RebelCork
-
Posts
120 -
Joined
-
Last visited
-
Days Won
1
Posts posted by RebelCork
-
-
I seem to have a problem with dns spoof and phishing on the wifi pineapple mark 4
In spoof hosts i add:
172.16.42.1 *
and i even tried 172.16.42.1 *.facebook.com with no difference.
and the index.php page is:
<html>
<head>
<meta http-equiv="REFRESH" content=0;url=redirect.php">
</head>
<body>
</body>
</html>
I followed loozr tutorial about phishing but whenever i try to go to facebook.com or any website the page just refreshes constantly with actually loading the page.
and when i just type 172.16.42.1 into my browser on my other computer, with or with out dns spoof running it still refreshes the page rapidly without loading it with "http://172.16.42.1/r.../redirect.php"" in the url bar.
winscp into the pineapple and in the www folder the redirect.php page is as so:
<?php
$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($ref, "facebook")){
header('Location: facebook.html');
}
require('error.php');
?>
If you need anymore information let me know. I am completely stumped by this. Hope someone can help
What is happening is quite simple:
If you want ALL of the captured traffic to go through dnsspoof, you use 172.16.42.1 *
(remember * is the wildcard)
172.16.42.1 *.facebook.com as above wont work as you are saying redirect the following:
whatever.facebook.com
to the pineapple.
for facebook, you should use 172.16.42.1 www.facebook.com
in your redirect.php:
it is looking for facebook.html - I presume you have a phish page called facebook.html in the same folder as redirect??
-
many thanks for the update.
This should keep the impatient happy. <_<
-
Device A is MacBook - connected to internet in some way (wifi or ethernet - through built in ethernet) I have used usb iphone tethering and this works.
Device B is the Pineapple - connected to the VM (BT5) in some way, although it has to be via a usb method - USN Network Card/USB Wifi
(I have a micro wifi card inserted into the usb port so it doesnt look too obvious)
Device C is the VM of choice running on the Mac. We will call this VM for clarity.
What is happening is that my Mac is connected to the internet as you would normally have it. In settings, set up internet sharing on the connection you want ( wifi/ethernet/tethered device). Parrallels creates a virtual connection between Mac and VM to share internet, add this to your share. When running the VM, what will happen is the VM shows eth0 as being a physical interface connected directly to your VM.
You connect the pineapple by whatever method you like - wifi again is much better, as you dont have any wires poking about, but if you have to use an ethernet cable, you must use a usb adapter (I got a cheap €10 adapter and it works perfectly). This shows up in Parrallels, just attribute this to the VM and you have a connection to the pineapple.
If you are using a linux image, you can run wp4.sh, just remembering to connect the right interfaces when asked (PC to Internet becomes ethX, connection to pineapple becomes wlanX or ethX, and the router becomes the Parralls 'router'.
This works for me every time and I don't have to mess about with pineapple settings
-
Can confirm this works.
I use BT5 on Mac though as your device 'c'
I use a cat 5 cable with a USB network card (VMs don't play nice with the Ethernet card) and just manage it from there. There's also no need to mess around. With pineapple settings ( for the noobs)
-
For everyone baying for blood on the keylogger I'm working with Whistle Master to get one sorted. I've got the logging in place and have the base code for the interception and hook injector, just have to tie the two together then put it into a module.
Will it be a silent module ( work in bg) or one which relies on a redirect (provides a custom phishing style page a la SET)
The idea for the module has changed from its early days to now.
Hats off to you both for all the work you have done here for all of us.
-
are we ever going to see this ? maybe for the holidays?
--nick--
This is largely a community driven website, and many of the contributors to it, WhistleMaster being chief amongst them, dedicate a lot of their free time to provide excellent add-ons and utilities to these forums. Just 12 months ago, there were no pineapple modules, so developing for the spikey fruit is still in its infancy. Development is done on a voluntary basis.
WM does a fantastic job, and without him, I very much doubt the pineapple would be the multi-tool it is today. As stated just a few weeks ago, the KeyLogger module is one of the most requested modules, it is also the hardest to get right. WM will release it, if and when it is ready.
Give back to the community, go out there and do some research, learn some basic bash skills, a programming language(java, ruby, python), read more on network exploitation etc. Contribute towards a project in some way, rather than posting requests for updates every couple of weeks.
-
RebelCork. Thanks for linking to that article. I do plan on using the device for "non-nefarious" purposes as I'm a penetration tester. The one item I'm trying to get working is USB tethering between the cell phone and the tp-link so it is a back door to the device. If I can't get it to work bluetooth and regular wifi tethering would work but then I can't use those wireless technologies for testing. I think the custom power pwn is an even better item then that custom pwn plug because it is x86 so everything installs with no issues on the Debian image.
