mondrianaire

I love it when people actually come back to post solutions to problems they start threads on.

I'm sorry guys, ill get back on this in a day or so. Black Ops came out.

Flashing any firmware available at wifipineapple.com will reset your pineapple to 'factory'.

I am finished with the first review of my project, I have started another thread on it. You can see screenshots as well as give me some feedback and download the module as soon as it comes available there. Thanks.

I am almost finished with v0.1 of my offline phishing module. The premise of this module is simple. You set the ssid of an open wireless network (Free Public Wifi, etc.) When enabled, all requests will be forwarded to a 'walled garden' splash page. This will inform the viewer that they have limited access to only certain pages, and will give links to these pages. Every one of these pages are phishing pages that you can upload to the module (even your own!). Since all phishing pages are hosted locally, this module is intended to work all of the time, without internet access. It gives the user the impression that they are connecting to pages on the internet, yet all credentials are harvested. Another beautiful thing about this module is how little hardware it uses. I have been known to have up to 3 usb wifi cards plugged into my pineapple while using for deauth/wifi repeating etc... This module can be used with only a properly formatted flash drive, eliminating a need for a usb hub (and the extra power it consumes). I need Seb or someone at wifipineapple.com to verify me for module submission. I also would like to talk to Petertfm about this module. I have reused (embarrassingly large amounts of) his code from his RandomRoll module in this. Our modules are extremely similar in both frontend and backend. I would like to ask him a couple of questions/ get him to sign off on the parts of his code I used before making this public. I have tried to message him but he does not accept messages. Petertfm if you read this, please send me a message or an email at my uname [at] gmail.

I have been working on a module extremely similar to this. The only difference is that there is no reason this sort of module should not be able to work offline. The idea is simple. Change SSID to "Free Public Wifi". Reroute (dnsspoof) all traffic to 172.16.42.1. Default landing page is a walled garden page explaining that free internet access is limited to a certain number of websites, and give links to all websites (all of these websites are phishing pages). Perhaps even put in a clause about unlimited internet access for 'Premium Members'. You have to modify most phishing pages by downloading all the dependencies and referencing them locally, but after that, you have an fully enclosed offline credential harvester. You can keep it running all day, in your backpack or something, riding the train, on a bus, airports, etc.. You get the drift. On a more technical note: The main problem that I am running into is the Network Connection Status Indicator (the systray icon for wireless) that will indicate the user that they do not have internet access. A bit of digging and a great superuser post (http://blog.superuser.com/2011/05/16/windows-7-network-awareness/) shows that the way Windows detects Internet access is first by requesting a text file (http://www.msftncsi.com/ncsi.txt) , If this fails, it tries to DNS resolve dns.msftncsi.com. If both of these fail, the internet connection will show no internet access. if the second passes, but the first fails, NCSI will display a message 'Additional log on information is required', which is really the best were going to get with a pineapple, unless someone knows how to make the pineapple both resolve dns correctly, and respond to requests heading for that ip.

That worked Seb. Upgraded and everything is fine. Having some monitor mode problems now but Ill save that for a new thread. Thanks for everything

I may be misunderstanding the entire process behind this, but I do not understand how an ettercap filter would be the best way to do this. If I am correct, it is javascript that is doing the keylogging and reporting, and an iframe just displays the rest of the pages. If this is the case, would it not be easier to redirect all dns queries to a landing page that loads the javascript and then referral page in an iframe? This would not be a 'true' keylogger as it would only work while in a browser on a box connected to the pineapple, but it is far more than a 'credentials grabber' as some are suggesting. From looking at the screenshots, this is exactly what the module looks like it is doing. All queries are being redirected to pineapple: "172.16.42.1 *" the landing page is redirecting to login.php (which would house the javascript and referrer iframe redirect), and then the keylogger part is just reading a file. The implementation of this is a keylogger that will work on any webpage in a browser. It will grab all creds as well as emails, forum posts, things of the such. ...right?

Browsing downloads.openwrt.org shows that the snapshots trunk is cut off (pun intended)? http://downloads.openwrt.org/snapshots/

Pineapple Hardware Version (ex: Mark III, Mark IV, etc.): Mark4 Pineapple Software Version (ex: 2.5.0, 2.6.4): 2.6.3 OS used to connect to the pineapple: Win7 Network layout of how your setup is connected (including IP information): Pineapple gets internet from LAN/POE port connected to laptop. Can resolve domains from ssh interface of pineapple. (ping www.google.com resolves and responds) EDIT: this also happens when using an external adapter to supply wireless internet (wlan1 - AWUS036NH). All the tools/options that are running on the pineapple when the issue happened: Wireless and Cron are the only modules running Ping results from computer to pineapple: Pinging 172.16.42.1 with 32 bytes of data: Reply from 172.16.42.1: bytes=32 time=1ms TTL=64 Reply from 172.16.42.1: bytes=32 time<1ms TTL=64 Reply from 172.16.42.1: bytes=32 time<1ms TTL=64 Reply from 172.16.42.1: bytes=32 time<1ms TTL=64 Ping statistics for 172.16.42.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms Is the problem repeatable (Yes/No): Yes, happens on reboot Steps taken which created the problem: SSH to pineapple -> login -> opkg update Error Messages: Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/Packages.gz. wget: server returned error: HTTP/1.1 404 Not Found Collected errors: * opkg_download: Failed to download http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/Packages.gz, wget returned 1. Anything else that was attempted to 'fix' the problem: Navigating to the packages.gz url from a browser gives 404. -------------------- Hopefully this is me being a complete idiot, but I cannot seem to update packages on the pineapple. I have tried this on 2 separate internet connections just to be sure.

What issues with USB passthrough? in VMware? I have no issues with USB passthrough with either adapter, if I plug them in after VM has started and with USB filters.

yes, not only do os's handle dns caching differently, so do browsers. Trying a different browser (winkey + R, iexplore.exe :() This is mostly correct. It is true that the DNS is set by DHCP, but this is the case weather DNSspoof is running or not. The trick is that the pineapple is also a DNS forwarder. The way DNS works is by a series of redirects until the query finds the correct (authoritative) server. DNSspoof works by not forwarding dns queries for specific sites (the ones you configure in the settings). All other queries going through the pineapple are forwarded to the next DNS server, which I believe is google public dns (8.8.8.8 & 8.8.4.4), or to the DNS server handed out by the WAN DHCP lease of the pineapple. It is this reason that dnsspoofing will not work on a target with static DNS set. so are you saying that if someone requests a page that is not in your dnsspoof records, you do not want to forward it? You could do this by simply not connecting the pineapple to the internet (standalone mode).

Absolutely true. However a dns flush should take care of the problem for troubleshooting. Also, the easiest way to test this is with a simple ping. If you ping the domain from commandline, you can see what ip it resolves to. This takes a whole lot of variables out of the equation (i.e. browsers. etc.)

the NH is definitely oob & monitor/injection capable. The NHR will need some configuration to work, but it is verified working. http://store.rokland.com/blogs/news/3821712-alfa-awus036nhr-is-backtrack-5-linux-compatible

You could create a shell script to start reaver on a given access point (reaver -i mon0 -b [bssid]) and then execute the script when the button is pushed. You would just need to preconfigure the correct bssid in your script.