Jump to content
Hak5 Forums


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


About Zylla

  • Rank
    Developer / Reverse Engineer
  • Birthday 11/22/1988

Contact Methods

  • Skype

Profile Information

  • Gender
  • Location

Recent Profile Visitors

3,089 profile views
  1. You could try tranferring the install-file (.IPK) to your Pineapple. then install it using opkg. for example: opkg install «name-of-install-file.ipk» —dest sd
  2. RT @qwertyoruiopz: Here's the iPhone 7 10.0 / 10.1 KTRR bypass fully-atomic and thread-safe ROP chain https://t.co/eBMAkPjxIL

  3. Security student seeking help

    Yeah, i also couldn't get it running. Taking a quick look at the binary it seems to be compiled for Linux 3.x kernels. Not sure if that's the cause, or if we're missing some libraries, as no error messages was displayed. I'll be looking deeper into it when i get time =)
  4. Security student seeking help

    I still haven't tested the newest release, so i'm not sure what changes have been made. But looking at the error-code, your're missing Go. And probably alot of libraries... So i reckon one would need to manually cross-compile it using the SDK for OpenWRT.
  5. Security student seeking help

    I haven't tested the latest version on the Pineapples. It's been a while since i attempted to get it running. That's awesome :) I didn't mean to sound disrespectful or anything against the Pineapples, it's just been my experience that alot of these "ssl-tunneling proxies" require alot of "juice". I'm very impressed by the Pineapples, and it comes with alot of useful closed-source software unique to the Pineapples. So if one is experienced with penetration testing, especially wifi-related stuff, the sky is the limit on the Pineapples! It's a beast :)
  6. @ishaan_s @ijapija00 Stop posting this fake-ass shit. The dude clearly has no idea what he’s doing.🙄

  7. Security student seeking help

    Hi there! I can give you some pointers regarding sslstrip+dns2proxy. (I reckon that's what you meant, right)? The reason the success-rate is so low now is because most clients are updated against this attack. When i say clients i mean the actual browsers, or the software that is generating the SSL traffic you want to catch. Some clients are still vulnerable to the attack, so it's not in vain, just not 100% guaranteed to succeed. So my opinion (if you want to catch as much encrypted traffic as possible) is to use an embedded device with more power. Like the Raspberry Pi. You can then run the exact same attacks if you will, or those with higher success-rate: (bettercap, mitmdump, etc.) There is a way to get Bettercap running on your Nano/Tetra, but it's horrendously slow! (At least on the Nano.) That's why i recommend using another device, with more CPU and RAM.
  8. Yeah, as i stated: modern and updated browsers are updated against this attack. But still, some clients and some software are still vulnerable to it.
  9. Taking a look at the repo. (opkg list | grep libnet) now, it looks like libnet0 and libnet1 are your options. Not libnet-1.2.x.
  10. Looking fast at your iptables, i'm noticing you're only forwarding port 80. (HTTP) Which is fine, but you're also interested in forwarding the SSL traffic, which goes over port 443. I suggest you try enabling that as well. But don't have your hopes high when it comes to success-rate. Most browsers now are updated and protected against this version of the attack by using dns-caches as an example. Some clients however are susceptible to this attack though. Sadly the best attacks don't work that well yet on these embedded devices, like mitmproxy. Due to requiring alot of CPU/memory.
  11. Pineapples With Kismet Web Inerface?

    I'm also struggling a bit compiling the latest HEAD version of Kismet at the moment. Not nailed down the exact issue yet. But if you want Kismet with web-interface then you can go like this: Download: https://www.kismetwireless.net/code/kismet-openwrt-tetra.tar.gz Extract all the IPK files inside, and send them to your Pineapple. NOW, If you want to use each and every file inside here as served, you will need to downgrade some stuff, which may cause issues with other stuff. OR you could not downgrade some stuff (like libpcap) and instead symlink the file you already have to the file that Kismet wants. (fooling it a bit) So installation procedure: # THIS WILL NOT PRESERVE LIBPCAP opkg install --force-checksum --force-downgrade *.ipk # THIS WILL PRESERVE LIBPCAP \o/ rm libpcap_1.5.3-1_ar71xx.ipk opkg install --force-checksum --force-downgrade *.ipk ln -s /usr/lib/libpcap.so /usr/lib/libpcap.so.1.3 ln -s /usr/lib/libpcap.so /usr/lib/libpcap.so.1.3.0 (IF you're using a NANO. Remember to add "--dest sd" to every "opkg install" line, to use the sd-card, and not the internal memory) Then, the creator have somehow misnamed a directory. Quick fix with this command: mv /etc/kismet/http_data /etc/kismet/httpd Don't forget to edit: /etc/kismet/kismet.conf and maybe /etc/kismet/kismet_httpd.conf Launch kismet and browse to: http://pineapple-ip-address:2501 Vòila! :)
  12. @NikolajSchlej Props to you! I’ve used UEFITool aloe! 😉👍🏻 thanks!

  13. Thanks for the heads up, will look into it asap. Been busy the last few days and currently with moving from our old house. So, i'll see what i can get done on my spare-time. Does Python crash when this happens? To be honest: no. 400MHz, and limited RAM, is actually not enough to run these tools with many clients connected. You should set a client-limit on the Nano. And yeah, pre-compile the .py files on your entire Nano. Link to guide here: (It should speed up your python processes a bit! Since that's the bottle-neck with the Toolkit on the Nano)
  14. Pineapples With Kismet Web Inerface?

    Kismet? I'm working on it already. :D Just been a bit busy lately. Just started moving from our old house to a smaller apartment. Jeeez, so much stress with moving.... Back to topic: i'll see what i can pull out of my magic bunny-hat! ;)
  15. RT @singe: A comprehensive set of VMs to learn/teach the many ways of privesc on Windows & Linux hosts by @s4gi_ https://t.co/MXVvBWOjjB He…