Jump to content

hfam

Active Members
  • Posts

    393
  • Joined

  • Last visited

  • Days Won

    4

Posts posted by hfam

  1. Hey everyone,

    Let me clear a few things up:

    1. SSLStrip: I know many of you are having issues. The easiest way to resolve them is build the fixes (uninstalling some python libraries, creating symlinks, installing sslstrip, etc) right into the SSLStrip infusion, at least right now. What I'll be doing this week, is adding a postinstall script to the SSLStrip package. That means it will run all of these fixes for you upon install. However, this is NOT a bug in the firmware. It is a bug in SSLStrip, at least with newer libraries. However, as we haven't changed SSLStrip or anything to do with it in 1.0.1, I'm not sure what is going wrong.
    2. Randomroll: The reason randomroll is broken is because of our recent security fixes. The fixes and the result were intentional though. What happens is that ANY file that is not in the /www/ folder has a file prepended and appended. Those check if you are logged in or not and potentially do a few different things in the future. The issue here is that Foxtrot is using symlinks, like he should, as the files are too large. So, the issue is that the files aren't actually in /www/ but rather in a subfolder of /sd/. So, the script we wrote will automatically protect any .php files there.

      So, how can we fix it? I'm sure Foxtrot will be pushing this as an update later, but for now, install randomroll as you normally would. Before setting it set up, SSH in and edit the following file: /sd/infusions/randomroll/assets/files/index.php. Go to the VERY end of the file and add <?php exit(); ?> to it. This needs to be the last entry in the file. Once you have completed that step, proceed setting up randomroll (especially the enable index.php). If you have already set up randomroll, first disable index.php and then do the above changes. Then re-enable it.

    Karma has in no way changed. It was just brought up in the context of the broken randomroll. I just wanted to clarify this as people might otherwise be deterred from upgrading.

    So, if overall the only complain is randomroll, I think it was a successful upgrade.

    Best Regards,

    Sebkinne

    I had a feeling that it was something along these lines. For my part, I carefully and intentionally worded my post so I never indicated a "bug", but that something was introduced, and perhaps expected behavior. This was an upgrade after all with improvements at the security level, and I had a suspicion this was the side effect of an improvement pushed in the new update and not unexpected.

    I'm glad to know what the issue is, fix it up, and get on with it, thanks again for taking such good care of us seb! We love you brother! :)

  2. i am getting the same behavior as hfam.is this possibly an infusion compatibility issue with the new version? trying to figure out were to start looking.

    Could be, but consider this: Target #2 is prompting me to actually log into the network when choosing the Karma SSID, using the same pineapple login page, with root already populated. This is before attempting to open a browser and actually get a redirected request.

    Even though both ask for auth when opening a site, it seems it's the network asking for authentication, not a faulty redirect because once you log in, the request is redirected and you get the payload.

    Also, confirmed there are no rogue chars in the spoofhost file.

    It'll be interesting to find out what's going on though. Can't do anymore fussing with it til tomorrow though.

    eta: clarity

  3. Thanks for all your hard work seb!

    Upgrade went fine, but unfortunately it looks like something else was introduced?

    On Android devices (the same ones that worked yesterday flawlessly with the MKV), in order to access the network, i have to actually log into the pineapple before the payload shows up?

    Target #1, HTC DNA: Before 1.0.1, Karma and RR worked flawlessly. Now, I can connect to Karma SSID the same way (select it and it connects), but when opening a browser, any page presents me with the Pineapple Login, root is already in the username dialog box. if I login, I then get the RandomRoll payload.

    Target #2 Kindle HD: Before 1.0.1, Karma and RR worked flawlessly. Now, when I connect to Karma SSID, after the "open network" warning, I get another warning indicating I must log into the network before use. I choose OK, and I am presented with the Pineapple Login Page, root is already in the username dialog box. I choose to cancel, shows me as connected to the Karma SSID, and then I open Firefox. Any attempted page presents me with the Pineapple Login, root is already in the dialog box. If I login, I then get the RandomRoll payload.

    What changed that would cause this? If it's expected behavior, the target rich environment just became target barren. :(

    Any help would be greatly appreciated, thanks!

    eta: clarity

  4. Hah! You guys suck! I've spent the last thirty minutes trying to find out where you guys were seeing this stuff on:

    http://www.fleabay.net/

    Turns out, Fleabay is a real site - but only has about 36 items total on it. I'm a huge ebay user, but here I was thinking maybe this is some underground electronics marketplace you guys had found... :lol:

    LOLOCOPTERS!!!! I was having a completely shitty day up to now, THAT was what I needed!! Thanks for the huge laugh brother!! :lol: :lol: :lol:

  5. We also put a little something extra in all the bags as a thanks for your patience. You should have received an email from us about the two challenge coin and sticker packs. The packing party & like stream was fun, if not a little exhausting. By Friday every single backorder and every order from the week had gone out. We're all caught up! Check your tracking and enjoy :-)

    WOW!!! The travel kit arrived today and the extra goodies are awesome, thanks Darren and the entire Hak5 crew!!! LOVE the coins and stickers!! Some lucky bastard is gonna get an AWESOME geocache coin on their next outing, gotta share! :) The NSA stickers are high style!!

    The travel case looks to be of excellent quality and even better than I'd imagined! Charging the battery right now.

    Thanks again to the Hak5 crew for taking such good care of us!!

  6. Is that something attributed to differences between the new battery packs and Anker batteries? My anker 10000mah gets eaten alive on the 12v output setting. I'm talking full charge to down an entire bar easily within 30 minutes or so.

