-
Posts
120 -
Joined
-
Last visited
-
Days Won
1
Posts posted by RebelCork
-
-
How about a spot of phishing/social engineering.
Let's say your target hotspot is 'BigISPxxxx' - it's the way they name it here in Ireland. Set up karma & a MDK3 card.
Design a nice simple webpage with your target ISP logo, two little textboxes and a message along the lines of
"We here at BigISP are upgrading your router.
Please enter in your username and password
(or just WPA2 key, hey enter it twice for security :) )
The update process will take approximately 90 seconds, after which, you will need to power cycle your router."
Bingo - WPA2 key in hand and the target will connect back to his network none the wiser.
Turn off MDK3 and karma - victim seamlessly connects to their own network none the wiser.
-
thesugarat WOW!! You're the MAN! <<Plug a cable from your router directly into the WAN/LAN port on the pineapple.>> this showed all the modules and I got to download 2 of them, then was told my pineapple was full. :(
You would be surprised at the amount of people having difficulty with this...
-
Have you tried building a svartkast (Irongeek.com - props to Adrian Crenshaw, I'm just reposting )
Basically it's a modified Pogoplug, ebay is full of them. You can get them for next to nothing and stick in a low profile usb stick. They are fairly inconspicuous (apart from being bright pink :) )
I use it a fair bit for testing and packet captures - you can install debian and all of its tools.
http://forums.hak5.org/index.php?/topic/26512-pineapple-fun/
-
\ [Mark IV: Ver 2.8.0 ] ``+': \ \ `+'+#` \ \ \ . ...--. .-.. . +.+,+; ) ) ) ) |/\|.|- . |-'..-..-,.-. .-..-.| .-, `+`+++,'+ / / / ' ''' ' ' '' '`'-`-`-|-'|-''-`'- `++.;+;` / / ' ' `+; / #:##;#` Zombie :::;+#'# 1/2 oz BacardiĀ® 151 rum #:+;;#'# 1 oz pineapple juice `,';#''#'' 1 oz orange juice ;'#;++''+# 1/2 oz apricot brandy #;;#''+;;# 1 tsp sugar ##+'++''#' 2 oz light rum '++'+''#++ 1 oz dark rum .''+;'#;;# 1 oz lime juice +'''+;+;, ,';#;;;' Shake together. [ 119 105 102 105 112 105 110 101 97 112 112 108 101 46 99 111 109 ]
Bonus easter egg included :)
-
Better stick to an ethernet connection if you are downloading, just in case there are any issues - cannot stress the increased risk of bricking your device if your connection drops.
I hate saying, but look around the forums here, there are lots of guides on connection issues
-
virtualbox doesnt see your nic directly. It installs a bridge on your pc and traffic is directed through that.
Best result is get a cheap usb nic online and use that (virtualbox will see your usb device and access that directly), just as you would your own nic.
Plenty of help around the forums - its what anyone with a MacBook Air has to do
-
Pentesting is not simply using 1 'hack'
The java applet attack may work if you know the victim's machine is susceptible to the attack, but to be honest, the worst thing you can do on a pentest is try and throw everything at a target.
-
As a member of the forum for over a year, and admitingly, not posting a great deal, all I can think of is one thing..
With Great Power Comes Great Responsibility ( Sorry ;) )
In fairness though, there does seem to be a large amount of kiddies recently, but that's kind of expected as the popularity of the pineapple reaches a bigger audience.
In my opinion, although it goes against my own personal beliefs, is simply just ignore the "How do I hack FB ?" type posts. Looking through reddit, these posts simply disappear soon enough. Look also at the posters, they post between 1 and 5 posts like this and go away. If they are genuine noobs (I was one too) then they'll hopefully go away and learn how to code, how to hack responsibly and when they come back mature a bit.
As stated above, genuine Pentesters will often create phish pages on the fly. It really isnt hard.
Sorry for adding to the debate, but I really hate it when the community frangments over an issue like this. The openness and genuine help that I have received from users here has been fantastic. It'd be harmful to the community if we couldn't genuinely help newcomers with genuine problems (ICS problems, etc)
-
vpn
in Hacks & Mods
hamachi (logmein) give 5 free licences
Its compatible with linux (arm, 32- & 64bit machines) and windows.
Handy for creating tunnels
Have yet to try it with the Pineapple though (hamachi for linux is a beta, and will probably be forever)
-
Episode 1403
in Hak5
Posted wrong show number, sorry. :)
Here's the install file for anyone who is looking for it !!
