[Messages]

Not knowing I could have started with a -1 and parsed for the total records from the error, I just guessed first time around using 30. I could of just used the error message, since you seem to toss the last index at the top if you try to start out of the total record index, and then rewrote it to use the total from the first error messages totals, but here is what I did.

It wouldn't have given you an error because it automatically defaults to the last message in the database if the requested index is out of range.

if ($reqIndex < $rowCount && $reqIndex >= 1) {
    $index = $reqIndex;
} else {
    $index = $rowCount;
}

But you still could have parsed it to get the total count. I'm not understanding what you're getting at because it's already public. I'm not trying to hide the messages.

Edit: Now there's 26 messages

[Messages]

Yeah, I've actually got all of the source code posted on the site without usernames, passwords, and SSIDs of course. I also have the PHP code for the script that you (or your scanner) accessed showing how the messages are retrieved and posted on the webpage for the Arduino to pull.

[Messages]

yep

But you could have found that out with only one message since it tells you the index and total number of messages. All you did was the same thing the Arduino does to pull the messages.

[Messages]

I have seen a video of it working, but I have an LED matrix which in a ghetto way could make this work..

lol. That would be cool. The only problem I've run into is the CC3000 not connecting 100% of the time. It drops the connection with my router sporadically. Some days it works the whole day others it drops within 5 minutes.

[Messages]

Nah, we were just having a bit of fun - let's not post IPs though, please :)

It's pretty cool, I kind of want to try replicating it with a tinyduino..

Sorry, won't happen again.

Would you even be able to get the LCD screen to work with a tinyduino?

[Messages]

Listen, It isn't me.

Oh? You mean <IP> isn't you? Granted it's actually your VPN because you keep posting under different IPs.

[Messages]

It looks like foxtrot got a little crazy with it and tried to draw penises in hex. The message turned out like this

383d3d3d44

and he did it about 40 times under the name Juan. I know it was him because the first time he did it he used the name foxtrot, lol.

[Messages]

That's what prepared statements do. I create a statement with the column names, send that to the server for it to prepare the resources, then anything that gets added to the query is read strictly as a string. It can't overlap into the SQL query as it is only read as a value for a parameter. That means this:

Name: ; OR 1=1 --

gets entered into the database as a value in the column 'Name'. The ; OR 1=1 -- will never be read as part of the query.

Here is more info on PDO and prepared statements

http://php.net/manual/en/pdo.prepared-statements.php

[Messages]

All of the data passed to the database is sanitized and inserted with prepared statements using PHP Data Objects (PDO). This is by far the safest method I've come across in adding user defined data to a database.

[Messages]

It looks like I've been getting some messages from you guys on my Arduino messenger. I figured I would post some pictures of it here so whoever sent them knows it actually works.

This one says it's by Pup

This is claimed by molotof

And this exceptionally true statement is brought to you by WM (It says "Pineapple rules")

[[Support] Portal Auth]

I created a page on my website this morning for Portal Auth. It describes the basic functions of the infusion and has a tutorial video on it for cloning portals.

http://www.puffycode.com/extracode.php?appName=PortalAuth

[Reaver pro 2 -New firmware is out]

The fact that you suggested I was implying the Pineapple be used for vengeance shows you didn't read what I said correctly. I made it very clear that using a gun or a knife - which would constitute vengeance - is the neanderthal approach.

No, I think you are confusing vengeance with justice and since when is using a gun or knife the only way to seek revenge?

Cooper has stated already that by using the Pineapple to get evidence you are tampering with it. With that you are committing a crime yourself. It doesn't matter if someone wronged you, if you illegally access their systems/networks/etc you are at fault for your own crimes.

I'll say this again, if you want to interface to be different quit trying to use emotional tactics on us. Instead, change it yourself in the CSS Editor tab of the configuration infusion. You can find all of the other files for the interface in /pineapple/includes/. When you're satisfied with what you've built you can present it to everyone here. Until then everyone is going to continue to use the current interface because it's effective and serves its purpose for the community.

