dustbyter

Sorry, haven't had time to play with this given the holidays. I'll play with it hopefully next week and provide some updates.

I converted the project to a console application and it worked flawlessly. Hmm - making me wonder if the issue is in the agent's project. The idea is that there are agents that get deployed on various windows boxes on a network and you have a way to speak to them. Tried it on WinXP, Win7, Win10 systems thus far and it fails on all them with the error as described in the first post. Just stumps me as not sure why the application won't get access to the clipboard.

Thanks for this I'll check it out and try to run the code through a little application with just a main. Current set up is to have it pull the clipboard remotely. Was trying to extend a project that was provided as training material from a BlackHat course I took.

Hi AlfAlfa, I'm looking to implement the API for reading the clipboard. Seems it keeps failing. I can't figure out why. When stepping through the code with the debugger, it works. When running the executable, it fails. wchar_t *getClipboardText(void) { if( OpenClipboard(NULL) ) { // if we don't find any text of UNICODE format, then we can't copy it if ( IsClipboardFormatAvailable(CF_TEXT) || IsClipboardFormatAvailable(CF_UNICODETEXT) ) { HANDLE hToken; wchar_t *wGlobal; hToken = GetClipboardData(CF_UNICODETEXT); if ( !hToken ) return L"Error-no hToken\0"; wGlobal = (wchar_t*)GlobalLock(hToken); GlobalUnlock(hToken); CloseClipboard(); return wGlobal; } else { return L"CF_UNICODETEXT format text not present, or no text on clipboard"; } } return L"Error-Cannot Open Clipboard\0"; } After adding the IsClipboardFormatAvailable() API call, it fails here... and returns return L"CF_UNICODETEXT format text not present, or no text on clipboard"; Prior to adding this API call, it would fail on the GetClipboardData call. I copy ANSI and UTF8 code, so i know what is on the clipboard is valid to be copied... but it doesn't work unless im debugging Any ideas? I'm just starting to play with win32 API

Any win32 coders that can help answer a question regarding the clipboard API?

very cool! thanks for sharing

Similar sentiments are appearing for other areas as well. For example, the same is being pushed for the automotive space. You can't touch a car to try to fix it, because your a licensee holder and you should visit an authorized rep to fix it on your behalf. If you touch it, the warrantee is void. I read about this with regards to car and the John Deer farm equipment.

Anyone that can help with this? This library is a requirement for the dns2proxy that would facilitate the SSLSTRIP infusion.

Can someone help me out by cross compiling pcapy for OpenWRT? This is required for the dns2proxy.py which can be used to run a tool to help with the HSTS!

I guess the library can be cross-compiled for MIPS and then moved to the pineapple. Does anyone have an OpenWRT development environment already set up that can cross compile it? I got an error message when trying to compile it through the device directly. mips-openwrt-linux-uclibc-gcc -fno-strict-aliasing -Os -pipe -mips32r2 -mtune=mips32r2 -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -DNDEBUG -Os -pipe -mips32r2 -mtune=mips32r2 -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -fPIC -I/usr/include/python2.7 -c pcapdumper.cc -o build/temp.linux-mips-2.7/pcapdumper.o unable to execute mips-openwrt-linux-uclibc-gcc: No such file or directory error: command 'mips-openwrt-linux-uclibc-gcc' failed with exit status 1 Lastly, I also checked using opkg find pcapy, and it was not found there. That would have saved me this effort!

Has anyone gotten to install the PCAPY library from Core Security (http://www.coresecurity.com/corelabs-research/open-source-tools/pcapy) on a Pineapple?

I had gone by the Optiv booth at Blackhat. Didn't notice if they had any on hand as it was said they would prior to the conference.

Oli, think most have missed the firmware download... the github site shows 404 now for some time.

Seb, I'm having a similar issue with my one device. Wlan1 just keeps disabling. I have FW 2.3.0 currently installed. Is this something to be fixed with 2.4.0 or does it sound like a hardware issue? Thanks!

I agree with Seb. The files used by Kevin are probably private that he has written or modified. The first one appears to me to be just a DNS spoofing script. This would then route users to the custom site that is cloned and running on the pineapple. SET was probably used for the cloning. For the injection of the files, can't that just be done with a proxy? Ettercap can probably even do this, but since you already have control of the victim's traffic, then all that is required is that you modify your cloned page to serve the required update.

If you have a list of domains or ip addresses to block, you can set up iptables to do this. An interface to manage ip tables for the device would be an infusion.

As Oli stated, don't expect to see any updates for the Mark IV. With the new Mark V all the focus is on this device. From a support perspective, I imagine the MIV may be able to run MITMF, but it would fail and crash frequently. We saw this with other infusions as well. Hopefully, we will see it on the MITMF. I have not personally looked into MITMf, but as long as the MIV can run python (which it can) I imagine it can run.

The idea of adding additional code to an APK is that you can modify the smali code and get it to instantiate a class which you have added to the APK. Understand what the process is at a high level and then use the python script and try to understand what the process is that it is performing.

Tried to download the pixie ipk and it is asking for a decryption key on Mega?

Was not aware of this.

Hi All, I'm looking for a Toorcon 14 badge. Anyone have one sitting around that is not using it? Thanks!

Hi ARDETROYA, thanks for providing some more details. its a pretty busy time for me this period with work. I'll get on top of this as soon as I can find some time.

I'd recommend you try to delete the infusion and then reinstall it. The database should be found without any issues. you can always check the /etc/pineapple/ folder for the get database location file. It tracks if it is on the SD card or on the internal storage. It has been some time since I had looked at the code in full, i realized that the whole attack relies on karma, this is how it gets the MAC address and IP that are shown in the table. As karma is no longer a suitable attack for modern devices, I need to re-engineer that piece of the code. I guess I could look at the IP address from the HTTP headers and then do an arp to identify the mac address that it belongs to. This would then break the requirement of using karma for the infusion.

Can everyone report what issues your having with this infusion? All known issues have been remediated thus far. If your having issues, please provide the following: * Description of issue * Configuration of Infusion * Version of Get Infusion * Version of MKV firmware Thanks!

The purpose of this infusion is to get information about the client connecting to the pineapple. Specifically, the information gathered is about the browser plugins installed. You will need to set up the get database and install the iframe. Then when ever someone connects and tries to navigate through the browser, you will get the info described above.