#!/bin/bash # Interactive PoPToP install script on a OpenVZ VPS # Tested on Debian 5, 6, and Ubuntu 11.04 # 2011 v1.1 # Author: Commander Waffles # http://www.putdispenserhere.com/pptp-debian-ubuntu-openvz-setup-script/'>http://www.putdispenserhere.com/pptp-debian-ubuntu-openvz-setup-script/ echo "######################################################" echo "Interactive PoPToP Install Script for OpenVZ VPS" echo "by Commander Waffles http://www.putdispenserhere.com" echo "Should work on various deb-based Linux distos" echo "Tested on Debian 5, 6, and Ubuntu 11.04" echo echo "Make sure to message your provider and have them enable" echo "IPtables and ppp modules prior to setting up PoPToP." echo echo "You need to set up the server before creating more users." echo "A separate user is required per connection or machine." echo "######################################################" echo echo echo "######################################################" echo "Select on option:" echo "1) Set up new PoPToP server AND create one user" echo "2) Create additional users" echo "######################################################" read x if test $x -eq 1; then echo "Enter username that you want to create (eg. client1 or john):" read u echo "Specify password that you want the server to use:" read p # get the VPS IP ip=`ifconfig venet0:0 | grep 'inet addr' | awk {'print $2'} | sed s/.*://` echo echo "######################################################" echo "Downloading and Installing PoPToP" echo "######################################################" apt-get update apt-get install pptpd echo echo "######################################################" echo "Creating Server Config" echo "######################################################" cat < /etc/ppp/pptpd-options >>END name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 ms-dns 8.8.4.4 proxyarp nodefaultroute lock nobsdcomp END # setting up pptpd.conf echo "option /etc/ppp/pptpd-options" > /etc/pptpd.conf echo "logwtmp" >> /etc/pptpd.conf echo "localip $ip" >> /etc/pptpd.conf echo "remoteip 10.1.0.1-100" >> /etc/pptpd.conf # adding new user echo "$u * $p *" >> /etc/ppp/chap-secrets echo echo "######################################################" echo "Forwarding IPv4 and Enabling it on boot" echo "######################################################" cat >> /etc/sysctl.conf <<END net.ipv4.ip_forward=1 END sysctl -p echo echo "######################################################" echo "Updating IPtables Routing and Enabling it on boot" echo "######################################################" iptables -t nat -A POSTROUTING -j SNAT --to $ip # saves iptables routing rules and enables them on-boot iptables-save > /etc/iptables.conf cat > /etc/network/if-pre-up.d/iptables <<END #!/bin/sh iptables-restore < /etc/iptables.conf END chmod +x /etc/network/if-pre-up.d/iptables cat >> /etc/ppp/ip-up <<END ifconfig ppp0 mtu 1400 END echo echo "######################################################" echo "Restarting PoPToP" echo "######################################################" /etc/init.d/pptpd restart echo echo "######################################################" echo "Server setup complete!" echo "Connect to your VPS at $ip with these credentials:" echo "Username:$u ##### Password: $p" echo "######################################################" # runs this if option 2 is selected elif test $x -eq 2; then echo "Enter username that you want to create (eg. client1 or john):" read u echo "Specify password that you want the server to use:" read p # get the VPS IP ip=`ifconfig venet0:0 | grep 'inet addr' | awk {'print $2'} | sed s/.*://` # adding new user echo "$u * $p *" >> /etc/ppp/chap-secrets echo echo "######################################################" echo "Addtional user added!" echo "Connect to your VPS at $ip with these credentials:" echo "Username:$u ##### Password: $p" echo "######################################################" else echo "Invalid selection, quitting." exit fi
-
Episode 2013
in Hak5
Hi All,
dont know if anyone has noticed, but the links pointing to putdispenserhere.com are only resolving to a default Apache page.
