Jump to content

sud0nick

Dedicated Members
 View Profile  See their activity

  • Posts

    1,056

  • Joined

  • Last visited

  • Days Won

    66

 Content Type 

Posts posted by sud0nick

    [Support] Portal Auth

    in Mark V Infusions

    Posted

    This is the proper thread for Portal Auth questions. Please only use the Injection Sets thread for questions about injection sets.

    When you click activate now, while cloning a portal, the portal is placed in the /etc/nodogsplash/htdocs/ directory. Your saved portals from Portal Auth appear, by default, in /sd/portals/. Mine appear in Evil Portal II but they can't be edited or activated from there. What I normally do to activate my portals is use the activateportal.sh script in /sd/infusions/portalauth/includes/scripts/ which requires two arguments: 1. portal directory, and 2. portal name.

    ./activateportal.sh /sd/portals/ TestPortal

    [Portal Auth] Injection Sets

    in Mark V Infusions

    Posted

    Good stuff, DataHead! I actually started to move forward already by creating a payload in Python and compiling it with py2exe for the target machines which, I think, is what you are getting at. If I understand you correctly, cx_freeze could become a dependency of Portal Auth, the user would be able to modify the python scripts directly and compile them on the Pineapple, then if something needed to be changed such as an access key it would be trivial enough even for non-programmers.

    I've never used cx_freeze before but I just looked it up and I'm guessing it is the same as py2exe but creates platform independent executables?

    [Portal Auth] Injection Sets

    in Mark V Infusions

    Posted · Edited by sud0nick

    I need some input from the community for a new injection set. I'm making one that is similar to the default but instead prompts the victim to download a Network Client program to proceed. This "Network Client" can be any payload that you upload to the Pineapple through the Portal Auth infusion. You can gather network information, create a reverse shell, or anything you can think of. The main issue I need help with is verifying the victim actually downloaded and ran the payload application. Here is how I would do it for myself:

    1. Create basic application that does nefarious stuff in the bg and displays an access key to the victim.

    2. After victim clicks download button from the cloned captive portal a window appears with a text field for them to enter the access key. This key would be the only way for the victim to access the content of the cloned captive portal (or network if the Pineapple is already authenticated with the portal) forcing the victim to run the application first.

    3. The static access key would be stored in a file on the Pineapple for the auth.php script to verify the victim entered the proper key. If it's correct they can access the network. If not, alert them to run the application and enter the access key.

    The only problem with this setup is it's not dynamic enough to distribute to all of you. What if you don't want to use my payload? What if you want to change the access key? It would result in the whole injection set being worthless. I also don't want to remove those options entirely because I don't want the victim to be able to bypass the cloned portal.

    So, do you guys have any ideas?

    Edit:

    Here are some screenshots to give you an idea of what I'm talking about.

    Zxxa7Pn.png?1

    fLEpOtY.png?1

    I think its dead Jim

    in WiFi Pineapple Mark V

    Posted · Edited by sud0nick

    While you can use other browsers, and they do work, there can be funny things that happen. I think Chrome is the "supported" browser.

    Firefox is supported as well. I think Safari became supported after the last firmware release. The only browser not supported at all is IE.

    A drone that can steal data just by hovering above you

    in Security

    Posted

    While the concept is cool I just don't see this sort of thing being very practical. I consider it to be about the same as me standing outside of the building with the Pineapple in my backpack (or even an RPi on a battery). Someone is going to notice it near the building and when they do they're going to either call security or the cops. If you are standing outside the building and they question you at least you can socially engineer your way inside or out of trouble. The drone can't do that and unless if you have a live video feed that you are constantly monitoring you may not know if it's about to be shot down by someone. I just really don't see these being put to use practically.

    I think its dead Jim

    in WiFi Pineapple Mark V

    Posted

    It's weird you are having all of these problems. What are you using to access the web interface (OS, browser, etc.)? When you say the PortalAuth clone button disappeared are you referring to the small tile or the overlay that appears after you click the button in the small tile?

    What are you listening to?

    in Everything Else

    Posted

    My favorite genres are Metalcore and Folk. My favorite band is August Burns Red and they are my normal choice of music for programming / hacking (also everything else I do). While I listen to metalcore the most I enjoy all music except pop and country. Some of my typical choices for music other than ABR are As I Lay Dying, A Call to Sincerity, Novelists, Angel Vivaldi, Crowder (David Crowder*Band), Demon Hunter, The Lumineers, Underoath, and Anberlin.

    Got PineAP(not pineapple) questions? Let me answer them!

    in WiFi Pineapple Mark V

    Posted

    This past weekend I used MK5 Karma and PineAP rather successfully along with Portal Auth and Evil Portal II. My only issue was sometimes after booting up the Pineapple, with PineAP and Karma set to autostart, it would only broadcast a couple of SSID's from it's list and wouldn't pull clients. Once I restarted the services, sometimes it took twice, it would pull clients. Other than that everything worked great.

