newbi3

SMSer is a python infusion with a PHP front end

This is a proof of concept I have been working on, 2 factor authentication for mkV. This will be released in version 2.0 of SMSer. http://youtu.be/Csz8XJdmig0 if you are wanting to roll your own 2 factor auth before 2.0 of smser is released replace /pineapple/includes/api/login.php with this: <?php if (session_status() == PHP_SESSION_NONE) { session_start(); } $file = explode('/n', file_get_contents('/etc/shadow')); $string = explode(':', $file[0]); $string = explode('$', $string[1]); $salt = '$1$'.$string[2].'$'; $password = $string[3]; $submitted_pass = crypt($_POST["password"], $salt); $actual_pass = $salt.$password; //$submitted_key = $_POST['key']; //$acutal_key = exec('cat /pineapple/includes/api/key'); //echo exec("cat /pineapple/includes/api/key"); if(isset($_POST['login'])){ $submitted_key = $_POST['key']; $actual_key = exec('cat /pineapple/includes/api/key'); if($submitted_pass == $actual_pass && $_POST['username'] == "root" && $submitted_key == $actual_key){ exec('rm /pineapple/includes/api/key'); $_SESSION['logged_in'] = true; header('Location: /'); }else{ $message = "<font color='red'>Invalid username / password / Key</font>"; } } if(isset($_GET['sendkey'])){ $key = rand(1000, 9999); exec('echo ' . $key . ' > /pineapple/includes/api/key'); exec('/pineapple/components/infusions/smser/content/smser.py --useconfig /pineapple/components/infusions/smser/content/smser.conf --logpath /pineapple/components/infusions/smser/content/smser.log -m ' . $key . ''); $message = 'key sent to phone.'; } ?> <html> <head> <title>WiFi Pineapple - Login</title> <meta http-equiv="cache-control" content="max-age=0" /> <meta http-equiv="cache-control" content="no-cache" /> <meta http-equiv="expires" content="0" /> <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /> <meta http-equiv="pragma" content="no-cache" /> <link rel="stylesheet" type="text/css" href="includes/css/styles.php" /> <script src="includes/js/jquery.min.js"></script> <script type="text/javascript"> function ajaxRequest() { if (window.XMLHttpRequest) { return new XMLHttpRequest(); } else if (window.ActiveXObject) { return new ActiveXObject("Microsoft.XMLHTTP"); } else { return false; } } function ajaxGet(toChange, getFrom) { var xmlhttp = new ajaxRequest(); xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById(toChange).innerHTML=xmlhttp.responseText; } } xmlhttp.open("GET", getFrom, true) xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded") xmlhttp.send() } function changeElement(toChange, text) { document.getElementById(toChange).innerHTML=text; } </script> <noscript><meta http-equiv="refresh" content="0;url=index.php?noJS" /></noscript> </head> <body> <a href="#" onclick="ajaxGet('yourmom', 'index.php?sendkey'); changeElement('status', 'Key has been sent!'); return false;">Request Key</a> <div id="status">Waiting for action...</div> <center> <div style="background-color: black; position: absolute; margin: auto; top: 50%; left: 50%; width: 256px; height: 356; ; margin-top: -178px;"> <img src="/includes/img/mk5_logo.gif"><br /><br /> <?=$message?> <form action="" method="POST"> <table> <tr><td>Username:</td><td><input type="text" name="username" value="root"></td></tr> <tr><td>Password:</td><td><input type="password" name="password"></td></tr> <tr><td>Key:</td><td><input type="text" name="key"></td></tr> </table> <input type="submit" name="login" value="Log In"> </form> </div> </center> </body> </html>

Version 2.3 is now released! SMSer alows you to control your pineapple through your phone by simply sending it a text message. It does this using Multimedia Messaging Service or MMS. Through SMSer you can turn on or off karma and dns spoof by sending it key words that you would use in an everyday conversation as well as any 3 custom commands that you setup your self. Features: Turn on karma Turn on DNS spoof Turn on SSL Strip Get Status of Karma, DNS Spoof, and SSL Strip Control individual LEDs on the pineapple Control all LEDs on the pineapple Ability to have 2 factor authentication when logging into the pineapple Execute 3 custom commands New Command Line Integration Change Log: Requirements: Known Issues:

Version 1.4 is now released please update :)

Fixing this right now actually :) It will be available very shortly!

Why is a script needed? Just put it in the /etc/rc.local file

I like it :D I am going to send you a message in a minute.

