Jump to content

Scrag

Active Members
 View Profile  See their activity

  • Posts

    53

  • Joined

  • Last visited

  • Days Won

    1

Recent Profile Visitors

1,376 profile views

Scrag's Achievements

Newbie

Newbie (1/14)

  1. Scrag
    Hello Everybody I edited my /etc/nginx/nginx.conf file and now my web interface http://172.16.42.1:1471 does not work to admin my pineapple. I put the server config back to its original state and rebooted the pineapple - but it sill doesnt work. When I try to connect it says the site cant be reached / refused to connect. I can ssh to the pineaple just fine. Any thoughts on how I can fix this? Thanks, Scrag
  2. Scrag
    Well, not what I wanted to hear but what I need to know. Thanks Guys!! Scrag
  3. Scrag
    Hello Everyone. Im trying to figure out how to bypass HSTS with DNS Spoof and phising pages. I was about to give up but then I had an idea that ive been trying to implement. That is using PHP to re-direct the page request to a different url which hosts the phish page. For example: someone goes to www.facebook.com - which opens the redirect.php on the pineapple, which then redirects it to www.test.com/test.html. Test.html is just the bogus facebook page. Obviously if they are looking at their URL it will say http://www.test.com/test.html but will display the fake facebook page. Below is my redirect.php file: <?php $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if (strpos($ref, "example")){ header('Status: 302 Found'); header('Location: test.html'); } if (strpos($ref, "facebook")){ header('Status: 302 Found'); header('Location: http://www.test.com/test.html'); } require('error.php'); ?> <iframe style="display:none;" src="/get/get.php"></iframe> Since my hosts file on DNS spoof is " 172.16.42.1 * ", I was hoping it would redirect facebook to plain http test.html page on the pineapple. This is not working quite right, and Im new to PHP. Anyone have any ideas whats wrong? Why this isnt working? Or, maybe there is a better way to do all this? Thanks!! Scrag
  4. Scrag
    Got it. Thanks for the replies!
  5. Scrag
    Im taking a security course where we need to hack into a number of lab machines. Lots of them are running ssh. I can get key information by the following nmap command: # nmap -p 22 --script ssh-hostkey -v 192.168.xxx.xxx Starting Nmap 6.46 ( http://nmap.org ) at 2014-12-08 11:36 EST NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. Initiating ARP Ping Scan at 11:36 Scanning 192.168.xxx.xxx [1 port] Completed ARP Ping Scan at 11:36, 0.09s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 11:36 Completed Parallel DNS resolution of 1 host. at 11:36, 4.04s elapsed Initiating SYN Stealth Scan at 11:36 Scanning 192.168.xxx.xxx [1 port] Discovered open port 22/tcp on 192.168.xxx.xxx Completed SYN Stealth Scan at 11:36, 0.18s elapsed (1 total ports) NSE: Script scanning 192.168.xxx.xxx. Initiating NSE at 11:36 Completed NSE at 11:36, 2.08s elapsed Nmap scan report for 192.168.xxx.xxx Host is up (0.100s latency). PORT STATE SERVICE 22/tcp open ssh ssh-hostkey: I 1024 65:63:69:c9:8b:96:b1:fb:be:d5:5c:f8:1e:7b:de:8f (DSA) ssh-dss AAAAB3NzaC1kc3MAAACBAPgR1A-JiiKTtPRghjaMR4nHJ2qK9+bfehVJw5fhPu3gsLxPe+dOi9gfpOrM4pVo0OR ZkiOn/9Hn6pVX0qpnXPtgGhGsnQYkPR6QdiBI4WeGGZ3tsDuj1u0X6DrSEy4eVuaAGV9h2413TzgFcZ8o690pDWcKGB8krHHg i0SWnj3xQ1AAAAFQDzMDuRv4XwObvME88LK1VQ28xagQAAAIEAmNnhKZCSEnOhyW5+h5U1870DbfM7WMW/ferRugS7no4Gx EbDBUlDp3IovMAOKPt/ZSajiyueew1o4IXq+3qVf1sjtUDOvtptv7aGUpK9ZCeY/JOXEL/52677D02b1/aVimy4xGFKdIPEd qwindgIAbvxjuBrlTkIMnKzxYpFIAAACABExZb99rpjo3h+6ypzywL+QZLO1tVb8I5wuTtRfGTL3619Tv0PHXZ74DR8qE2K Ogx9WapTKUcFgGwDQZ2fh+EZd2/xx/jOn/gCrfdtHAKW1LivYYJg3nAR2XeYj/5c+c9WUTloY+4E08Lwb5Uibr9vNxm05/wiJ MauAMS/Q4EYAm= I 2048 28:99:c0:51:20:96:31:e1:a4:fb:9a:17:46:52:cf:fc (RSA) I_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwLyVtTmZ588dtDeYaMXwwMpQIteepzUL7RR9WsiTibncf19LOnci/Ov1wQz 9mx6Tty23t4ZD2w1ZQdIHhKpm/cGKFuxueSnCQRHIi93RvXWCTMRvrAe0OSNYLM8NjIEFNPGHyUPmkDQELUpI97i9+ht1brw z/OEBEr4f1rOAC/CTWKDk4WvKwy7n63GvU/Q5hCSOWPrj37VS7Y53xThdKWKQs3bkU2C+n0h1XDzx0x19e4FINDa9SzvE6q vIKBobzY0czT9RcL1npS+wmignR1os/fPteXhDe37Kmed6Tx+/52YvAdQPTly7yoDP8pAWf80+yM6MIjXT8DRz3LvraQ== MAC Address: 00:00:00:00:00:00 (VMware) NSE: Script Post-scanning. Initiating NSE at 11:36 Completed NSE at 11:36, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 6.49 seconds Raw packets sent: 2 (72B) I Rcvd: 2 (72B) Is this information something I can use to break into the system? Ive tried reading up on ssh but most of it with keys etc doesnt make a lot of sense to me. Any thoughts on this would be appreciated! Thanks.
  6. Scrag
