[Get]

Perhaps I'm doing something wrong, or I've just not enough to make it register, but the app cannot find any information about my computer aside from hostname, IP address, and mac address. But this is just from my personal machine, and I haven't tested it in the field. (Hence why I said, maybe I didn't do enough.) Any tips/suggestions?

You must first install the hidden iframe, and then spoof the target using dns spoof to 172.16.42.1 . in the redirect page there is the hidden iframe which will gather the information.

[Iptables Redirect Ip Help]

I love the idea of using 1.3.3.7:-D

would setting up that ip in the /etc/config/network file help?

If this works I vote to make it a standard for the pineapple

assuming this is used so people can hard code the ip 1.3.3.7 into there payloads and then in the pineapple ui change where 1.3.3.7 goes to IE 172.16.42.42 or maybe yourEvilServer.com:-D

Yes, that is exactly the idea :D

I'm looking into the /etc/config/network file

I already uploaded the new evil java module, but it's not up in the pineapple bar yet! If you have any other awesome ideas like this one, let me know. Cheers

[Iptables Redirect Ip Help]

Hi. I want to be able to redirect all traffic going to the ip 1.3.3.7 to 172.16.42.42! I have tried everything that came up in the google results, but none of them worked. I followed instructions, but at the end, the traffic doesn't seem to be forwarded. Can someone help me with this? Thanks in advance... ;)

[Eviljava]

would be better if all of the java/exe payloads pointed back to the pineapple say on a reserved ip that is used to pivot/redirect to another machine/server/ip/dyndns the user sets up,

basically all scripts could make use of this methods having the special ip being controlled by the user/pen tester;-)

sorry I am ranting, just a thought

I see... netcat or iptables will do the trick. I'll add a box where you can update the pentesters ip so that lets say 172.16.42.111 redirects to the pentesters ip to ex: 172.16.42.42, and all payloads are set to connect to 172.16.42.111 ! Very clever

[Eviljava]

First off all thank you both for making this available to us!

I have a small suggestion. I'm assuming that anyone who makes use of this module is very familiar with Metasploit and know how to create his/her own (java)payload.

I would be very nice (at least I think so) to be able to put your own payload in via the Web UI per OS (Linux, Mac, Windows). The reason for this is that some of us are using the MKV as a standalone device connected to a 3G modem or via the WAN interface attached to a router. So you want to be able to put your own IP address in the payload. Not just 172.16.42.42. Maybe using a reverse HTTPS connection instead of a TCP etc. Now, I'm manually editing the run.html replacing the encoded payload with my own payload.

So by enabling the user to either use your default payload or its own, this module will be very powerful!

Anyway. This thing rocks already!!! ;)

Very nice idea! I'll start working on it right away. :) Thanks for the suggestion.

[Eviljava]

First of all thanks to reflex for creating the evil java page. I just turned it into a module.

The full version of this module is yet to come...

EvilJava module - version 2.0 (CURRENT)

• Custom payloads can be uploaded from gui. They are categorized for Windows, Mac, and Linux. You can select through the UI which payload to use for a specific OS.
  
• Custom payloads can be deleted too
  
• Java applet and payloads can be saved in USB (this way you can have tens of custom payloads for each OS and switch between them very easily)
  
• You can synchronize with the GET module in order to see what OS the clients are using, and wether they have Java enabled
  
• NOTE: The listener ip changer will be fixed as soon as I figure out why all connections except metasploit work ;(
  
• NOTE: A better 'help' and support for 'OTHER' OS are coming soon
  

EvilJava module - version 1.0

• Malicious Java Applet for Windows, MAC, and Linux
  
• Modify index.php page to redirect to EvilJava
  

NOTICE: the default payloads are set to connect back to 172.16.42.42 so make sure that's your IP unless you're using custom payloads. Feel free to upload as many custo payloads as you like :)

Please leave any suggestions, or bug reports you have here. Thanks... :)

Infected Page:

[Should I Use Custom Database Or Use Sqlite3?]

