Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by madvideos

  1. oh forgot one thing, you plug the phone directly into the Nano or you can use a hub, I have a small 4 port hub I use but often have no real use for it because if you start plugging in other devices you will drain the battery.
  2. I am not sure how to fix any of you guys problems however I will tell you how I do it as the phone is the best way to go and mine works perfectly!! Download the "Wifi Pineapple Connector" app from the google play store. Free!! Plug the phone in to the Pineapple first, I don't know why, just gives me good mojo 🙂 Plug the Pineapple in to a power source, could be a usb hub, power bar does not matter what brand, or your phone charger in your car, though I have not tried the car port yet so let me know how it goes. Wait 10 seconds and then open the app, and I see you are aware of the tethering so cool. Ron: Trust me bro, I lived there for a while figuring this thing out. I have the manual but there are a lot of things left out. Looks like they wised up and now just making devices anyone can use lol. I think it is a good thing considering how dangerous this thing really is, the ones who figure it out will enjoy it, the ones that don't probably didn't need to know how it worked anyway!!
  3. In order for someone to MITM you they MUST be on your network. So log in to your router, usually or some foolishness like that and see who is connected and you can also look at the log files. If you see a device that does not belong to you then the party just started son! Scan the living F out of that joker! Find something juicy 🙂 Myself, I would take note of this jokers mac, deauth him from the network, or just restart the router, but if you want a few cool points, use the deauth module in the nano, but before you do that create a hotspot named the exact same as yours and turn your router off, he should connect back to you and most likely not realize this time the AP is open 🙂 Hopefully at this stage you have some ready to serve Evil Portal pages. You can download ready made pages from github, just google evil portals, don't forget the s. Don't try to put them all on your nano's internal storage though 🙂
  4. btw, I highly suggest you download it like I did. It's a fairly large file though. It is a keeper in my private stash folder 🙂
  5. Not sure if this was posted in the many pages, fantastic resources you all posted, thank you!! This was just released/posted a few days ago on the tube, it's no lie, it is a 15 hour no commercials video and is extremely helpful to the new and old, I am about 6 hours in and with each part I find myself googling more about that specific topic and going deeper so really I have spent far more than that. He even has the homework folders on github. I am loving it! even though he somehow packed this all in that time space is incredible, though it takes serious effort on my part to extend my learning beyond the video. This guy really knows wtf he is doing and I never knew you could get paid finding damn bugs in a website!! Enjoy!
  6. never mind, I had a moment. Thanks anyways, just now getting in to sdr. peace
  7. are you using a MICRO SD like the one below? Not this, this won't work out for ya.. Peace homey!
  8. See the slot towards the back? Make sure you are using a MICRO SD card You will not have much success using a thumb drive! Save yourself some misery and use the MICRO SD card. Then go to advanced and wait a sec for the usb info to load and use that small drop down menu and format, reboot for extra swag and you should be good to go. If you want to access the files on the nano use FileZilla. The connect info - sftp:// username is root, unless you made something different during setup. The same for the password you made during setup. Peace homey!
  9. Ok here is the skinny, could not wait to get home and play with everything 🙂 So I figured now the MICRO SD card is working and all I went ahead and did a fresh firmware flash and man let me tell ya, this thing is working perfectly!!!! In hindsight now I think I know why things were acting up, I had no space for logs, dependencies and such. This thing is extremely limited without that MICRO SD card. Welp, about to go play in module land 🙂 I hope after this 4 page thread everyone has a working MICRO SD card and the pineapple is just a purrin'
  10. Well I am not sure how I missed the micro sd slot but that did it. All along I see ppl mention sd card.. Not micro sd. I never realized that was on the side of the damn thing!!! But nevertheless works like a charm!!! Now if the ssid pool would quit disappearing!! Thanks for the help. I spent way more time than I should have because my dumb ass didn't RTFM!!!!!!
  11. No workie bro. Even bought a brand new laptop and a new 129gb stick. This is my output, if I had to guess I would say whatever that "layers" does seems to mask my drive somehow but I really have no idea, in Kali my drive shows as /dev/sdb/ even your instructions did not work. Maybe I am missing a simple fundamental step? Filesystem Size Used Available Use% Mounted on rootfs 2.3M 252.0K 2.1M 11% / /dev/root 12.5M 12.5M 0 100% /rom tmpfs 29.8M 116.0K 29.7M 0% /tmp /dev/mtdblock3 2.3M 252.0K 2.1M 11% /overlay overlayfs:/overlay 2.3M 252.0K 2.1M 11% / tmpfs 512.0K 0 512.0K 0% /dev Bus 001 Device 006: ID 13fe:4300 Kingston Technology Company Inc. Bus 001 Device 004: ID 05e3:0745 Genesys Logic, Inc. Bus 001 Device 003: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n Bus 001 Device 002: ID 058f:6254 Alcor Micro Corp. USB Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  12. Great question, I have tried many sizes and brands except the 4gb. They all can he seen in the advanced screen under usb but it just won't work. I will be trying divxpr's way when I am off tomorrow. Good luck. Microcenter has some kingstons branded with the microcenter logo. Been using them for years without any issue. Start there as they are a great bargain!! I also have high end ones as well. I keep telling myself imma make something killer with them one day 😁😁😁
  13. So today I logged in to my banking app, BOA, and a window opens and tells me they have a new feature that can detect if my card is on me. Sirens went off, how is my phone able to know that the smart chip is there and that it belongs to me. There is obviously traffic of some sort and to me it seems it goes both ways. Anyone got any insight to share on this? I suppose I could run wireshark as I walk away from my wallet, maybe a later project. I know wireshark can read data going to google as to where exactly where I have been all damn day.