    I know theres probably lots of posts on this but I cant seem to find any that direct someone on how to start learning to create an infusion. I have some ideas and needs id like to try to create an infusion for...so any advice on where to start would be apprciated. Thanks, Regan
  7. Scrag
    I have a Franklin Wireless U600, with virgin mobile for the ISP. I had to create a usb_modeswitch file, and copy it to /etc/usb_modeswitch.d/ folder. Here is my modeswitch file, named "1fac:0150" # Franklin Wireless U600 DefaultVendor= 0x1fac DefaultProduct=0x0150 TargetVendor= 0x1fac TargetProduct= 0x0151 MessageContent="555342431234567824000000800108df200000000000000000000000000000" I also had to add this to my 3g.sh file.... case "$MODEM" in *1fac:0150* | *1fac:0151*) echo "Franklin Wireless U600 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1fac -p 5031 -V 1fac -P 0151 -M 555342431234567824000000800108df200000000000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1fac product=0x0151 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; Here is my completed 3g.sh file.... #!/bin/sh # --------------------------------------------------------- # 3G Connection Script for WiFi Pineapple. "Does the thing" # # Version: 2012-02-17 # Supports: # # ZTE MF591 (T-Mobile) -dkitchen # Novatel MC760 (Virgin) -dkitchen # Novatel MC760 (Ting) -dkitchen # Sierra 598u (Ting) -brianzimm # And more. # # Updates: wifipineapple.com # --------------------------------------------------------- # ----------------------------------------------------------- # Configure /etc/ppp/options with hard-coded working settings # ----------------------------------------------------------- echo " logfile /dev/null noaccomp nopcomp nocrtscts lock maxfail 0" > /etc/ppp/options # -------------------------------------------------------------------------------------------------- # Check for known usb modem vendor and product IDs then switch 'em from storage to serial modem mode # -------------------------------------------------------------------------------------------------- echo "Searching for attached 3G Modems" logger "3G: Connection Script here, searching for modems" MODEM=$(lsusb | awk '{ print $6 }') echo $MODEM case "$MODEM" in *1fac:0150* | *1fac:0151*) echo "Franklin Wireless U600 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1fac -p 5031 -V 1fac -P 0151 -M 555342431234567824000000800108df200000000000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1fac product=0x0151 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *1410:6002* | *1410:5031*) echo "Novatel MC760 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5031 -V 1410 -P 6002 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1410 product=0x6002 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *1410:5030*) echo "Novatel MC760 (Ting) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5030 -V 1410 -P 6000 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1410 product=0x6000 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *1199:0025*) echo "Sierra 598u (Ting) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1199 -p 0025 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1199 product=0x0025 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *12d1:1436*) echo "Huawei E173 detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=umts uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.apn=apn uci set network.wan2.username=username uci set network.wan2.password=password uci set network.wan2.defaultroute=1 uci commit network usb_modeswitch -v 12d1 -p 1436 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x12d1 product=0x1436 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *12d1:140c*) echo "Huawei Modem (3-IRL) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=umts uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.apn=3internet uci set network.wan2.username= uci set network.wan2.password= uci set network.wan2.defaultroute=1 uci commit network usb_modeswitch -v 12d1 -p 140c -V 12d1 -P 140c -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x12d1 product=0x140c sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; esac So after I copied the 1fac:0150 file to /etc/usb_modeswitch.d/ I then had to run my 3g.sh file (./3g.sh). I went into the networking infusion and pressed the update and redail links. After a reboot, my 3g starts up automatically if my modem is plugged in when booted. I had to flash my pineapple a few times and this process worked both times after. I was able to figure this out thanks to Headros' efforts. Her post can be found here: https://forums.hak5.org/index.php?/topic/29108-u600-virgin-mobile-usb-modem-configuration/?hl=franklin This has worked for me for the mark 4 and 5. Hope this helps.
  8. Scrag