So on the mk4 there are two ports the PoE Lan port and a WAN port (eth0 and eth1). The wan port is configured for DHCP when connecting with a wire to a wide area network. Now, what if we want to use it on the pineapples lan? Easy, lets get started. NOTE: You will not be able to use the WAN port to connect directly to a network after doing this! You will, however, be able to use it to tether from a laptop or whatever you use. 1. SSH into your pineapple. 2. nano /etc/config/network 3. Comment out "option ifname eth1" under "config interface wan" (It will look like this after) config interface wan #option ifname eth1 option proto dhcp 4. Change "option ifname eth0" under "config interface lan" to the following option ifname "eth0 eth1" 5. Change "option device eth0" under "config switch_vlan" to the following config switch_vlan option device "eth0 eth1" option vlan 1 option ports "0 1" 6. Save 7. Reboot your pineapple I hope this helped someone :D

Wouldn't it be nice if there was another device (such as a tplink) thats only purpose was to crack WPS and WEP automatically and then send those keys to the mk4 to connect to those networks in case your open network goes down or there are none in the area.... Also what if you could switch attack modes on the 3rd device by using the WPS button on the mk4 or the dip switches on the mk5....... You got my wheels turning Darren :D

Evil Portal works great. There is nothing that needs to be changed on it to get it working.

Check out SMSer. Also I have been working on this exact functionality for SMSer 2.0. Post your code though I'd love to see how you are doing it :D

This is kind of just a pointless funny thought I had that maybe someone will take literally. What if whitehats started writing malware that, when infected a machine, would check for things such as the firewall turned off, internet explorer as the default browser, no AV installed/updated and then would auto-correct these issues and even educate the users on basic security practices. I just thought I would share that, I think it would be a funny thing to do :p

:D I am already working on that functionality for SMSer 2.0 actually! This version is a complete re-write and because I do not have time to develop the 2.x version it will only be available on 3.x and 1.x for the mk V. I will however, make 1 last update for 2.x this weekend so people who are using older firmware don't feel abandoned.

Give me some time I'll put together a tutorial for updating SMSer on 2.x.x this will only update the backend of smser there will be no changes to the GUI

I'd be happy with like 15% off :D

I wrote this program to notify me when the mk 5 was available. I released it to people in IRC when I wrote it because I didn't want everyone to get to the mk5 first :p (there have been updates to it since the version I released in IRC) #!/usr/bin/python ''' Author Newbi3 Date October 10, 2013 This script will get a hash of the hakshop and compare it to a base hash. if the hash changes then you know that there has been an update to it such as the new pineapple :D ''' import requests import hashlib import smtplib from time import sleep url = "http://hakshop.myshopify.com/" baseHash = "" account = "youremail@gmail.com" password = "yourpassword" number = "1234567890" gateway = "texting.net" def sendMessage(message): ''' Login and send the message to the user ''' server = smtplib.SMTP("smtp.gmail.com", 587) server.ehlo() server.starttls() server.login(account, password) headers = "\r\n".join(["from: " + account, "subject: pineapple", "to: " + number + "@" + gateway, "mime-version: 1.0", "content-type: text/html"]) content = headers + "\r\n\r\n" + message server.sendmail(account, number + "@" + gateway, content) server.quit() def compareHash(newHash): ''' Compare baseHash with newHash ''' global baseHash if (str(baseHash) == str(newHash)): print "No updates yet :/" else: baseHash = str(newHash) print "Something has been changed! " + newHash sendMessage("Something has been changed at the shop!") def getHash(respondse): ''' Get the sha224 hash of respondse ''' return hashlib.sha224(respondse).hexdigest() def removeShit(html): ''' Remove shit from the html code that makes the page to dynamic ''' lines = html.split("\n") for i in range(0, len(lines)-1): if ('<script type="text/javascript">var __st={"a":682142,"offset":-25200,' in lines[i]): lines[i] = "" return ''.join(lines) def makeRequest(url): ''' Make the request and return the code ''' r = requests.get(url) return r.text def main(): ''' Start the program ''' global baseHash baseHash = "" baseHash = getHash(removeShit(makeRequest(url))) print "Got base hash " + str(baseHash) sleep(30) while True: r = makeRequest(url) compareHash(getHash(removeShit(r))) sleep(60) main() Even though the mk5 is out now this same code can be used to monitor other sites as well or aspects of it may be useful to your project. Just give me credit :D

SUPPORTS PYTHON RIGHT OUT OF THE BOX! HELL YEAH :D

Another thing that points to custom hardware is the different color of the USB ports in the pictures. This tells me that there have been different revisions of the hardware. If they were buying something off the shelf we probably would not see that

After a lot of googling around for Orient Power Home Network I found that they are a branch of Orient Power Holdings LTD. This company is based in China and they develop Home Entertainment equipment, Car Electronics, and Networking Equipment. Now, finding that they don't really have a website I'd say its safe to assume that they are a smaller company that develops hardware for other smaller companies and organizations. Put everything together and I would say we are looking at a custom board :D http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapid=4497446

This is becoming a problem outside of this infusion. Please make a thread in the MK4 forum :)

There is a micro sd slot on there you an see it in the pictures. That is to big to be a micro sd slot and in a very strange place for one as well. The pins on the back I am assuming are UART which means to more disassembling to re-flash it :D

if you look at the right hand side of it in the video you can see that there is a removable tab... I'd say its for a GPIO...

accept it. The key changed when you updated/reset your pineapple

run the following commands: cd ~ rm -r .ssh ssh root@172.16.42.1

Yes IRC is fun :D