sud0nick

It depends. Are you experienced with flying? If not I recommend starting with a beater like I did. My first quad was a Hubsan X4 that only cost about $50 from Radio Shack. I learned how to fly and got all the crashes out of me on that first drone. Then I built a DJI FlameWheel F450. This cost way more than your $350 cap but I can honestly say I love it. I can't look at the link you posted since I am at work but I can vouch for HobbyKing as I have purchased things from them many times.

Although I am not quite finished here is an update of what I've accomplished today. This script currently authenticates with a captive portal I have set up at home. It has not been tested elsewhere. As always, constructive feedback is welcome. Going off of newbi3's suggestion and considering Oli's as well I have come up with the following solution. Using python and BeautifulSoup I am able to pull in the splash page and try to do what it does in authenticating a user. It captures all of the "action" values of form elements (assuming there may be more than one and we don't want to send the request to the wrong one) and sends a POST request to each. The POST request is made up of the names of elements listed in the data = {} dictionary. This will be a list defined by the user in the infusion so wherever you are you can fine tune it to the norm. As Oli stated the EU likes to use a lot of edge cases. I don't see that as much in the US though. The values in the POST data are, at the moment, set to randomstring@fakedomain.com since some scripts may require email format for an email address but will also accept the same thing for a name. It will most likely strip out any unaccepted characters but I may just come up with a different solution for that. Check out the script and please let me know if you can think of ways to tweak it. # Import urllib2 library to make HTTP requests and load # BeautifulSoup to parse the HTML import urllib import urllib2 from bs4 import BeautifulSoup url = 'http://www.puffycode.com/' authtargets = [] # Attempt to open an external web page and load the HTML response = urllib2.urlopen(url) html = response.read() # Create a data structure for the POST/GET request data = {} tags = {"button", "input", "select"} # Create a BeautifulSoup object to hold our HTML structure soup = BeautifulSoup(html, "html.parser") # Find all forms (just in case if there are multiple) and grab the actions for form in soup.find_all('form'): authtargets.append(form.get('action')) # Find all button tags and get their names for item in tags: for elem in soup.find_all(item): key = elem.get('name') data[key] = "randomstring@fakedomain.com"; # Encode the data for a GET/POST request encoded_data = urllib.urlencode(data) # Prepare and execute a GET request #get_url = authtarget + "?" + encoded_data #response = urllib2.urlopen(get_url) try: for target in authtargets: # Prepare and execute a POST request request = urllib2.Request(target, encoded_data) response = urllib2.urlopen(request) except: pass I will also be working on the GET request part but for now it is commented out because it wasn't working.

I know this doesn't answer your question but here is an alternative to what you are seeking. Have you seen this thread? https://forums.hak5.org/index.php?/topic/34399-infusion-idea-wifiphisher-password-wpa/ Just use Evil Portal II.

Power is rather important for electronic devices.

Technically, no. The way my infusion checks when it loads is by running the click function in window.onload, so it requires no interaction from the user and the same concept could be applied to the portal. I see what you are saying, though, and it would be better if I make it authenticate automatically without needing to load the portal. DataHead, you make a good point as well. Thanks again for the input, everyone. I will try to get an update out by the end of this weekend.

However, clicking the button does send the POST/GET data. Why would I create my own POST/GET request, scavenging the HTML for the right data, when I can use jQuery to simply click the button? I feel this is the more efficient route. Checkboxes, and similar elements, can be searched for by element name and enumerated. Then I can simply change the state and click the submit button with jQuery. Text fields are a different story but can probably be filled with random data as long as there is no need for credential authentication. What I will most likely end up doing is keeping the portal view option available but make it an option to attempt to auto authenticate. If it fails the user can then open the portal window and do it manually. I'll get something figured out. Thanks everyone for the input.

Thanks for the ideas. This is what I like about communities such as this. Now I can improve upon my infusion and make it useful for everyone.

I guess you're right. I thought about making it authenticate automatically and I'll probably start working on that now. I'll have to pull the code and inject some javascript to click the button for me which will still require loading the page.

