airman_dopey

I happen to remember your post. http://forums.hak5.org/index.php?/topic/28761-ip-subnetting-question-share-your-own-experiece/

Assuming the poker site is not running HSTS (preventing unsecure connections, or straight HTTP vs HTTPS) then yes; you could sniff the traffic in route. Perhaps it is simply my infancy into security (only been working at it a couple years) but I would assume gaining their login creds (or capturing their credit card numbers if you happen to be sniffing at that time) would be much more detrimental than monitoring what they are doing inside the game. From there you could easily (I assume) log in as them, sit down at your table, all in real cash, and lose. Bye bye money. If the site is running HSTS you would need to create a dummy page that looks like the real deal (no pun intended) and trick your target into logging in to your page. Also not sure how much info you're looking to give. DO you want to suggest SSH/VPN tunnels? Do you want to explain what is being done? Or are you simply looking for scare tactics (very effective and nothing wrong with it).

Number one is extremely easy to accomplish as there have been numerous topics done on it in the past. I am unsure on number two though unless you are simply referring to capturing credentials (similar to capturing banking login creds). Anything further and I would be concerned with the legal ramifications from openly attacking another company for the sake of posting on your site.

Have you tried getting help from pfsense's forums?

Hey guys! Wanted to let you know that the Cred Harvester has been released! We have tried to cover all the bases as far as sanity checks, requirements, etc but no one can get everything first try. If you guys find anything please let us know and we'll get it fixed ASAP. We're also close to having the main framework and install procedure finished, so we'll keep you posted on that. IN the mean time, try out the fruit of our labor and let us know what you think! Sanity Check Menu Main Menu Loading Selected Programs Program Running (Pictures courtesy of ShadowBlade72)

Image is not what they are making. It was an artist's idea of what they are working on. Actual prototype has not been released.

Pineapple works with 5v power. 7v would be fine if it outputs enough amps as well

Digip won't stop until the world is covered in tinfoil. =P Seriously though I would change the SSID. Other than that I would make your AP mobile and see if you can find where the deauth is coming from.

Hey Ham, I too have been into computers all my life. My Dad brought home an 8086 when I was younger and I would sit and watch him mess around in the CLI for hours at a time. He used to get mad that I watched him, but I didn't care. I was hooked. Joined the military where I got into networking a lot, and eventually discovered what pen testing was, so started learning that. My knowledge has grown from simply migrating through the different ways computers work, to how they talk to each other, to how you can manipulate the conversations. When I discovered Hak5 that's when I really started buckling down and learning what there is to know about ethical hacking. I started reading everything I could find; from news stories to forums on here. I installed backtrack. I watched old episodes of Hak5 and listened for each thing they were doing. If there was mention of a tool, program, ability, etc that I was unaware of I would write it down, pause the show, and research the hell out of it. TBH it was slow learning, but it was not spoonfed. I earned every bite. Once I bought the pineapple (this past Christmas) I decided to get more into things you could do with the honeypot besides simply 1-click pwning. I wanted to see how the tools worked on a PC and if I could simulate the modules (with the exception of Karma). Once I started that, I got together with a friend of mine and we're seeing how much we can make our own tools to expand the abilities of the pineapple to a (Pi)neapple or a pineapple connected to a laptop. Then it was finding out how to use those same tools without a pineapple. Long story, and I'm sorry, but I do not know how to "point you in a direction". All I can do is explain what I did to get where I am at and see if any of it can help you. DIg into the different tools available. Learn about what they do and how they work. Understand the trusts that they are abusing. When you learn that, think about how you could take that and use it in different situations. Hacking seems to be more about imagination than raw technical ability. It also depends on where you want to go and what interests you. Some people like the exploitation end of things. Some people like to code new software to do new things against a target. Some people really like getting into fuzzers and manipulating programs to do what they weren't intended to do. I personally dig the exploitation side. But my interest is finding out what takes people a long time to do and finding ways to speed up the process. I also love to pass on what I've learned. So for me, that's the contribution I most enjoy making to the community. See what's out there and what you can do. Don't get frustrated with it. Learning something this complex takes a long long time to master. If it is important to you, you'll persevere. If you simply chose to dabble in it, that's fine; but don't expect to do these great amazing things that you see others that have spent lifetimes honing their trade. The important thing is to read, research, and practice (in legal environments, such as a lab, a VM, etc). Ask the community for assistance, but don't ask for knowledge you haven't first tried to get yourself. Help others help you (a tired cliche). And enjoy the hell out of it because this stuff IMO is the most fun you can have on a computer! P.S. Sorry for the book. I'll get down off my soapbox now. ;)

