Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About AlfAlfa

  • Rank
    Hak5 Fan ++

Recent Profile Visitors

1,463 profile views
  1. Send it over SSL wrapped email, and / or send a password reset link rather than just the password. (although someone who receives either could still use both reset types to gain access, so make the password reset step mandatory and they should also be required to enter some information that only they would know!) This way even if someone that shouldn't gets a hold of the password reset link or temporary password, they still would have to know a secret piece of information that doesn't get sent and that they won't be able to figure out or guess.
  2. You can just secure it with a WPA passphrase, rather than just having the network open. I do this with my PC, perhaps check my signature for the link to "Hosting you're own access point to share from one interface to another". Just adapt it for the pineapple, pretty similar it is. Aside from that, you just made me think of a really cool idea and I'm going to see how quickly I can create it! Another way I just thought of
  3. Just as an update, I had to get caught up in my other work, but I finally got uploadwpa2 into a state that it has been much improved and is a worthy update! Also something looks different about this module, dependency? The main difference is adding SSL support, but also switching from hard coded specialized functions which would have to be coded for each site and re-done if the site changed, to a json config file with the default config stored at ~/.uploadwpa2/sites.cfg It's a pretty simple format, and should be able to be configured for most sites except that require a logged in session o
  4. Well actually, 'wlan0mon IEEE 802.11bgn Mode:Managed' doesn't look right. It should be Mode: Monitor no? When in that state try: 'iwconfig wlan0mon mode monitor' Then iwconfig again, and see if it's in monitor, or if it is and it changes back after a short while, then something is manipulating it still. As for getting stuck at the M2 message, I forgot whether it was -N (no nacks) or -n (always target ap nacks) that helped for getting passed that so try either one of those separately and see if it helps. Your device has to stay in monitor mode though or it's going to screw up. Also you shou
  5. I know sftp is kind of similar to scp but not exactly so what about scp?, did you try scp when you said 'webinterface or sftp etc'? I wonder if that will work: scp root@ ~/caps/largecap.pcap Excuse my post if you've already tried it, but you weren't clear on that. Maybe when downloading it uses up all or too much memory and that causes something vital to crash creating the issue you find... That's just a guess though because it's hard to see what's going on from your log files (as it looks almost like it was unplugged and re-plugged). Which is the first li
  6. Yes that's true, it should upgrade to HTTPS which it does for me. You're also right there isn't a 'disable HSTS setting' but a trick to get it to bypass HSTS (at least in firefox): "According to several forums, you can disable HSTS by introducing a new configuration variable. First, go to the Firefox configuration page (about:config), right-click, choose "New Integer", then provide the name "test.currentTimeOffsetSeconds" (no quotes) with a value of 11491200. This should bypass HSTS, although you may also need to clear the Cache and Active Logins in the Clear Recent History dialog (Ctrl-Shift
  7. Well then it's working then! That is a security feature called HSTS built into the browser. Once you go to the TLS/SSL version you can't go to the unsecured version anymore! That's what I think your issue is anyway, see this for a possibly working bypass: https://forums.hak5.org/index.php?/topic/37642-hsts-bypass-and-ssl-stripping/?hl=hstsOr use a custom browser, or one that lets you disable the feature.
  8. It doesn't for you? In my example above it did, I only did that to show that only that one byte out of the 4 bytes actually are changed. Typing two bytes would change the first 2 bytes of the four byte (32 bit) instruction, typing 3 changes the first 3 bytes, and typing 4 changes all four bytes of the one instruction. I think it'll do that no matter how many bytes you type it'll overwrite starting from the address you're at with however many bytes you typed after wx. If you look closely it goes from 10 40 00 26 to 14 40 00 26 -> 10 40 00 26 -> 14 40 00 26 All instructions for this arch
  9. WOOT WO0T! Awesome! So you've got it going! I'll just get the standard OpenWrt SDK then, the issue lies somewhere in the sdk i've downloaded which is more specific to the mk5. At least now I can see that it works! (I've removed that wrong ipk so there'll be no confusion as you've asked) Version 2.0 is almost complete, it also links to libopenssl and libcrypto and I've gotten it to compile even with my broken sdk, (except openssl didn't have the version it was requesting anymore and had to source it from somewhere else (1.0.1e)) Perhaps the standard OpenWrt sdk will have a newer version an
  10. Thank you again, I really do appreciate you trying to help me! I think the problem is I shouldn't of used that outside of the httpclient that's the only place I used it outside of it. replace line 43 in uploadwpa.cpp: if(!file) { http->Log("ERROR Cannot open file"); return false; }With:if(!file) { std::cout << "ERROR Cannot open file"; return false; }And if you have a version of HTTPClient.hpp that doesn't have these headers add them to the top as well: #include <stdio.h> #include <cstdlib> When I was compiling I had to add those, as the reduced version of the standard
  11. Thanks for checking it out, as for the Tetra not being a mips I guess I read that wrong he said a newer RISC architecture but that didn't mean it's not mips just a newer better mips arch... As for it failing to extract the control file, I think there's something wrong with the way it's packaging it since the file is actually in there if I do this I can extract it manually: Alf@UNKNOWN:~/Downloads/uploadwpa-ipk$ tar xzvf uploadwpa_1_ar71xx.ipk ./debian-binary ./data.tar.gz ./control.tar.gz Alf@UNKNOWN:~/Downloads/uploadwpa-ipk$ tar xzvf control.tar.gz ./ ./control Alf@UNKNOWN:~/Downloads/upl
  12. I was actually using just any old hex editor (in my case 'Bless') to do the patching, however yes you can actually use radare2 for that as well. Here's an example of using it to do that branch instruction patch. The first byte from 0x10 to 0x14 is what flips a beqz to a bnez For moving to addresses with 's' you have to add the 0x in front for hexadecimal, but when patching with wx [sequence of bytes] you don't put the 0x in front is what I've figured out... You also need to re-open the file as read-write as it opens it as read only at first, type "oo+" to do that. Alf@UNKNOWN:~/Downloads/
  13. Would the gateway be or though? You can also set the DNS server to the same as the proper gateway address and it'll grab the DNS from the router/gateway instead of entering it manually. Are you sure foxtrot? Maybe I'm confusing regular router manual configuration with configuration for pineapples. On windows 7 if I don't put the gateway for a manual config with my router it doesn't work. That has probably changed in newer versions of windows and it does a better job of figuring it out automatically? However there has been cases where I had two interfaces up and had t
  14. Well I've done it, at least for the nano I believe so: Does this look good? (Yes certainly, you can take a look and see if I did it correctly and test it for me, compiling it yourself, then let me know how I can do the same for the Tetra!) Look I don't want you to have to do everything for me, see I'm putting the effort in here! I should add: Thank you ahead of time. Alf@UNKNOWN:~/pineapple-builder/MK5/package/uploadwpa/package/bin$ readelf -a -d uploadwpa ELF Header: Magic: 7f 45 4c 46 01 02 01 00 01 00 00 00 00 00 00 00 Class: ELF32 Data:
  15. Well that just means I still haven't made it to pineapple module status yet ;)! I really thought you were going to help get my code compiled for the pineapple archs, but I guess you aren't proficient in native code cross compiling or just didn't want to accept a payment for just compiling someone else's module so you re-built it entirely yourself so you felt more like you earned it. That's understandable, however I'm going to do it bigger and better and enough work that you won't want to rebuild it entirely again this time! :) I'll let you have the capturing handshakes module though how about
  • Create New...