sud0nick
-
Posts
1,056 -
Joined
-
Last visited
-
Days Won
66
Posts posted by sud0nick
-
-
Thanks mate,
I saw that thread lastnight. Wasn't really much I saw. I was seeing wp6.sh and stuff and a reference to firmware issue - Didn't see an actual issue.
So a side, if search was used what am I looking for?
Doesn't seem like a straight issue, could be PHP was wrong, config not knowing where *.php is, html is wrong, could have been anything.
Search doesn't really work for me as I came across a whole lot of threads and didn't get too much.
Edit: on top of that, it says there's an issue with firmware - doesn't say what firmware the issue is with, could be 1.0.5 or lower? I don't know the frequency of the release times are. Search doesn't always yield results if there are not definite details.
So... Posting a topic didn't seem all that harmful. Thanks
It's literally the main topic within the Evil Portal support thread for the NANO so there really isn't much searching to be done.
The issue is not a firmware issue but a nodogsplash issue. It seems it won't allow the splash.html page to access anything via $imagesdir anymore and I haven't been successful in getting it to access /www. Everything worked fine on the MKV because that was a different version of nodogsplash. Evil Portal is currently being rewritten without nodogsplash so these problems go away. If you find a way to access /www from your splash.html page on the NANO you might want to share it with everyone in the Evil Portal thread.
-
1
-
-
New version of nodogsplash has problems. There is a whole thread dedicated to this and what's being done to fix it. Please search the forums in the future.
-
Just found this which seems relevant: https://www.deepdotweb.com/2016/02/03/into-ricochet/
-
I would also like to add that an exploit that is not able to execute remote code, but is able to crash the remote service can be called a Denial of Service Exploit. I don't think an exploit could ever be called a DDOS exploit.
Yep. Anything that denies service is a DoS attack. It could be as simple as turning off a service in Windows Services and changing the name of the executable so it doesn't start back up.
-
DOS: Disk Operating System. (Exactly what it says on the tin).
Using DOS is old school, but you can get Zork and Doom to run on it.
You forgot to mention DOS is not illegal. Or is it...?
-
Yes it's illegal unless if you have their written consent and you ensure you only touch their network. DoS stands for Denial of Service and DDoS stands for Distributed Denial of Service. A DoS attack simply floods a network/system with so many requests that it can't provide services to legitimate users. It is quite difficult for a single system to perform this kind of attack these days and if using a single system the attacker can be caught pretty easily. A DDoS attack uses many systems to flood the target and makes it more difficult to find the attacker. These types of attacks are generally performed by a botnet where an attacker has taken over many different machines. It is much easier to bring down a target system/network with hundreds, or thousands, of machines.
-
if it not javascript does anyone know how to do it
jordan
Well, much like the new Pineapple interface it looks like it's using bootstrap, which would make sense because Twitter made bootstrap. They may also be using AngularJS to display it which wouldn't require you to write any JavaScript yourself but would require the Angular framework. If you just want an overlay that can be hidden and shown in a similar fashion you need to what dustbyter said and create a div like so:
<div id="myModal" style="display: none"> My HTML stuffs </div>
Then you would create a button to toggle the div.
<button type="button" id="toggleDiv">Toggle</button>
Then, if you use jQuery, you can easily connect the button to a function that fades the modal when clicked.
$('#toggleDiv').on('click',function(){ if (divIsShown) { $('#myModal').fadeOut('slow'); divIsShown = false; } else { $('#myModal').fadeIn('slow'); divIsShown = true; } });You would need to include the divIsShown variable in your JS code to keep track of which position the toggle state is currently in but this should be straightforward enough to get you started.
The way that modal in your link works (by fading and sliding down) is based on code in Bootstrap but you may be able to get a similar effect by using the jQuery slideDown() and slideUp() functions.
-
I believe a Pi is unsuitable for this application. You should pair a Teensie with an ESP8266 (https://www.sparkfun.com/products/13736) to lower the power requirements (a.k.a. smaller and cheaper solar panel).
How would you set up SSH (or a reverse SSH tunnel) on a Teensy?
-
I know I already responded to you on Twitter but I'll reiterate here.
Your issue with nodogsplash being removed has nothing to do with PA but you should try to refresh the small tile for Evil Portal to see if the dependencies are actually missing. I've run into this problem many times where EP throws a message that says depends are missing but if I refresh the tile all is well.