Thanks for the quick response, I know you are not going to use it for nefarious purposes, I didn't mean to imply otherwise :-)
It was late when I was writing my post, and my brain wasn't working correctly!!
Anyway, my point was more of the likes of if you can hide a custom pwn device in something so simple, and there are multiple threads in these very forums talking about hiding, disguising the pineapple. (I myself have it 'velcroed' into a binder with batter pack and wifi card)
There are massive security holes in mobile devices that allows us to pwn people so easily doesnt look like its going to be fixed anytime soon. It will only be a matter of time before someone puts a pwn plug/mini pc together to scrape mobile data directly from the phone itself.
How sure are we, when we use a charger in a public place (communal office/cafe/restaurant/bar etc) that it is what is implies it is. We do let our guard down in these areas .
I know this forum is in relation to jasager and wifi, but a device like this could bring the mountain to mohammed so to speak. Emails, SMS, contact books, you name it, it is the holy grail of the pentester for testing.
-
Thought I'd share this with the rest of you guys. Its from hackaday.com, and the guy builds a pretty respectable pwnie-plug device and puts it into the guts of a wall mounted gadget charger. The article mentions the price of the official pwnie plug hardware and also mentions that the builder doesnt use his device for nefarious means. Yeah right ;) ;) ;) . he even managed to solder a 3.5mm jack for a serial connection so it doesnt stand out - kind of makes it look like a knock off apple airport express..
What I like about this, is that internet sharing can be done from the mobile that is 'charging' on the device.
Then I was thinking, what if this was set up in a cafe to allow users to charge their mobile phones, and when connected, access is given to phone's memory card, etc.
Makes me wonder, as being a bartender in a previous life, people were always asking me to charge their phones behind the counter for them.
The link is here:
http://hackaday.com/2012/11/20/outlet-charging-station-retrofitted-with-the-guts-of-a-wifi-router/
Original:
http://www.jedge.com/wordpress/2012/11/tp-link-wr703n-custom-pwn-plug/
Appreciate any comments on my musing...
-
Just saw this too - disappointed that I'm not first :(
-
Apparently, this is what they are using to find people 'breaking the law':
[pic courtesy of engadget]
Remember the Olympic ban on WiFi hotspots to ensure the games' corporate sponsors could sell you back access at a premium? The threat to seize or eject anyone caught using such gear seemed hollow -- after all, how could you be found in a crowd of 90,000? It turns out, LOCOG have employed WiFi police, chasing down unauthorized signals with their big red detectors. Although we should give them some credit -- you'll certainly see them coming from a mile away.Looks like a yagi ??
It'd be nice to talk to these guys and see what setup they are using.
-
Just linking to a blog post from engadget that I saw earlier today.
I kept thinking pineapple pwnage.
http://www.engadget.com/2012/07/25/london-bans-mobile-hotspots/
Two things come into mind when I saw this:
1. London will be a prime *ahem* pentesting target for the Olympics. They expect something like 20,000 journalists to attend various events over the month.
2. Whenever someone tells you 'not' to do something, people will always find a way to do it.
Thoughts ??
-
Never thought of it that way. Keep thinking I should be having a smaller version of laptop for pen-testing. :)
Should really be playing about with it more than I have.
-
Every time I think urban assault with the Pineapple, this is what pops into my mind:
Youtube link here:
-
Most hotels offer so much free usage before you have to purchase time.
Why not use macchanger or similar to change you mac address every few minutes?
-
Has anyone else tried the pogoplug version. Im running it at the moment, but it feels a bit underpwered for what i want
-
Anyone take a look at the other products that they have on the site?? 500 bucks for a pwn plug??
Not exactly conducive for a pentest.
In relation to the pwerstrip, I once worked in an establishment where we installed nice new mini UPS systems with surge protectors for the front office, about the same size as the one above. The aim was to allow the systems in the front a graceful shutdown. One stormy night, and the whole system in the front went down, and one of the machines fried. When we went to look, someone swapped out the UPS with a cheapo socket and took it home, presumably for their rig at home.
I'm still surprised that no-one has done anymore research into the Pogoplug/Svarkast idea from Irongeek. The only problem I see is the pitiful 256mb ram. I can get Debian squeeze working well, but metasploit brings the whole thing to a crawl. I personally cant see the Raspberry pi faring much better. Perhaps the apc barebones model (apc.io), with 512mb ram might be a faster option and will cost around 35 bucks.