[Reaver pro 2 -New firmware is out]

What your suggesting is that the Pineapple be made into an easy tool for vengeance rather than justice. The unanimous point remains that the Pineapple is a penetration testing tool. It is not for vindictive business men as one of your examples displays. I understand some of your reasoning, however, simply changing the user interface will not bring the average user to a greater understanding of the technology beneath. Without the understanding of what is actually happening they will not be successful in their personal vendettas but instead will be out $99. If the interface bothers you so much change it yourself. After all, Hak5 has given you the opportunity to do so in the Configuration infusion. When you build your ideal interface post the CSS on here and see what people think.

[[Bug] Inability to scroll in infusion windows]

Yeah it's the same issue for me as well on my GS4. I think the solution is to bring about a standard in infusion building where the size of all elements within the tiles are set to a percentage rather than fixed pixels and the divs all have overflow set to auto.

[[Support] Portal Auth]

So far it seems this version is working out quite better than the previous versions. Cheeto was able to clone a portal successfully and the auto authentication function worked too! I'm sure we will still run into some cases where something doesn't work in a particular environment but please make sure you are looking at the Element Tags field in the config tab if Portal Auth is unable to authenticate. These tags are used to build the POST and GET requests that authenticate the Pineapple with the AP. If you find an element in the source code of the portal that is used for authentication you must ensure it is listed in the Element Tags field. You can read the associated help file for more information.

Please keep submitting any bugs here as this process has obviously worked so far in making Portal Auth a better infusion.

[Reaver pro 2 -New firmware is out]

That's exactly the same arrogant attitude Microsoft took about ten years. Like IBM before them they were convinced of their invincibility. They used to define an entire industry but they failed to notice developments elsewhere and missed out on the emergence of entire whole new markets. What's Microsoft's share of the smart phone and tablet market?

Three days ago Apple reported the biggest corporate profit in history. Remind me now, what is it that Apple is famous for?

Make the Pineapple's interface slicker and more intuitive and you'll sell a lot more and just think what interesting new projects Hak5 could fund from extra revenue.

Maybe you're missing the point of the Pineapple and its intended use. You are comparing Hak5 and the Pineapple with companies who market to users who span from potato to 1337 h4x0r. The Pineapple is a pentesting tool and while I'm sure Hak5 would love to sell as many as they can it would be wise to keep it geared toward those who don't think "blinky lights are bad dark magic" when it comes to computers. Bottom line, it's a tool for hackers, not mom and dad.

[ham radio segment?]

I would be interested in this as well. I started getting into SDR a few months ago and I was interested in getting my HAM radio license but no one was offering the test in my area at the time. It would be nice to see some episodes that detail everything HAM radio consists of.

[Bypassing Blocked CMD]

In this case you are most likely SOL, but you could always check if PowerShell is available. If it is you can do whatever you need from there.

[Windows, Linux, Mac download & execute]

You're in the wrong place. This is not a "hacker for hire" site.

[Completely new to all this, quick question.]

I only use the Panda because I have it. I initially bought it because it supports managed mode and I wanted to use it as an AP with my RPi. Since I have a Pineapple and don't need to set up a type of "clone" with my RPi I just use it as a client radio. Just get what works for you, the ALPHA should be fine.

[Completely new to all this, quick question.]

It's always nice to have an additional NIC so you have a dedicated client interface. I don't have the ALPHA USB adapter but I do have a Panda PAU06 and I use it in client mode so the other two antennas can be used for PineAP (a suite of tools on the Pineapple). Your setup would look like this:

wlan0: AP

wlan1: PineAP stuff

wlan2: client

You want a client adapter so anyone connecting to your Pineapple will have internet access.

[[Support] Portal Auth]

v2.1 is now out!

[[Support] Portal Auth]

Yeah, it's been almost a week now and it's still pending review.

[Darren's fpv on the latest episode 1706]

Fc he is using is a DJI naza v2 also known as DJI flyaway.

I've heard this before but I use a NAZA-M V2 on my quad and I've never had a problem. I've flown it way out of range and it came back to me just fine so I think the flyaway issues have been resolved.

[[Support] Portal Auth]

That's understandable. You need a break too.