Jump to content

Teabot 5000

Active Members
  • Posts

    51
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by Teabot 5000

  1. The Pineapple autossh module will automatically create an SSH tunnel back to a server. If you want to forward all traffic through that tunnel I'd imagine you might need to just add in an IPTables rule to do it. You might need to set up NAT using IPTables on the SSH server. It's strange that didn't work with OpenVPN.
  2. I got caught with that on a test run. It's really something to see a few pings grow to a 200MB+ pcap file after a few seconds! I think saving a pcap to a remote host would be useful for the Turtle too. I'll put together a module for the Turtle first and I'll port the functionality over to a Packet Squirrel payload some time in the future, unless someone beats me to it :)
  3. Could the option to added to the tcpdump launch script to save the packet capture to another host rather than having to save on the USB? For example you can pipe the output of tcpdump to an SSH session and append the capture to a file on the SSH server like so: tcpdump -w - | ssh -t user@192.168.1.1 "cat >> coolcap.pcap" That'll append new packets to the capture saved on the other host. You can read the capture live on the other side like this: tail -n +1 -f coolcap.pcap | tcpdump -r - Of course you don't need to read the capture live, it's just kinda cool to be able to do it. Adding this would help make packet captures a bit more versatile. It would be a pain to have to stop captures and scp the cap over to another host when the USB drive is full. This way you could just save directly on another host.
  4. I assume by an 'nmap' you mean a portscan. SANs have a nice document on a portscanner called IOSMap. It's capable of performing some basic portscans from Cisco IOS. IOScat is a port of netcat for IOS. If you need service discovery you can use that to perform banner grabbing.
  5. I'd say start off with some Web app exploitation, so SQLI, XSS, CSRF, file upload vulnerabilities, etc. That stuff helps get you in the mindset for looking at other areas like network security and binary exploitation. That said, if you don't have any programming skills I'd recommend starting with that. Learn HTML, javascript, PHP, maybe C or Java, and Python. After that understanding some networking basics would go a long way too.
  6. Everything on the store can be found here I can't see the mug though, it must be gone :(
  7. The tutorials you can find on github are pretty clear.
  8. Send a continuous stream of deauths to the legitimate network. That'll prevent hosts from maintaining a connection with the legitimate access point. However, as far as I'm aware a user would still have to manually select to join the illegitimate network.
  9. The TP-Link wn722n is pretty good all-round https://www.amazon.co.uk/TP-LINK-TL-WN722N-Mbps-Wireless-Adapter/dp/B002SZEOLG I haven't heard of anyone having issues with it in Windows 10.
  10. You'll need to at least sit down with the director and agree what's in scope for the test. Also, you should get a signed letter from the director permitting you to run tests against the items you decided were in scope. There could be some data protection laws in your country that should be taken into account as well.
  11. It's probably not activating because the .ep file is the wrong name, will fix that now. jQuery is included but it's in the "static" folder which doesn't show up in the evilportal GUI. I just changed some of the javascript in the behavious.js file (also in the static directory). I changed the "vanilla" javascript to use jQuery because I thought it seemed to be causing some problems for me. I'd recommend looking at the link to W3schools I gave earlier in the thread. It covers everything from HTML, to Javascript, to PHP. It's worth taking a look at.
  12. There is a GUI for duckencoder, you can find it here. I haven't used it so i'm not sure if it does everything you want though.
  13. Ok, @Kn0wledge and @mercredi here's a quick port of the wifiphisher "wifi connect" module: https://github.com/teabot5000/Evilportal-wifi-connect Instructions are in the readme. I ended up changing some of the javascript to use jQuery (which is provided by evilportal). I merged the index.php file (created by evilportal when you make a new module) with the index.html page in the wifiphisher template. Other than that it was just a case of pointing the form in the template to <?=$destination?>/captiveportal/index.php so evilportal could catch it. I just added some lines to MyPortal.php to save the submitted password to a log file which can be defined in config.php. I just tested it in the preview and with an Android phone, so it will hopefully be working ok with everything else.
