# chriswhat

Active Members

118

5

1. ## A Call to Arms! Lets help out a well known community member

Thanks to all of my supporters and friends, we have achieved or goal (and much more). I received notification from YouTube that my channel has been reinstated. I will post my final thoughts and gratitude later today. Thank you all for standing by me... this wouldn't have happened without you. ...And thanks to those of you who doubted and criticized me. Your involvement was equally important in gaining YouTube's attention. For now, here is a link to my channel: http://hackersed.com -Chris

3. ## A Call to Arms! Lets help out a well known community member

I can hear the "jeopardy" clock fading away... and I'm anxiously waiting for a contestant to hit the buzzer.
4. ## A Call to Arms! Lets help out a well known community member

JRedded - I appreciate that you took the time to reach out. As I said earlier, it seems as though information censorship has become the core issue here. This is something that I'll discuss in my upcoming article for the Hacker News. For now, I'm collaborating with my teammates at CTF365 to make my videos available again. We'll get it figured out soon. Thanks again. newbi3 - Your contributions to this community are awesome. I've told you this in a past conversation but I'll say it again - the evil portal infusion is one of my favorite infusions. Your thoughts are shared by many others, and you're right when you say that YouTube isn't the only platform. As I said above, I'm working with some friends to get this situation resolved. It's looking like we may launch our own platform. In the meantime, we're working on a temporary solution. Thanks for your support.

7. ## Got PineAP(not pineapple) questions? Let me answer them!

Yes, ff:ff:ff:ff:ff:ff is used to target all devices. If you leave the target field blank, it will automatically populate with ff:ff:ff:ff:ff:ff. Here's some bogus math: Default = Blank Blank = ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff = Target all devices Target all devices = Default Therefore, Blank = Target all devices
8. ## Got PineAP(not pineapple) questions? Let me answer them!

I'm glad that I was able to help you out. The puzzle will never be complete. Each piece of the puzzle is a puzzle in itself... and the puzzle as a whole never stops expanding and evolving. Not to sound too philosophical. This is just one of the many reasons I enjoy security. There are too many challenges to face alone and, therefore, it never gets old or boring.
9. ## Wifi Pineapple vs HSTS

Thanks for the shout out. I haven't done much with my channel lately because I've been extremely busy working on http://ctf365.com - our online security training platform. We provide our free users with access to several vulnerable-by-design servers and web applications, such as Metasploitable and DVWA. Our paid users get access to the main arena, which has real servers hosted by real people. The idea is to attack other servers while defending your own server, and our goal is to simulate the real world internet. We also hold weekend-long CTF competitions for our paid users. The next one starts on October 17. For now, I'm working on some new Pineapple tutorials. When I'm finished, I'll share them in the WiFi Pineapple University category.

11. ## [Support] SSLstrip

My advice is to stop placing so much emphasis on Facebook. Many people use the same creds for most, if not all, of their accounts (i.e. social media, financial, email, etc.). Compromise one of them, and you can often compromise the rest of them. LinkedIn Wordpress Instagram Vimeo Microsoft Live PayPal Wells Fargo Chase Bank of America Fidelity Capital One IRS.gov Amazon Target Vudu RedBox HakShop DigitalOcean
12. ## Stupid (?) newbie questions

You're welcome. Now that the Pineapple is gaining a new foothold, I'm trying to revive my interest in it. I'll see about making a PineAP suite tutorial.
13. ## Stupid (?) newbie questions

