Jump to content

Scrag

Active Members
  • Posts

    53
  • Joined

  • Last visited

  • Days Won

    1

Recent Profile Visitors

1,310 profile views

Scrag's Achievements

Newbie

Newbie (1/14)

  1. Hey Everybody. I was really hoping someone could help a noob out ;) I "almost" got this working but I am stuck. It appears dns2proxy is working but sslstrip is not. Sslstrip just sits there after loading and does not display any info, and of course, does not strip ssl. Here is what I'm doing: echo "1" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --flush -t nat iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 cd /sd/usr/share/dns2proxy/ python dns2proxy.py cd /sd/usr/share/sslstrip2/ python sslstrip.py -a -w /sd/ssltrip-log.txt I can visually see all kinds of responses on the dns2proxy screen, but for sslstrip, it just sits at sslstrip 0.9 + by Moxie Marlinspike running... + POC by Leonardo Nve Any thoughts? Thanks! Scrag
  2. Hello, I "seem" to have this working, as in no errors and I can see all the dnsproxy info flashing accross the screen. I am not able to capture any passwords (i did a test with facebook.com and typed in a bogus email and password). I also used tcpdump and looked at the results. My data is still encrypted so thats why I cannot see my email address or password. Anyone have any ideas? Below are the commands I'm using. echo "1" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --flush -t nat iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 python dns2proxy.py -i wlan0 python sslstrip.py -a -w /tmp/sslstrip_log * wlan0 is the interface im hosting my AP on. Please see attachment for networking screen. Thanks!! Scrag
  3. Hello Everybody I edited my /etc/nginx/nginx.conf file and now my web interface http://172.16.42.1:1471 does not work to admin my pineapple. I put the server config back to its original state and rebooted the pineapple - but it sill doesnt work. When I try to connect it says the site cant be reached / refused to connect. I can ssh to the pineaple just fine. Any thoughts on how I can fix this? Thanks, Scrag
  4. Well, not what I wanted to hear but what I need to know. Thanks Guys!! Scrag
  5. Hello Everyone. Im trying to figure out how to bypass HSTS with DNS Spoof and phising pages. I was about to give up but then I had an idea that ive been trying to implement. That is using PHP to re-direct the page request to a different url which hosts the phish page. For example: someone goes to www.facebook.com - which opens the redirect.php on the pineapple, which then redirects it to www.test.com/test.html. Test.html is just the bogus facebook page. Obviously if they are looking at their URL it will say http://www.test.com/test.html but will display the fake facebook page. Below is my redirect.php file: <?php $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if (strpos($ref, "example")){ header('Status: 302 Found'); header('Location: test.html'); } if (strpos($ref, "facebook")){ header('Status: 302 Found'); header('Location: http://www.test.com/test.html'); } require('error.php'); ?> <iframe style="display:none;" src="/get/get.php"></iframe> Since my hosts file on DNS spoof is " 172.16.42.1 * ", I was hoping it would redirect facebook to plain http test.html page on the pineapple. This is not working quite right, and Im new to PHP. Anyone have any ideas whats wrong? Why this isnt working? Or, maybe there is a better way to do all this? Thanks!! Scrag
  6. Got it. Thanks for the replies!
  7. Im taking a security course where we need to hack into a number of lab machines. Lots of them are running ssh. I can get key information by the following nmap command: # nmap -p 22 --script ssh-hostkey -v 192.168.xxx.xxx Starting Nmap 6.46 ( http://nmap.org ) at 2014-12-08 11:36 EST NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. Initiating ARP Ping Scan at 11:36 Scanning 192.168.xxx.xxx [1 port] Completed ARP Ping Scan at 11:36, 0.09s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 11:36 Completed Parallel DNS resolution of 1 host. at 11:36, 4.04s elapsed Initiating SYN Stealth Scan at 11:36 Scanning 192.168.xxx.xxx [1 port] Discovered open port 22/tcp on 192.168.xxx.xxx Completed SYN Stealth Scan at 11:36, 0.18s elapsed (1 total ports) NSE: Script scanning 192.168.xxx.xxx. Initiating NSE at 11:36 Completed NSE at 11:36, 2.08s elapsed Nmap scan report for 192.168.xxx.xxx Host is up (0.100s latency). PORT STATE SERVICE 22/tcp open ssh ssh-hostkey: I 1024 65:63:69:c9:8b:96:b1:fb:be:d5:5c:f8:1e:7b:de:8f (DSA) ssh-dss AAAAB3NzaC1kc3MAAACBAPgR1A-JiiKTtPRghjaMR4nHJ2qK9+bfehVJw5fhPu3gsLxPe+dOi9gfpOrM4pVo0OR ZkiOn/9Hn6pVX0qpnXPtgGhGsnQYkPR6QdiBI4WeGGZ3tsDuj1u0X6DrSEy4eVuaAGV9h2413TzgFcZ8o690pDWcKGB8krHHg i0SWnj3xQ1AAAAFQDzMDuRv4XwObvME88LK1VQ28xagQAAAIEAmNnhKZCSEnOhyW5+h5U1870DbfM7WMW/ferRugS7no4Gx EbDBUlDp3IovMAOKPt/ZSajiyueew1o4IXq+3qVf1sjtUDOvtptv7aGUpK9ZCeY/JOXEL/52677D02b1/aVimy4xGFKdIPEd qwindgIAbvxjuBrlTkIMnKzxYpFIAAACABExZb99rpjo3h+6ypzywL+QZLO1tVb8I5wuTtRfGTL3619Tv0PHXZ74DR8qE2K Ogx9WapTKUcFgGwDQZ2fh+EZd2/xx/jOn/gCrfdtHAKW1LivYYJg3nAR2XeYj/5c+c9WUTloY+4E08Lwb5Uibr9vNxm05/wiJ MauAMS/Q4EYAm= I 2048 28:99:c0:51:20:96:31:e1:a4:fb:9a:17:46:52:cf:fc (RSA) I_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwLyVtTmZ588dtDeYaMXwwMpQIteepzUL7RR9WsiTibncf19LOnci/Ov1wQz 9mx6Tty23t4ZD2w1ZQdIHhKpm/cGKFuxueSnCQRHIi93RvXWCTMRvrAe0OSNYLM8NjIEFNPGHyUPmkDQELUpI97i9+ht1brw z/OEBEr4f1rOAC/CTWKDk4WvKwy7n63GvU/Q5hCSOWPrj37VS7Y53xThdKWKQs3bkU2C+n0h1XDzx0x19e4FINDa9SzvE6q vIKBobzY0czT9RcL1npS+wmignR1os/fPteXhDe37Kmed6Tx+/52YvAdQPTly7yoDP8pAWf80+yM6MIjXT8DRz3LvraQ== MAC Address: 00:00:00:00:00:00 (VMware) NSE: Script Post-scanning. Initiating NSE at 11:36 Completed NSE at 11:36, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 6.49 seconds Raw packets sent: 2 (72B) I Rcvd: 2 (72B) Is this information something I can use to break into the system? Ive tried reading up on ssh but most of it with keys etc doesnt make a lot of sense to me. Any thoughts on this would be appreciated! Thanks.
