Zylla

This would require the web-server to be running on the victims computes. PHP-code is only executed on the server which is running the http-server. If i open my browser, point it to a website with some php-code which uses the exec() function, that exec() function would not be run on my computers, but on the server. So for instance, if the php-code contains malware, it would then infect the server. At best you could get the php script to offer the client a .exe-file, but the same can be accomplished with normal html. I hope this answers your question.

Yes. My first thought is that iptables can help you route the traffic to the correct interface.

What happens if you open cmd, and run these exact two lines below? for /f %A in ('wmic volume get driveletter^, label ^| findstr "DUCKY" ') do set DUCKYdrive=%A echo %DUCKYdrive%

I have some repositories on github, where i merged Hak5's outdated repos with chaos-calmers upstream repo. You can find them here: https://github.com/adde88/openwrt-pineapple-nano https://github.com/adde88/openwrt-pineapple-tetra This will let you build kernel-version 3.18.45. And i suggest you do it like this: ./scripts/feeds update -a make menuconfig make kernel_menuconfig make V=s Use menuconfig as you normally would, then make kernel changes after that with kernel_menuconfig Then make V=s to compile everything. It works like a charm for me. When i find time, i hope to compile a kernel-version 4.1.x or 4.4.x for the Pineapples. But i'm not sure if the closed-source software on the pineapples will run. But time will tell

iPhone works fine via wifi-tethering. I've tried getting usb-tether to work, but i gave up after an hour of failing. Perhaps i'll make another attempt later. I know it would be useful, and i know openwrt supports usb-tethering on the iPhone.

I have built several custom kernel versions for both the tetra and the nano. And i just built everything as i normally would on the OpenWRT SDK.

I suggest trying: openwrt-ar71xx-generic-ubnt-nano-m-squashfs-sysupgrade.bin And no, there's no Pineapple UI in this firmware. This is just the openwrt source codes, with the changes they have made to make it build on their hardware.

I suggest you read up on what the Pineapple really is, and also what is legal to do, and what's not. On another note, you don't need to spoof your mac-address to act as another ap, as clients do not care about the mac-address of the access-points they are trying to connect to.

besside-ng works like a charm for me when doing exacly what you're describing. It's insanly fast, even on the nano. And catches handshakes within seconds. It also works on 5GHz channels. So i guess you could launch one process one wlan0mon, and another on wlan1mon that would cover both 2.4 and 5GHz at the same time. SSH terminal from my phone. But i guess you could write a small script that launches at boot and automatically starts to pwn everything within range.

You modify the "firmware" which is located on the PC, not the firmware which is on the hardware. This firmware is responsible for translating alot of the stuff that happens on the wifi-chip. It turns out that by editing the open-source firmwares for these devices, you can create strong DDoS devices, which works alot better, and more stealthier than regular de-auth attacks, or even mdk3 attacks. And more... Read up, or test it yourself here: https://github.com/vanhoefm/modwifi

Yes that would surely help, i was just thinking about temporary stuff that could help him mitigate the problem til it's patched. It was not meant as a permanent fix.

The first thing that comes to my mind as it is running linux is: 'nice' nice is a command that can limit a process/background-process cpu-usage. which also works quite "nice" (no pun intended) on the Pineapples! :) Maybe Pinesniffer should be run with that command? :)

The Tenda U1 has a RTL8192EU chipset (Realtek). There's no such thing as a "airmon chipset". Or were you perhaps asking if the chipset supported monitor mode or injection? If so, yes. It does support monitor mode. I'm not sure about injection though. You might get issues with finding a driver for you linux distribution though, but sources do exist on github, and elsewhere. By the way, you can get cards that works perfectly for monitor-mode+injection out of the box, for a very low price. For example the TP-LINK WN722N, which uses the AR9271 chipset from Atheros. I have several of these. There's also lots of other cool stuff you can do with these dongles. (firmware modding etc.)

