if you do verbose they get big quick. And I have this space over on the SD card I would prefer to use. SO if I used a SYMLink then as it writes it would actually be writing to the SD card verses internal.
-
Would the best way to get the logging for this infusion onto the SD card to use a Symbolic link to the logs directory?
-
As a follow up. If I set WLAN0 to LAN verses WAN then it will light up and I can use it for Karma. I am using the infusion , Network Manager to configure all of this.
-
Which interface is supposed to be used for client mode? The AR9331 (blue Light WLAN0/Radio0) or the RTL8187 (Red Light WLAN1/RADIO1)?? I am getting weird issue when I configure WLAN1 to connect to my AP with network manager. WLAN0 will not light up. With an IFCONFIG it appear to be up but the led is not lit and I cannot see it on my phone when I enable Karma. Anyone else seen this?
-
OK resolved it via Network Manager. But remember folks. Once you configure the interface, you have to commit it!!
-
How would I go about connecting to a hidden SSID for client mode?
-
Just received mine today. WOOHOO. https://plus.google.com/photos/110844261189132597962/albums/5942485853486430417?authkey=COOE1qnK-afsAw
-
Not blaming them. But you would think they would have picked it up by now. Plus they may want to change the verbiage of that email. To say your order is ready for pick up by shipper. Here is your tracking number to see when order is picked up and in transit. Or something like that.
-
ARGHHHHH Shipped on OCT 22. Had hoped it would show up today. Still no. and , of course , no updates for the tracking number on the USPS site.. arghhhhhh. Is mail service still running on Saturdays?
-
Well hopefully I get a nice surprise before the weekend. Then I have a new toy to play with on my trip to Chicago....
-
Ordered mine on the 18th. Shipped on the 22nd once they got back from ToorCon. But USPS must not update too often because I have no clue where it is in the shipping process..UGHHHHHH. Maybe when it hits the next hub.
-
I was hoping for an easier way...
-
Is there a way to download a module in order to help me in the creation of mine??
-
So I have started similar work to this. I am reversing code from SET to allow you to input a page you wish to clone, then set up up and use DNS Spoof to lead them to your cloned page, then you can harvest credential. My plan for future versions is to maybe add the java applet attack. That will require you run a host with backtrack to capture the reverse shell. I hope for initial version to create a module to clone a requested site and then set up the dns spoof stuff. Wish me luck...
-
I have to say I had a little fun with this module tonight. It was interesting seeing people tryign to figure out why they cannot get to the page they are tryign to hit. FInally when someoen went up to the counter and asked what the wifi was here, I decided to turn it off. But it was fun while it lasted....
-
I thought that if you probed for SSID "myhomerouter", Karma would answer, non-dependent of security settings.
-
Really cool, but I do agree this will not amuse the TSA folks. Even in a checked bag, I bet your undies get fondled....
