Armaal
-
Posts
72 -
Joined
-
Last visited
-
Days Won
2
Posts posted by Armaal
-
-
Hi, anyone knows how to inject the fake adobe flash update like Kevin in the MKV and where i can found these scrips(fakedns & beginspoofing.sh)
Thanks!
If you wanna to do the same things as mitnick you should see BEEF (XSS).
You could inject some malicious javascript inside the victim browser (like a fake adobe update) & get a hooks (->get shell->hi jacking cookies->steal password->etc...)
but I don't know if we could get beef into the pineapple
-
(yes the Nintendo 3DS are not very quiet with the probe request (Thanks to StreePass) she wanna go pollute your logs!)
-
(perhaps some "malformed" probe (from the client itself) could get this result on your terminal.
-
Hello
The Amped SR10000 will be great for you (great product). Better than the Pineapple for you request.
You can check also the TL-WA830RE less cost and great performance for the price.
-
Most successful attacks come from the user's laziness. People don't keep their systems up to date like they should nor do they harden their systems. People will install anything and everything that they want, opening ports without even knowing, and not pay attention to the risks. You know there are still many organizations running Windows XP right? There are a lot of people that out there that just don't want to change their system because it is familiar. You won't get everyone but you will get some. When performing a pentest on an organization you will most likely trick a few people.
"Most successful attacks come from the user's laziness"
Yes & yes.
-
If I know the password of a specific Wireless network, can PineAP automatically spoof/clone this network and deauth clients on the real network to force them to join the honeypot network?
If the answer is yes, can this be done if the password for this network is not known as well?
Thanks in advance.
PineAP cannot craft special beacons from a secured network (like WPA2) even if you have the password
Karma method for 10 years now is working ONLY with open network
In your case you can create the same ESSID / Channel and on other hand perfom a deauth packets
-
This issue has been fixed and pushed to the WiFi Pineapple Bar.
Best Regards,
Sebkinne
Great jobs dude
-
@Seb
There is a bug for the DIP switch.
The nginx return error 500
I cannot save my request by the POST method (button Save DIP Configuration)
-
(I like this Codename & the logo :) )
-
"Did you ever wish you could talk to your Chromebook simply when the screen is on and unlocked? Lucky you! Say "Ok Google" in Dev Channel and ask for anything!"
Yes right now you can control your chromeOS via voice recognition it's nice.
But something tick me ->
"As expected, all your voice and audio activity will be easily accessible at https://history.google.com/history/audio "
-
That looks like a social engineering attack in first following by (hyper) complex malware..
-
My summary about it..
I'm not a ninja wifi user and perhaps it's not totally TRUE but I've been reading some artical about wireless security. Especially WPA-AES-PSK
To redirect the subject about the Pineapple & her-self security ->
"Offensive (open access point)"
- WLAN0
- No security inside (no WPA no WPA2 no AES, no TKIP etc...) -> this network are not encrypted (if you are not under HTTPS) then you can sniff packets easily (turn on Wireshark TCPDUMP etc..)
- It's working like a charm with Karma method (auto connect on unsecure accesPoint) (the basic sense!)
- Pineapple Management are listening under 1471 and everybody can go here (you (read next under line) & clients) (you need your unix credits to connect & manage) so don't connect with your admin password!
- Like sud0nick said you shouldn't (mark admin) navigate (on www) on this open access point because all clients with Wireshark CAN sniff your web-surfing... (hacker hacked? sad story..)
"Management (secured access point) "
- WLAN0-1
- Built-in security WPA2 ->This network are " fully " encrypted (TKIP - AES) and it's almost impossible to sniff data frames. Why almost ? because in wireshark you can decrypt by applying the passphrase : Edit -> Preferences -> Protocol -> IEEE 802.11 -> Enable Decryption” checkbox. Then click on Edit “Decryption Keys” section & add your PSK by click “New“. You have to select Key-type as “wpa-pwd” when you enter the PSK in plaintext.
- Password (Passphrase) on this network mean "No KARMA | NO CLIENTS" here. Just you the admin. And you are the only one person to know the passphrase.
- Pineapple Management are listening under 1471 and
everybodyonly the admin can go here (passphrase)
-
While not explicitly stated, I think it is fairly safe to assume that the device mentioned in this article is probably a WiFi Pineapple
I've seen this article 4 days ago on SecureNinja.
Very nice handwriting. I liked it a lot.
-
The last part didn't make any sense
I was in hotel suite 2 days ago. The installation (Wifi Extender, Routeur etc..) was HP stuff. Exactly ProCurve.
The system was performing under MAC filter only
-
Captive portal based "only" on mac adress is a really bad idea but i'm pretty sure it's almost 60% of WiFI router. HP ProCurve ?
-
I did so
But i found a cause of problem
If i turn on ettercap in pineapple
devices which connect to pineapple can't access internet
if i turn off, everything is ok, how to fix it?
It seems you have problem with your iptables rules
-
You would share internet connection from pineapple. right ?
Be sure your wlan1 are in client mode then connect to your AP (ISP connect)
Your wlan0 normaly broadcast the AP where your clients should connect to it.
If you wanna monitor your pineapple by your computer launch a Linux VM & connect her to the pineapple.
Also make a SSH connection and then try a ping 8.8.8.8 if you have a real connect' .. -
For Europeen (It's a dutch store ! Da ! @ BeNe ^^ )
http://varia-store.com/
I've purchased about 200€ (antenna, cable, router...) my mark is 5/5.
Good quality. Very responsive. "Pro" -
I think seb is very busy. Hak5 team are moving to a new office ->
-
Mmmh
Buisness ?
Owned guy -
hey Bene
where are you getting your terminal ? from windows ? in VM with konsole etc? -
It could theoretically be, that i dont own this device . But surely i have a permission to the test this on these.
No idea on what for a OS it runs. But must be a Asus (MAC AC:22:0B AsustekC)
But somethimes my HTC and Sony Phones are going crazy like this one.
One has a modded ROM and the sony is on stock.
Yes the ac:22:0b:5c:ef:13 are the Nexus 7 (BeNe said that 1week ago)
-
BeNe
your ac:22:0b:5c:ef:13 are running under CYANOGENMOD ? -
Banks alias Jillian Rose Banks !
New Pineapple, connected to Internet, wifi working...can't get to console
in WiFi Pineapple Mark V
Posted
try some ping and nmap