aibohphobia
-
Posts
10 -
Joined
-
Last visited
Posts posted by aibohphobia
-
-
I reckon you saw a pentester using HTTP request Hijacking.
http://www.skycure.com/blog/http-request-hijacking/
In short: Twitter/BCC news app requests a feed, one spoofs the DNS request for the feed to a third party, at the third party you put a 301 redirect to a specific site (e.g. notyourtwitter.com), and the application gets the feed spoon-fed from the wrong place. Now, you would think this would all end once the iPhone moves to a different place, dns cache expires and the situation would resolve itself. But no, the application itself is caching the 301 redirect to the same specific notyourtwitter site, long after the fact. The link above describes the exploit in more detail. It's not an iOS fix that would resolve this, developers themselves need to fix this.
-
From www.wifipineapple.com:
Flexible power options. Variable voltages for operation from 5v - 12v sources
I reckon you'd be fine with 12 volt then. Also, the new pineapplejuice battery is 12 volts... I would not recommend plugging it in in the car cigarette lighter however. As anode pointed out in another thread:
When the car is running the voltage should be 13.8-14 VDC.
lead acid batteries get charged with a higher voltage.
And boosted240 recommended this device for that purpose:
-
Are they just for boot mode or can they be flipped while up and running (like the old WPS button)?
Just for boot mode...
-
No problem here:
root@Pineapple:/sd/work# hostapd_cli -p /var/run/hostapd-phy0 karma_get_black_white
Selected interface 'wlan0'
BLACK
... although I might have radio0 and radio1 switched after a factory reset. So, here's my /etc/config/wireless for you to compare:
config wifi-device radio0
option type mac80211
option channel 11
option hwmode 11g
option macaddr 00:13:37:c0:ff:ee
option disabled '0'
config wifi-iface
option device radio0
option network wan
option hidden '0'
option mode sta
option ssid "myfi"
option key 'Betterhookmeuporelse'
option encryption 'psk2+tkip'
config wifi-device radio1
option type mac80211
option channel 'auto'
option hwmode 11ng
option macaddr 00:13:37:c0:0c:1e
option htmode HT20
list ht_capab SHORT-GI-20
list ht_capab SHORT-GI-40
list ht_capab RX-STBC1
list ht_capab DSSS_CCK-40
option disabled '0'
config wifi-iface
option device radio1
option network lan
option mode ap
option ssid "freewifi"
option encryption none
In this scenario I'm using radio0 to hookup to the Internet, and radio1 is my luring hotspot.
-
Ehm, hoping not to state the obvious: you did wait the five minutes it takes to flash the device?
-
Got logging to work.
$logFileName = "/sd/logs/myrandomname.log";
Yes, the script has a small oddity, it has:
$logFileName = "yournamehere.log"; and allows you to configure furthermore:
$logFilePath = "/sd/logs/";
... yet the actual write uses only the first variable:
$handle = fopen($logFileName, 'a') or die("Can't open file");
So... a declaration of the full path and logname in $logFileName will work.
I like the iOS7 workaround in this script to convince iOS devices to connect without popups. RickRolers, are you paying attention?
// This is iOS' Wi-Fi connectivity test request: http://erratasec.blogspot.com.au/2010/09/apples-secret-wispr-request.html
// iOS 7 added some new domains to the wispr request:
// Seems the iOS 7 may have a heap of domains so also check for the "CaptiveNetworkSupport" header http://forum.daviddarts.com
if($requestedUri == "www.apple.com/library/test/success.html"
or $requestedHost == "www.appleiphonecell.com"
or $requestedHost == "captive.apple.com"
or $requestedHost == "www.ibook.info"
or $requestedHost == "www.itools.info"
or strpos($userAgent, "CaptiveNetworkSupport") !== false)
{
print_r("<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>");
exit();
}
Rather elegant.
-
Once they have provided the authentication can it note that in a text file with the following details for each connection.
Nope, sorry, can't be done. Although technically not 100 percent correct, think of it as a challenge response: the Access Point is sending a challenge, and the client a response, where the pass phrase is used as a shared secret. Technically correct would be to say that the actual authentication is never send in clear text and therefor can't be extracted from the data stream.
-
The adapter cable would be a nice addition for the hakshop, since everybody and their dog bought better RP-SMA connected antennas for their Mark IV. Wink wink, nudge nudge, know what I mean, know what I mean?
-
Apparently one is able to solder down the SMA connector in a much better way on the systemboard. A better fit, means less antenna loss, less chance it will break, so it means a better overall experience. But I do agree that it is a bit of an odd connector...
Shellshock bash bug on Pineapple if bash is installed
in WiFi Pineapple Mark V
Posted
root@Pineapple:~# cat /etc/pineapple/pineapple_version
2.0.4
root@Pineapple:~# env x='() { :;}; echo vulnerable' bash -c "echo pineapple found."
vulnerable
pineapple found.
root@Pineapple:~# opkg list-installed | grep bash
bash - 4.2-3
root@Pineapple:~# opkg update
Downloading http://cloud.wifipineapple.com/mk5/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/pineapple_packages.
root@Pineapple:~# opkg list-upgradable
root@Pineapple:~# _
Any plans for an update for bash? And yes, I do know root is running /bin/ash. That's not the issue.