mreidiv
-
Posts
412 -
Joined
-
Last visited
-
Days Won
4
Posts posted by mreidiv
-
-
SET options
2 Website Attack Vectors
3 Credential Harvester Attack Method
2 Site Cloner
put in the url you wish to clone use https or http
Please make sure you have permission to test
-later
Thanks surbo,
if it worked for you something may be messed up with mine it just sits there for about an hour and a half before it errors out. i used the same steps u described.
-
here are the ones I use for netflix
http://www.filefactory.com/file/7i14ry677cud/n/Archive_zip
I use the net for all the .jpg
with this site I use the main landing page (netflix.html) then the user clicks on (member sign in) that opens NetflixLogin.html
the login.php then writes the name\pass to /usb/logs/phish.log and redirects to the real netflix site.
NTF
Thank you, NotTheFed,
I will study it and see how you accomplished it.
-
It seems that the ssid beacons stop after a few hours of being powered up. I can repeat this 100% of the time. I've found that if the pineapple has no wifi clients for an extended time period (say, 4+hours) it just stops sending beacons. I cannot see an ssid from any OS. I've tried airodump-ng --bssid my:pi:ne:ap:pl:em:ac with no luck either.
I have had this trouble with every version of mkiv including 1.1.1. I have used multiple os's, multiple wifi nics, all to no avail.
Has anyone else experienced this?
Can one of you pineapple gurus explain how to get it to start broadcasting again without rebooting?
I have learned more in the last month about computers due to this device than I have in the last 5 years. My wife hates you, but I love ya. Keep up the great work.
Yes i have had the same problem with both versions of the new firmware.
-
If you guys want to clone a site like hulu's login page, just use (SET) on the backtrack security cd.
Use the clone option and then use the saved html that SET builds. I don't think I will create a tutorial for this as I am really not sure what your ideas behind this are. If you figure it out more power to ya.
-suRbo
Thank You suRbo
But the idea is to learn how to do it manually with the different types of encoding on different pages. I am here to learn how to do things not be a script kiddie.. Lol
btw: SET wont generate a clone for netflix
But thanks for your input.
-
Does anyone know how to flash a hornet with the mk4 Firmware?
-
Hi,
i have an app that is pulling data from a server, the first versions of the app sent all data unencrypted,
so the fun part was to make the app connect to ones own server, feeding it responses that looked like it came from the real server, but had som different values.
the newer versions of the app is using a token + salt, so you cant just replicate an original response..
but someone told me that it was possible to change the program a little, so it would always generate the same token, and theirby making it possible to "clone" the original responses.
i know nothing about modyfying compiled code, but would like to learn, so if anyone have any good pointers :)
EDIT: lol, the topic text really got f#¤% up, but no way to change it :D
Try this MobiSec http://sourceforge.net/projects/mobisec/files/
-
Hello,
I ran a social engineering tool kit(BT5) & chose sphere -phishing attack- Perform a Mass Email Attack-payloads-Windows Reverse TCP Shell,E-Mail Attack Single Email Address-Do you want to setup a listener yes or no: yes ...., after i sent this mail to victim with payload & when victim opens pdf file there is no response in msf exploit(handler)> why this happens? the victim lives in another country & he's been informed about this test. i have a shared internet connection.
does this work only with LAN? plz suggest me if you have any idea.
regards.
Best to ask that question on the backtrack forums as they would be able to help you better, but there are many things that can go wrong, IE Firewalls isp blocking connections misconfiguration in bt5 etc... or you could go check out the SET site. sorry i couldn't help more.
-
Does anyone know if the hak 5 devs are still working on this or is it a flop?
-
Looking at the source files for Netflix,
The actual login.php page is not on the home page.
Why dont you try the following?
- Clone/Copy the standard front page of netflix and the login.php page to your MKIV
- Find the link to login.php and change it your desired location
- In the login.php from the website, and change the action method as suggested in the tutorials.
- Should work !
Try this and play around.
Extra bonus points for learning basic html and php ! B)
thank you i have cloned the login and the first page and have tried changing by the tutorial on the web page but there is no "Action" in either page i have tried changing the href=.... to error.php to no avail, also i am working on learning html and php but once you try things many of time you get to a point where it just drives you crazy. so that is why i cam to the conclusion to ask for a little help form the community.
- Clone/Copy the standard front page of netflix and the login.php page to your MKIV
-
I just got my MKIV today and am a total noob. I copied the rick roll over to the www directory and everything worked fine with dns spoof. I was then trying to get my sandisk usb drive to work and am not sure what I did.
When I run the df command I get this
root@Pineapple:/# df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 1088 1020 68 94% /
/dev/root 5120 5120 0 100% /rom
tmpfs 14768 520 14248 4% /tmp
tmpfs 512 0 512 0% /dev
/dev/mtdblock3 1088 1020 68 94% /overlay
overlayfs:/overlay 1088 1020 68 94% /
/dev/mtdblock7 5120 5120 0 100% /mnt/mtdblock7
/dev/sda1 3842376 76696 3570492 2% /usb
root@Pineapple:/#
Obviously my /dev/root is full and I can't even move files or run the cleanup script. Any help on finding out what is filling up the drive would be great.
there is not enough room in the pineapple for phishing pages remove what you put in the www folder and place it on the usb the symbolically link the www folder to the folder on the usb
-
Check on YouTube guys. There's loads of videos out there on how to create a phishing page and also there's great tuts on a guys page on YouTube called security4plus. He started me off as I was completely lost. Slowly things start to make sense and you can soon realise you can use your imagination to modding the pineapple to how you like. Hope it helps! And make sure u like that guys videos. He's been knocking new ones out constantly! :)
Thank you killuminati but what i was looking for is a tutorial on defrent types of phishing web pages like netflix and hulu the use diffrent encoding in their web pages so i would like to know how to set them pages up for phishing.
