RebelCork
-
Posts
120 -
Joined
-
Last visited
-
Days Won
1
Posts posted by RebelCork
-
-
This guide was originally meant for the older models of the pineapple, but the scripts still work:
http://hak5.org/hack/pineapple-phishing
I have my pineapple set up for multiple phishing pages by redirecting to a redirect.php script and then when the user clicks login or submit the form (with another .php script) that collects the info sends that info to a txt file and shows an error page to the user.
Remember, once you start cloning your chosen sites. Input your own code snippets/design your own login area (username & password fields)
You just have to make it look real enough to fool a casual user. One of the points about MITM attacks is that we feel secure and trusting of our ISP, especially when it looks like we are connected to our own network.
So long as the login page is simple and lookslegit to the end user, they will easily enter creds
Just my opinion ! :)
-
Best to ask that question on the backtrack forums as they would be able to help you better, but there are many things that can go wrong, IE Firewalls isp blocking connections misconfiguration in bt5 etc... or you could go check out the SET site. sorry i couldn't help more.
I agree.
Best way is to set up a VM machine purely to be the 'victim' of your attack on a local network.(I have seperate wifi connection, only for testing)
Then scale from there. A lot of the attacks in SET are targeted at machines with older OS's.
Learn to play with Metasploit, starting with Armitage to see different attacks and how to write your own (easy).
Then, you can perform tests over the internet as your confidence grows.
-
Exept the space issue, no.
But that is reason enough for me. I would install a program on the Mac that mounts ssh. They work well.
Best
Sebkinne
I also use sshfs for Mac OSX
This is the best way to install it:
cd ~/Downloads ## Download the latest version (as found on fuse4x.org) and install wget https://github.com/downloads/fuse4x/fuse4x/Fuse4X-0.8.7.pkg open Fuse4X-0.8.7.pkg ## Get the latest version of SSHFS (as found on github.com/fuse4x/fuse4x/downloads) wget https://github.com/downloads/fuse4x/fuse4x/sshfs-2.3.0.zip ## Install sshfs binary to /usr/local/bin/sshfs (and install man page): unzip sshfs-2.3.0.zip -d /
Hope it helps
Source: Here
-
Change it to a button that you can control so (point to error.php).
The easiest thing to do is keep a 'snippets' tool handy and copy any 'useful' bits of code into it. That way, when you quickly want to change an element on a web page, you have a predefined bit of code that you need.
With php/html, you can't do any damage, so play around and have fun!
-
if you want to develop to the pineapple, you would probably prefer using something more robust then nano or vim.
SO, try issuing:
opkg update opkg install openssh-sftp-server
you will now have the ability to use an SFTP connection to the pineapple.
if you are a mac user like me, you can use Transmit to mount the pineapple to be a volume you can access like any other volume.
and im sure there is compatible software for windows/linux too..
hope you'll find it useful :)
ps. it will NOT work if you will install it to the usb
+1
Perfect for espresso. I can tweak php files on the go now, thanks!
-
Thank you. I'm sorry I didn't clarify that, but what I really want to is connect it through wifi. Is there any possible way of doing that. Even if it meant using an additional external wireless card.
I don't think you can add a wireless card at the moment.
-
Looking at the source files for Netflix,
The actual login.php page is not on the home page.
Why dont you try the following?
- Clone/Copy the standard front page of netflix and the login.php page to your MKIV
- Find the link to login.php and change it your desired location
- In the login.php from the website, and change the action method as suggested in the tutorials.
- Should work !
Try this and play around.
Extra bonus points for learning basic html and php ! B)
- Clone/Copy the standard front page of netflix and the login.php page to your MKIV
-
However when I connect to my pineapple wifi and log into a site it does show a java box but need to look into it more. I'm thinking it's running but theres an issue with the switch showing "on"?
DNS Spoof is running and you have the run.html offering up a java attack applet.It will run constantly, you can't turn it off without replacing the redirected page. If you really wanted to, you could try altering an existing web page to inject the java code for the user instead of a blank page.
For example, clone www.facebook.com and insert the code into the webpage.
That way, when your victim machine browses to the infected page the script is run automatically and they are not sitting looking at a blank screen.
Also a particulairly nasty attack would be to disguise the attack vector as one of the many popular FB games.
With an active internet connection to the pineapple, the victim will continue on his/her way to the login page, and you get the chance to steal passwords as well.
