Xcellerator

Really appreciate the honesty and quick response! Is the wireless solution that'll come in the form of an expansion bus still an option you're heading towards?

Well, I'm from the UK and they don't report anything remotely hacking related here unless it's got something to do with celebrities (like the phone hacking scandal we had). The things that some people were using blackshades for were awful, but I think they're gonna have a hard time proving that it was used by a lot of people to do what they think they did. You're right about the authors though, the trial is only the beginning of their problems once they're convicted..

Yeah, that's right. Blackshades was/is typically distributed via bent download links. It's more for building your own botnet rather than targeting specific individuals. The raids are BS though. Owning software isn't a crime, using it for illegitimate purposes is. More than half of those who were arrested were charged with owning firearms and drugs. The ones who only had the blackshades on their system are having the charges dropped. It's just one big BS excuse to try and catch people that they can't get otherwise, either due to incompetence or laziness.. That post didn't like how I thought it would!! </rant>

Can't you set up the OpenWRT Compiler under a Linux system? I really wouldn't recommend trying to compile on the pineapple itself. http://wiki.openwrt.org/doc/devel/crosscompile

Actively discouraging people from buying a Pineapple and suggesting that a heads up be on the store website are two different things. Telling people not to buy a pineapple is pointless and (IMHO) is trolling. Telling people that there is a currently ongoing issue with the pineapple but a fix is set to be implemented is just allowing people to make informed choices.

Although playing music through the pineapple does seem like a odd (even silly) idea, it opens the door to recieving all kinds of signals via the pineapple. The medical and dentistry stuff that overwraith mentioned are good examples. Even signals that aren't in the clear, there are huge numbers of different signal modulating techniques are public available, as anyone who's played with POCSAG knows. I'm looking forward to see where the SDR route on the pineapple goes!

You do realise that anyone can make an infusion? For the most part they are PHP wrappers for executables. Yes, the pineapple is first a foremost a penetration testing and network audit tool, but why not through in support for radio? I guarantee that someone out there has a use for distributed radios. The pineapple is just a tool, and a an expansive tool at that, so I don't get how you can criticise the developers and anyone else involved in the the project for making it as useful as possible to as many people as possible.

As far as I'm aware (feel free to correct me anyone), MAC addresses are entirely separate to network host names because they are a part of different levels of the OSI model. I don't THINK there is anyway of obtaining a host name of a client unless you are on their network. Then you can use a DHCP lookup to see what internal IP address the access point has assigned a particular host name. OR, if you can physically see your friends laptop, you could lookup the first three octets of each MAC address you see (the first three octets are unique to each vendor). You may get lucky as sometimes you can work out which device is what by checking which manufacturers use which vendor. But this is really a last ditch effort if you can't get it any other way. I'd try the first method first, and even then,not here are probably a whole host of better methods than this last one that I just can't think of right now.. :/ Hope that helps!

You say that there's no reason in hell why the management interface should be open to the internet, but a quick search on Shodan shows otherwise! :/ I never understood why all ISPs don't automatically turn it off. The problem is that easily 80-90% of users don't even know that the management page exists! All of the routers I've ever owned (BTHomeHub up to version 3, then Asus RT-N66U currently) have ALL had the management interface open on port 80 to the wide web. BT's routers are crap, so I wasn't really surprised, but Asus are (a bit) more respected! The worst bit was that BT didn't even let you turn it off! You had to forward port 80 to another device on the network to fix it!

You'd think that'd be the case, wouldn't you? It seems common sense.. Well, here in the UK, BT run such a service. The idea is you sign up to "BT openzone" and it broadcasts a second open SSID from your router. If someone tries to connect to it, they are sent to a captive portal where you have to login with your BT account to get any internet access. It's pretty decently setup actually, you can't even DNS tunnel out of it. The whole second subnet is firewalled in such a way that you can't get anywhere near the management service, at least in the way that BT have it setup. Be interesting to here about how other providers go about it.

Because routers are (by necessity) internet facing devices, the external IP address is (usually) pingable. Most of the time, the router will accept HTTP requests over port 80 from any connection. This means that if you know the IP address of the router (usually static for a business or anything corporate and dynamic for a home connection, but there are always exceptions), you can browse to the routers management page. From there something like Hydra might be able to help you crack the login or maybe the default login still works, which happens a lot of the time.

Hmm, looks fairly similar to what I've tried in the past. Do you not encounter any clients just dropping off completely? Perhaps I didn't test it throroughyl enough, I apologise if it can indeed be done!

As far as I am aware, this is incredibly difficult if not impossible to do. If the ESSID and MAC of the pineapple match that of the AP (including the encryption, of course), then the two access points will both "compete" for the AP and will result in the client not connecting at all. It's a security feature of WPA and WEP that isn't in open networks - which is why Karma only works with open APs. If you know the password, just connect to it in client mode and use arpspoof to route all the other client connections through you.

I've done this a couple of times when the only open APs I could see all required a paid login.

There's a few problems, seeing as this script won't actually work. You should open CMD, use copy con to write out a file and name it properly (in the above, the file would actually be saved as forkbomb.bat.txt), then run the batch file through the command line. UPDATE: code fixed.

I like it! You could make it more generic by changing the save location to C:\Users\%username%\Desktop... Etc %username% will automatically equate to the username of the logged in user!

By default, powershell is present on all windows 7 and windows 8 systems. AFAIK, you don't need to be admin, or elevated, but obviously certain actions that would require elevation won't run in powershell without it.

The larger black object in the image is a USB type B to mini USB adapter for using the Ducky with the several different phones that accept keyboard input via USB. To modify the contents of the micro SD card, use the microSD card adapter included in the Deluxe package, it's the small usb device that has it's own small case. Just insert the card into it and plug it into your laptop - it'll appear as regular usb device and you can just copy the files over.

Afraid not, the ducky is NOT a flash drive. You could write scripts for one of the Teensy boards that would achieve the same effect, but the ducky is superior.

As far as I'm aware, you cannot do this - otherwise Karma would work with protected APs as well. A better solution would be connect the Mark V to HOME_WIFI and use arpspoof to spoof the ARP requests to the router to the pineapple. This is the old way of performing MITM attacks.

The difference is that utilman.exe runs as SYSTEM, not local admin. That means it has higher privileges than the standard local administrator account.

If you follow the Hakshop website through the checkout, there is an option to calculate the shipping to your address before actual payment. The shipping cost of the ducky has come down massively due to its small package size. If I remember correctly, shipping to West Europe sits at around $8-$10 (around 5 to 8 euros).

Alright let's start with a few questions: 1) Did your pineapples SSIS appear on your phone when you scanned for networks? 2) Does your phone have any open wireless networks saves in it? 3) What phone do you have? As far as client mode goes, 1) When you say settings don't save (wlan0), what exactly do you mean? Wlan0 is the device you connect to and the one karma runs on. Wlan1 is used for client mode, deauth attacks, wps cracking, etc.

Sounds pretty fair, tbh. It make sense when you look at it from Sebs point of view - he needs to get the most unbiased reports from each person that agrees to test the beta in order to release the most stable and correctly functioning final build.

The idea is that there are usually a lot of things that don't make it to the actual release. We advise people to search through the forums to find solutions to known problems, and it *could* cause a lot of confusion with people turning up asking about why fixes to problems that aren't there aren't helping them. Tbh, I can't see why discussing it in the [bETA] thread itself is a bad idea, but I can certainly see why free reign over discussing it all over the forum would be a very bad idea indeed. Am I making sense? I think I explained that right.