Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

721 profile views

aryakangler's Achievements


Newbie (1/14)

  1. @cheeto Could you please explain? This is close to my issue. I can capture creds, but client receives message indicating unsuccessful login. If client could enter supersecretpassword and proceed to internet (not their acct, just google.com) it would increase time until suspicion
  2. Thanks for the info. I will try more scans with the filters mentioned and compare results. For the record, this is not a pentest. I am a serial tinkerer. Anytime I am with friends/family and I know everyone has a device connected to the local network I am running various scans out of curiosity. Again, it sparked an interest when this iPhone responded to the scan in this way. While the phones have different apps, I can not think of either that would have extra "firewall or IDS" installed. Different settings in the settings menu i'm sure, but other than that, the apps are nothing special. My main concern is nefarious activity. To that degree, none of these filtered ports could be related to any type of backdoor or malware on the device right?
  3. They do not have the same apps. Thank you for the replies. I don't know much about nmap, but have run numerous scans and this was the first time i've ran into an iPhone with all these "filtered" ports. A little googling of the ports didn't provide me with any reliable information, so I was a bit alarmed.
  4. Can anyone explain why there would be such a difference when both iPhones are running iOS10? One is a 6, other 6s, but each running 10.0.2 iPhone 6 668/tcp filtered mecomm 1045/tcp filtered fpitp 1087/tcp filtered cplscrambler-in 1687/tcp filtered nsjtp-ctrl 1900/tcp filtered upnp 3261/tcp filtered winshadow 3998/tcp filtered dnx 4550/tcp filtered gds-adppiw-db 5221/tcp filtered 3exmp 5633/tcp filtered beorl 8292/tcp filtered blp3 9999/tcp filtered abyss 10566/tcp filtered unknown 18101/tcp filtered unknown 19101/tcp filtered unknown 62078/tcp open tcpwrapped 64623/tcp filtered unknown iPhone 6s 62078/tcp open tcpwrapped
  5. This device is certainly a novelty if you are only interested in infosec as a hobby. It is my opinion the availability of pen testing equipment to the general public creates a false perception of "hacking." Not that infosec is a hobby for you, but PineAP is not all the pineapple has to offer. As far as attracting clients, it is critical to understand what clients you desire. A little social engineering in addition to understanding exactly what you are trying to accomplish will go a long way. For me, it seems like it is much harder to snare clients in a "lab" compared to a real deployment.
  6. This could be the work of a IDS (Intrusion Detection System). It is possible the AP on the nano is identified as an unauthorized Access Point
  7. +1 the HTTPS problem hasn't been much of an issue for me as iPhones are usually what I am after and they request captive.apple.com (plain http). Other devices however never show the portal. The redirect has also been problematic for me. Loving the work so far!
  8. I'm a little confused. I was only mentioning the fact DNSspoof successfully creates a log in hopes that would exclude the SD card from being the problem. I do understand the logs generated by modules are not related to the logs generated by reporting. My issue is the reporting module does not generate a log.
  9. The reporting module is not generating any logfiles. I have reflashed and done a format on the SD with no luck. I have tested the DNSspoof module and it successfully generates a logfiles. http://imgur.com/a/Dso1t
  10. I'm using OS X 10.11.3 on university WiFi networks (2G & 5G APs depending on your location on campus). WPA2-Enterprise [EAP-TTLS (MSCHAPv2)]. I've always been interested in breaking things, but never interested enough to risk violating the ambiguous CFAA. Of course the university also has a strict Computer & Network Security Policy. Therefore, I am in no way attempting to (or asking for information to assist in) violating either of these. My interest is purely in personal privacy and security. I am constantly looking at the available networks and have noticed that although prohibited by the university, you don’t have to wander much to find at least one rogue AP. I suspect these APs are merely personal hotspots, but it seems possible more nefarious reasons could be lurking. One thing I've noticed is occasionally my WiFi connection drops, and a dialog box pops up requesting my login information. When this occurs, I simply close the dialog box, and I am quickly reconnected to the network. This led me to ponder the possibility of someone running a MITM style attack. Having never connected to a WPA2-Enterprise network before, I regretfully didn't pay much attention to the process. I admittedly followed the setup procedures without really questioning things. I cannot find where apple stores the CA I accepted upon first connection, but I am concerned about its validity. I went as far as deleting the network and adding it again but was not presented with a CA. Is this even a concern? If I understand what I've read, allowing users to accept a CA that is not trusted by apple is not a good idea. In these cases it sounds as if manual configuration by IT staff is necessary. I can’t find information regarding the login prompts that occasionally popup, and if they are legitimate, how I am able to stay connected after not providing information. I believe I have located an area on campus that consistently causes a login prompt. However, i'm guessing I've been handed over to several different APs in the network extension so maybe this is why? This question has also led me to wonder what type of activity network admins have access too. Do network admins also have the ability to monitor the pages I view? I.E.: do they know I read The Hacker News daily, or visit Hak5 forums, etc,? I assume a WIDS is in use. But…. then why, or how, are these rogue APs consistently detected. Any sort of useful packet capture over 802.11x networks is next to impossible right? I haven't attempted any sort of network scan other than monitoring APs beaming SSIDs. My interpretation of the CNSP doesn't sound as if they find it acceptable to poke around their network for possible holes.
  • Create New...