    What would the community want in the next WiFi Pineapple?

    in WiFi Pineapple Mark V

    Posted · Edited by sud0nick

    Many of the updates you're suggesting would raise the price considerably. I'm not sure if that's something Hak5 wants to do.

    • A radio that supported 5Ghz and still offered monitor mode and packet injection (duh)

    It would be nice to have a 5GHz radio builtin but you could always use a USB one (maybe this).

    • A better CPU. The current one is pretty laggy. A dual core @ 1.7 Ghz, should be good enough especially for heavy traffic.

    • More RAM. I managed to easily eat up all the memory of my MKV. 512MB or 1GB should be enough.

    Again, a lot more money if it can even be done with the board being used.

    • An SD card slot that does not stick out from the edge of the case. Having it more flush, would be nice.

    I personally hate it when an SD card is flush with a case because it's difficult for me to get the card out (I bite my nails). I have a Mobius HD cam like that and it is a pain to get that little bastard out of there after a flight.

    • More embedded drivers, such as support for more USB WiFi adapters and so forth.

    I've been using my PAU06 Panda Wireless USB adapter for a while now without ever needing to install drivers. It supports master mode but I haven't tried it on the Pineapple, only on a RPi.

    I'm down with the faster network speeds, even the faster processor and more RAM, but I think that may cost a lot more than you think to implement. AFAIK Hak5 developed the board for the Pineapple so to add these other components might mean a complete redo of all hardware. I'm sure they will upgrade as they see fit and honestly the Pineapple works well as it is.

    [Support] Portal Auth

    in Mark V Infusions

    Posted

    I found a couple of things that needed fixing so I've released yet another version. v2.7 has been submitted to the Pineapple Bar with the following updates:

    Version 2.7 - Released Aug 30, 2015

	[->] Added support for downloading multiple files with the same name from a site.
	
	[->] Fixed encoding/decoding issue with external CSS files that would cause the operation to crash.
	
	[->] Removed AP search from command line executable and updated cloning options.

    The encoding issue was what prompted me to push an update. I didn't have a problem with it in previous versions but for some reason I couldn't clone websites that I could before. I looked into the problem, with my handy error logs, and realized when the script attempts to modify the CSS files it wasn't able to decode them properly which would cause the program to crash and leave you with all of the files from the site but no splash.html file.

    I also updated the command line executable so you can now clone portals from the command line or in a script and activate them immediately. I originally had the script set up to scan for open WiFi networks, connect automatically, check for a captive portal, and clone it if one existed. I took that out as I don't have the proper means to test it fully and I doubt it was used much anyway. If anyone still wants that feature I can probably find a place around town that has that type of environment. Just let me know.

    Enjoy :smile:

    Available space is UNBEARABLE :(

    in WiFi Pineapple Mark V

    Posted

    One thing I recently pointed out in PortalAuth's support thread is that you may want to consider moving its dependencies to your SD card as well. There are multiple python libraries that can take up quite a bit of space.

    This is what I mentioned in my thread. Try it out and you'll probably free up a bit of space.

    Version 2.6 has been submitted to the Pineapple Bar. During testing I noticed that my Pineapple was running out of space for the libraries required (I may just have more stuff installed than others) but if you run into this problem I recommend the following:

    1. Move /usr/lib/python2.7/site-packages/ to /sd/depends/site-packages.

    2. Create a symlink between the two.

    3. Install dependencies.

    mv /usr/lib/python2.7/site-packages /sd/depends/site-packages
ln -s /sd/depends/site-packages/ /usr/lib/python2.7/site-packages

    [Support] Portal Auth

    in Mark V Infusions

    Posted · Edited by sud0nick

    I'm home now and I've looked into the issue. It seems that the MD5 hash for BS4 doesn't match what I originally uploaded which leaves me wondering who changed the file on InfoTomb. This is why everyone is seeing errors when installing depends. I may just move these files back to my server but it would be awesome if Hak5 could find some space for the devs to store depends so user's don't have to worry about where their downloads are coming from.

    I'll get this fixed and push an update to the Pineapple Bar.

    Edit:

    It seems as if the dependency files were deleted rather than modified on InfoTomb (I still don't know why). While we wait for the infusion approval process here is an updated version of the install_depends script:

    #!/bin/sh

# Update the opkg list
opkg update > /dev/null;

# Check if wget (SSL version) is installed
test=$(opkg list-installed | grep 'wget')

if [ -z "$test" ]; then
	opkg install wget > /dev/null;
fi

# Make a temporary directory for downloading depends
if ! [ -d "/sd/tmp/" ]; then
	mkdir /sd/tmp
fi
mkdir /sd/tmp/portalauth;
cd /sd/tmp/portalauth;

