Jump to content

sud0nick

Dedicated Members
  • Posts

    1,056
  • Joined

  • Last visited

  • Days Won

    66

Posts posted by sud0nick

  1. stay away from evil portal, portal auth, ettercap, tor....

    best best is to run everything you can from the command line and forget about the non stock infusions.

    I have a hard time believing the Pineapple is at fault for most of the issues that arise. I've been using my same MKV for the last year now, over multiple firmware upgrades, and I have yet to have any of the issues that plague your lives. I wouldn't blame the infusions, or the firmware, if your stuff is constantly bricking. My Pineapple has never bricked and I use it all the time.

  2. I ended up getting it to work by adding an additional repo in /etc/apt/sources.list. For some reason my fresh images of Kali 2.0 didn't have the necessary repos. For anyone else that might have this issue your sources.list file should look like this:

    # Regular repositories
    deb http://http.kali.org/kali sana main non-free contrib
    deb http://security.kali.org/kali-security sana/updates main contrib non-free
    # Source repositories
    deb-src http://http.kali.org/kali sana main non-free contrib
    deb-src http://security.kali.org/kali-security sana/updates main contrib non-free
    

    Then run the following:

    apt-get clean
    apt-get update
    

    And you should be able to run the setup.sh script without a problem.

  3. Has anyone had success in installing Veil-Evasion on Kali 2.0? I've tried on both the 64-bit and 32-bit versions but it always fails. The error I get on the 64-bit version is about it not being able to find a package for Wine and on the 32-bit version I get an error about it not being able to install ttf-mscorefonts-installer. I've researched the issues through Google and even found incidents exactly like mine, however they were all resolved with solutions that did not work for me. Some of the information is misleading (possibly outdated) because some sources state it only works on Kali 1 while others state they have it working on Kali 2. Anyone have some advice for me?

  4. I agree with you Cooper. Unfortunately, our taxes are wasted on many different programs. There is plenty of money going toward the federal government but not enough of it being spent wisely. Taxes could probably be lowered if the money was spent wisely in each program. Of course there are so many programs being funded and so many individuals within those programs trying to line their pockets that it's difficult for anyone to do anything about it. One area in particular is government contracting. The companies that fulfill the contracts don't care about how much it's going to cost the government for their services (which comes from taxes) they just want to get as much money as they can.

  5. You should only power the Pineapple through it's barrel jack. The Pineapple operates at 9v @ 2A (iirc, correct me if I'm wrong) so you need at least an 18W power supply. Typically, USB pushes 5V and only about 0.5 A (from a PC) for USB 2.0, nowhere near enough power to run things properly. I'm not sure how much your PowerGen is pushing but if you can find a way to power the Pineapple through the barrel jack that would be the best method.

  6. If the victim installs the server onto his/her computer, can i have remote access to that computer at a later time too? (like a trojan)

    Just to be clear, the victim won't install the server on their computer. The payload I included will set up a listening socket (which is what I think you meant) so as long as that program is running in the background on their system you will be able to access it.

    Can a payload be made for android? If so, i think the user might get a warning about installing from outside of the playstore., right?

    The point of the NetClient page is to upload any payload you want. If you can make a payload for android then you can upload it to the Android section. The Payloader injection set will use the user-agent string of the victim's browser to determine what OS they are on. If they are on Android they will receive the Android payload, if they are on Windows they will receive the Windows payload, etc. By default I included the code for a Windows and OS X payload but you can always use the veil framework or metasploit to create your own payloads. I plan on playing around with the veil framework sometime this week as I have recently discovered it and it seems awesome.

  7. There was a git page that made it into a game where you had bear face and pine tree icons structured like a maze. Move your mouse in over the bear faces and follow that path through the maze. If you hit a pine tree your browser crashes (meaning you get a blank page that says there was a problem, but it did bring down a few more pages that were dealt with by the same browser program instance).

    I came across this game a few days ago at work, lol. Kind of fun.

  8. Version 2.8 has been submitted to the Pineapple Bar. Here is the change log:

    [->] Added Payload tab which includes the Portal Auth Shell Server (PASS), payload upload center, and a default payload for Windows and OS X.
    [->] Modified the auth log tab to auto refresh.
    [->] Moved the Test Website and depends back to PuffyCode.com.
    [->] Added the Payloader injection set for delivering payloads to victim machines.
    

    Also, I put together a complete how to video on Portal Auth. Check it out in the Pineapple University forum.

  9. apart from a new infusion, This should also be easy enough to implement with a portalauth injection set with some script to run on the "connect" button press to check the validity of the apart credentials provided, and evilportal.

    This is a really good idea for an injection set. I'll have to look into it after I complete the updates I'm already working on for Portal Auth and the Payloader injection set. Unless if someone else wants to work on it. After all, the modularity of injection sets was intentionally designed so others could create and share.

  10. The park and stare idea isn't too bad. You would need a good camera with a wide FOV and possibly head tracking abilities to land it safely from such a distance. You also probably wouldn't be able to fly on the normal 2.4 GHz freq unless the building is close by with almost no interference between you and it. Regardless it would still be nerve-racking to land in a small area with only a camera.

  11. It's a wifi pineapple you should be able to do better than that.

    "They can see where you’ve been in the store with a resolution of a couple of feet (much better than GPS)"

    I'm talking about being able to walk into walmart with a pineapple and a few directional antennas, logging the macs of your fellow shoppers and replaying them around the store, maybe even with different power levels? That's got a better chance of messing up what it is they are trying to do.

    Aside from the legal issue of walking into Walmart using your Pineapple without the consent of the company and all customers within, replaying people's MAC addresses (whatever that means) on the same network won't do anything for you. Whoever is tracking them will still see everyone is on the same network in the same location. newbi3's solution is just fine because it allows you to change the MAC address of the Pineapple so you aren't tracked. Of course if you are in a public location on WiFi that most likely requires MAC based authentication you will be reauthenticating every 5 seconds with the AP.

  12. What I have been doing is trying to somehow utilize the default portal options that are already there (i think one of the default options that is already loaded into there is called "freewifi" or something) cant I just use those just the same as cloning my own portal from scratch? also why are those default options already there for?

    You have to clone a captive portal, or webpage, to use the injection sets. They are injected into the portal as it is copied to the Pineapple. I'm currently working on a new version of Portal Auth and I'll make a full guide on how to use every feature once it's finished but until then you can watch this video on some of the features. https://forums.hak5.org/index.php?/topic/34421-support-portal-auth/?p=258766

  13. Hi,

    Many thanks for this good info!

    For me however, nothing saves in the /sd/portals/ folder at all??

    So, after you clone a captive portal, and the message appears that the portal was cloned successfully, you SSH into the Pineapple and check /sd/portals/ and nothing is there? If you open the large tile in Portal Auth, under the config tab, you should see a field for the portal directory that by default has /sd/portals/ in it. If it doesn't then you need to check the directory that's listed there instead.

    Also, not quite sure what you mean by this?? apologies... not sure what to do...

    Cheers,

    onion

    Under the Config tab in the large tile there is a field labeled Test Website. This is a URL to a webpage for Portal Auth to check if a captive portal is present. Since InfoTomb took down the file that Portal Auth links to by default I put up another link to my server. You can put that link in the Test Website field so you don't get false positives.

  14. Even with swarm processing it won't be able to track their eye movements to know if it's been seen. If I had a drone flying above an establishment that was my target it would probably be because I don't want to be caught by the people below. So we could expect people to be around most of the time which would cause the swarm processing to constantly freak out and force the drone to fly back and forth without keeping a solid connection to the network or even gathering decent video of the surroundings.

×
×
  • Create New...