newbi3
-
Posts
1,022 -
Joined
-
Last visited
-
Days Won
62
Posts posted by newbi3
-
-
I’m curious if the screenshot code could be rewritten to stream the display, even if you could only get 32fps. Sound wouldn’t matter so much if you’re in the other room.
I’ve connected to a few Smart TVs before but just for the purpose of capturing the browsing traffic. Don’t have time to “mess with people” but the above would actually be a useful hack around the house.
I noticed that from the android app they have you can stream the the video and audio from the tv so its completely possible. It might be documented somewhere I've just never looked into because I've been so busy lately.
-
SQL Injection doesn't have to just occur on a webpage. It could be exploit in any application that talks to a SQL database. Consider this for example:
There is a game that stores all of its user creds in a SQL database. The user is prompted to login and the username field isn't sanitized before checking against the database. If the user entered something like john' then an error would be raised. Now the only other thing that would need to happen is the sql error be displayed on the game somewhere. Or depending on how the errors are handled the SQL error could be returned to the client but not displayed on the game but if you were doing a pcap you would be able to see the error in the packets captured.
-
Interesting. I'll get this fixed thanks for reporting
-
What browser are you using? Also did you change the default port or anything like that? Inspect the element and see if you can see an iframe there
-
The only time that the live preview will show is if no dog splash is running. I don't really have any good ways around that.
Also the phishing notice from my last post was not directed towards you.
-
Oh, finally we are getting a new firmware, it's been a while.. That Pineapple developer is sure taking a long time...!
Well stackoverflow can only respond to all of the topics he creates so fast. It takes a while. And then he was to figure out how to compile which takes even longer
-
Please don't post anything regarding phishing especially not for credit cards! I don't not want to be held responsible for anything and that also applies for Sebkinne and the rest of Hak5.
Hak5 Ninja - Thanks for all the time that has gone into this infusion. It looks like a perfect tool if I can get it working well. Pretty new at this but have a few cloned pages from github I wanted to try. Coming across 2 issues after your excellent tutorial at present:
1. The devpreview tab is working fine, but even after config of NDS and a reboot of the MKV the live preview fails to show anything, regardless if accessed through the tile or tab.
2. On the Edit Portals HTML editing tab, I copied a pretty lengthy set of code from a github clone for a popular mail website...it shows, but when I save or move off the tab and come back to it, it just shows my previous short demo code that I copied from your tutorial.
Hope you can help
G
I will look into this for you. Also my title is "hak5 ninja" my name is newbi3 haha.
-
Setting up a captive portal to phish a specific website would not work because you can't just make them visit the captive portal if they are trying to go to a specified website.
To answer your other question; try it.
-
-
Advances in mathematics are not that frequent but when they happen the revolutionize encryption. The most secure cryptography today will one day be weak encryption that you shouldn't use.
-
In a client-server model the server is the one at accepts connections and the client is the one that initially creates them. After the connection is created they can both send and receive data to and from each other.
Happy I could help!
-
newbi3, The Clear dongle is a Wi-MAX transceiver. Works with the Clear wireless covered areas.
Thanks! Unfortunately they have very spotty coverage where I am located at.
Just for full transparency since people have donated. I haven't yet started working on this project. My work schedule has gotten super busy since I initially created this thread. Things are starting to get back to normal speed now so in about a month I will have time to get back to pineapple development. This infusion will probably be ready around con season
(july-august time).
Thanks to all of you who have donated :) I really appreciate it!
-
I am assuming that the server it running on your host machine and that the client is running on your pineapple correct? I also assume that the above code is running on your pineapple?
If my assumptions are correct, your issue is that you need a stream_socket_client not stream_socket_server
http://php.net/manual/en/function.stream-socket-client.php
You can use netcat as your server and you want even have to write any code.
If my assumptions above are incorrect then i point you to the stream_socket_server documentation: http://php.net/manual/en/function.stream-socket-server.php
-
Maybe in the next generation of the ducky you will be able to plug in a dongle to a machine and then send your payloads to it over bluetooth or over a network. That would be interesting.
-
The pineapples web interface is in /pineapple/ on the pineapple /www is the directory for the other web server running on port 80. To get to the web interface visit 172.16.42.1:1471 <-- notice the :1471, that is because the port that the management interface is on is 1471.
Also the webserver on the pineapple is Nginx (engine-x) not apache, this is because Nginx is much smaller than apache and a crap load faster.
-
Side rant: A+ is such a basic cert and wont land you a job but why the hell isn't every highschool teaching students the material thats on the A+? All of that stuff is so trivial anyone with half a brain could learn it.
-
i have clear USB wifi hot spot Voyager They Work pretty good in the field I have two One I dont use anymore Would that help?
Is it a wireless hotspot or usb modem?
-
Hey guys, I was waiting for my order at a restaurant the other day, and was given a transponder to let me know when the food was ready to be picked up. I noticed on the bottom that there was a frequency listed there... 457Mhz with some decimals which I have forgotten.
Now, I'm not a fan of doing stuff that's illegal, but I thought it was kind of interesting and wondered if there was a way to screw around with that system. Not that I'm upset with the restaurant by any means... but curious if it was possible for us to transmit at the same frequency as those pagers function on. Anyone know what gets transmitted, or if it's just "noise" that gets transmitted at that frequency that the device is expecting to pick up?
I did a lot of research on this a few months ago but wasn't able to find anything about what is sent to them. I was going to get an SDR and try to figure it out but I don't have as much free time for stuff like that anymore
-
run "top" from the command line to monitor your systems load
-
That movie was awful
-
Unless you share those ideas or a categories no one knows if they have the same interests as you
-
I have a macpro and a macbook pro the built quality is amazing the screen looks beautiful (on my macbook pro) and they can both handle my large amounts of development that I do on a daily basis. My mac pro is a dual quad core xeon (clocks at like 3.4 per core) its 8 years old now and its still a freaken powerhorse. My macbook is only a few months old now but it will definitely last 4-6 years if I dont upgrade before then (which I will). Battery life is amazing, I run at 14gb of ram and 80%ish cpu throughout the day and it doesn't freeze up at all. Everything being said, don't get a macbook for yosemite. OS X really isn't that great, way better than windows but if it wasn't for me needing certain proprietary softwares id be running linux on both machines
-
I Googled this a little but I'm not exactly sure how one would implement it. Would you make your own vulnerable site as a captive portal? How would you get their keystrokes when they navigate to other sites?
You would need to inject the JS onto the web pages, you could use the strip-n-inject infusion for this on the pineapple
-
dns spoof *.* to 172.16.42.1 and nodogsplash will workAh i see you already tried that. Just use the infusion lol it will configure nodogsplash automatically for you. You can always do it yourself but you might was to look at how EP configures it to get an idea
(to busy at the moment to post the code)
A Website without a Domain Name?
in Questions
Posted
A domain name and webserver are two separate things completely. A domain name just maps words to an IP address so not having a domain name is no problem at all