cheeto
-
Posts
721 -
Joined
-
Last visited
-
Days Won
9
Posts posted by cheeto
-
-
I couldn't agree more Datahead.
Many thanks to sud0nick for this imfusion.
If you have comments, make it constructive. These guys have helped me so much.
I'm sure you will get the help you're asking for.
Cheers
-
@sud0nick,
That is a VERY GOOD TIP!
I went ahead and tried it and I guess it closed all the running infusions because I couldn't even log onto the mkv without having to reboot.
That's was exactly what I was looking for. I guess this might actually avoid me from bricking it again.
Many thanks!
-
Well, after looking around the forum, it seemed like my mkv 5 was bricked.
Thanks to ZaraByte's tutorial: https://forums.hak5.org/index.php?/topic/33303-howto-wifi-pineapple-mark-v-how-to-unbrick/
along with this updated tutorial: https://www.wifipineapple.com/?flashing
I was able to revive my MKV.
I hope this could help someone else in the same boat.
I still am not 100% what caused it to brick like that. Perhaps it's way i had to shut it off. A practical infusion could be a simple OFF switch or button that kills all the process taking place in order to make a safe turn off.
Thanks guys!
-
Actually never touched the dip switches. I know it supposed to ask me to flip them a certain way while installing the firmware but I didn't even get to that point. :(
At this moment all dip switches are UP and I can't access my MKV. :(
Thanks
-
Hey guys,
Not sure, but my MKV is dead.
It all started when i couldn't log in with via wifi.
Then i tried logging in with lan, and i did but the wifi part wasn't working.... Furthermore, the death infusion was in some kind of loop. It was auto-starting and when i pressed "stop" it would say "sleeping" or something like that.
OK making a long story short i re-flashed the latest firmware 2.40 and never could get it to work after that. (i let it flash for approx 25 min before unplugging the thing.)
Right now I have the lan connection hooked up and I'm getting a flashing BLUE LIGHT and a steady green light.
and I can't access: http://172.16.42.1:1471/
Any suggestions?
thanks for reading guys!
-
Thanks for this UPDATE & the VIDEO!! I hope to install it this weekend.
Couple questions:
- If the victim installs the server onto his/her computer, can i have remote access to that computer at a later time too? (like a trojan)
- Can a payload be made for android? If so, i think the user might get a warning about installing from outside of the playstore., right?
Thanks again and good job! I think I'm going to watch the tutorial again.
-
The average user doesn't know the difference between wep or wap.
Anyway, I have tested this theory many times and it works 88% of the time.
It all boils down to the splash screen. It has to look very real. Before pentesting a target, It's important to check out the router brand or even the isp. All of this is possible and will come in handy when making a convincing splash screen.
Another important measure is to zero in on the victims channel. This way when you deauth the target you will only death a specific bssid. (No channel scanning) this sometimes makes the target bssid disappear, so the only option is to log onto the mkv.
My suggestion is simply to automize this rather than having to check to see if you picked up a credential. The mkv has the capability to do this, but it needs to be stringed together into 1 infusion and automized.
-
I think the MKV version of this could actually be better. For one reason, Linset does not allow you to customize the splash screen. We all know we can make our own splash screen on the mkv.
I agree the MKV has a lot of the tools needed to get this to work. The biggest challenge will be making the script that will collect the wifi password and test it on the victim´s AP.
If the password is correct then, shut down the deaith & bssid spoof, if the password id incorrect then continue deauthing and spoofing the victim´s AP.
I know nothing about programming, but I'm more than willing to test whatever you guys need testing.
cheers!!
-
Hey guys, just to give you a birds eye view on how it works:
-
Hey guys, here's my infusion idea.It's based on "linset".The objective is to get any Wifi password. (WPA/2 etc..)Today, this can be done with Evil portal. It works as long as the splash screen is convincing.But why not go further?:First step is select target AP and spoof the bssid name.2nd, death the Target's AP.Once the client connects to the MKV (Evil Portal) and enters the wifi password, the MKV will TEST the password on the victim's AP.If the password is correct, then the password is saved and both Evil Portal and Deauth are shut off. If the Wifi enteredby the client is incorrect, they'll be prompted to re-enter the correct password.This works great on LINSET, it would be ground breaking if the MKV could do this too.Cheers and thanks 4 reading.
-
I thought it was a rather long shot too.
Oh well, thx anyway.
-
Just thinking out loud here... But would it be possible to force the nodogsplash popup screen once the victim is connected to the mkv?
For example have an to launch splash screen regardless of the system or connected device.
