Ruck

Thanks for your responses. Those tools you mention (gobuster, dirbuster and HTTP fuzzing) have a lot of options to look into and unless I am able to figure out what a tool does and create/generates I am not going to use them in real life environments. I do not understand how fuzzing could benefit the goal mentioned ("submitting lots of invalid or unexpected data to a target"). Although error messages can provide loads of information, it does not indicates wheter an (specific) file exists in a directory, right? Based on the concept of directory busters though: <URL> / attachment_answers/000/428/835/<filename>.jpg.jpg?<id value> The URL domain is fixed, and so is the first directory (attachment_answers), so no hard parts there. The next part is variable (/000/428/835), but I assume based on project/subscription id's. With those tooling you mention, would it require to provide a directory listing, including (all?) possible combinations? And thus wordlisting the directory/path? Since this part is integer based it wouldn't be to hard to script manually if required, but creates a lot of combinations. The filename is user-provided, so cannot be guessed easily (although I would expect a lot of users using passport.jpg?!). Is in these kind of 'attacks' only wordlisting the possible solution? Or is there a way to retrieve from a directory only based on file-type? (so the name is black box?) And I am going to point out the Real Estate agency that there policies and security are not up to date, I have found several contradictions in their Privacy policies, processing of data and email confirmations received. But I would also like to mention how easy/difficult it would be for a person to discover those (passport) files, not solely based on an assumption, but based on own expectations/experience): "I notice passport files out to the open with limited/no security, I expect those files can be accessed (very) easy by doing ABC" This way I can create an open window for further testing with approval/assignment. I mentioned some privacy concers earlier in the process and they cared very less, due to vivid amount of customers (high housing turn-over currently, thus lots of willing customers to not care about privacy and not complaining). The other option would be stepping up a step towards (privacy) authorities or privacy fighters/journalists, but I want to give the agency a fair chance.

Recently I have subscribed to a website for Real Estate agency, since I am look to buy a house. One of the requirements was to upload a scan of my passport. Already a bit anxious about the security I have covered sensitive elements with black tape before scanning and added a watermark stating the purpose of the scan before uploading. Not really suprised I got a mail stating my subscription was received with a direct link to the passport image uploaded. I have subscribed a second time to find out that the proces is the same and the link showed similar layout/components: <URL> / attachment_answers/000/428/835/<filename>.jpg.jpg?<id value> Compairing the received URL's to the image I did not find usable logic (for me). The numbering in the URL seems to be site generated (and problably related to project and subscription numbering), but not easy guessable/predictable. The filename corresponds to my uploaded filename + jpg extension (hence the double jpg). The ID value does not seem to prevent anything (removing still displays the passport image). Since I did not discover any real security countermeasures, I am wondering if tooling exists or could easily be created/scripted that is able to discover other images on the site, some sort of image scraping. Googling this question only returns scrapers with (wordlisting? bruteforcing?) filenames or directories. I want to know both for my own education (I'm active in the IT audit & security domain) and to be able to notify the Real Estate agency, but provided with a Proof of Concept (if it's easy to perform and within legal boundaries/responsible disclosure). Could anyone indicate wheter or not this is possible? And maybe an indication of effort and/or tooling required? If this requires additional information and/or further background of my intentions, please let me know what is required.

I've contacted support and they will exchange the Nano! Great support and thanks for the help in guiding for a solution!

Thans for your help Cheeto. I've tried the same steps on another computer (my work laptop in this case). Also no succes, the adapter keeps stating that a network cable is not connected. The GUI or SSH is not reachable. Also I find it very suspicious that the blue LED is not als bright als before (and definitely not blinking or any action what so ever). I've contacted support and referenced to this thread.

Yes, I did

Cheeto, I have tried your video instruction, but I won't reach the firmware update page. Any other suggestion?

I have tried everything from this thread: https://forums.hak5.org/index.php?/topic/37210-just-bricked-my-nano-howto-unbrick/ Both factory reset as well as connecting with reset button pressed. But nothing seems to work :( Although I think I made some progress. When first connecting the Pineapple to my Linux box it stated in dmesg that USB was over-current. After a cleaning with air this message turned into: dmesg extract: Ifconfig shows no IP assigned sudo ifconfig eth1 172.16.42.42 netmask 255.255.255.0 up ifconfig Trying to reach the webGUI doesn't work Trying to SSH to the Pineapple doesn't work (ssh root@172.16.42.1) Route Please help with further suggestions. (NOTE: I am a newb in Linux, so all command are just copying and trial and error in my case)

I've ruled out the USB-Y, since the same problem occurs with the Pineapple juice. No suggestions?

Hey there again, After a time of not using the nano I tried to attach the nano to my laptop again. BUT....the nano did not work :S and I can't figure out what the problem is so I need help! When I attach the nano to my laptop with the USB-Y cable like before the blue LED is hardly visible, at least not as bright as before and not blinking or any activity noticable. The nano shows up as a network adapter stating network cable not attached. The GUI is not reachable (at 172.16.42.1:1471 at least). Any suggestions on how to solve/where to start?

I have a question regarding the RandomRoll you used: - When I try this with my iphone it only trolls using http sites, no https sites, is that expected behavior? If so, what causes this? Other questions I have: - Is it possible to log probes indicating wheter or not these are probes for open or closed networks? - Is it possible to log disassociation of devices (when I check logging after a day of Pineappling, I see several associations, but cannot say how long they have been associated and whether or not I could have used modules for sniffing or other 'fun' stuff?