For anyone looking for the scripts, I have posted them here
#!/bin/bash # Interactive PoPToP install script on a OpenVZ VPS # Tested on Debian 5, 6, and Ubuntu 11.04 # 2011 v1.1 # Author: Commander Waffles # http://www.putdispenserhere.com/pptp-debian-ubuntu-openvz-setup-script/'>http://www.putdispenserhere.com/pptp-debian-ubuntu-openvz-setup-script/ echo "######################################################" echo "Interactive PoPToP Install Script for OpenVZ VPS" echo "by Commander Waffles http://www.putdispenserhere.com" echo "Should work on various deb-based Linux distos" echo "Tested on Debian 5, 6, and Ubuntu 11.04" echo echo "Make sure to message your provider and have them enable" echo "IPtables and ppp modules prior to setting up PoPToP." echo echo "You need to set up the server before creating more users." echo "A separate user is required per connection or machine." echo "######################################################" echo echo echo "######################################################" echo "Select on option:" echo "1) Set up new PoPToP server AND create one user" echo "2) Create additional users" echo "######################################################" read x if test $x -eq 1; then echo "Enter username that you want to create (eg. client1 or john):" read u echo "Specify password that you want the server to use:" read p # get the VPS IP ip=`ifconfig venet0:0 | grep 'inet addr' | awk {'print $2'} | sed s/.*://` echo echo "######################################################" echo "Downloading and Installing PoPToP" echo "######################################################" apt-get update apt-get install pptpd echo echo "######################################################" echo "Creating Server Config" echo "######################################################" cat < /etc/ppp/pptpd-options >>END name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 ms-dns 8.8.4.4 proxyarp nodefaultroute lock nobsdcomp END # setting up pptpd.conf echo "option /etc/ppp/pptpd-options" > /etc/pptpd.conf echo "logwtmp" >> /etc/pptpd.conf echo "localip $ip" >> /etc/pptpd.conf echo "remoteip 10.1.0.1-100" >> /etc/pptpd.conf # adding new user echo "$u * $p *" >> /etc/ppp/chap-secrets echo echo "######################################################" echo "Forwarding IPv4 and Enabling it on boot" echo "######################################################" cat >> /etc/sysctl.conf <<END net.ipv4.ip_forward=1 END sysctl -p echo echo "######################################################" echo "Updating IPtables Routing and Enabling it on boot" echo "######################################################" iptables -t nat -A POSTROUTING -j SNAT --to $ip # saves iptables routing rules and enables them on-boot iptables-save > /etc/iptables.conf cat > /etc/network/if-pre-up.d/iptables <<END #!/bin/sh iptables-restore < /etc/iptables.conf END chmod +x /etc/network/if-pre-up.d/iptables cat >> /etc/ppp/ip-up <<END ifconfig ppp0 mtu 1400 END echo echo "######################################################" echo "Restarting PoPToP" echo "######################################################" /etc/init.d/pptpd restart echo echo "######################################################" echo "Server setup complete!" echo "Connect to your VPS at $ip with these credentials:" echo "Username:$u ##### Password: $p" echo "######################################################" # runs this if option 2 is selected elif test $x -eq 2; then echo "Enter username that you want to create (eg. client1 or john):" read u echo "Specify password that you want the server to use:" read p # get the VPS IP ip=`ifconfig venet0:0 | grep 'inet addr' | awk {'print $2'} | sed s/.*://` # adding new user echo "$u * $p *" >> /etc/ppp/chap-secrets echo echo "######################################################" echo "Addtional user added!" echo "Connect to your VPS at $ip with these credentials:" echo "Username:$u ##### Password: $p" echo "######################################################" else echo "Invalid selection, quitting." exit fi
Hope This helps :)
-
And this And this is the aftermath...
http://beaglenetworks.net/post/42828595476/what-i-learned-from-being-a-fleeting-internet-celeb
-
iOS is a bit scarce. so here's mine:
Terminal (daddy needs a command prompt)
Metasploit (installable through command prompt)
Fing (Network Discovery)
SugarSync
iNet (Network Discovery & Portscanner)
WiFiFoFum (oldie - good for wardriving - do people still do this??? Useful for finding & locating networks nearby)
Have recently got my hands on a MK802 android stick, so looking for suggestions for that. :)
-
Hello and thanks for the help, connect to WiFi router pineapple through the WAN port, my router will assign the IP 192.168.2.2 on that ground from my computer and go to http:/ http://192.168.2.2:1471 / 192.168.2.2/pineapple and nothing, no connection, by elimination, just to discard, go from there to 172.16.42.1 and less, no ping response, to which if I can get it to the router, and if you connect a PC LAN port and connect to the WiFi Router-Internet pineapple and works perfect, assigned DHCP address 192.168.2.X.Excuse my translation but my native language is Spanish.
Have you tried ssh into the router using the 192.168.2.2 ? use default user:root and password:pineapplesareyummy
What kind of computer are you using to connect to the pineapple (I have dealt with people using macs to connect)
-
Has anyone tried using SET to try to clone the page. If you are using BT5, go to var/www and browse files. Should do a passable job.
If you want to wait a while longer, wait for WhistleMaster's new module, the MITM/keylogger to come about.
All depending on what you want :)
-
K well I made it home which means if I need to do a serial flash, I can use my arduino as a seral converter by jumping ground to rest and use the rx and tx pins. The reason why I am not doing a hard reboot is because it says that it might brick it. http://cloud.wifipineapple.com/wiki/doku.php?id=guidemacics. Also I do have backups, but that's not going to help since I can't see the device.
What looks like is happening is that your Mac is not giving out ip addresses in the 192.168.2.0/24 range.
What ip address is it giving you?
Have you also tried a ping sweep?
-
Good question - I don't know how to find ANY 3rd party modules.
Make sure you have internet to the pineapple - I know it seems like a silly thing, but set up a shared connection to the pineapple first and install the packages.
Before you start though, get yourself a nice big flash drive and set up swap space early on - trust me, you'll thank me later.