Any ideas
-
VMBox is not great on MacOSX, I would highly suggets using VMWare essentials, I think you can pick it up for less than 40 dollars at the moment.
Virtual Machines cannot access the hardware directly, it is a basic security system to prevent something screwing up your computer.
Even when you are using an ethernet cable on a VM, what is happening is a software bridge between the VM and your Mac/PC.
If you get a cheap USB network dongle, you can connect directly to the pineapple (in VMWare it even gives you the opportunity to permanently assign the device to the VM so that it is associated every time you boot the VM)
Follow the guides elsewhere on the forum, on how to continue from there. I use a MacBook, running VMware - BT5 R2, and have never had an issue so far. Had it set up in minutes.
-
Short answer - no, unless you can create a duplicate app and install that on the victims phone.
Long answer: This is theoretically possible on Android, but not so far on Apple. (Barring the foobar this week)
There have been MITM attacks on Android devices, the most common ones being redirects and click-through insertions.
If you remember, WhatsApp was hacked last year, because details were sent in plain text.
-
ok thanks. but for the karma thing for some reason the pineapple doesnt automatically connect other clients. i took my iphone and turned on wifi. and it did not connect to the pineapple like jasager should make it?
What SSID's are you seeing? You should be seeing the pineapple ssid and whatever other SSID's in your iphone's history.
iOS (iPhone/iPad etc) handles the wifi issues a bit differently. The best way to test karma with your iPhone is to turn off your home wifi. Turn on/off the wifi on the phone and give it a couple of seconds. iOS isnt the fastest at connecting to networks. It "should" connect to your pineapple under the old name.
Remember, karma only works effectively when the client has connected to a wifi network before and will send out probe requests.
Also, check to make sure your connections are tight (aerial), as the pineapple isnt exactly the strongest.
-
Yes that is correct, I have not done much testing on it otherwise. You just need to manually install the prerequisites as having SET install them for you will not work.
Also have quite a few other python tools working great like mitmproxy
Can you do a write on how you install SET on the pineapple or post a link to how its done, as one common thread here on the forums is on how to clone websites.
SET's inbuilt cloner would be ideal, and it would only take a quick module to access the data that is received ( i believe SET generates a html/xml file for you)
This would make the pineapple more deadly :)
-
Yes, but we have been very busy lately.
I can guarantee though that it is being worked on!
Best,
Sebkinne
Could you point me in the way of necessary drivers. I would be happy to beta test it, and get it going. Finally give something back to people.
-
Hmmmm pogoplug? can you please touch up on that a little, like config and hardware used, as i have a pogoplug pro which is driving me crazy sitting doing nothing with arch linux.
Well I used IronGeek's guide (here: www.irongeek.com/i.php?page=security/svartkast-pogoplug-dropbox ) to install debian squeeze (and later update to wheezy).
I dont know whether it'll work with the pro, as I am not familiar with it.
I use two no-name wifi cards (atheros based). I havent set up karma yet, but I do connect the pogoplug to the pineapple via ethernet.
In my lab tests at home, I can use it quite well, the plug deauth (mkd3) and the pineapple picking up the wifi clients almost instantly.
Metasploit and SET work perfectly, although MS is a bit slow to initially load (blame 256mb ram). I have the BT repos installed and am setting up a little mini BT box.
I haven't really had the time to do much with it lately, and it really is a project on the slow burner. I like the idea of having a mini 'DropBox' to insert on a network. My next plan, would be to test out a PI version, but I have to stand in line with everyone else to get on that ship.
Looking through IronGeek's site, I would really love to set up an i2p server from the box for secure access. I wonder if Darren could do an episode on this (If he already has, I apologise, as I am still working through the shows)
-
Thanks Seb.
You guys dont seem to get any break at all, churning out version after version !
+1 again.
-
Still catching up on my reading , but looking at this has probably answered some of my questions in a different thread, but was just wondering, is there any update on iphone tethering??
(OMG - I sound like a n00b)
Cheap Alfa Alternative
in WiFi Pineapple Mark IV
Posted
Hope this isn't a double post, but I recently ordered one of these from dealextreme.com.
Arrived yesterday and for a couple of euros, it isnt that bad, and is half the price of alfa cards (sorry darren & snubs, but by the time you factor in P&P to Ireland, things get expensive quite quickly).
http://dx.com/p/9800000g-3000mw-802-11b-g-54mbps-usb-2-0-wifi-wireless-network-adapter-115930
http://dx.com/p/802-11g-54mbps-high-power-1000mw-usb-2-0-wifi-wireless-network-dongle-35688
They have same chipset as the asus and are able to be put into monitor mode