bytedeez
-
Posts
338 -
Joined
-
Last visited
-
Days Won
5
Posts posted by bytedeez
-
-
Well piratebox is made for the tp link mr3020. It has a 400mhz cpu which is the same as a pineapple.
Piratebox uses a form of dnsspoof in order to redirect everyone to piratebox.lan.
Now I could be wrong but I think it may be alittle heavy for the pineapple, on top of that piratebox is its own .img. its' configuration might mess things up for the pineapple. I would instead try linking and then forwarding traffic from one to the other.
EDIT:
But now that I think about it. You could probably pull the files from folder pbIMG_ws.img create a folder for your shared content on the SD card. Link everything together, Then use dns spoof to forward all traffic to piratebox files.
So it's possible but I would talk with Seb and Matthias first to find out the exact steps so you don't mess anything up.
-
it was some code published from the mark 4 i had in stock, but never used.
Instead of wasting time rewriting it or simplifying i just need it to run. (because of time restrictions).
I was actually able to get it running, and it worked out very well!
Thanks for your help though!
-
The problem with sslstrip2 is porting dns2proxy to the pineapple as well as sites being cached in the targets browser.
I imagine to fully get the magic of the original sslstrip back it will take a combination of not only exploiting vunilbilities in the ssl protocol but also in the broswer as well.
-
Once i start the script, i get a loop that says "Waiting for interface rndis0" i imagine the loop is due to configuration within device and that the script will probably need to be patched. Has anyone tried this for themselves?
-
As it turns out leafpad was actually saving the file as hosts.txt.txt.
removed the extra .txt and I'm good.
Unfortunately still did not get it working. -
Thanks!
I didn't think it was possible to save a file with no extension.
But the location of the hosts file isn't the issuse. The script looks for it in /data/local/tmp. And it should be kept separate than your normal host file.
-
Trying to get BadUSB working on my note 3.
I downloaded the files from here https://srlabs.de/badusb/.
The readme file says to create your own hosts file so I did and saved it as hosts.txt.
used the command adb push hosts.txt /data/local/tmp as directed to transfer the file to my note 3.
ran sh badusb.sh in the android terminal.
Then I get the error saying my hosts file does not exsist.
I was thinking that the .txt file extension was wrong but I could not find any documentation to deny or confirm my suspicion.
Anyone have a clue?
-
I seen the youtube comments about him not releasing his work
but then I thought....
Why would he release the script but not the supporting files? Unless there were no supporting files.
-
he doesn't go into great detail.
but the errors i'm receiving
root@kali:~# ./neo.sh /bin/bash: while [ true ] do echo -e;clear sleep 3 echo "T" sleep 1 echo -e;clear echo "Th" sleep 1 echo -e;clear echo "The" s: No such file or directory
is files not found.
but yeah that shit looks great, i love that it actually gives real information and is not just some BS that looks cool.
Edit: excuse my mistakes, on my fifth shot and these keys are starting to mix up between one another.lol
-
i found a pretty cool, matrix type script, that actually displays information.
I am trying to run it in kali.
but having no luck
says i should use tmux but i used gvim instead, never used tmux before
the code can be found here:
http://www.necopost.com/2012/06/knock-knock-neo-coolest-app-i-ever.html
-
I don't think targeted attacks are available yet but a easy work around is have only your android be connected as a client and only visit your perfered webpage on that android device during test.
If you need help with strip and inject go to that thread under the infusion section found here : https://forums.hak5.org/index.php?/topic/30673-support-strip-n-inject/#entry231008 .
-
Anytime, Chris! Just know that for me, I am going to do whatever I can to help you get back to doing what you love and are good at.
This topic is the least I could have done for the time an effort you've put in to educating people like myself. For free!Also not to call anyone out or suggest you should bite the hand that feeds, but i'd really like to see Darren and Hak5 or threat wire get involved in this, i mean TBH i seen Chris's wifi pineapple tutorials before i even bought a pineapple, His quality tutorials convinced me to actually buy a pineapple. So his videos are also good for business on the Hak5 side of spectrum.
-
He confirmed he has backed up his videos.
Also he hasn't had much time to get on here but he will shortly.
-
Well PineAP still has a lot of untapped potential such as targeted attacks, we have the Pine Plug that just came out that needs the software to catch up with it.
In all seriousness though, i don't see how charging customers for another pineapple plus accessories to use the 2 together is considered "just scratching the surface"
when a newer version with more ram and faster cpu, which would be a fairly cheap upgrade for both sides, would solve that problem. I mean, you wouldn't go out and buy 2 PCs with 2 gigs of ram and duo-core cpu, then link them together in order to have a quad-core, 4 gig of ram PC.
But i'm not trying to turn this into "one of those" threads.
maybe peap/radius attacks would be cool.
more recon functions. (once the cpu usage is toned down a bit.)
And yes i realize pineAP is not fully DEVed yet. deauth, targeted attacks and so on are in the works.
When i asked this question, i was thinking that maybe it was something new, that really pushed the pineapple to the next level. -
I'm actually creating an infusion based on that concept but i'm also adding the benefit of an UZI & Dynamite willding raptor to back-up and concrete the whole process!
-
I was reading in a post that is now locked, About the MV6 and that it would be awhile before it came out due to the fact that "we are barely scratching the surface" with the MV5.
So now I'm kinda curious as to what the plans for the MK5 are (just generally, don't want a spoiler.)
-
Sharing this for all the professional, legitimate pentesters.
-
It's all about the lulz.
-
That's part of yes.
But it's also about researching and finding vunilbilities within the entire system. Which includes finding flaws in captive portals used to login into company databases.
-
You can literally git clone into kali(1.0.8 or higher)
cd mana
Run ./kali-install.sh
Let it install
Then cd back into mana (if not there)
Then excuse the command "run-mana/start-nat-full.sh"
-
It's not available for the pineapple yet.
But yes you can git clone.
-
This talk by Leonardo earlier this year has an awesome bypass for HSTS is some instances: https://www.blackhat.com/asia-14/speakers/Leonardo-Nve.html
His code is available at https://github.com/leonardonve
We integrated it into our mana toolkit at https://github.com/sensepost/mana/tree/master/sslstrip-hsts
It would be real kind of you if you could make it into an infusion for us. Or point us in the right direction on how to get it working on openwrt for a command line infusion
-
Nice find!
-
Lol ZaraByte,
Pewdiepie's game commentary videos are crap and I find him incredibly annoying!
Some people like him, to each is own, but if his account was terminated I would make an hour long video of me just pointing at his account and laughing.
I think my next post is going to be a "call to arms" to get rid of Pewdiepie trololol (jk)
ADS-B is for sissies: Receiving Dead Satellites with the RTL-SDR
in SDR - Software Defined Radio
Posted
I disagree, i receive wifi, blue tooth signal from all kinds of APs when pentesting. I'm not after the signal, I'm after the data. Although receiving satellite signal is out of the ordinary for most people, if it is just a signal. it's cool at first (for about 2 secs.) but boring in the long run.