Jump to content

KenPC

Active Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by KenPC

  1. Anything in the /tools dir will then be moved to /tools on the bb system partition. You will see it when you ssh into the bunny and ls -l /tools
  2. Sorry for a stupid question, but where to put the md.ps1, server.py and p.ps1 to get this to work? root of the bashbunny filesystem or in the USB storage FS? Edit: after looking at the payload .txt, I noticed it's calling it in $switchdir. I got it now. EDIT2: anyone having issues with it waiting for the websever, but it's up and hosting p.ps1. When I manually run it, the BB goes green. Otherwise it just sits flashing blue forever. Running on Windows7pro base install fully up to date. I'm no ps pro otherwise i'd debug myself :/ I'm more of a Physical Penetration-ist myself. Just dabbled in some coding.
  3. Errors out on the first powershell window.
  4. Based on this question alone, it seems you put 0 effort into doing your own research. We won't do homework for you. please search the forums, the YT channel, and the store and do a little reading. If you're still confused, come back and ask a more structured question. At least make it look like you tried. Sorry for Necromancing.
  5. Most likely the sites that don't work are using SSL/TLS. try rr on an http:// and then https:// youll notice it works on one but not the other. ssl strip doesnt exactly work anymore and will just cause browsing issues for clients since most modern browsers impliment HSTS.I'm sure hak5 is working on a workaround but currently, sniffing, packet injection will only work with http://
  6. This is because modern browsers are now implementing a technology called HSTS. You can read about it here https://en.m.wikipedia.org/wiki/HTTP_Strict_Transport_Security The coming pineapple update supposedly has a partial workaround for SSL/HSTs. Can't wait. To bad most users only go to those sites so to them, it'll just be like "internet isn't working :'( "
  7. Has anyone gotten this to work correctly? http://blog.logrhythm.com/security/xfinity-pineapple/ I followed the steps 1.) scp the landing page files to /www/x 2.) configure EvilPortal 3.) add the nodogsplash and when I connect is correctly takes me to the splash but no Images (only text) is shown. So my question, How do I point everything to the www/x directory so the splash is displayed correctly for clients and the correct logging is done as it is explained on the link above? ie. Takes user to sign in page>user tries to log in>tells user that the user/pass is incorrect> user attempts to log in again> user proceeds to internet with both login attempts recorded on auth.log Source: http://speedy.sh/79Dqk/xfinity-pineapple-master.zip
  8. Ive had better experience from starting dnsspoof before you start karma. that way the dns is correct on other clients machines when they connect. It seems most stable this way.
  9. There seems to be an issue where if a connected client tries to go to an Https site, the browser goes nowhere. But if you go to an Http site, the roll works as intended. Is this a bug, or is this a limitation based on SSL/TLS?
  10. I made a thread earlier about this. I had the same issue. I seemingly resolved it by changing my laptop mac with macchanger to the client mode radio's MAC on the pineapple, connecting to the hotspot and accepting the EULA, then disconnecting and connecting the pineapple back up. That allowed clients connected to the pineapple internet access(including my own laptop) Usually there is a MAC address lease time for these public hotspots that need top be accepted upon connecting and/or every hour or so. although, while running 1.4.1, I went back to the same hotspot I had the issue with and it connected and allowed internet access just fine without having to do the Macchanger dance with my laptop. So maybe it was a different issue. Either way, I know some Public wifi hotspots (especially hotel wifi) will do this.
  11. I think I found a fix (workaround) for the issue. 1.)On laptop, use macchanger to change your internal wlan0 to the same mac as the client radio on the pineapple. 2.)Connect to atwifi 3.)Accept Splash Page 4.)Disconnect and revert mac adress changes 5.)Connect Pineapple in client mode and resume normal operation.
  12. Heres the scenario 1.) have pineapple running Karma and in client mode with the other radio connected to a public "attwifi" as the internet source. 2.) clients connected to karma cannot reach the internet because there is a splash page for "attwifi" that the Pineapple cannot accept.(no integrated browser to accept the public splash page to let internet through) 3.)???? 4.) no worky
  13. I'm sorry that I don't have a solution to your problem, but I wanted to ask you, How is using the N900 and Pwnphone? is it worth buying one now and using it? Or is it not worth the time and $$$ and wait for the "ubuntu phone" and wait for that to be turned into a Kali phone, lol. Since the internals are old, I heard its unbearingly slow. But pretty cool that the built in wifi is capable of Mon0 and Packet injection
  14. What Is a good netbook that will fit in the bag that will do everything we need it to do? Also, What else do you carry in the bag, that you feel like sharing. :)
×
×
  • Create New...