Jump to content

aibohphobia

Active Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by aibohphobia

  1. root@Pineapple:~# cat /etc/pineapple/pineapple_version 2.0.4 root@Pineapple:~# env x='() { :;}; echo vulnerable' bash -c "echo pineapple found." vulnerable pineapple found. root@Pineapple:~# opkg list-installed | grep bash bash - 4.2-3 root@Pineapple:~# opkg update Downloading http://cloud.wifipineapple.com/mk5/packages/Packages.gz. Updated list of available packages in /var/opkg-lists/pineapple_packages. root@Pineapple:~# opkg list-upgradable root@Pineapple:~# _ Any plans for an update for bash? And yes, I do know root is running /bin/ash. That's not the issue.
  2. I reckon you saw a pentester using HTTP request Hijacking. http://www.skycure.com/blog/http-request-hijacking/ In short: Twitter/BCC news app requests a feed, one spoofs the DNS request for the feed to a third party, at the third party you put a 301 redirect to a specific site (e.g. notyourtwitter.com), and the application gets the feed spoon-fed from the wrong place. Now, you would think this would all end once the iPhone moves to a different place, dns cache expires and the situation would resolve itself. But no, the application itself is caching the 301 redirect to the same specific notyourtwitter site, long after the fact. The link above describes the exploit in more detail. It's not an iOS fix that would resolve this, developers themselves need to fix this.
  3. From www.wifipineapple.com: Flexible power options. Variable voltages for operation from 5v - 12v sources I reckon you'd be fine with 12 volt then. Also, the new pineapplejuice battery is 12 volts... I would not recommend plugging it in in the car cigarette lighter however. As anode pointed out in another thread: And boosted240 recommended this device for that purpose:
  4. No problem here: root@Pineapple:/sd/work# hostapd_cli -p /var/run/hostapd-phy0 karma_get_black_white Selected interface 'wlan0' BLACK ... although I might have radio0 and radio1 switched after a factory reset. So, here's my /etc/config/wireless for you to compare: config wifi-device radio0 option type mac80211 option channel 11 option hwmode 11g option macaddr 00:13:37:c0:ff:ee option disabled '0' config wifi-iface option device radio0 option network wan option hidden '0' option mode sta option ssid "myfi" option key 'Betterhookmeuporelse' option encryption 'psk2+tkip' config wifi-device radio1 option type mac80211 option channel 'auto' option hwmode 11ng option macaddr 00:13:37:c0:0c:1e option htmode HT20 list ht_capab SHORT-GI-20 list ht_capab SHORT-GI-40 list ht_capab RX-STBC1 list ht_capab DSSS_CCK-40 option disabled '0' config wifi-iface option device radio1 option network lan option mode ap option ssid "freewifi" option encryption none In this scenario I'm using radio0 to hookup to the Internet, and radio1 is my luring hotspot.
  5. Ehm, hoping not to state the obvious: you did wait the five minutes it takes to flash the device?
  6. Yes, the script has a small oddity, it has: $logFileName = "yournamehere.log"; and allows you to configure furthermore: $logFilePath = "/sd/logs/"; ... yet the actual write uses only the first variable: $handle = fopen($logFileName, 'a') or die("Can't open file"); So... a declaration of the full path and logname in $logFileName will work. I like the iOS7 workaround in this script to convince iOS devices to connect without popups. RickRolers, are you paying attention? // This is iOS' Wi-Fi connectivity test request: http://erratasec.blogspot.com.au/2010/09/apples-secret-wispr-request.html // iOS 7 added some new domains to the wispr request: // Seems the iOS 7 may have a heap of domains so also check for the "CaptiveNetworkSupport" header http://forum.daviddarts.com if($requestedUri == "www.apple.com/library/test/success.html" or $requestedHost == "www.appleiphonecell.com" or $requestedHost == "captive.apple.com" or $requestedHost == "www.ibook.info" or $requestedHost == "www.itools.info" or strpos($userAgent, "CaptiveNetworkSupport") !== false) { print_r("<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>"); exit(); } Rather elegant.
  7. Nope, sorry, can't be done. Although technically not 100 percent correct, think of it as a challenge response: the Access Point is sending a challenge, and the client a response, where the pass phrase is used as a shared secret. Technically correct would be to say that the actual authentication is never send in clear text and therefor can't be extracted from the data stream.
  8. The adapter cable would be a nice addition for the hakshop, since everybody and their dog bought better RP-SMA connected antennas for their Mark IV. Wink wink, nudge nudge, know what I mean, know what I mean?
  9. Apparently one is able to solder down the SMA connector in a much better way on the systemboard. A better fit, means less antenna loss, less chance it will break, so it means a better overall experience. But I do agree that it is a bit of an odd connector...
×
×
  • Create New...