The anker 3s are good. Should be fine with that.

It does fade in. You don't see it because each pixel fading in is the exact same as what it is replacing. If you overlay red with a more opaque version of the same color and shade, you will not see the opaque version. Only colors that are changing are those from the second image fading in (black to whatever the picture is) so that is all you see.

It doesn't tell you the amp output. One of the reviews states it is only 1a output (same as the pineapple juice). Get something with at least a 2.1a output and you should be good

Most people on here get the Anker3 10000, a bud of mine got the 8400 and has had no complaints

Known issue (at least it's been reported numerous times in the forums). Certain flash drives work better than others, but if you want it to work properly off battery power you'll need a beefier powerpack. Most people recommend the anker.

Hey guys and gals! Been working hard on the latest HaxorBlox release coming soon. Wanted to give a little sneak peek of what's coming down the pipe; Cred Harvester! Looking at the problems the Pineapple has had with running multiple tools at once, we wanted to see what we could do using a (Pi)neapple setup or offload the tools to a computer while keeping the simple interface. Hopefully you guys dig what we came up with. Similar to Easy-Creds (although we had the idea prior to discovering the tool) we decided to have a simple script that would handle Ettercap, SSLStrip, DSniff, URLSnarf, Hamster & Ferret (Sidejacking attack), and NGREP. In addition to dumping the output to a nice log file automatically, we wanted to have a simple display showing real-time creds as they are captured. We were able to filter the output to prevent duplicate creds displaying, and wrote a simple filter wizard to only display real-time URLSnarf data that you ACTUALLY NEED to see right now. No data is left out of the final report (with multiple logging options) so you can still get everything you need, but see real-time only what you want. (As a side note, we also do not blanket wipe out IPTables or anything like that. Every check is done to attempt to keep your system the same as what it was, while only changing and cleaning up what's needed for whatever program you choose to load.) The tool is in the final stages of being created, and we still need to sanity check and do some final polish, but we should have it released in the next week or so. We are REALLY excited over this addition and we hope you guys are too! If you have any ideas, comments, or feedback we'd love to hear it! Main menu of Cred Harvester Loading Screen Action shot

First, this should be posted in teh jasager section The device is used to attract other devices onto your network, not pickup wifi.

Thanks guys. Very good points. I consider myself only a step above script kiddie myself as I'm working in bash scripts to automate a lot of these attacks (and not writing these eloquent tools in better languages), but I do agree that chances are the skiddies would have a difficult time just modifying something like that. I like that idea and I think that's exactly what I will do. Thanks again guys.

So I have a bit of a moral dilemma (as the title states). If you guys haven't seen, Shadowblade and I released the passive fingerprinting script about a week ago as a teaser of things we're working on. Well, we are getting closer to releasing our second tool, the cred harvester. Basically this will be an easy to use tool incorporating sslstrip, ettercap, urlsnarf, dsniff, hamster & ferret, and ngrep. My dilemma is this: On one of Darren's episodes he shows strings capture credit card numbers. Assuming they work (I haven't had the ability to test it yet) this would give a lot of script kiddies using this site the ability to capture said information extremely easily. It seems to me that there was no problem including it on the pineapple at the time. However, it was pulled due to the tool being too "resource intensive". My question is this: am I being socially irresponsible by making it super easy for people to capture that type of information? Should I leave it in a private copy of the program and released a defanged version? This probably sounds silly to a lot of the professionals here, but I am only now trying to get from a netadmin/sysad into the security scene and I am looking for a little guidance. Thank you for anyone willing to offer advice.