  14. I have an interest in getting something similar to the WiFi connect phishing page (this one) working with evilportal, so I'll take a look at it tonight or tomorrow at some point. It should just be a case of moving stuff around to get it working. Do you have a github page for what you managed to do so far?
  15. I'd imagine the sqli is going to be visible in data in a Web request, so filtering for http should help you find that. You might be able to filter the data somehow to check for common strings associated with sqli. For the buffer overflow it'll probably be visible as a long string containing some hex at the end. Maybe it would be easier to filter out the other traffic first using "!". So you could get rid of arp with "!arp" and so on. Do the same with dns and any other noise that might be in the capture and take a look through what's left afterward.
  16. You could also just get whatever tools you need onto the host machine and set up a VM (like metasploitable or something else) to target.
  17. You mean the templates are html and php? php can be used to just print html, and as far as I know the evilportal module outputs that php wrapped in html like a normal php web page. One being html and the other using php isn't an issue. Take a look here for a good resource on web development. f you really want the exact same template, you can use the resources to port it yourself, or rebuild it. What wifiphisher does can be done on the pineapple using PineAP, evilportal, and deauths. As far as I remember, there isn't anything special that wifiphisher does that can't be done on the pineapple already.
  18. You can connect the Pineapple to the internet through your computer's WiFi connection. The wp6 script should work. Are you running it on your Pineapple or on your Laptop? Try running this script instead anyway #!/bin/bash #Run about 10 seconds after the Pineapple has been plugged in. #Use like "sudo ./script.sh <pineapple_interface> <computer_wifi_interface> <wifi_router_address>" #Example: sudo ./script.sh eth1 wlan0 192.168.1.254 IFACE_IN=$1 IFACE_EX=$2 GW=$3 ifconfig $IFACE_IN up ifconfig $IFACE_IN 172.16.42.42 netmask 255.255.255.0 route del default gw Pineapple.lan route add default gw $GW netmask 0.0.0.0 echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o $IFACE_EX -j MASQUERADE iptables -A FORWARD -i $IFACE_EX -o $IFACE_IN -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $IFACE_IN -o $IFACE_EX -j ACCEPT
  19. Try this script instead of the wp6 one #!/bin/bash IFACE_IN=$1 IFACE_EX=$2 GW=$3 ifconfig $IFACE_IN up ifconfig $IFACE_IN 172.16.42.42 netmask 255.255.255.0 route del default gw Pineapple.lan route add default gw $GW netmask 0.0.0.0 echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o $IFACE_EX -j MASQUERADE iptables -A FORWARD -i $IFACE_EX -o $IFACE_IN -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $IFACE_IN -o $IFACE_EX -j ACCEPT Run that about 10 seconds after connecting the Pineapple. Use like "sudo ./script <pineapple_interface> <computer_wifi_interface> <wifi_router_address>" I wrote that to give my nano internet access through my laptop. It basically turns the laptop into a NAT box for the nano. The script doesn't do anything to the pineapple so hopefully it'll work for you without causing any issues.
  20. The black piece goes under the PCB, the white rectangular piece goes over the PCB then. The contacts for the SD card should line up with contacts on the PCB. That all fits into the metal USB head and the dark transparent piece fits onto the back them. I can't post any pictures of it right now so I hope the above was clear.
  21. After it boots can you run "iwconfig" and "dmesg" and see if there's any sign of wlan0? If it's not detected there could be a hardware issue or maybe a firmware issue. dmesg should show any errors that are happpening with the interface. You could try updating with the latest firmware and see if that makes any difference
  22. Teabot 5000

    WordList

    +1 for the rockyou.txt wordlist. Kali ships with a few others too if I remember correctly :)
  23. Try connecting to the pineapple over SSH and running "ifconfig wlan0 up"
  24. On Android 6.0.1, WindowsKey + b will open a browser. F2 will enable editing of the URL. You could probably navigate to the server and download what ever it is that way.
×
×
  • Create New...