RebelCork
-
Posts
120 -
Joined
-
Last visited
-
Days Won
1
Posts posted by RebelCork
-
-
Instead of using ettercap, (the filters don't work properly) use sslstrip to write an iframe in the response body. If you provide me with your java script code, I can modify sslstrip for you to do that, so that your sslstrip module will also do key logging!
This can also be taken further to do all kinds of things like for example sending users to a computer running metasploit, set etc.
while you are at it might as well do a SET module since I have SET working on my router.
How is SET working out for you ?
I presume its the Metasploit-less version ?
-
I was thinking something similar. You can walk in with the device in the ringbinder and just put it on a shelf anywhere.
Label it "TPS Reports" or something similar. Hiding in plain sight !
-
I also find that while I can use the USB port on my laptop to power the spikey beast, my usb drive doesnt always run.
For that reason (as well as the obvious looking wifi router connected to my laptop), I use an 11000mAh pack. Goes for ages :)
With that I've had no issues with USB/3G modems.
-
If you have money to spend, this looks good:
http://www.hypershop.com/SearchResults.asp?Cat=220
It promises to supply 15,600 mAh to 2 ipads at once giving a total of 15w, but at a cost of 130 bucks it isnt cheap :)
-
To quickly answer your points above:
Try out using Backtrack - version 5 is the latest. This comes with a tool called metasploit already pre-configured.
Metasploit* is basically the de facto tool for penetration testing at the moment, and a part of that is a GUI tool called Armitage, which is a very straight-forward way to see how you can test the security of connected devices. Once a device is connected to your pineapple, you can scan it and see OS information, possible attack vectors and such.
Metasploit can also create tunnels back to your machine for further control.
While the pineapple is great for pentesting, I personally think it's a waste to use it for a home network, it's a bit like buying a porsche for going to the shops. Looks cool, but so much more potential. Buy a cheap wrt router and install openwrt on that.
* I know that there are other tools Social Engineering Toolkit, BEef Toolkit etc, but because of Armitage, I think metasploit is just better:
Links:
Metasploit Unleashed - Good Place to get info Here
Penetration testing using Armitage (Hak5) Video
Pineapple as AP Here
PS: Why own the box when you can snarf their details?? :)
-
Do we need an extra wi-fi card/ pineapple to both block/use karma?
-
That setup should work ok, but when out & about, you won't be able to connect via another openwrt.
The method I use may sound a bit clunky, but it works 100% for me every time. I don't have to perform a lengthy setup every-time.
I use Mac 10.7, running Backtrack5 in parrallels. I Also use a USB wifi card that supports monitor mode (look around this site for your favorite.
I then use Internet connection sharing on my mac to provide internet to the vm. The vm then uses the usb as its own native wifi.
I run the wp4.sh script, selecting my wired(virtual) connection (eth0) as my connection to the internet, and wlan0 as my connection to the spikey fruit. This setup allows for a wire-free setup which should work anywhere - i.e, you are in at a cafe, you legitimately connect with your mac connection, and this passes the connection to the Pineapple.
It's actually fairly easy. My description doesn't do it proper justice.
-
I will see what I can do ;)
+1
I've been dying this. I have an unlimited data plan for my iphone.
The problem is that none of the usb cards on sale are supported in Ireland.
I have an older Huawei from about 3yrs ago, but cant top it up with credit as the newer models all have built in software for doing this.
My only worry would be the draw from the pineapple by connecting them together, the iphone is a hungry beast.
My main ask is about wifi card support
-
When you mean plug and play, what do you mean?
I know it sounds like standard advice, but check the forums, as there is just about every sort of configuration available out there in the forums.
Only for the likes of telot and co, at the beginning, I would have had lots of trouble (VM on Mac), but now I am flying along.
Describe what you want to do and we'll help.
-
Removed
Files are duds, they overwrite the navbar.php file with a link to mediafire and some redirect code.
Funny little script kiddie we have.
First post is to give shortcuts for other users. Not good at all.
Only trust tips on downloading modules to the author themselves, such as WM and BrianZimm.
Somebody please delete this twats links above before he does moe damage
-
I must be lucky so. Actually this was the first time I ordered anythng online that came so quick, usually the stuff from UK takes a week too (you know who you are - Amazon)
What would be col if someone in Europe could resell them for Darren & Co, if they are reading this, tell us what you think. I know there would be many happy hak5 fans purchasing not only this but the accessories too, if there was a European centre too.
-
It cost me €105 euros including shipping to Ireland. I didnt get caught for any duty.
PS, chose the cheapest shipping method and I still got it within 8 days. Ordered it on a Sat night and got it on the Monday of the following week.
Absolutely excellent service from all @ Hak5 so far !!
-
The thing I especially like, is that people don't actually realise how insecure hotel systems are (speaking from experience)
I worked in hotels for many a year (not in IT), and I am telling you I have seen it all.
I once saw a guy bring in his own wifi router, plugging it into his hotel socket.
A lot of smaller hotels, especially those trying to push conference business, use basic (cheap) equipment, and it is often not secure.