Hi everyone :)

I am developing a toolkit with new tools for man in the middle attacks.

Quick question/survey : Should i use sqlite3 or should i make a text-file-database ?

[Pineapple Java Applet Attack!]

I was about to suggest the module idea.

Hey, why don't you tackle that? ;)

Seb

OK, I'll make simple module for the evil applet for now. But after I finish a toolkit (hint hint) I'm working on, I can make the evil applet work and still provide internet. Thats the reason I asked if it already worked with internet access to the client. Back to programming now :)

[Pineapple Java Applet Attack!]

Won't this method completely disallow the client to get any internet connection whatsoever. This would make the whole thing suspicious for the client. Am I right?

Also it would be a good idea if this was turned into a Module.

[Netcat Redirect Output To Php Page]

Quick question: does sslstrip only remove the 's' from https?

So if there were no http version of the website, would sslstrip still work? If yes, then how can I use sslstrip on myself?

(Sorry fo asking so many question, but this toolkit I'm making is very complex )

[Netcat Redirect Output To Php Page]

The assigning to variable thing didn't work. I had already tried that.

Darren, thanks for the reply but I can't have the output in a file because the script is supposed to be executed a few times at the same time, which will completely mess up the output file. Thanks for the reply anyway. I think that I found a way to use wget instead of netcat. I'm testing the new method right now.

[Netcat Redirect Output To Php Page]

Hi, I am working on a really cool and useful module but i can't seem to forward the netcat output to a php page. I tried

echo exec("netcat code here...")

and all sorts of variations of the above command but it doesnt seem to want to cooperate. Any ideas ?

[Urlsnarf]

Great job like always, I have a suggestion though :)

urlsnarf -i wlan0 | cut -d ' ' -f1,7

The above command displays a very clean output with the name of the device and the url of the website that is being visited. I would suggest putting an option that shows this clean output.

Another cool thing would be if you could make a database with devices and the user can select one device and it will show all the history for that particular device. That way you can keep track on what clients are doing.

[Get]

Get is a module that uses javascript and PHP to find several information about the client's browser and OS and saves them to a 'database' file. For now this module supports IP, browser type, OS type, Geolocation (if you have permissions it shows the coordinates ), MAC, Username, etc. It also detects browser plugins and MIMEs (the different| file formats and the applications associated with them). The hosts are recognized by MAC address. No duplicate data will be recorded on the database if the data for that host already exists, but it will add the data if the person visits with a new browser or makes changes to the old browser.

Get module - version 2.0 (CURRENT)

• Firmware 2.1 Compatible
  

Get module - version 1.2

• Install Database on USB Option
  
• Got rid of annoying geolocation popup
  
• Minor bug fixes
  

Get module - version 1.1

• Client History
  
• Minor bug fixes
  

Get module - version 1.0

• Add Comments to Clients
  
• MAC Address
  
• LAN IP address
  
• Host Name
  
• App name
  
• User Agent
  
• Product Sub
  
• Language
  
• Cookies enabled
  
• App Version
  
• Vendor
  
• Platform
  
• App Codename
  
• Java enabled
  
• CPU Class
  
• Screen Resolution
  
• Browser Plugins
  
• Browser MIMEs
  

Please leave any suggestions, or bug reports you have here. Thanks... :)

[Lost Redirect.php Contents]

Thank you so much guys :)

[Lost Redirect.php Contents]

I accidentally deleted my redirect.php file while I was working on a module, can someone be so kind as to paste the content of their redirect here! Thanks :)

[Wireless Usb Adaptor (awus036n) Compatibility]

It could also be used to receive wireless internet and provide that to the clients which will be connected w=by karma with the other interface. :) No laptop needed for tethering then B)

[Wireless Usb Adaptor (awus036n) Compatibility]

Hi, I just wanted to which AWUS036N ALFA product was the most compatible with the mark 4 and linux in general (for pentesting purposes)?

