Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Recent Profile Visitors

667 profile views

nobody:nobody's Achievements


Newbie (1/14)

  1. Also it would make auto driver installation possible for situations like this. https://forums.hak5.org/index.php?/topic/36771-lan-turtle-not-showing-up-on-os-x-el-capitan/
  2. So I was just thinking about this. What if we could remotely type keyboard commands on the pc that the turtle is connected to via usb? USB rubber ducky style, except through the Internet instead of a pre-configured payload. Think of the possibilities! You could control it realtime through ssh to the turtle, or you could automate it. If all the network traffic is flowing through the ducky, it could detect when the user is most active on the computer. It could detect which operating system it is running by analyzing the traffic. It could even detect which programs are used on the pc. Then, according to all of that data, it could execute an appropriate payload at the time it detects the pc is unused. I doubt that this is possible with the current turtle. But it would be easy to implement on a mark ii. A simple atmega chip would take up very little space on the board and a simple 2 port usb hub chip would allow the Ethernet chip and the microcontroller to be connected simultaneously. Then you could run a serial line from the mcu to the processor. It would be super easy to implement and a killer feature. You could even routinely send a f15 to make sure the pic doesn't fall asleep and interrupt your connection. The majority of Pc mobos/psus(not exactly sure which component is responsible here but afaik it's the mobo.) don't supply use power while asleep/off so it could suddenly disconnect you from the network when the secretary powering your turtle goes on her lunch break. Just an idea, but I would love for it to be implemented(unless it's already possible and this post was a total waste.) P.S. Sorry for any weird spelling or mistakes. Autocorrect on the iPad is truely useless.
  3. That's exactly what I would assume. But this tool is specifically designed to phish for wpa keys.
  4. Could you explain how that would look in your device settings? I mean, it is detecting one ap that claims to have security, and at the same time claims to not have security. How would (say Android) deal with that?
  5. If anyone would be willing to downlaod and test it that would be great too. I dont have any usb wifi cards and the tool requires 2 cards.
  6. So I have been reading about different social engineering based attacks and came across wifiphisher(if you don't know, it is an automated evil twin+captive portal tool to phish for wpa(or wep i guess) passwords by making up a story about a firmware update.) I dont understand how this is possible. As i understand the evil twin, it requires the evil ap to have all of the same info as the real one to convince the client to connect to it after the deauth right? Therefore it cannot be performed on an encrypted network as you could not forge the handshake right? Surely devices aren't dumb enough to connect to an open ap that it remembers as secured? So how does this tool work?
  7. Maybe I should give some context. I am in a Christian school where no one knows anything about computers or networking. My plan was to make a honeypot network named "Free Student WiFi" or something like that which leeches off the staff wifi(which I know the password for) and make every website redirect to zombo.com or Rick Astley.
  8. Ok. Thanks. One more question. I know this is technically possible, but I want to know if the Karma software supports it. What if I know the password? For example, I know the password to my school's wifi (I was in the right place at the right time.) So could I save that wifi network/ssid onto the pineapple(If I decide to get one over a MyLittlePwny) so that when I take it to school the teachers will try to connect and get the (Pwn)pi(napple) instead? It is a WPA2-PSK network. Does the Pineapple/PwnPi software support that?
  9. So, I have been doing a lot more research since my last question and I came across PwnPi and FruityWifi. I have been pricing things out, and I came up with just over $110 including international shipping for the following: Rpi 2 model b 2x alfa 1200 mw usb wifi dongles with rt3070 chipset (bgn) A plastic case with fan and heatsink for rpi Samsung 16gb microsd with adapter A pack of transistors to control the fan depending on temps. This has all the functionality of a wifi pineapple for just $10 more plus free shipping. Why buy a pineapple if I could instead get this which is more powerful with more storage for phishing attacks and more expandable?
  10. Thats what i thought. What about wep?
  11. Hi all. I am new here and considering buying myself a wifi pineapple. I just had a question about karma. It is probably a really dumb question but I could not find the answer anywhere. In all the demonstrations of karma on youtube, they always "spoof" a open wifi that has been saved on the target device. Is it possible to spoof a protected wifi network? So the device will attempt to connect to the wifi pineapple with a wpa2 password which will result in me getting the password? Thanks.
  • Create New...