Sure, some companies are savvy and provide vpn facilities, but how many people have vpn on their smartphone/tablet (besides us paranoid freaks :) ?? )
One place where I worked, catered for business travellers in particular, and the subject of internet security in relation to guests came up at a management meeting, as we have a lot of high profile business from a certain fruit company. We spent a money on a firewall for the guest side of the network. Within 1 month, we had to take it down, purely because of complaints that ports were being blocked, etc.
Another place where I worked, jut used cheap ass Belkin routers everywhere to serve wifi. I wish I had the pineapple then !!
-
I've just been reading this article ( http://www.theregister.co.uk/2012/05/09/hotel_wi_fi_malware_warning/ ), from theregister.co.uk.
It seems that the IC3 is warning travellers not to upgrade their machines when on holiday over hotel networks, as if anyone here would do that !!
Nice article, showing a flaw in peoples own security (people hack)
-
Ah fair enough, figured it was a bit of a pipedream haha, thanks anyways!
Should support Debian linux, and it's just a matter of installing the packages you require from apt.
I am using a pogoplug ping (1.2mhz processor, 256mb ram) running debian squeeze, with metasploit and set both working solidly away.
-
Hi guys,
I just want to see what people think about the following:
I have a Pogoplug v2, which I long ago used for a small developmental webserver at home, whilst also playing about with ssh. Now, when I first jacked it up with Linux, it was the bog standard Arch, and while I am a fan of it (low power, small footprint etc), when I got the Pineapple, I started wondering about ways to connect them together effectively. One of the advantages of the pogoplug is it's many usb ports (think usb memory, 3g, wifi and pineapple all running together) and it's low price and small form factor.
I think there was a post somewhere else in the forums, where someone set up a pogoplug with two alfa cards to form a pineapple-like machine, and while this looked ok, it still wasn't for me.
I have now installed Debian, using IronGeek's tutorial (Here) and installed Metasploit/Social Engineering Toolkit and Beef. In Irongeek's original post, he calls it a Svarkast, literaly a 'dropbox', where once it's connected to a victim's network, its pwned it.
The Svarkast box looks useful, and my next step is to get something like neinsager running with the two devices (using an alfa card on the pogoplug), which would turn it into the mother of all evil hotspots.
-
Bunny Man,
I've also noticed that when I use Chrome on Mac 10.7, then the captive portal page also pops up, a la iphone. Like Darren said above, it takes a second or two to popup, but I think this is a quirk of captive logins, as my uni uses them, and they are slow to appear on a regular basis.
BTW, slightly off topic, I've noticed that my Kindle doesn't seem to handle probe requests the same as other devices. Not a major thing, but could be cool to sniff the traffic off the kindle to see its whole handshaking proceedure.
-
First rule about Pineapple Easter Egg; Do Not Talk about Pineapple Easter Egg !!
:)
-
Hi Guys,
I know I have posted something similar a few weeks ago, but I am seriously trying to install a credible social engineering framework on the pineapple.
I know its now deprecated, but I was wondering if anyone has a copy of the php version of BEEF for testing on the pineapple?
I like the idea of a automatic self contained box, then being able to manage it from a smartphone
It looks like a lower usage cost on the CPU than the ruby (current) version.
Failing that, my next steps will be try to implement SET on the spikey fruit.
-
Hi All,
I have been trying to get Beef framework to work with my MKIV over the last week, but I can't seem to get it to work, and I really don't want to be posting such a noob question.
~Do I have the right method here??
pineapple--forwarding all traffic (dnsspoofing 172.16.42.42 * (where .42.42 is my gateway, ie bt machine) --beef (running on bt)
-
I like you was a GUI person, but after having too many problems, I just got stuck into cli.
Its easy enough:
scp path/to/file root@172.16.42.1:path/to/file so if I want to transfer the file foobar.txt to my pineapple from my mac to the www folder on the pineapple, I would type: scp foobar.txt root@172.16.42.1:/www
If you want to copy an entire folder over (rickroll etc):
scp -R path/to/folder root@172.16.42.1:/path/to/folder
Also learn how to use synlinking, that and scp are the 2 commands I use most now
-
The development here just keeps getting better and better.
Who would have thought that when the MKIV came out that we would have such a growing community developing the little pineapple ??
Evil: God isn't interested in technology. He cares nothing for the microchip or the silicon revolution. Look how he spends his time, forty-three species of parrots! Nipples for men!
Robert: Slugs.
Evil: Slugs! HE created slugs! They can't hear. They can't speak. They can't operate machinery. Are we not in the hands of a lunatic?
-
somehow, it makes me think of this :
oldie, but goodie :)
-
Have you tried bringing the wlan down and then up??
Mark 4 Iphone Tethering
in WiFi Pineapple Mark IV
Posted
I want to try to keep this question in this thread, as I have been on holidays for the last month, and I come back to see so many new faces around the forum. :)
So I wonder if any reader can update me:
Has there been any update on either the iPhone tethering or the wifi card support over the last month or so.
I would love wifi card support, as I currently have 3 different (all not compatible) cards, and before I go and buy a new one (the Alfa's are not available here in Eire), I want to see how support is progressing. I currently use a pogoplug/plugbox with two of my cards to perform deauth attacks on (my ;) ) wifi router. Whilst great, it's not exactly mobile.