  8. I know theres probably lots of posts on this but I cant seem to find any that direct someone on how to start learning to create an infusion. I have some ideas and needs id like to try to create an infusion for...so any advice on where to start would be apprciated. Thanks, Regan
  9. I have a Franklin Wireless U600, with virgin mobile for the ISP. I had to create a usb_modeswitch file, and copy it to /etc/usb_modeswitch.d/ folder. Here is my modeswitch file, named "1fac:0150" # Franklin Wireless U600 DefaultVendor= 0x1fac DefaultProduct=0x0150 TargetVendor= 0x1fac TargetProduct= 0x0151 MessageContent="555342431234567824000000800108df200000000000000000000000000000" I also had to add this to my 3g.sh file.... case "$MODEM" in *1fac:0150* | *1fac:0151*) echo "Franklin Wireless U600 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1fac -p 5031 -V 1fac -P 0151 -M 555342431234567824000000800108df200000000000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1fac product=0x0151 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; Here is my completed 3g.sh file.... #!/bin/sh # --------------------------------------------------------- # 3G Connection Script for WiFi Pineapple. "Does the thing" # # Version: 2012-02-17 # Supports: # # ZTE MF591 (T-Mobile) -dkitchen # Novatel MC760 (Virgin) -dkitchen # Novatel MC760 (Ting) -dkitchen # Sierra 598u (Ting) -brianzimm # And more. # # Updates: wifipineapple.com # --------------------------------------------------------- # ----------------------------------------------------------- # Configure /etc/ppp/options with hard-coded working settings # ----------------------------------------------------------- echo " logfile /dev/null noaccomp nopcomp nocrtscts lock maxfail 0" > /etc/ppp/options # -------------------------------------------------------------------------------------------------- # Check for known usb modem vendor and product IDs then switch 'em from storage to serial modem mode # -------------------------------------------------------------------------------------------------- echo "Searching for attached 3G Modems" logger "3G: Connection Script here, searching for modems" MODEM=$(lsusb | awk '{ print $6 }') echo $MODEM case "$MODEM" in *1fac:0150* | *1fac:0151*) echo "Franklin Wireless U600 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1fac -p 5031 -V 1fac -P 0151 -M 555342431234567824000000800108df200000000000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1fac product=0x0151 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *1410:6002* | *1410:5031*) echo "Novatel MC760 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5031 -V 1410 -P 6002 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1410 product=0x6002 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *1410:5030*) echo "Novatel MC760 (Ting) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5030 -V 1410 -P 6000 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1410 product=0x6000 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *1199:0025*) echo "Sierra 598u (Ting) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1199 -p 0025 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1199 product=0x0025 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *12d1:1436*) echo "Huawei E173 detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=umts uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.apn=apn uci set network.wan2.username=username uci set network.wan2.password=password uci set network.wan2.defaultroute=1 uci commit network usb_modeswitch -v 12d1 -p 1436 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x12d1 product=0x1436 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *12d1:140c*) echo "Huawei Modem (3-IRL) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=umts uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.apn=3internet uci set network.wan2.username= uci set network.wan2.password= uci set network.wan2.defaultroute=1 uci commit network usb_modeswitch -v 12d1 -p 140c -V 12d1 -P 140c -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x12d1 product=0x140c sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; esac So after I copied the 1fac:0150 file to /etc/usb_modeswitch.d/ I then had to run my 3g.sh file (./3g.sh). I went into the networking infusion and pressed the update and redail links. After a reboot, my 3g starts up automatically if my modem is plugged in when booted. I had to flash my pineapple a few times and this process worked both times after. I was able to figure this out thanks to Headros' efforts. Her post can be found here: https://forums.hak5.org/index.php?/topic/29108-u600-virgin-mobile-usb-modem-configuration/?hl=franklin This has worked for me for the mark 4 and 5. Hope this helps.
  10. Scrag