The Alfa AWUS036NHR seems to have the best specs but I've read there are some problems with the monitor mode. Which model do you recommend? Cheers

[Neinsager Backpack]

Yes, it is on my agenda. I have time freeing up in the next few weeks and will make this a priority. Might need some beta testers. Stay tuned :)

Sounds awesome :)

If you need help/programmers with bash/python scripting and piping send me a message. I am particularly good with piping ;D. Unfortunately I only have one pineapple MK4 so I won't be able to test the whole thing...yet...

[Mysql And The Possibilities For Custom Stuff]

Hi, I really love your idea. The programmers here should contribute with small pieces to create this database. I already started something similar for browser and OS information gathering and made a post http://forums.hak5.org/index.php?showtopic=26347 . Tell me what you think. Cheers

[Beef Php Version]

Hmmm. I didn't know there was a python version of beef..

Quick question about the SET framework: How will SET work without metasploit since most of the useful options depend on metasploit?

I personally think that it would be a good idea for some programmers here to work together and create a new SET-ish like framework for the pineapple (I personally would collaborate).

[Browser Database Module (project) Edit]

How about a page that collects browser information like browser version, os version, java enabled-or-not etc. I remember using this method on a educational research once and it works particularly well when you also make a survey about their knowledge in computers. I masked myself as their isp, made a fake copy of the isp's website (wget magic ;) )asked about simple things and in there I blended questions like "What antivirus do you use?" in order to get information beyond the limits of PHP and javascript.

For now the page supports IP, browser type, OS type, Geolocation (if you have permissions it shows the coordinates :)). It also detects plugins and MIMEs (the different file formats and the applications associated with them).

I will also add MAC addresses and a neat WEB GUI where the live hosts will be shown and you press a "Show Details" button that shows all the details for that user.

EDIT: I edited MAC, and Username, as well as the WEB GUI(partially). Now the results are saved in a "database" file which contains all the information for all the known hosts. The hosts are recognized by MAC address. No duplicate data will be recorded on the database if the data for that host already exists, but it will add the data if the person visits with a new browser. I still need to add some options and then I will make it available for testing. I updated the screenshots, hope you like it. Feel free to submit any suggestions(actually I encourage you). Cheers. :)

[[fix] Reveal Public Ip]

I agree the code stays clean and crisp that way.

But i'm not to fond with small or privately owned websites, because you never know for how long they will be up or support the service.

I think that a website like dyndns, won't be leaving the interwebs soon :)

Stability is my goal ;)

.dyndns.org websites are FREE domain names given by dyndns.com. I know this because I have a .dyndns.org site myself becuase I dont want to pay for a domain name yet.

[Fun To Be Had With Redirects]

How about a php page that collects browser information like browser version, os version, java enabled-or-not etc. (like the ones used in BEEF). I remember using this method on a educational research once and it works particularly well when you also make a survey about their knowledge in computers. I masked myself as their isp, made a fake copy of the isp's website (wget magic ;) )asked about simple things and in there I blended questions like "What antivirus do you use?" in order to get information beyond the limits of PHP and javascript.

Now that you gave me the idea I'll start working on this page right now :). I'll keep you up to date.

Edit: Not sure whether this is what you refer to as fun..

[[fix] Reveal Public Ip]

The reveal public IP option from the status page wasn't working on my pineapple with FW v1.1.1

Probably because of changes at http://whatismyip.org

I have a new piece of code for you all :)

Edit this file in your favorite texteditor: (i used notepad++)

/www/pineapple/index.php

Look for this line: (line 77 in my case)

echo exec("wget -qO- http://whatismyip.org") . "<br />";

And change it into this line:

echo exec("wget -qO- http://checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//' ") . "<br />"; 

If you want to test the code first, login your pineapple via SSH and copy/paste following code:

wget -qO- http://whatismyip.org

this will fail :P

but

wget -qO- http://checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'

will work

Maybe Seb could take this fix in next firmware release ;)

replacing http://whatismyip.org with http://icanhazip.com work perfectly too :)