These are some of the theoretical situations I am trying to defend against. (I am trying to write a term paper for college on MITM attacks)
-
Why can't it be uploaded? I replaced mine but made a back up and now I have the mark III interace with all the amazing goodness of urlsnarf, ngrep on the status page ui. I just edited the file where it said mark3 to Mark IV for a little personal touch ;D glad to know ur on/off button isn't working either. However when I connect to my pineapple wifi and log into a site it does show a java box but need to look into it more. I'm thinking it's running but theres an issue with the switch showing "on"? Question I have though for the guys at hak5 is why was the mark 3 interface replaced with the current mark IV? Was it a time issue or something? I quite like the old interface with the easy to read display of various items (I.e airmon-ng, urlsnarf, arp)
I think ngrep and urlsnarf aren't 100% functional on MKIV.
(Sebkinne says: ngrep is not installed currently)
(Thought so: :) )
I thinks it's in the list of to fix for next release of firmware, if i'm right.
see this thread: MKIV - What we know and don't know
Projects on the collective to do list and issues that need attending:
Network Pineapple Monkey - Seb has acknowledged its on his list and will become higher priority after 1.0.1 firmware is released. See this thread:
Adding Alfa AWUS036H to the Mark4: Darren commented: "...adding a 2nd WiFi Adapter, say with an AWUS036H, seems as likely as adding 3G -- so tethering is on the table." Official current status on getting it to work is unknown. During my trials, the Mark4 recognizes the realtek rtl8187 but does not assign it as a wlan adapter. Openwrt should have support for it through kmod-rtl8187
Combining storage and 3G connectivity in one card: "Two birds, one stone". Many 3G usb cards have microSD slots. Novatel U760 is a prime example. Darren and hfam both have these cards and seem to be working on it.
Ngrep is gone now and accessible only via SSH. (See: http://hak5.org/tag/ngrep for information on how to ngrep via terminal)(Sebkinne edit: It is gone. Dead. For now )
URLsnarf is missing from the UI page, but is also accessible via SSH. Darren's comment on the matter: "We're working on a revised web UI for sniffing which should bring together the power of urlsnarf, ngrep and *ettercap" Swoot!
Reaver is not present on Schmoocon version but will be via firmware update 1.0.1.
Reaver has not yet been proven to work - a proper how to guide is needed. Issue lies with mon.wlan0 - what is it used for? Can we remove it and add a proper mon0? Do we need to? Will it affect Karma as I suspect? (I'm going to try my hand at it today!)
Further 3G Dongle research - Darren's hints for us regarding 3G dongles: "Usually it's just a matter of "ejecting" the USB CD-ROM so that the modem reveals itself, at which point a bunch of uci network commands set the config, pppd does its thing with chat and comgt." - Need to clarify ejecting the usb cd-rom...
Add support for encrypting USB drives using EncryptingFS or perhaps even truecrypt?
Enable airdrop-ng support by installing python and other dependencies to usb drive
telot
-
Does anyone know if this will work on the pineapple mark iv?
The attack itself will work on mkiv, although the index.php file that is included in the package should not be uploaded.
Instead you can backup your existing index.php file in the pineapple folder before making any changes:
cp index.php index.bak
Open the one from the package above (MKIII) , copy the following code and paste it into the php segment of your MKIV index.php file
$isjavaup = exec("cat up"); if ($isjavaup != "") { echo "Evil Java is currently <font color=\"lime\"><b>enabled</b></font>. | <a href=\"stopjava.php\"><b>Stop</b></a><br />"; } else { echo "Evil Java is currently <font color=\"red\"><b>disabled</b></font>. | <a href=\"startjava.php\"><b>Start</b></a> | <a href=\"conf.php\"><b>Conf</b></a><br/>"; }Reboot your pineapple, and you should see the Evil Java option.
Change your landing page to redirect to /java/run.html
So far on my tests, this has worked for me, with access to metasploit working.
The only thing is, the switch status (on/off) does not work
I hope that helps, but I'm a metasploit newbie myself!
-
Issue: to be able to run the survey, you have to switch down / up the wlan0 interface and then stop / start airmon-ng on monitor interface... Can be done through the interface.
Tested with MK3 & MK4.
Noob question (sorry!)
Which monitor interface does it use, as there is the wlan.mon0 monitor interface, but isn't that used for karma.
