Jump to content

7ncubane

Active Members
  • Content Count

    21
  • Joined

  • Last visited

About 7ncubane

  • Rank
    Hak5 Fan

Recent Profile Visitors

1,244 profile views
  1. 手作り万年筆ショップ・中屋万年筆 via @nakaya_mannenhi

  2. Got my Mark V last year at Defcon. Didn't have chance to play with it till now. Plugged in Pineapple - after few minutes, solid green light and other lights flashing on and off. Seemed to have booted up OK. I know Mac doesn't play well with Pineapple, but gave it a try with my MacBook. I tried joining the Pineapple over wifi and also Ethernet/LAN. Same results. The Pineapple assigned me an IP via DHCP in 172.16.42.x range. Everything looked OK, but when I tried to go to 172.16.42.1:1471 on both Safari and Firefox, no server found error came up. Went to terminal and double checked the
  3. 手作り万年筆ショップ・中屋万年筆 via @nakaya_mannenhi

  4. IMHO running urlsnarf and sslstrip does not work at the same time. Also running either from modules seem buggy. Had much better luck running them from command line. Make sure you are running and logging to usb, not enough room for running from internal memory. Also seems to work better with usb swap. Seems to be not enough RAM to run stuff together esp sslstrip. I use sandisk cruzer 8gig usb 2.0. may be usb 3.0 issue?
  5. i think your firewall routing needs to be set so that port 443 forwards to port 10000 (sslstrip listening port). i can't remember exact commands but try searching "sslstrip installation guide" in the forums.
  6. Will give it a try. Thanks.
  7. Hi. If I'm using a relay server that uses non-standard ssh port, how does it work. My server has ssh port on 45678. The standard autossh command, "autossh -M 20000 -N -R 4255:localhost:22 user@server.com -i /etc/dropbear/id_rsa" doesn't work. Before I changed the ssh port, it worked fine, but too many break-in attempt with port 22. I tried adding -o "Port 45678" to the command, but didn't work. Any tips?
  8. Thanks for the reply, but how would I use it with Ducky script? I don't think you can invoke hex code value (if I'm looking at it right) directly from Ducky script, can you?
  9. How do you encode Apple/command key for Macs? Like command-I, command-O, etc. Really need these to do anything on Mac's.
  10. It seems that there are a few threads on getting the ducky working correctly on OSX, but all of them kind of stop mid-conversation or "it's in the works". Did OSX support ever get squared away? Specifically: 1. keyboard set-up dialog - did the vendor ID thing get implemented? 2. I have a ducky I bought at defcon 20. After the keyboard setup, it will type but only after pressing the black button. It will not trigger on its own. 3. Has anyone figured out how to do command/Apple key -<keystroke> sequence? Doing stuff on the keyboard without mouse absolutely requires it. ( I hope s
  11. It's working well for me with both port 80 and 443 being forwarded. Kind of interesting how some people have it working with port 443 forwarded and some without 443 forwarding. My problem with sslstrip and urlsnarf is if I'm running sslstrip and port 80 traffic is being redirected to port 10000, how can urlsnarf get to that traffic. I've tried running both at the same time. I get entries in sslstrip logs but blank urlsnarf logs.
  12. thanks for input. I can run karma and sslstrip at the same time. sslstrip on usb, set up with swap space. Make sure to use powered usb hub. I use separate power source for the hub and pineapple. Next question is, can you run urlsnarf with sslstrip? How can I set up the iptables? sslstrip needs packets routed to port 10000 but url snarf need packets directly from port 80. (I think.)
  13. Don't plug in Alfa till AFTER the pineapple boots. You probably figured this out by now.
  14. To TunezNZ - have you tried other wifi cards, dongles, etc.? It could be either driver or hardware issue. In my case, an old Hawking dongle actually works most reliably. Also ... I thought I had all this figured out till ... firmware 2.5. Since I upgraded, the connection seems much less reliable. It takes much longer to get an IP assigned by DHCP from the AP. Also when I ping various IP's to test the connection (signed in as root from the pineapple and as a client going through the pineapple), I get approximately 30-40% packet loss pinging google, yahoo, AND my own gateway. I'm in S. C
  15. Sorry for 2 postings in a row. I've been playing with sslstrip and noticed something. I was able to sniff my passwords on yahoo mail, gmail, amazon, capital one credit card, and twitter. However, when I tried Chase, Wells Fargo, and Charles Schwab, sign in pages would not even load. The the browser just got "stuck". It seems that sslstrip passes through http traffic ok and processes regular https traffic ok, but seems to be not able to process certain https sites. Anybody have similar experience? Any idea what this "non-standard https/ssl traffic might be?
×
×
  • Create New...