dustbyter

I have not seen any issues with using SFTP to transfer files, but I have to say the files were much smaller, on the order of 10-20 Mb. Does the device hang, or just the transfer is terminated?

The use of quotes in a SQLi injection string drive the completion of values in the where clause of a conditional within an SQL statement.

This would make the conditional in the SQL statement always return true. I can see the query being something like this: select <fields from table> from users where username = 'a' If the application is not binding the input to the search fields, then they are concatenating and making the statement become... select <fields from table> from users where username = 'a' or ''='' The second part of the conditional is or '' = ''; empty string will always be equal to empty string, thus, the whole condition would return true. The first part username = 'a' would be false, but when evaluating false or true, the result is true. Hope this helps.

Looking at the image you provided, I don't think that is Javascript, or it can be driven by javascript, but I think its a div tag that is hidden and displayed when required.

To put the modules in the USB it would take some configuration at the OpenWRT level, and then it would require you to update the module manager to reference the /USB instead of /SD path. This I would consider the correct way. You can try shortcut it, but getting openwrt to consider your usb as /sd. You'll have to do some research as I don't have the notes for doing this handy.

I'm no where near where the training is occurring. I would not be attending :)

The package installed successfully. When you try to run a tool from that package, do you get an error? For example, what if you ran the below. Does it work? easy_install requests I get the error shown below, I would expect that this package would be installed by the installation process as it does on other systems. Traceback (most recent call last): File "/sd/usr/bin/easy_install", line 5, in <module> from pkg_resources import load_entry_point ImportError: No module named pkg_resources

Has anyone tried to use opkg to install any packages to the sd? I ran the following command to isntall pythong-setuptools, and it seems to fail at some point, b/c its looking at the /usr/lib/opkg/info directory on internal storage instead of the sd, even though i specified the -d sd in the command.

The module has been submitted for addition to the ModuleManager. It should be up shortly. Module: base64encdec Version: 1.0 Features: Base64 encoder and decoder

I would copy the code to your PC first and start to study it. Analyze it and comment it in order to understand how and why things are working. If you jump right into it, i think it will be a challenge.

My recommendation is to take one of the already written infusions and understand how it works and why it works. This will help you establish the foundation for writing an infusion. Next you can take one from the MKV or Nano and analyze the what is occurring with respect to the calls that are made against the device to install packages, etc. You can try to port those commands over to the MKVI if the device has the space to store the dependencies that are installed. You may need to set up expandable storage on the USB stick.

Hi, I don't have my nano and am working on converting the get module for the nano. Can someone share their PineAP log? The file is stored at /tmp/pineap.log. Their should have been individuals who were connected. Thanks!

I have to agree with Whistle Master. Additionally, the API has changed from previous versions of the MK. The new interface uses AngularJS and this is new for some as myself. We are doing this for fun, to learn something new and at the same time give something back to the community.

Cool thanks will do!. I don't have my nano yet. So i'm on ubuntu anyways. I'll patch it there and move the updated files when I get it to the pineapple

Good opportunity for me to learn how to patch a file. With the patches you have created above with the differences, can you provide an example of how to patch the respective files?

To add on to what Seb stated... check the etc/opkg.conf file. You can see the mapping to the sd card. In older Pineapples, it was listed as usb. opkg --dest sd install <package name>

Made a bit more progress on this script. Now I can provide a street address and get back 100 networks that are listed near it. The output that is returned from the script is shown below. One could run the command-line module to get the results and then convert them to a format that they can post on Google Maps. Gonna have to see what needs to be done to make this a command-line module. Sample execution:

Since from my understanding the Nano and the MKV are mostly the same, the ability to port the UI to the MKV would not be very difficult.

Regarding the module's I've got. I don't have a Nano yet, once I get one I'll work on porting the modules over. Instead I've focused on starting to write a new module, that will be a command line infusion/module that will act as an agent to get information from Wigle. Since its command-line, it will work also on older pineapples. But the module (GUI) is planned as well. thanks!

Hi All, I've finally had some time to pick up some development for the pineapple again. Starting working on a Wigle agent that will be set up as a command line infusion/module which the rest of the modules can use also. Right now, I have it able to search for a location based on a mac address, or to pull back some information about all networks that are found when searching by an SSID. Looking for ideas on what else you would like to see implemented. If your interested in trying it out, I have started to run it on my MKV. When developing it on my PC, the results are returned pretty quickly, on the MKV, it takes some time. Not sure where the bottleneck is at this point, but will work on it in the future. Have not tried it on a NANO, as i don't own one yet. You will need to install some packages on the MKV to get this to work correctly. I don't have that list handy right now, but try to run the script and python will tell you what libraries it needs installed. Looking for some feedback. Thanks! Note: Below is the code for the three files you will need to create. Place them in the same directory. Location on the pineapple doesn't matter. To execute the script, the command line is (with sample output): Example run (search by ssid): Example run (search by macid): wigle_query.py testWigleAgent.py helpers.py

:)

Did some research, and seems that its a user issue. Since my service is running as a different account, it cannot reach into the clipboard of the active user, as they have a "different" clipboard. I would need to somehow figure out a way to sign in as that other user from my service. Probably not worth the effort, since the DLL injection works just fine.

Exactly! I'll see if there would be a way for the system level process to get the clipboard as well. I don't see why that would be prevented...

Worked on this a bit today and didn't have any luck. Starting to suspect maybe some type of permission issue?? although its not a very critical task... just reading the clipboard. From a goal perspective, I am able to load a dll into memory of target machine and read clipboard that way, but would have been nice to add it to the stage 1 executable. EDIT: When the process runs as Local System (service) then does not work. But if it runs as a user who is an admin on the system, then it runs just fine...

I know the text is in ASCII or UTF8 format as i would copy a string like "The monkey" from notepad. I tried the same code, but having it be injected into memory and it runs then. So something is going on with the process that is first loaded and not the code itself.