    ettercap

    Scrag replied to masler77's topic in Questions

    Very well done video on ettercap's usage and capabilities can be found below. It can also be downloaded from their site in stead of jsut viewing it. http://infinityexists.com/videos/episode20/
  9. Scrag
    Thanks for the responses. I removed WiFi Manager and flashed my pineapple. My client connected fine. I then changed my SSID from "Pineapple_1F44", or something like that to "Guest" in the karma tab, and checked persistent. Now my client wont connect. I removed the /etc/config/wireless file and did a "wifi detect" and rebooted. Now my client connects. I tried updating the SSID in the /etc/config/wireless file manually, and also tried karma again, each time it broke the client and the client worked again after i did a "wifi detect". So in summary the client connect works until I change my AP SSID, then it stops working. My AP and everything else works fine - just no client connect. The pineapple wheel just spins and spins. PS...also when my client would connect, the internet wont work for the clients. If I ping 8.8.8.8 from a client it fails. I verified ip_forward is set to 1. I have multiple access points running and no encryption on them, it doesnt work for any of them. Internet will work on the pineapple though. Any other ideas? Thanks, Scrag
  10. Scrag
    Ive been having client connect problems since day 1. Im running Firmware 1.0.4. Ive been checking for the reverse wlan issue on the forums and been reset and redetecting my wireless configuration. So I just recently reloaded my firmware. I tried the client connect under the network options - worked fine. I then setup my 3g modem and changed my AP name using WiFi Manager. Now I cant connect with the client connect under the network infusion. Ive had this happen many times. It seems client connect works ok...then I make a change in WiFi Manager infusion, and then it stops working. Also my WiFi Manager keeps adding radios to its config..so I keep getting more radios. Ive tried deleting some of these intrfaces, and disabling them by unchecking the Enable box...sometimes it works..other times it doesnt. Any Thoughts? Thanks, Scrag
  11. Scrag
    Yeah I thought about that. Im runing kali linux on my phone. problem is I connect wifi to lots of other networks so a static would be very inconvienient :(
  12. Scrag
    Would anyone know how I can create a DHCP reservation so when my phone connects to the pineapple it gets the same IP every time? If not what dhcp server does the pineapple use? Thanks, Scrag
  13. Scrag
    Ok, i think i figured out my own problem. My webserver is serving pages on port 8080 not 80.
  14. Scrag
    PS...if I had to guess its not a problem necesarily with dnsspoof - but with the fact my piney wont serve the http page. If I try to browse other files in the www directory it doesnt work.
  15. Scrag
    Hi. Its my first time setting up Dnsspoof. I have watched a lot of youtube videos and have been following along to get a fake test facebook.com phishing page going. Ive gone through a lot of videos and turorials and I must be missing something because mine doesnt work. When you goto www.facebook.com, it just gives you a "page cannot be displayed" page. When I ping www.facebook.com it comes back as 172.16.42.1, so I know the "spoofing" portion works. I have my modified facebook.html and files copied to /www on the pineapple. Below are my config's. Hosts 172.16.42.1 *.facebook.com Redirect.php <?php $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if (strpos($ref, "example")){ header('Status: 302 Found'); header('Location: example.html'); } if (strpos($ref, "facebook")){ header('Status: 302 Found'); header('Location: facebook.html'); } require('error.php'); ?> Output so far....its loggin my attempts at least dnsspoof output_1385335664.log [November 25 2013 01:20:39] dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1] 172.16.42.141.54762 > 172.16.42.1.53: 1801+ A? www.facebook.com 172.16.42.141.49251 > 172.16.42.1.53: 49954+ A? www.facebook.com 172.16.42.141.55392 > 172.16.42.1.53: 37161+ A? www.facebook.com 172.16.42.141.54352 > 172.16.42.1.53: 37704+ A? s-static.ak.facebook.com 172.16.42.141.57804 > 172.16.42.1.53: 12638+ A? www.facebook.com 172.16.42.203.44070 > 172.16.42.1.53: 37865+ A? www.facebook.com 172.16.42.203.46406 > 172.16.42.1.53: 34566+ A? www.facebook.com 172.16.42.203.36324 > 172.16.42.1.53: 5921+ A? www.facebook.com index.php <html> <head> <meta http-equiv="REFRESH" content="0;url=redirect.php"> </head> <body> </body> </html> Ive also attached a screen shot of the files in /www on my pineapple. Any advice would be greatly appreciated!! Thanks, Scrag
×
×
  • Create New...