[[Release] 2.4.0 - Codename: Tractosaurus Rex!]

stay away from evil portal, portal auth, ettercap, tor....

best best is to run everything you can from the command line and forget about the non stock infusions.

I have a hard time believing the Pineapple is at fault for most of the issues that arise. I've been using my same MKV for the last year now, over multiple firmware upgrades, and I have yet to have any of the issues that plague your lives. I wouldn't blame the infusions, or the firmware, if your stuff is constantly bricking. My Pineapple has never bricked and I use it all the time.

[Is my MKV dead?]

You can also go to the Configuration infusion, under the Advanced Tab, and enter

poweroff

or

halt

before unplugging it. That's as close as you'll ever get to shutting down the Pineapple.

[John McAfee is running for President (Not Shilling. Just Asking.)]

Wake me up when people realize that taxes need to go UP.

Yes, taxes need to go up now to get the US out of its debilitating debt. I was speaking more in terms of funding programs rather than working to pay off debts in which case, if money was spent wisely, taxes could be lowered.

[Veil-Evasion on Kali 2]

I ended up getting it to work by adding an additional repo in /etc/apt/sources.list. For some reason my fresh images of Kali 2.0 didn't have the necessary repos. For anyone else that might have this issue your sources.list file should look like this:

# Regular repositories
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
# Source repositories
deb-src http://http.kali.org/kali sana main non-free contrib
deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

Then run the following:

apt-get clean
apt-get update

And you should be able to run the setup.sh script without a problem.

[Veil-Evasion on Kali 2]

Thanks. I'm gonna run a few more tests and make sure I'm not missing anything and if I still can't get it to work I'll raise an issue on their GitHub page.

[Veil-Evasion on Kali 2]

Has anyone had success in installing Veil-Evasion on Kali 2.0? I've tried on both the 64-bit and 32-bit versions but it always fails. The error I get on the 64-bit version is about it not being able to find a package for Wine and on the 32-bit version I get an error about it not being able to install ttf-mscorefonts-installer. I've researched the issues through Google and even found incidents exactly like mine, however they were all resolved with solutions that did not work for me. Some of the information is misleading (possibly outdated) because some sources state it only works on Kali 1 while others state they have it working on Kali 2. Anyone have some advice for me?

[John McAfee is running for President (Not Shilling. Just Asking.)]

I agree with you Cooper. Unfortunately, our taxes are wasted on many different programs. There is plenty of money going toward the federal government but not enough of it being spent wisely. Taxes could probably be lowered if the money was spent wisely in each program. Of course there are so many programs being funded and so many individuals within those programs trying to line their pockets that it's difficult for anyone to do anything about it. One area in particular is government contracting. The companies that fulfill the contracts don't care about how much it's going to cost the government for their services (which comes from taxes) they just want to get as much money as they can.

[Internet]

Are you using RADIUS? That's the only reason I can think of needing to enter a username for WiFi authentication.

[Usb to usb battery power for the pineapple]

You should only power the Pineapple through it's barrel jack. The Pineapple operates at 9v @ 2A (iirc, correct me if I'm wrong) so you need at least an 18W power supply. Typically, USB pushes 5V and only about 0.5 A (from a PC) for USB 2.0, nowhere near enough power to run things properly. I'm not sure how much your PowerGen is pushing but if you can find a way to power the Pineapple through the barrel jack that would be the best method.

[Android 5.x Lockscreen bypass using a Ducky Payload.]

Soooo...where's your script? I'm trying to load the video at work right now but if the ducky script works I would like to add it to my library.

[[Support] Portal Auth]

If the victim installs the server onto his/her computer, can i have remote access to that computer at a later time too? (like a trojan)

Just to be clear, the victim won't install the server on their computer. The payload I included will set up a listening socket (which is what I think you meant) so as long as that program is running in the background on their system you will be able to access it.

Can a payload be made for android? If so, i think the user might get a warning about installing from outside of the playstore., right?

The point of the NetClient page is to upload any payload you want. If you can make a payload for android then you can upload it to the Android section. The Payloader injection set will use the user-agent string of the victim's browser to determine what OS they are on. If they are on Android they will receive the Android payload, if they are on Windows they will receive the Windows payload, etc. By default I included the code for a Windows and OS X payload but you can always use the veil framework or metasploit to create your own payloads. I plan on playing around with the veil framework sometime this week as I have recently discovered it and it seems awesome.

[Chrome crash bug]

There was a git page that made it into a game where you had bear face and pine tree icons structured like a maze. Move your mouse in over the bear faces and follow that path through the maze. If you hit a pine tree your browser crashes (meaning you get a blank page that says there was a problem, but it did bring down a few more pages that were dealt with by the same browser program instance).

I came across this game a few days ago at work, lol. Kind of fun.