# Download the depends
wget -q http://www.puffycode.com/download/PortalAuth/beautifulsoup4-4.4.0.tar.gz > /dev/null;
wget -q http://www.puffycode.com/download/PortalAuth/requests-v2.5.1.tar.gz > /dev/null;
wget -q http://www.puffycode.com/download/PortalAuth/tinycss-0.3.tar.gz > /dev/null;
wget -q http://www.puffycode.com/download/PortalAuth/setuptools-18.2.tar.gz > /dev/null;

# Check MD5 of BS4
if ! [ `md5sum beautifulsoup4-4.4.0.tar.gz | awk '{print $1}'` == "63d1f33e6524f408cb6efbc5da1ae8a5" ]; then
	echo "MD5 of BS4 does not match"
	rm -rf /sd/tmp/portalauth
	exit
fi

# Check MD5 of Requests library
if ! [ `md5sum requests-v2.5.1.tar.gz | awk '{print $1}'` == "3c5bd282c56353d56ac39b6dee12560f" ]; then
	echo "MD5 of Requests does not match"
	rm -rf /sd/tmp/portalauth
	exit
fi

# Check MD5 of TinyCSS library
if ! [ `md5sum tinycss-0.3.tar.gz | awk '{print $1}'` == "13999e54453d4fbc9d1539f4b95d235e" ]; then
        echo "MD5 of TinyCSS does not match"
        rm -rf /sd/tmp/portalauth
        exit
fi

# Check MD5 of SetupTools
if ! [ `md5sum setuptools-18.2.tar.gz | awk '{print $1}'` == "52b4e48939ef311d7204f8fe940764f4" ]; then
        echo "MD5 of SetupTools does not match"
        rm -rf /sd/tmp/portalauth
        exit
fi

# Unpack
tar -xzf beautifulsoup4-4.4.0.tar.gz > /dev/null 2>&1;
tar -xzf requests-v2.5.1.tar.gz > /dev/null 2>&1;
tar -xzf tinycss-0.3.tar.gz > /dev/null 2>&1;
tar -xzf setuptools-18.2.tar.gz > /dev/null 2>&1;

# If /sd/depends does not exist, create it
if ! [ -d "/sd/depends/" ]
then
        mkdir /sd/depends/;
fi

# Install the libraries
cp -R beautifulsoup4-4.4.0 /sd/depends/bs4;
cp -R kennethreitz-requests-d2d576b /sd/depends/requests;
cp -R tinycss-0.3 /sd/depends/tinycss;
cp -R setuptools-18.2 /sd/depends/setuptools;

# Create symbolic links for the dependencies so they can be accessed by the default search path
ln -s /sd/depends/bs4 /usr/lib/python2.7/site-packages/bs4;
ln -s /sd/depends/requests /usr/lib/python2.7/site-packages/requests;
ln -s /sd/depends/tinycss/ /usr/lib/python2.7/site-packages/tinycss;

# Run the setup.py scripts
cd /sd/depends/setuptools/;
python setup.py build > /dev/null 2>&1;
python setup.py install > /dev/null 2>&1;

cd /sd/depends/bs4/;
python setup.py build > /dev/null 2>&1;
python setup.py install > /dev/null 2>&1;

cd /sd/depends/requests/;
python setup.py build > /dev/null 2>&1;
python setup.py install > /dev/null 2>&1;

cd /sd/depends/tinycss/;
python setup.py build > /dev/null 2>&1;
python setup.py install > /dev/null 2>&1;

# Remove tmp directory
rm -rf /sd/tmp/portalauth;
echo "Complete"

    Just place this file in /pineapple/components/infusions/portalauth/includes/scripts/ and click Install Dependencies from the web interface. Everything should install properly now. Keep in mind that these dependencies are being downloaded from my personal server and not InfoTomb or Hak5. I am still using InfoTomb for the Captive Portal check file as that has not been deleted.

    Edit 2:

    Since it appears the Injection Sets were also deleted I will be moving them to my site as well.

    Edit 3:

    Version 2.6 has been submitted to the Pineapple Bar. During testing I noticed that my Pineapple was running out of space for the libraries required (I may just have more stuff installed than others) but if you run into this problem I recommend the following:

    1. Move /usr/lib/python2.7/site-packages/ to /sd/depends/site-packages.

    2. Create a symlink between the two.

    3. Install dependencies.

    mv /usr/lib/python2.7/site-packages /sd/depends/site-packages
ln -s /sd/depends/site-packages/ /usr/lib/python2.7/site-packages

    Hola VPN

    in Security

    Posted

    Kinda wondering what you're trying to achieve by that... It just seems wasteful to me. The only gain I can see is that someone were to DDOS your VPN box you can shut down the VPN connection and continue using the internet in some way until the attack ceases, on the assumption that what you do doesn't identify you to the attacker in a way that makes him/her/them move their attack target to your actual IP.

    I understand the latter half of your statement but how is it wasteful?

×
×
  • Create New...