That doesn't explain the numbers/stats I see: I see two networks in reach: WORK and WORK-mobile (fictive names). 15 clients are associated with WORK-mobile. But I also see 36 unassociated clients. Which means the 36 are not connected to a wireless network right? After running the PineAP for 1 hour straight I find a merely 13 SSID's. The fact I am finding SSID's suggests that the Pineapple is working, but the devices are not probing? One of the devices is my own iphone, which isn't connected to any wireless network and should auto-connect to my HOME wifi. So I would at least expect one probe for HOME (after an hour?!). Am I thinking in the wrong direction?

I have attached my Wifi Pineapple today again at the office and done a recon: I find 7 with SSID associated clients and 30 non associated clients. With PineAP running enabled for 1 hour, including all options accept broadcasting SSID pool and only 'find' 3 SSID's. This seems quite low regarding the amount of clients! Any help would be appreciated.....

Recording is indeed a good idea for back-up, thanks for the suggestion. I tried 'forgetting' my work network from my iDevices (ipad and iphone) and log probes again. Still I cannot find my iDevices probing for my home network 'SSID: Home'. Also I have set up the PineAP to add SSID to the pool at my office. The pineapple only find/records 5 SSID's, which I find scarely low since there are about 5 employees with mobile devices in a 5 meter proximity and 30+ in a 10 meter proximity. I would expect a lot more probes for a lot more SSID's from 10+ devices (laptops, phones, tables) in the vincinity, correct? Any thoughts?

I have another (newb :S) question. I am currently experimenting with the (basic) possibilities of the Wifi for my demonstration. (Barry for your critical response, but I feel confident enough to be able to pull this one off. I am experienced in giving presentations in the setting and I know I am the one-eyed in the land of the blind). I won't go into sniffing and/or tampering, so probably only SSID recon and connecting my iDevice for demonstration. Nevertheless I am wondering about the following: When I start the PineApp for logging probes, associations and capturing SSID to pools, I am able to see SSID and MAC's around the Pineapple. Now I have my iphone 6 and worklaptop Lenovo T-??? nearby and I know they remember (closed) Wifinetworks (eg. my work and home WLAN). When I do a recon I can see their association with my work SSID, but I do not find any other probes from these devices in the logging (eg. probing my home WLAN)? Any suggestions about this?

Thanks for your response so far, you have already helped me in my thinking proces with the Nano. What I try to accomplish with the demo is a very low/basis awareness and provide a demostration of possible attack vectors. The crowd consists of financial controllers (so non-techies), which have heard of cybersecurity, hackers and all that scary stuff. The first part of the meeting will go into regulatory requirements, the need of information security policy (company wide, organisational, procedural and technical). The second part we would like to demonstrate some very (unskillfull) attack vectors, to entertain the crowd, make them aware of how easy attack vectors can be (since I am not a hacker, but with very easy to use tools already can perform basic attacks). So I want my WifiPineapple demonstration to get the crowds attention as much as possible, so providing as much personal information as possible, but without crossing the line of privacy and legal. Based on your response I think I would go for a setup like: Wifipineapple attached to the presenter laptop (for internetconnection), but stealthy placed ofcourse Activate PineAP with all but broadcasting SSID Pool (since this is more stealthy, right?) Hopefully some crowd members will have open SSID's and will connect (due to beacon response?!) This way I can show/tell the crowd: 1) Look I have found all these SSID's (eg McDonalds, Home, hotspots) so I can track/profile you by MAC address (and maybe mention: luckily these are not open SSID's and will not connect directly) 2) Look I have created X association with the PineAP, so I could monitor your networktraffic The last remark about get and DNSSpoof already goes beyond my current knowledge and skills, but thanks for the direction (I am going to look into this ;)) Another thing I am thinking is to set up my own AP with a weak password (eg Password123456 since it is considered strong with most password restrictions), connect with a device, capture and crack the handshake with Wifite. Thanks for your support, I quite like the activity of this forum! Any thought are still welcome ofcourse

As mentioned in my (first) other topic I am quite new in using the NANO, using Linux and other pentesting tooling/stuff. Currently my manager has also asked me (since I told I bought the fruit) to give a demonstration on our next customer meeting (a meeting for financial controllers of our clients) regarding Cybersecurity. I am limited to a timebox presentation of 15 minutes, but can setup the wifi nano about 90 minutes in advance during other presentations and the walk in. I am not allowed from a legal perspective to break, steal or entering mobile devices, so I am thinking what would be a great demonstration for this purpose to create awareness, but without crossing privacy and legal. 1) I was thinking to set up an unprotected/free AP with the similar name of the locations AP or with the name of the Event and see who will log on to it. 2) same as 1, but with WPA2 key, provided at entrance of the meeting 3) Only recon scanning and log probes to see where attendees have been (so profiling the attendees in general) 3a) In this case is there a method to spot probes for open SSID's of devices, without having them connecting to the PineAP? So far I haven't found this yet. This would indicate devices vulnerable for the PineAP daemon right? WPA/2 protected SSID are not vulnerable to this, since the probe is with authentication, so the SSID Pool will only send the rogue SSID, but the device will not connect to it? 4) For option 1 and 2, what are nice tools/scans to perform on connected AP's to find information on the attendees which can be shared publicly... I know these are a lot of questions to ask for a newbie, but if you don't ask.... Any advice on where to start/learn are welcome....

I have resolved my issue by resetting the NANO and reconnecting. If the problem returns I will mention.

Hello, I'm quite new to the Wifi NANO, technical pentesting and linux in general. Since I work with pentesters a lot, I would like to learn more and be able to give simple demonstrations (script kiddy style ;) for non-techies. Yesterday I have received the NANO and started playing with it. I was able to recon and add clients to the filter (just as Darren demonstrated in the primer vid). Today I attached my NANO to my Windows laptop again, set up the ICS. When I open the filtering tab 2 MAC's are already added, which I can't remove. Neither can I add a MAC manually or through the recon dropdown option. Any help? Kind regards in advance.