It might seem to be related to a bug several users are experiencing with the kernel version 3.18.x. [link] Just producing traffic on the SD-card produces something like this: [ 1116.317108] sd 1:0:0:0: [sda] [ 1116.317199] Result: hostbyte=0x07 driverbyte=0x00 [ 1116.317220] sd 1:0:0:0: [sda] CDB: [ 1116.317233] cdb[0]=0x28: 28 00 13 7b 13 08 00 00 f0 00 [ 1116.317297] blk_update_request: I/O error, dev sda, sector 326832904 Here's a command i run on the NANO to trigger it: root@nano:~# badblocks -e 100 -v /dev/sdcard/sd1 You can then check dmesg for errors. The SD-card seems to disconnect, and after a second it reconnects with a new device-name each time (sda,sdb,sdc,sdd,etc.) Dmesg: root@nano:~# dmesg [191722.800000] usb 1-1.2: USB disconnect, device number 11 [191722.810000] sd 2:0:0:0: [sdc] [191722.810000] Result: hostbyte=0x01 driverbyte=0x00 [191722.810000] sd 2:0:0:0: [sdc] CDB: [191722.820000] cdb[0]=0x28: 28 00 00 1e b5 60 00 00 f0 00 [191722.820000] blk_update_request: I/O error, dev sdc, sector 2012512 [191722.830000] sd 2:0:0:0: [sdc] [191722.830000] Result: hostbyte=0x01 driverbyte=0x00 [191722.840000] sd 2:0:0:0: [sdc] CDB: [191722.840000] cdb[0]=0x28: 28 00 00 1e b6 50 00 00 10 00 [191722.850000] blk_update_request: I/O error, dev sdc, sector 2012752 [191725.890000] usb 1-1.2: new high-speed USB device number 12 using ehci-platform [191726.030000] usb-storage 1-1.2:1.0: USB Mass Storage device detected [191726.050000] scsi host3: usb-storage 1-1.2:1.0 [191727.050000] scsi 3:0:0:0: Direct-Access Generic STORAGE DEVICE 0933 PQ: 0 ANSI: 6 [191727.050000] sd 3:0:0:0: Attached scsi generic sg0 type 0 [191727.520000] sd 3:0:0:0: [sdd] 15187968 512-byte logical blocks: (7.77 GB/7.24 GiB) [191727.530000] sd 3:0:0:0: [sdd] Write Protect is off [191727.530000] sd 3:0:0:0: [sdd] Mode Sense: 21 00 00 00 [191727.540000] sd 3:0:0:0: [sdd] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA [191727.550000] sdd: sdd1 sdd2 [191727.560000] sd 3:0:0:0: [sdd] Attached SCSI removable disk [191727.890000] buffer_io_error: 31 callbacks suppressed [191727.890000] Buffer I/O error on dev sdc1, logical block 557056, lost sync page write [191727.900000] JBD2: Error -5 detected when updating journal superblock for sdc1-8. [191727.910000] Aborting journal on device sdc1-8. [191727.910000] Buffer I/O error on dev sdc1, logical block 557056, lost sync page write [191727.920000] JBD2: Error -5 detected when updating journal superblock for sdc1-8. [191727.950000] EXT4-fs (sdd1): couldn't mount as ext3 due to feature incompatibilities [191727.960000] EXT4-fs (sdd1): couldn't mount as ext2 due to feature incompatibilities [191728.020000] EXT4-fs (sdd1): recovery complete [191728.020000] EXT4-fs (sdd1): mounted filesystem with ordered data mode. Opts: (null) [191728.300000] Adding 1004364k swap on /dev/sdcard/sd2. Priority:-4 extents:1 across:1004364k

You can actually run the newest version of SSLstrip on the Pineapples, which defeats hsts. (I posted above 'explaining' how to use it) Also: There are several other viable attack-vectors one can use against most operating-systems. Though, your success rate will in most cases depend on the stupidity of your target. Just running Windows 10 with all updates + anti-virus will not save you against a persistent attacker. Same goes for Linux, OSx, iOS, Android etc.

As digininja said: your phone/modem is acting as a router to pass traffic to the correct locations. I have a 4G modem in my home with open ports, and i use both NAT and PAT to set it all up. If you're unable to open ports, try checking with your ISP if they offer this feature, or if they are actively blocking ports. I know that i had to change the APN on my modem from the default one, because my ISP was blocking ports on the default one to protect their users. Ask your ISP if they perhaps use a feature like this, where you enter another APN to allow opening of ports.

Yeah, what Seb wrote seems to be the case. I tested with my Pineapple while running airodump on my Kali box. Everything is working on 2.4ghz, and everything actually seems to be working on all 5ghz channels (from the Pineapples point of view) But the Kali box can only find beacons in the 2.4ghz range.

Yeah i've noticed the same bug here. The version info in /pineapple/modules/meterpreter/module.info is the same as the one reported from Module Manager. Strange :P

Yes! Your PC is sharing it's network-connection/internet to the Pineapple through the USB interface. I'm not sure what could be causing your problems, as i don't have that much information to go on. Do you have any power-saving features activated perhaps? Like USB or wifi power-saving?

I'm guessing it could be the regulatory settings, limiting your channels, pm me and i'll hook you up with something to remove those limits :)

Wifite works on the Pineapple. Just use SSH. Just make sure you to install python correctly. I get issues sometimes on the Nano, because the pre-installed python is installed internally, and it messes up a lot with the sd-card. The solution for me was to just delete the "/usr/lib/python2.7" directory, then re-install python through opkg, BUT make sure it gets installed to the SD-card (opkg install --dest sd) After installing it again, i make a sym-link from /sd/usr/lib/python2.7 -> /usr/lib/python2.7 = works. When using wifite2, make sure to install "coreutils-stty". But i generally recommend wifite-ng. It runs smooth. :)

Yes. Checkout MANA Toolkit for Kali Linux. It can take on WPA-EAP (Enterprise) encrypted wifi networks. I've ported the toolkit in its entirety to the Pineapples, but it's not very user-friendly yet, and you better know what you're doing when installing it. (Manual install) Github Link: MANA-Pineapple

You can use a USB-charger. My suggestion is a charger with enough amperage. I haven't had issues with a normal iphone charger, but i usually use my iPad charger (2 amps), to make sure it gets enough juice :)

You need to provide a bit more information if you want help. When you say scanning, are you referring to Recon? Also, are you 100% sure there are other devices within range that should show up? If so, how far away do you estimate these other devices to be? You could try testing the module "Site Survey", and check to see if the results differ. What access point are you referring to? The wireless administration network that the Pineapple is broadcasting, or another one? If you're talking about the Pineapples administration network: Do you get an ip-address when connecting to the network? Are you able to ping the Pineapple (172.16.42.1) when connected?

I highly recommend sqlmap.