Jump to content

IMcPwn

Active Members
  • Posts

    36
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by IMcPwn

  1. The problem is needing to escape the QUACK string because it includes a bash variable. This pull request fixes it: https://github.com/hak5/bashbunny-payloads/pull/17 The correct line is: QUACK STRING powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
  2. Thanks for fixing my bug @rastating! I didn't realize you needed to escape QUACK commands... Github issue reference: https://github.com/hak5/bashbunny-payloads/issues/13
  3. Hey guys. After having fun with the LAN Turtle and WiFi Pineapple Nano I took a break and started working on my own project. It's called BrowserBackdoor. It's an Electron application that includes a JavaScript WebSocket backdoor that connects to my Ruby listener. The Electron application runs in the background with no user interface and is basically Chromium so it hasn't been flagged by any Anti Viruses I've tested it against. The Ruby listener can send commands or modules to the Electron application for it to execute and send the results back. Here are the modules I've created so far: enableStartup, screenshot, downloadFile, beep, execCommand, readClipboard, moveToTrash, readDir, openURL, createFile, writeClipboard The up to date list is here: https://github.com/IMcPwn/browser-backdoor/tree/master/server/modules I've also taken some screenshots of what the console looks like: https://github.com/IMcPwn/browser-backdoor/wiki/Screenshots If anyone is interested in suggesting anything I should add or working on the project with me let me know! Github link: https://github.com/IMcPwn/browser-backdoor I'm also trying out Discord for live text/voice chat: https://discord.gg/013wk2VPnnuw9iLmU
  4. Aww. Thanks anyway Darren. I guess I'll try running access server and community edition at the same time :/
  5. Thanks Darren! I tried forwarding LAN to WAN in /etc/config/firewall but it made no difference. I want to do what you're doing in the video but using OpenVPN community edition instead of access server but there is absolutely no information on how add a client as a gateway anywhere I can find, do you know how?
  6. Hey guys, I got an OpenVPN client working on the Nano super easily. The command is opkg update && opkg install openvpn-openssl --dest sd Anyway once I have it connected I cannot ping (or connect in any other way) the nano from my computer (the OpenVPN server) but I can do the reverse. I have temporarily disabled ALL iptables rules and set the chain defaults to ACCEPT and still nothing. I'd like to say I'm decent at figuring out iptables but I can't work with the zone_wan_input and zone_lan_input, etc chains but I'm assuming that's not the problem because I deleted all of them (temporarily). This is also an issue on the Turtle for me. I have not tried setting the Nano or Turtle as default gateways on my server because I'm not using openvpn-as (access server), just plain old openvpn command line community edition so I'm not sure how to do that and can't find anything on google on how to do that. Here are my current iptables rules on the openvpn server: ip=`curl -sS -4 http://icanhazip.com` iptables -A FORWARD -s 10.8.0.0/24 -d 10.8.0.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to $ip It'd be great if anybody had some insight on a solution, thanks in advance!
  7. The Pineapple can only do 2.4ghz, so that's what the dongle is for. Adding 5ghz support.
  8. Couldn't find those drivers precompiled for Openwrt, and I couldn't compile them myself. Any other ideas anyone?
  9. I'm looking for a nano-compatible 5GHz usb wireless dongle (small form factor). The drivers don't have to be preinstalled, they just need to exist for the nano. It would also be nice if it had monitor mode capabilities. Injection support would be a bonus. There doesn't seem to be anything like this on the Hakshop. I've been doing some looking on Amazon and this seems promising: http://www.amazon.com/StarTech-com-Wireless-AC-Network-Adapter-USB433WACDB/dp/B00NJF21EQ/ I believe it uses AC600. Some people say it has monitor mode but driver issues. There's also this which I couldn't find any information on: http://www.amazon.com/Edimax-EW-7811UTC-Dual-Band-Connectivity-Exceeding/dp/B00FW6T36Y Thanks for any help!
  10. First I'd try executing mount /dev/DEVICE_NAME /mnt If that works and you can access the flash drive at /mnt I'd add config 'mount' option target '/sd' option device '/dev/DEVICE_NAME' option fstype 'auto' option options 'rw,sync' option enabled '1' to fstab.
  11. wlan0-1 is because you're running an open AP and a management AP. If you disable the management AP wlan0-1 disappears. On a side note it'd be nice to know if you can disable the open AP as well. I was just thinking it might help use less power when in recon mode.
  12. I think you have what I'm saying confused. They are not on my physical machine. They are merely connected to the Pineapple's open AP from their laptop.
  13. @Darren I'm not concerned with regular users. This is for the sysadmins or people who would look up WiFi Pineapple to find out what it is or people who already own one being able to find out information about yours. Ex: they could find out if you have Cabinet or any other module installed by going to http://172.16.42.1:1471/#/modules/Cabinet without needing to log on. @audibleblink's CSS solves the issue of someone looking up WiFi Pineapple and going to your site and to find out information unless they know you can disable that CSS on the right side of Chrome's Developer Tools which makes it look exactly how it did before.