    You got a bad Anker.

    I ran the MKIV with my Anker 10000mAh on 12v and it would run for 12 hours, easy. I never ran it down to the bottom, but it would run seemingly endlessly.

    I'd return that Anker and get a new one.

  7. Can it pull the tweets, Facebook, emails, web surffing , from smart phones and laptops in the area with a flip of a switch?

    I am working with someone and wants to break some false perceptions that the general public has.

    Like people thank that the only why that spying can work is if there is a warrant like without it there is Noway to get this info like the warrant has magical powers.

    We want to pull everyone's tweets, emails, Facebook posts, show web pages they are looking at, and anything else we can, for anyone connected to the pineapple. (Will have to mask passwords maybe names). And display it onto a big screen. We want to demonstrate a little of what the ns@ is doing.

    Near real-time.

    Thanks,

    I'm not sure how a MKV is going to "mimic" what the NSA does with regard to personal privacy, or how you position a demonstration based on those parameters to relate in any way to what the NSA is doing.

    A couple of salient points:

    - I would have to hunt far and wide to find anyone who still actually believes that a warrant is a crucial requirement for data spying and acquisition, your mileage may vary.

    - The "warrant" is a legal issue and has nothing to do with technical capabilities. The definition of "spying" belies any sort of notion that a "warrant" is required.

    - The NSA is able to achieve their warrantless spying because they not only have the ability to capture packets on the internet backbones, but the other crucial issue is that they have padded the bank accounts of private sector tech giants millions and millions of OUR taxpayer dollars, in secret, so they will provide the ability to violate your privacy through back doors, and unmitigated access to decrypted data. Microsoft, Apple, Skype, YouTube, Box, Twitter, Google...you name it, the NSA has paid them off with OUR money, in secret...and these companies took the money, in secret...and let them in the back door, giving the NSA complete, unmitigated access to the data AND the identifying data, in secret...so they can save it all and pin whatever the witch hunt du jour is at the FedGov on you, your friends, neighbors, and loved ones at their leisure. Every one of these corporations happily obliged the NSA in their quest to violate your 4th amendment rights.

    I suppose at an almost unrelated level you can attempt to show...something...regarding the issue of eavesdropping on what most assume is a private data stream, but I assure you that PRISM doesn't incorporate SSLStrip, pineapples, or warrants, to achieve their goal of making sure they can prove everyone is a criminal. It would be very hard to equate the two aside from the base issue of obtaining data in secret.

    Good luck on your presentation though :)

  8. Weird. At the moment I have everything forwarding to bing, cause I'm evil like that and it's still not working. Checked the file with nano and it's good, no ^M's anywhere. Even reset to stock again, just to be sure, still no joy. Seb's flying home, so I'm sure he'll check up on it once he gets back to normal.

    That *is* evil! ;)

    Sounds like something is flaky anyhow. I didn't use any wild cards in my entries and at least the redirect happened, so maybe there's a clue there, but yeah, looking forward to seb solving the mystery for sure. :)

  9. I did as I indicated above, cleaned up the file and entered 2 test domains using VI, made sure there were only the 2 lines containing the domains, restarted DNSspoof, and I get the redirect.php as advertised for those 2 domains.

    I haven't dug into it any further to see if there are further bugs, but DNSspoof went from not answering the call, to answering based on the above actions.

    The issue appears to be the GUI editor, not DNSspoof, but again, I stopped there because I had other shit to get done. :)

    Looking forward to seeing what seb & Darren have to say.

  10. Hey dude, can you post up the origional index.php? I thought I made a backup, but didn't.

    <?php
    
    //ini_set('display_errors',1);
    
    if(file_exists('/pineapple/includes/welcome/')){include('/pineapple/includes/welcome/welcome.php'); exit(0);}
    
    include_once('/pineapple/includes/api/auth.php');
    if(isset($_GET['noJS'])){echo "You need to have JavaScript enabled to use this UI.";die();}
    ?>
    <html>
    
    <head>
    	<title>WiFi Pineapple - Management</title>
            <meta http-equiv="cache-control" content="max-age=0" />
            <meta http-equiv="cache-control" content="no-cache" />
            <meta http-equiv="expires" content="0" />
            <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
            <meta http-equiv="pragma" content="no-cache" />
    	<link rel="stylesheet" type="text/css" href="includes/css/styles.php" />
    	<script src="includes/js/jquery.min.js"></script>
    	<script src="includes/js/functions.js" type="text/javascript" ></script>
    	<noscript><meta http-equiv="refresh" content="0;url=index.php?noJS" /></noscript>
    </head>
    
    <body onload="init()">
    	<div class="statusBar"><div class="statusBar_content"></div><div class="logout"><a href="/?logout"><img src="/includes/img/exit.png"></a></div></div>
      <div class='popup'>
        <a id='close' href='JAVASCRIPT: close_popup()'>[X]</a>
        <div class='popup_content'></div>
      </div>
    	<div class="tiles"><div class="tiles_wrapper"><div class="tile_expanded"></div></div></div>
    </body>
    
    
    
    </html>
    
    <?php
    
    if(!function_exists("check_login")){
      function check_login(){
        if (session_status() == PHP_SESSION_NONE) {
          session_start();
        }
        if(!isset($_SESSION['logged_in'])){
          include('/pineapple/includes/api/login.php');
          exit();
        }
      }
    }
    
    ?>
    
    

    that what youre looking for?

×
×
  • Create New...