Then, start installing the modules. (Leave the rickroll till last & then go out and get a coffee - it takes a bit of time to install)
I would then install opkg stuff like mdk3, nmap etc from the module.
If you are having probs, PM me and I'll try to get you set up
-
OK, I found the RandomRoll module in the Pineapple Bar.
I think that what I really want is the Man in the Middle module.
You along with loads more here :)
Check out the following, it seems to be the most promising piece of software for the pineapple until WhistleMaster and DigiNinja have finished. (Give them time, it's the holidays for them too :-) )
The best wayto make sure that everything works in relation to the auto rick roll is to use the module system.
-
I'll fire up my plug tonight and have a look
-
I have my Pineapple plugged into my Laptop via the POE/LAN Port for ICS, it gives out the the Internet though the Pineapples Wifi as it should etc....
I have a PogoPlug connected to the Pineapples WAN/LAN Port..., I can't seem to get the WAN/LAN Port to give Internet to the PogoPlug...
I've tried the Network Manager ICS etc...
Do I need some commands to make the WAN/LAN Port use DHCP, to give the PogoPlug an IP and Internet?
Any advice would be greaty appreciated.
Thanks.
Have you tried this ?
-
I tried using the instructions on the wiki for using the wifi pineapple with Mac OSX ICS. Now the wifi wont work, and I have no way to get into the pineapple. I tried both ethernet ports on the pineapple and my macbook air keeps on giving it's self self assigned IP addresses. Currently I am trapped in an airport with an almost 5 hour delay.
[EDIT]
I have tried sshing to 192.168.2.254 using both ports to no avail!
Hope this gets to you no matter where you are.
Which guide did you follow ? (By default the Mac gives out ip's on the 192.168.2.0/24 range)
The best guide is here: http://forums.hak5.o...-mac-ics-works/
I myself use several different methods to get the pineapple up and sharing, but my last post explains it better.
Unfortunately, you have two choices:
(1) Hard reset or (2)try to ping the device.
If you really don't want to reset the pineapple, start by pinging 192.168.2.1 and work your way up from there (quick and dirty fix)
You should see replies on whatever ip the mac is connected to. You can ssh into this or use chrome/firefox to go into the UI and repair the settings.
[edit] you can always try the following to perform a ping sweep, couldn't remember it off hand:
just open a terminal and run this(assuming 192.168.2.0/24 is the range you set)
$ for i in {1..254}; do ping -c 1 -W 1 192.168.2.$i | grep 'from'; done
[/CODE]I personally don't like messing with the defaults on the pineapple, it causes issues further down the road. If you need any of the original config files, send me a PM and i'll email them to you/post them here, if you don't have backups.
-
For anyone that is having problems, I can only post what is the easiest way to set up ICS on the mac:
(before you begin, please install the networkmanager module)
- Connect the pineapple WLAN/LAN port to your ethernet port on the MAC
- Under Settings > Sharing >Internet Sharing - Tick the box for Ethernet.
- Connect to the pineapple using a mobile device/wifi device, and get the ip address of the WLAN/LAN in the upper right corner. It will probably say something along the lines of 192.168.2.x (for instance mine is 192.168.2.14) (please dont try to ping my ip ^_^ ).
- The ip address listed under the WLAN/LAN is the alternate ip address you can log into the pineapple with.
- open network manager and click on the ics tab
- under "Share internet from:" - select eth1
- under "To:" - select wlan0
- Save (optionally you can enable this to work on boot by ticking the box)
- Voila !! Pwned internets
Hope this helps everyone
Dunes88, can you try this out and see it works??
[edit] should mention that I use this if I am not using backtrack or another vm. I use my other method stated above if I want to do anything else
[edit] just realised this is identical to OP. Sorry !! But it DOES WORK EVERYONE !! :)
- Connect the pineapple WLAN/LAN port to your ethernet port on the MAC
-
Used a different key AND plugged in directly to the wall - not sure which one fixed the problem but it's running now.
It's almost definately a power issue, there's not enough juice coming from your PC/laptop (if using). I originally tried using a usb charging plug with the usb power connector for the pineapple (to reduce the amount of cables I needed to carry), and there simply wasn't enough power to cater for usb memory stick as well as pineapple. So i used a proper power adapter or a battery pack and it's fine. (Actually its the charger for my 11000mah battery pack, so win-win, I get to carry only 1 charger for 2 devices!)
-
I'm going to be the first not to beg 'When it's coming out????' <_<
WM, once again, you are legenDARY !
Faking WPA2 networks
in WiFi Pineapple Mark IV
Posted
It does AFAIK, but my idea above really is a thought experiment, it just needs a POC.
How many people will actually search their own hotspot?
End users will automatically think 'Hey, this is supposed to just work, right?'
My above example is only meant to be there 60 seconds tops, quick and dirty