[[Support] Portal Auth]

Version 2.8 has been submitted to the Pineapple Bar. Here is the change log:

[->] Added Payload tab which includes the Portal Auth Shell Server (PASS), payload upload center, and a default payload for Windows and OS X.
[->] Modified the auth log tab to auto refresh.
[->] Moved the Test Website and depends back to PuffyCode.com.
[->] Added the Payloader injection set for delivering payloads to victim machines.

Also, I put together a complete how to video on Portal Auth. Check it out in the Pineapple University forum.

[[Infusion] WiFi Locator]

Any update on this infusion? I'm anxious to get my hands on it.

[<IDEA> Infusion Idea]

apart from a new infusion, This should also be easy enough to implement with a portalauth injection set with some script to run on the "connect" button press to check the validity of the apart credentials provided, and evilportal.

This is a really good idea for an injection set. I'll have to look into it after I complete the updates I'm already working on for Portal Auth and the Payloader injection set. Unless if someone else wants to work on it. After all, the modularity of injection sets was intentionally designed so others could create and share.

[Infusion idea - Creepy Pineapple]

This is something I am putting together in my head as well with some additional features. It's a big project but it's a fun one.

I'm willing to help if you want to collaborate on this project.

[Social Engineering Technique 1]

Is the technique to get us to click on the link? If so, you have failed.

[A drone that can steal data just by hovering above you]

The park and stare idea isn't too bad. You would need a good camera with a wide FOV and possibly head tracking abilities to land it safely from such a distance. You also probably wouldn't be able to fly on the normal 2.4 GHz freq unless the building is close by with almost no interference between you and it. Regardless it would still be nerve-racking to land in a small area with only a camera.

[(Help) WebUI Problem]

Give it a couple of minutes and refresh the page. For some reason mine does this whenever I first boot it up. After a few refreshes everything runs smoothly.

[Infusion idea - Don't track my mac]

It's a wifi pineapple you should be able to do better than that.

"They can see where you’ve been in the store with a resolution of a couple of feet (much better than GPS)"

I'm talking about being able to walk into walmart with a pineapple and a few directional antennas, logging the macs of your fellow shoppers and replaying them around the store, maybe even with different power levels? That's got a better chance of messing up what it is they are trying to do.

Aside from the legal issue of walking into Walmart using your Pineapple without the consent of the company and all customers within, replaying people's MAC addresses (whatever that means) on the same network won't do anything for you. Whoever is tracking them will still see everyone is on the same network in the same location. newbi3's solution is just fine because it allows you to change the MAC address of the Pineapple so you aren't tracked. Of course if you are in a public location on WiFi that most likely requires MAC based authentication you will be reauthenticating every 5 seconds with the AP.

[[Support] Portal Auth]

What I have been doing is trying to somehow utilize the default portal options that are already there (i think one of the default options that is already loaded into there is called "freewifi" or something) cant I just use those just the same as cloning my own portal from scratch? also why are those default options already there for?

You have to clone a captive portal, or webpage, to use the injection sets. They are injected into the portal as it is copied to the Pineapple. I'm currently working on a new version of Portal Auth and I'll make a full guide on how to use every feature once it's finished but until then you can watch this video on some of the features. https://forums.hak5.org/index.php?/topic/34421-support-portal-auth/?p=258766

[[Support] Portal Auth]

Hi,

Many thanks for this good info!

For me however, nothing saves in the /sd/portals/ folder at all??

So, after you clone a captive portal, and the message appears that the portal was cloned successfully, you SSH into the Pineapple and check /sd/portals/ and nothing is there? If you open the large tile in Portal Auth, under the config tab, you should see a field for the portal directory that by default has /sd/portals/ in it. If it doesn't then you need to check the directory that's listed there instead.

Also, not quite sure what you mean by this?? apologies... not sure what to do...

Cheers,

onion

Under the Config tab in the large tile there is a field labeled Test Website. This is a URL to a webpage for Portal Auth to check if a captive portal is present. Since InfoTomb took down the file that Portal Auth links to by default I put up another link to my server. You can put that link in the Test Website field so you don't get false positives.

[A drone that can steal data just by hovering above you]

Even with swarm processing it won't be able to track their eye movements to know if it's been seen. If I had a drone flying above an establishment that was my target it would probably be because I don't want to be caught by the people below. So we could expect people to be around most of the time which would cause the swarm processing to constantly freak out and force the drone to fly back and forth without keeping a solid connection to the network or even gathering decent video of the surroundings.

[[Support] Portal Auth]

It seems that InfoTomb doesn't hold on to files forever like they claim. The portal test page has disappeared now as well. Although I always recommend you use your own so you know which servers your Pineapple is connecting to when checking for captive portals I do have a page setup on my server.

http://www.puffycode.com/download/PortalAuth/cptest.txt

The expected data field in Portal Auth should be set to "No Captive Portal"

[Firefox Lightbeam plugin]

I use Ghostery. It seems to do a good job at finding trackers on pages and allowing you to block them.