    ettercap

    Very well done video on ettercap's usage and capabilities can be found below. It can also be downloaded from their site in stead of jsut viewing it. http://infinityexists.com/videos/episode20/
  11. Thanks for the responses. I removed WiFi Manager and flashed my pineapple. My client connected fine. I then changed my SSID from "Pineapple_1F44", or something like that to "Guest" in the karma tab, and checked persistent. Now my client wont connect. I removed the /etc/config/wireless file and did a "wifi detect" and rebooted. Now my client connects. I tried updating the SSID in the /etc/config/wireless file manually, and also tried karma again, each time it broke the client and the client worked again after i did a "wifi detect". So in summary the client connect works until I change my AP SSID, then it stops working. My AP and everything else works fine - just no client connect. The pineapple wheel just spins and spins. PS...also when my client would connect, the internet wont work for the clients. If I ping 8.8.8.8 from a client it fails. I verified ip_forward is set to 1. I have multiple access points running and no encryption on them, it doesnt work for any of them. Internet will work on the pineapple though. Any other ideas? Thanks, Scrag
  12. Ive been having client connect problems since day 1. Im running Firmware 1.0.4. Ive been checking for the reverse wlan issue on the forums and been reset and redetecting my wireless configuration. So I just recently reloaded my firmware. I tried the client connect under the network options - worked fine. I then setup my 3g modem and changed my AP name using WiFi Manager. Now I cant connect with the client connect under the network infusion. Ive had this happen many times. It seems client connect works ok...then I make a change in WiFi Manager infusion, and then it stops working. Also my WiFi Manager keeps adding radios to its config..so I keep getting more radios. Ive tried deleting some of these intrfaces, and disabling them by unchecking the Enable box...sometimes it works..other times it doesnt. Any Thoughts? Thanks, Scrag
  13. Yeah I thought about that. Im runing kali linux on my phone. problem is I connect wifi to lots of other networks so a static would be very inconvienient :(
  14. Would anyone know how I can create a DHCP reservation so when my phone connects to the pineapple it gets the same IP every time? If not what dhcp server does the pineapple use? Thanks, Scrag
  15. Ok, i think i figured out my own problem. My webserver is serving pages on port 8080 not 80.
×
×
  • Create New...