  14. Glad you all agree and I'm liking the ideas! Specifically I'll be trying editing the CSS. Hopefully we'll see what Seb or Darren have to say for a more permanent solution.
  15. Hi, I really love the new UI design, besides the pre-login phase. It looks as below: Initially this concerned me because I thought it showed data in the background before you logged in which is false. Later when I was learning the new API on my own I developed a module called "Reboot" that does as expected, reboots and turns off the machine. My problem is the below is shown even before I log in: In the background there is a leak of information about the module. This can be viewed for any module that's installed to see what the Pineapple owner might be doing or working on. Would it be possible to have an option to force a user to look at a generic login page before viewing anything or do you think that would be excessive? Thanks for the consideration
  16. So I learned the order of iptables rules matters and that solved my problem. Below are the commands I appended to my /etc/firewall.user file to block access to local subnets. The pineapple is still accessible though (possibly because it's the default gateway?). #block all traffic to any possible private network address (10.*.*.*, 172.16-32.*.*, 192.168.*.*) iptables -I FORWARD 1 -d 192.168.0.0/16 -j DROP iptables -I FORWARD 1 -d 172.16.0.0/12 -j DROP iptables -I FORWARD 1 -d 10.0.0.0/8 -j DROP
  17. I am unable to connect (ping, wget, etc) to anything network related once I run wp6.sh, thanks anyway though!
  18. Huh. I still can't seem to figure it out. Thanks anyway. Here's a few of the many things I've tried: config rule option src lan option dest wan option dest_ip 192.168.1.1/24 option target REJECT config rule option src lan option dest wan option dest_ip 192.168.1.1/24 option proto tcpudp option target REJECT They seem to not be doing anything. Even after /etc/init.d/firewall restart. Sorry for being a noob.
  19. I've never used /etc/config/firewall before, what sort of rules do I specify there exactly? Thanks!
  20. A Chromebook is a very neat device for powering and using the Pineapple because it's lightweight and has a long battery life. The only problem is I cannot enable Internet connection sharing on it because to my knowledge there are no such options. Since I have developer mode enabled I have a regular linux shell, but wp6.sh does not work. It outputs the regular "browse to http://172.16.42.1:1471"but kills the Internet on the Chromebook until I reboot. My settings for wp6.sh are: Netmask: 255.255.255.0 Network: 172.16.42.0/24 LAN: eth0 WAN: mlan0 Gateway: 192.168.5.1 Host PC: 172.16.42.42 WiFi Pineapple: 172.16.42.1 My output of "route -n" before plugging in the Pineapple is: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.5.1 0.0.0.0 UG 1 0 0 mlan0 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 mlan0 My output of "route -n" after plugging in the Pineapple is: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.5.1 0.0.0.0 UG 1 0 0 mlan0 0.0.0.0 172.16.42.1 0.0.0.0 UG 15 0 0 eth0 172.16.42.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 mlan0 ifconfig produces (XX is censored): eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.42.111 netmask 255.255.255.0 broadcast 172.16.42.255 inet6 fe80::2c0:caff:fe8b:3ccf prefixlen 64 scopeid 0x20<link> ether XX:XX:XX:XX:XX:XX txqueuelen 1000 (Ethernet) RX packets 102 bytes 5624 (5.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 4660 (4.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 156 bytes 11816 (11.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 156 bytes 11816 (11.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 mlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.5.11 netmask 255.255.255.0 broadcast 192.168.5.255 inet6 fe80::2ac2:ddff:fe62:ef15 prefixlen 64 scopeid 0x20<link> ether XX:XX:XX:XX:XX:XX txqueuelen 1000 (Ethernet) RX packets 2995 bytes 2237403 (2.1 MiB) RX errors 0 dropped 30 overruns 0 frame 0 TX packets 2618 bytes 556993 (543.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Thanks for any help!
  21. IP Forwarding is enabled by default, so that's not effecting it. root@Pineapple:~# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 I also tried iptables -A FORWARD -d 192.168.1.1/24 -j DROP and this did not succeed either.
  22. The command iptables -A forward-s 172.16.42.1/24 -d 192.168.1.1/24 -j drop had some issues. I changed it to iptables -A FORWARD -s 172.16.42.1/24 -d 192.168.1.1/24 -j DROP but that still didn't work. Any other ideas?
  23. Thanks guys I'll take a look when I get home and report back!
  24. Hello. I would like to have an option to exclude clients on the Pineapple from being able to access the network the Pineapple is getting Internet from. For example, I have a home router with the subnet of 192.168.1.1/24 The pineapple has a subnet of 172.16.42.1/24 and is getting Internet from a computer on the subnet 192.168.1.1/24. I would like users on 172.16.42.1/24 to NOT be able to access IPs on the 192.168.1.1/24 subnet. Is this possible? Thanks for any responses!
×
×
  • Create New...