You can clone websites that are not captive portals by entering the URL of the site in the Test Site field in the Config tab. Everything should work well but I have run into network timeout errors on larger sites.
Check out my video on Portal Auth that describes every aspect of the infusion. It's a little long but teaches every part of it.
-
Yes, it would unless if you can figure out some way to provide a secondary route. You could probably do that on some higher grade switch but I don't think most home routers support that functionality.
-
You would probably need to forward the port from your router to the attacker machine and then from there to the server. You could probably even write your own proxy server in C or Python to capture all of the traffic.
-
That's really dependent on the module developer. Otherwise, you could just reinstall the depends. It shouldn't take long at all (like a few seconds).
-
Look at Jsteve's answer. You should be able to if you follow his instructions which I completely misunderstood at first.
-
1
-
-
You are. In the Recovery mode you set your Pineapple facing interface to 192.168.1.2, and navigate the recovery interface running on the pineapple, at 192.168.1.1.
This is where the confusion was. It sounded like he said you set the IP of the Pineapple to 192.168.1.2 on your home network and navigate to 192.168.1.1 which would make no sense.
-
1.- download the bin by the way i say to get the version you want (www.wifipineapple.com/nano/upgrades/1.0.3 or 1.0.4 etc)
2.- disconnect from internet ( wifi, ethernet or any connection)
3.- connect the nano pressing reset button for 10 secYes.
4.- change the ip manually 192.168.1.2 and netmask 255.255.255.05.- open web browser and put 192.168.1.1 (you see an upgrade page by PA nano)
No. You would not set the IP of the Pineapple to 192.168.1.2 and THEN push the firmware upgrade to your home router at 192.168.1.1. Unless if I'm completely misunderstanding what you are saying.
Your first point does solve the problem about downgrading the firmware, though. If you access wifipineapple.com/nano/upgrades/$ver where $ver == 1.0.3 or some other version it will start the download.
-
Connect pressing reset button then assing thIs ip 192.168.1.2 and netmask 255.255.255.0 and go tO web browser with thIs ip 192.168.1.1 and up load the bin you want
...
192.168.1.2 ip address, 255.255.255.0 masknet, 192.168.1.1 gateway or router ip
You can download any bin by modify the url as www.wifipineapple.com/nano/upgrades/1.0.3 or 1.04 etc
My point remains, you would not push the Pineapple firmware to your router. Only to the Pineapple at 192.168.1.2.
-
Connect pressing reset button then assing thIs ip 192.168.1.2 and netmask 255.255.255.0 and go tO web browser with thIs ip 192.168.1.1 and up load the bin you want and wait go finish the upload and flash then go normally 172.16.42.1:1471 and config
Ps sorry for my bad english
I understand English isn't your first language but this was nowhere near a correct answer. While one could manually upgrade by downloading the bin file the only one available is the latest at wifipineapple.com. In this case j4rv1s wants to downgrade.
Also, if you set the IP as 192.168.1.2 why would you upload the .bin to 192.168.1.1?
-
I just did the 8 second reset button hold on mine today and it reset perfectly while maintaining 1.0.5.
He's looking for something that takes him back to a different version of the firmware.
-
I honestly don't know. I've read some other threads where people state they reset their NANO and it went back to the 1.0 firmware but mine has not done that when I reset it using both methods I stated before.
-
You can reset the NANO by holding the reset button on the back for a few seconds. I've done this a couple times and it seems to flash it but it doesn't take me back to an earlier firmware version. If the reset button doesn't work then SSH into it and enter the following command:
jffs2reset -y && reboot
-
1
-
-
Source code...?
-
Yes, press to disable or hold for 3 or more seconds to continue without disabling wireless.
-
Sweet, I'll have to try this out.
-
Is hitting the reset button on the back really necessary for upgrades?
Well I don't think Seb put that in there for his amusement. It's not like every time he pushes a new firmware update he then sits back in an evil pose laughing at everyone who now has to push their reset button. I would say it's necessary.
[Official] Commander
in NANO / TETRA Modules
Posted
This is really cool. Could you explain any possible security issues with using this? It seems to me without authentication anyone could connect to your IRC channel, if it's open to the internet for remote control, and issue commands on your Pineapple. Is this correct or should we take additional measures to guard the Pineapple?