It would be a HUGE PLUS! I know it's a rather long shot, in fact, maybe i should mention this in the infusion idea section.
thx guys
-
I tried an iphone 6 and an ipad air and both had the nodogsplash popup appear. :)
I think the iphone 6 has ios 8 and the ipad air is on ios 7.
Is this supposed to be a security measure? If anything it's an inconvenience. (at least for me)
Cheers
-
This morning I went to a nearby gas station to see whats going on.I took with me a rooted Samsung S4 with KitKat 4.4.2 and an HTC M9 with 5.1 lollipop.This gastation has a captive portal which requires no log in. (simply has press buton to enter thing)Anyway, when I connected to the gas station's wifi, with the S4 (kitkat 4.4.2) i got a pop up screen saying welcome to bla bla bla...Then I tried the same thing with the M9 (lollipop 5.1) and no popup screen appeared. The only way to see the welcome message was to navigate.So yes, it's simply a firmware issue not a captive portal isssue. Personally, i prefer the popup screen rather than the non-popscreen.I don't think the Android developers did this because of a security issue. In fact, i think it's more of a bug if anything.The reason i say this is because, let's say i connect to the gas station's wifi with my M9. Instead of navigating, I go to my mailbox and start writing emails that aren't going to be sent or, I start using whatsapp and nothing happens.Anyway, thats my 2 cents. Again, It's a preferce for me to have the pop up appear saying please log in or press a button to access our internet service bla bla bla.Thanks
-
Hi Newbi3:After a lot of testing with Evil Portal, I can confirm the following:When a victim connects to Evil portal, the NoDogSplash popup screen works with:Android ver. 4.4.2 (KitKat)However the NoDogSplash popup doesn't work on android 5.1 lollipop. The only way to see the splash screen is to open up a browser.What i need to test now is if works when i go to public hotspot. (actually i think it does)So here's the big question, is it possible that Android can differentiate Evil portal from a Captive Portal?Many thanks!
-
Sounds reasonable... in fact I recently upgraded my firmware. Perhaps it may have something to do with that. I'll mess around with my Android devices to see if it has something to do with my configuration.
Many Thank Newbi3!!
-
Yes, correct,
It does work if my Android device connects to my MKV's Evil portal and I try to navigate, (eg: www.abcdefg.com) then i will see a splash screen.
In the past however, the popup screen would appear automatically without having to open your browser and navigate. The only thing that comes to mind is my recent updates i made on my Android devices. Sounds crazy, but maybe Android changed something.
-
Hey Newbi3!,
Yes, my mkv is connected to the internet via client mode.
For some reason, when using an Android device, I'm not getting the pop-up splash screen that asks the client to enter his/her creds..
What I find a bit strange is that it works fine on other non-Android devices.
BTW, I tried other captive portals that i made, and the same thing is happening.
Has this happend to anyone else? Also, I'd like to point out that these same portals used to work perfectly fine on my Android devices.
Thanks for jumping in!!!
-
Hi guys,
I'm having an issue with Evil Portal. (I recently re-installed it along with the newest firmware)
For some reason, the splash screen isn't popping up on my Android devices... (Samsung S4 and Samsung Galaxy Tab A)
On the other hand, the splash DOES pop up when using Iphone 6, and a pc.
Anyone else experiencing this?
Thanks guys!
-
Hi guys,
I'm messing around with the deauth multiplier. SWEEEEEEEEEEEEET!
Can someone explain "Deauth Multiplier" and the values 1 -10? Do the numbers represent seconds? Is there anyway to just deauth a client until an undetermined amount of time. (using recon)?
Thanks!!
-
I really appreciate your hard work guys.
Many thanks!!
-
I'll give this a few days and maybe do a video on it in case their are any major changes to the interface :B
Gonna need a few days recovery after redesigning my site.
Hey Zarabyte, Looking forward to another one of your tutorials.
Cheers!
-
Thanks Whistlemaster!! Also special thanks to Datahead who also played a key role in getting pixiwep going.
You guys are GREAT!
-
Hey thanks for the reply.
I'll look into your suggestion. I assure that I've tried everything.
I'm currently trying to get the url to: http://www.mega-television.com/
I'm rather new to this. But what i've gathered so far:
If an iptv link (especuilly premium channel link) is 3 days old, it's more than likely not working.
Simple Tv is the only good software that works with rtmp.
A sure bet is ACESTREAM since it de-centralized. (like bitorrent)
Thanks again
Sup?
in WiFi Pineapple Mark V
Posted
Are we talking about a new Pineapple or a Pineapple slice?
What do you guys think?