-
While waiting to reorder all the stuff on the github wiki, I uploaded the wps buttons scripts files here.
Thanks Whistle Master
gave u rep points.
-
Has anyone got netflix or hulu to work with phishing. i tried following the tut but the code is different in these sites. If so can you send me the files so i can see how it was done or give me a tut.
-
Thanks!
I can't wait to see yours in the next release :)
Regarding the reset button enable/disable, I did the following:
each time the button actions are updated, I remove all the button from the system config (system.@button):
while(exec("uci get system.@button[0]") == "button") { exec("uci delete system.@button[0]"); } exec("uci commit system");and I then add again all the button, keeping the reset button for the last position:
for($i=0;$i<4;$i++) { exec("uci add system button"); exec("uci set system.@button[".$i."].button=reset"); exec("uci set system.@button[".$i."].action=released"); if($_wpsx[$i] == 0) $handler = "logger No action"; else if($_wpsx[$i] == 1) $handler = "php /www/toggle_services.php -karma"; else if($_wpsx[$i] == 2) $handler = "php /www/toggle_services.php -dnsspoof"; else if($_wpsx[$i] == 3) $handler = "php /www/toggle_services.php -snarf"; else if($_wpsx[$i] == 4) $handler = "php /www/toggle_services.php -s"; else if($_wpsx[$i] == 5) $handler = "reboot"; else if($_wpsx[$i] == 6) $handler = "sh /www/pineapple/wpsScript.sh"; exec("uci set system.@button[".$i."].handler='".$handler."'"); exec("uci set system.@button[".$i."].min=".$_wpsx_min[$i].""); exec("uci set system.@button[".$i."].max=".$_wpsx_max[$i].""); exec("uci commit system"); } exec("uci add system button"); exec("uci set system.@button[4].button=wps"); exec("uci set system.@button[4].action=released"); exec("uci set system.@button[4].handler='cp /etc/config/backup/* /etc/config/ && reboot'"); exec("uci set system.@button[4].min=5"); exec("uci set system.@button[4].max=10"); exec("uci commit system");I had also to modify the resetButton.sh to always remove/add button n°4 as reset button will always be at this position with my implementation.
looks good but where can we find the files i cant find them on the wiki.
-
I have never had a problem with this card but I just upgraded to bt5r2 I will double check but if you research it on bt forums the people that are having the problems are using bt in vm or virtual-box. I will test it with bt5r2 and repost. Also I would like to get a good atheros based card also.
OK so i tested it on bt5 r1 64bit KDE hard drive install and bt r2 KDE 32 bit hard drive install
injection working perfectly with bt5 native drivers
Monitoring works perfectly with native drivers
I am not sure why other people are having problems but i have not changed any settings in the os at all so maybe they have or maybe they are using a vm ?.....
some people have it working fine others don't.
So take it for what it is worth....
-
I have never had a problem with this card but I just upgraded to bt5r2 I will double check but if you reasearch it on bt forums the people that are having the problems are using bt in vm or virtualbox. I will test it with bt5r2 and repost. Also I would like to get a good atheros based card also.
-
hello,
I have the awus036h, it only supports b/g though ..
im interested in getting a new nic that supports b/g/ and n and is compatible with aircrack for packet injection... though it seems im hard pressed.
any suggestions?
This one is great 2000mw runs out the box with bt5 perfectly...
http://www.amazon.com/High-Gain-Long-Rang-Alfa-9dBi-Mount/dp/B0038Q4AIG
I have never had a problem with it..
-
Though I strongly agree that we should know how to deal or defend ourselves against these growing internet attacks.
However rather than trying to be paranoid about someone hacking you, you can take simple steps to protect your wireless connection.
Use WPA2 with AES, choose a long and complex WPA key, limit the number of devices that can connect to your network, but limiting the number of IP addresses in your DHCP pool.
Be smart, don't do anything illegal that will draw attention of the authorities or other people and always play by the book.
Don't forget to disable WPS
-
im familiar with using urlsnarf via terminal, though on the mk4 i see in the gui/web interf the option to turn it on, but nothing occurs after that.
ssid is present.
ap has connected users, ip address's are shown in gui
can connect to ap myself and internet works.
where is the logs or data supposed to be shown for urlsnarf? Do I have to access terminal and run the urlsnarf commands manually like normal?
use the advanced tab and type in the command cat urlsnarf.log and hit execute
-
He is probably confusing it with a rj48 t1 cable
-
OK a TC hooked to a AD595 (dang those '595 went up in price!)
no real need to add a temp gauge on the mk4 i had it running for 8 hours no noticeable heating at all..
-
Just a brief run down I have been successful at gaining connections, sharing the internet, scp'd the files for the dns/auto-rickroll I want. In a video demo I saw I thought that I saw urlsnarf printing its info to the status screen.(please correct me if I am wrong) I am not getting the live feed printed to the main screen. I am getting MAC id's and ip's as well as comp names. Help will be very much appreciated and thanks again for this awesome site/vids/products~!!
-
-
I have set up ics on windows and have had clients using the wan lan but cant get urlsnarf too work
Wanted Phishing Pages
in WiFi Pineapple Mark IV
Posted · Edited by mreidiv
All in one captive portal
Mad Props For VulpiArgenti
All i did was edit the paths to work on the pineapple
No credit to me Only VulpiArgenti
Can be used As a captive portal Login in page.
Down Load Pinapple Version Here
Or the Original Here.