Cheeto, The infusion essentially provides you with a basic browser using the file_get_contents() function provided in PHP. When the infusion tries to reach out to an internet site for specific data and retrieves something unexpected you will be presented with the splash page where you can then authenticate. Since captive portals work by authenticating with the device that is directly associated with it you can use anything to manage it (i.e. cell phone, laptop, etc) and it will only authenticate the Pineapple. I will be working on some updates this weekend as Seb brought some stuff to my attention when he tested it so expect an update soon.

If all you are doing is forwarding web requests to Kali then try using either DNSSpoof (to send all requests to the Kali machine) or maybe you can try iptables.

I still don't understand the need to add LEDs or LCD screens to a Pineapple. DIP switches are one thing because they actually add functionality to the device but no one needs more LEDs. If you are doing it for the GPIO pins and trying to build a robot, I guess thats cool, but why use a Pineapple instead of an Arduino or Raspberry Pi?

Portal Auth is my first infusion. It allows you to directly authenticate the client radio with a captive portal. If you connect your Pineapple to an AP that has a captive portal you normally have to first authenticate with another client and then place that MAC address on the client radio. Portal Auth will detect captive portals and give you the ability to authenticate from the Pineapple. If you have any problems with this infusion or just have questions, please post them here.

It's kind of difficult to give you what you are looking for. I would recommend looking up benchmarks and prices then find the one where you get the best performance for the least cash.

I don't think he is using sqlite and that would not affect the system time anyway.

I believe you are referring to the select box not changing rather than the system time itself. This is normal behavior. Look up in the upper right corner of the window and the proper time should be displayed.

Are you interested in learning more about programming as well? For that you won't find many videos but there are a TON of books and online courses that can help you. Programming is not required to break into systems but it will definitely help you. It is also a lot of fun and you will be able to augment the programs used to hack systems as well as build your own.

He said he is running metasploitable which is a vulnerable version of ubuntu used to learn the basics. I'm still not sure if he is attacking the right system though. I don't know how his network is set up but I don't think metasploitable would sit at 192.168.2.1.

I'm playing the simulator right now and it's pretty cool. I really like the concept.

The description of the exploit in the screenshot states it is for "Samba versions 3.0.20 through 3.0.25rc3 when using the non-default 'username map script' configuration option". I think Pantz is attacking a version that is not vulnerable.

I believe this would be up to each developer individually. It is a good idea but everyone would have to play their part.

I don't know how your network is setup but is your remote host (192.168.2.1) also your router? Did you intend on attacking that remote host? Also, typically when you exploit a vulnerability the console will tell you if it was successful and other times it won't tell you anything if it was not successful. My guess is that the exploit is failing because the remote system is not vulnerable. That is why you aren't seeing any response and can't execute any statements. Do some research on the exploit and make sure the remote system is actually vulnerable.

It seems you don't want to learn but rather you want to be handed a method of hacking someone's Facebook account in an act of revenge. For this I would say you have come to the wrong place.

I only mentioned rooting because I've read I can use my phone as a hotspot without paying the additional fee to Sprint if my phone is rooted.

Have you done any research yourself first? What have you tried so far? You need to bring some effort to us otherwise most people won't put forth any effort for you. Look at using the DIP switches to accomplish this. http://wiki.wifipineapple.com/?#!dip_switches.md#What_are_some_examples_of_this? Also, try searching the forums before posting. I found this post from the MK3 forums that shows you how to use dnsspoof from the command line. This will give you the proper commands for setting up the DIP switches. https://forums.hak5.org/index.php?/topic/28807-auto-start-karma-and-dns-spoof-on-mk3/ Good luck. Edit: Also, I think you can set DNSSpoof to autostart from the web interface.

I thought about using the hotspot service on my phone but Sprint wanted to charge me an additional $21/mo for data I already pay for. I guess I could always root my phone, maybe that would work, but I should still be able to tether it.