I made 2 images. First, I made the picture black and pasted the picture on the left. Add the title you want on the bottom. Save it as your first image. Without closing it, add the second image (without changing the first) to how you want the final to look. Save it as image number two. (IN case that still doesn't make sense, the first image will look normal on the left and have a lot of black on the right). Now display your first image in the video. When ready, FADE IN (NOT CROSSFADE) the second image. Crossfading will cause the first one to dim. Fading in will leave it unchanged.

This isn't EXACTLY true. Most people have found that the Sandisk Fit 4gb sold in the Hakshop will NOT work with the pineapple juice, over a laptop or computer USB, and other power sources (I've discovered it won't work using most cigarette lighter USB adapters either), it does work with battery packs such as the Anker that output a much higher source of amps than typical USB. You are correct that the device manufacturing is not Hakshop's fault, I find it questionable that the Hakshop would continue to sell a product that is known to have issues with different power supplies. I too was disappointed when I learned the hard way that my hard earned money was wasted on a device that should have worked well together. I believe the device should be pulled from the shop as this type of customer service does not bode well with most people.

I am an A-hole for not liking the post. Thank you again, as this is what we used for our tool. Thank you again!

Hey guys and gals. ShadowBlade72 and I have spoken about tools we're working on to be used with both BackTrack 5 and the Pi for use with the pineapple or through simple arp spoofing and the like. Well, we've finished our first tool and are releasing it as a "sneak peek" for what's to come. You can find the post over at the Applications and Coding forums here: http://forums.hak5.org/index.php?/topic/28677-hax0rbl0x-sneak-peak/ We wanted to tell you guys here as we designed them to be used with the (Pi)neapple platform as well. Please let us know what you think!

Hey everyone! Shadowblade72 and I are proud to present a project we've been working on for months; Hax0rBl0x! This framework is designed to have a central menu that allows you to pick and choose which attacks you want to use in a pentest. These tools are also being designed to function on Backtrack 5 R3 for use with a computer, or for use on a (Pi)neapple attack platform. We also want the ability to add new tools as we produce them. We will be updating this thread from time to time to announce new updates and new capabilities. If you guys have any suggestions, requests, bugs, or anything else, please let us know. List of tools: -Hax0rBl0x.sh: This is the main menu framwork that allows us to add more tools by simply dragging and dropping files. -Passive OS Fingerprinting: This is a passive scanner that will read information from passing packets to find OS, Browsers, Apps, Open Ports, uptime, Host type, and manufacturer of each host on the network (or on your pineapple) -Cred Harvester (Now with Arpspoofing built in!): This is a tool similar to Easy-Creds or YAMAS, but extremely polished to harvest creds, cookies, social security numbers, or credit card numbers from selected targets. The info is then displayed on an easy to read summary on screen and dumped into an easy to read report for further perusing. The programs launched are Ettercap, SSLStrip, Dsniff, Hamster & Ferret, NGREP, and URLSnarf. The link to our code can be found at: http://code.google.com/p/hax0rbl0x/ NOTE: We are still working on getting the install code working properly as we just switched to Google Projects, so stay tuned!\\ EDIT 2/21/2013: A couple of things. We've gotten Google Code working nicely and are working on getting a streamlined install working properly. also, this tool set has been tested on both BackTrack 5 R3 and the Pi. We make no promises that it will function at all on the pineapple itself.

I had the same problem. For me a reflash (without doing anything to the sandisk) fixed it. Cannot tell you what the actual fix was though

Umm, regardless of voltage, USB is DC....