I agree, and I prefer "client" over "victim."
14. ## Stupid (?) newbie questions

There are three network connection categories. Each category has a few connection options. 1) Ethernet Pineapple to router via ethernet cable Pineapple to ICS-enabled computer via ethernet cable 2) Wireless (Client Mode) Pineapple to wireless network, wireless AP, or WiFi hotspot via wlan1 Pineapple to wireless network, wireless AP, or WiFi hotspot via USB network adapter (wlan2) 3) USB Pineapple to USB 3G/4G modem via USB cable Pineapple to iPhone or Android via USB cable Yes. By default, wlan0 is reserved for Pineapple clients and is set to master mode (AP mode), which allows clients to connect to the Pineapple. If you wanted to, you could configure wlan0 to act as a client and wlan1 to act as an AP. Yes, the Mk V has two antennas because one (wlan1) is used as a client and the other (wlan0) is used as an access point. This allows the Pineapple to connect to a wireless network while simultaneously hosting an access point. It also allows the Pineapple to share its internet connection from wlan1 to the clients connected to wlan0. The Mk IV was only able to do one or the other without adding a USB network adapter. KARMA: Karma Attacks Radioed Machines Automatically KARMA's job is to trick WiFi-enabled devices (i.e. computers, smartphones, etc.) into connecting to the Pineapple. Here's how it works: Most devices are continuously searching for networks that they've previously connected to so they can automatically reestablish a connection. To do this, the devices send out probe requests. KARMA listens for those probe requests. When KARMA sees a probe request, it clones the network that the device is searching for and responds to the device. In other words, KARMA tricks the device into believing that the Pineapple is the network that it's looking for. This causes the device to connect to the Pineapple. I only updated to the latest firmware yesterday so I haven't experimented with the new PineAP suite yet. From what I can tell, the PineAP suite is essentially an extension of KARMA, and it was most likely developed in an effort to bring KARMA back to life. Beacon response is basically the new probe response. It's needed to exploit devices that are no longer susceptible to the traditional KARMA probe request/ response method. Harvester is used to harvest information from probe requests. Probe requests contain information about the access point that the device is searching for. Dogma gives you the ability to respond to a single probe request or respond to all probe requests. Before, KARMA would automatically respond to all probe requests. Dogma helps you to be more target-oriented.
15. ## Just got the Mark V today

This one has me stumped. Maybe you need to buy a new laptop?
16. ## Relay - ssh, is there an easier way?

My tutorial was designed to help novice users set up a working (and free) relay server but, more importantly, it was designed to explain the concept behind ssh tunneling. I feel like some people are overlooking an important lesson here - My tutorial can be applied to many situations and system setups. With some minor adjustments (if any at all), you can use my tutorial to setup your VPS/ VM on whatever cloud service you're using. Your EC2 Ubuntu instance is a VM. You shouldn't have any issues allowing inbound traffic on port 22 or port 1471. The only difference is that you're hosting your Ubuntu server VM on AWS whereas I'm hosting it on my own computer. NOTE: Amazon provides comprehensive documentation regarding firewall configuration.
17. ## RTL-SDR - RTL2832U - Software Defined Radio

Finally, I started to make some sense of this thing. I intercepted some police comms and lots of strange transmissions. I'm somewhat fixated on it now. I may need to invest in an antenna.
18. ## RTL-SDR - RTL2832U - Software Defined Radio

I was given an SDR (the one from the Hak Shop) for x-mas but I don't know what the hell to do with it. Just plugged it in for the first time yesterday. I'm using Mac OS X. I downloaded GQRX and started messing around with it... but I only receive static, strange spikes (with no noise), and weird bleeps (in rhythmic patterns). Can I intercept 2-way radio comms or AM/FM broadcasts? Video? What do I do with this thing?
19. ## A Simple Question........

If you keep router A suspended long enough, the client will connect to the Pineapple regardless of proximity/ signal strength. Once the client connects to the Pineapple, the client will remain connected until the Pineapple is removed from the area or the client manually disconnects. Laptop A will not automatically leave its connection with the Pineapple to connect to a network with a stronger signal.
20. ## How do we operate pineapple from terminal connection/shell

When you say you'd like to learn about shell scripts, what do you mean? Do you want to learn how to write them? Basically, shell scripts are used to automate a specific process. Here's a script I wrote that creates a fake access point with airbase-ng. It asks a series of configuration questions, and then it creates the fake access point based on your preferences. I created the script as an example for some friends, and included my notes in the comments. It may help you understand bash scripting a little better. As far as using the command line, what do you want to learn to do? Navigate the file system, start/ stop infusions, etc.?

22. ## Some questions about the WIFI pineapple

Sure, a USB to barrel connector will work. Not sure if a laptop will supply enough power to operate consistently though.

24. ## MiTM Infusion for Mark V

SixKids, Your Pineapple is the man in the middle. Many of the infusions perform some variation of a MItM attack - SSLstrip, strip-n-inject, Ettercap, DNSspoof, TCPdump, URLsnarf, Evil Portal, random roll, etc. Also, your Pineapple isn't limited to the infusions offered in the Pineapple bar. Maybe I can point you in the right direction if you tell me what you want to accomplish. What type of MItM attack do you want to perform?