Does this also break karma, as when I try it, I can't get an AP ?
I'm running 1.02, MKIV.
BTW, I've tweaked my navbar.php to include site_survey.php as a menu option.
Thanks again
**Edit **
killuminati just beat me to it :)
**Edit**
I've just answered my own question
I just restarted wlan0 and I could perform deauths and still have karma running.
-
Thanks! Sorry to bother, i was trying to download the past week or so and just wondered if i had a bad link i was clicking
Unfortunately the wifipineapple.com site is down.
Sebkinne is in the process of transferring it to github. :)
-
While waiting to reorder all the stuff on the github wiki, I uploaded the wps buttons scripts files here.
Thanks ! Been looking for this (and annoying many, many other posters!).
I have done a quick edit and added the link to the file on the wiki for any other noobs such as myself!
-
FYI guys, not sure if anyone else has tried this but I recently found out that the MK4 can be back powered through the usb port!
Found out while testing a USB hub.
That said, I can't guarantee perfect operation in the configuration -- it isn't exactly to spec.
Have been using this with a USB cable like Splicer recommends above passing through my USB port on my Mac/ TeckNet iEP390 Battery Pack (11000mAh). Havent tried it with a 3G dongle as yet, but I think there might not be enough draw from one USB port. Perhaps someone should source one of those dual USB to single power port power cable, giving 10v power??
-
Edit : Uploaded again to fix the run.html pointing to the comp rather than itself.Thanks Whistle Master.
EDIT : Im such a noob, i uploaded the files but not the ones id been working on, the index.html was meant to named run.html. Have renamed them and posted new link. Everything should be working fine now
Hi Hak5 community, thought i would post this and give something back for once.
Ive added and option to the MK3 Pineapple to redirect all websites to an Evil Java applet that has a payload for Windows, OSX, and Linux which is selected depending on there OS (Victim needs to have Java installed).
Screens
SETUP
1. Download and unzip "pineapple-java-applet-attack.7z" with the password "pineapple" from here http://www.mediafire.com/?5an6gg1byj23m9l
2. Copy all files from the "pineapple" folder to /www/pineapple/ replacing the index.php for an updated user interface with "Evil Java" option.
3. Copy the "java" folder to /www/
4. Click Conf next to the "Evil Java" option for commands to setup listeners.
5. Enable "Evil Java" and sit back.
ABOUT
All websites will be redirected to the Java Applet Attack when enabled (except for Google when using Chrome).
All payloads are set to connect back to 172.16.42.42 so make sure thats your IP.
Tested on the MK3 with WebUI version: 1.0.4 and Firmware version: 2.1.2
Have Fun ;)
Reflex!
do you still need the extra script to run the in metasploit?
-
I have got what I wanted by trawling though this forum:
the java applet attack script can be found here:
http://forums.hak5.org/index.php?showtopic=25498
My query still stands as, the original wiki linked back to threads from here (and still do), but some of the <bold> original links</bold> are dead/missing .
The script that reflex mentions is not located on mediafire anymore.
Please understand me, I am just trying to piece info together for myself
BTW - I have just reported this as an issue on the wiki.
I know Darren Kitchen and the Hak5 team are busy and kudos to Sebkinne for backing up the wiki in the first place.
-
the wiki is in the process of being moved to https://github.com/s...ipineapple/wiki
lol pewpew
also any issues or suggestions are now suppose to be posted on the Github site
I have got what I wanted by trawling though this forum:
the java applet attack script can be found here:
http://forums.hak5.org/index.php?showtopic=25498
My query still stands as, the original wiki linked back to threads from here (and still do), but some of the <bold> original links</bold> are dead/missing .
Should say sebkinne's github wiki (as it is now the default wiki.wifipineapple.com location !)
The script that reflex mentions is not located on mediafire anymore.
Please understand me, I am just trying to piece info together for myself
-
Hi Hak5zors,
Just got my MKIV last week and so far I am delighted, taking my time to get my head around the interface and pen-testing capabilities.
My questions is, where can I get more scripts/add-ons (WPS button, JAVA applet attack, rickroll/nyan cat) . I have gone to the wiki site, but the links are dead. Does anyone have a link to the files elsewhere for download.
Much appreciated.
Ian
Sent From My Pineapple
in WiFi Pineapple Mark IV
Posted · Edited by RebelCork
How big ar the logs?