  14. I would wait bro, with 5G taking off I can see a new nano that supports 5G coming soon. Mine does what I need it to do still!!
  15. you are overthinking this bro, I say to myself, self, what would anyone port scan? I says to self, self, it has to be a building of some sort, self agreed. I can only imagine what you are either inquiring about or about to do or what so all I would say is what you are trying to do worth your freedom, in prison, because you may violate federal laws and you will go to federal prison and you WILL do 80% of your time, that's why they sentence in months, they mean that sh!t!! I spent 4 years in prison, state that is, you really don't want to risk that port scanning some dumb crap right? I mean if there is a payday in it then take your chances, I wouldn't, younger I would have 🙂 The only real thing you are going to do is find mostly junk you can't use as this huge migration to cellphones, tablets and real deal enterprise protection will just be an endless sea to nowhere. If you are port scanning your own network you will just slow it down. Just use FING, from the app store, stealthy and has almost no impact. Peace
  16. btw, you really should watch Mr.Robot on USA, it is also on Prime, watch seasons 1&2. Everything he did was real, just sped up for TV. You can buy or build the Nexus running NetHunter or PwN Pony which I think that is what he used in the movie, though similar builds they are quite different. You can buy or build a rubber ducky, which is what he used to access the Skada system by dropping them in the police parking lot knowing someone would be curious and pick it up thinking it could be evidence. The first scene is the realist, now append that to your story and imagine Elliot framed the guy, he clearly gained root access to the file system. Understand Elliot portrays a real life hacker and a lot of what he does most can't duplicate except mostly the hardware part. Real hackers can do it all and there are very few of them. Most I am sure live in China because their technology explosion is incredible. Last post sorry lol, this made me think of Mr. Robot and that first scene. Thought you would enjoy it.
  17. What tools do you posses? What you are talking about is simply capturing the SSID probe and the mac address which are easily done in Kali with Airodump-ng . I have not used that in a while though You could use FING from the app store, free and so easy my next door neighbors cousin Lucinda could use it and she lives in a cabin .. well the FBI is looking for her 🙂 My preferred way is with the Pineapple nano because it can spoof their SSID and when they are in range they will connect because you don't just have their 1 SSID you have them all so that phone is gonna go bonkers when it see's all of it's favorite networks 🙂 You can also use the filter to allow ONLY that person. And you can set notifications.. would be cool to have it pop a message up about it. Add it Darren 🙂 I hope this is your phone you are tracking because you lost it or someone stole it, because if you are, you sir are one clever joker to reverse a pineapple nano in to a SSID tracking device. that is genius 🙂
  18. I am 48 and I spend too much time, especially when I am trying to get something to work then the black hole of time swallows me A lot of the time I am watching something though. Working through computer issues for some reason is extremely relaxing. If I am off I will most likely spend the whole day, if I work I really try not to attack any projects as it could go on for hours, I really want to unbrick my laptop but I know if I start it will be like it has been, a day long ordeal. I don't need the laptop but it troubles me when I can't solve the issue... well.. with the help of google 🙂 I got that mainstay chair with lower back support if that helps any of you. Works GREAT!
  19. Meant 1 for pi and 1 for laptop 🙂 yeah.. I am floating right now.. cheers!!
  20. Yeah you, how many do you have laying around "Just in case" lol I just got my 6th one today, now that is working ones being used, not in a lifetime, jeez... all TPLINK WN722N, no you can't click that and I am not making a dime! All I really ever used except an Alpha, and when I say used I mean works with Kali. I had many more before I realized that was the issue I was having. Main Desktop - 2, one for winders and one for vmplayer Pineapple nano - 1 Raspberry pi 3 B+ - 2 The one I got today is for the PI 4 I am ordering. Can't seem to find the 4GB model for a real good price.
  21. You need to go look on youtube. There are plenty of jokers demonstrating how they gain access to computers. I would not be surprised if there are a lot of people in jail because of this. I am even more surprised this is not asked more often. Now in your scenario the attacker has great knowledge of the victim, address, name and pretty much anything else, they may have it from personal means or from doxing the victim. Either way it is up close and personal. The average persona doesn't think like that, even if I hated someone I would never consider that due to it can haunt you for a long ass time!! BUT, our government doesn't have a heart and will not think about doing it more than once before it IS done! Your attacker's knowledge of the victim is paramount. Just a heads up, I am NOT a hacker, I am a hobbyist and claim no specific area of computer security. I have a career and it has nothing to do with computer security, not even close. Also don't contact me regarding details of this attack and how to perform it. There are plenty of sites for it. I will also leave some things out on purpose. I am just giving you an easy picture to look at. Chapter 1 The Intelligence gathering This is really a multi-step attack, meaning there are many moving components. For someone to do this they have to have an incredible amount of dedication, patience and hatred towards this person. The attack itself is very possible. For maximum results the attacker would perform this kind of attack locally, meaning they will park down the road from where the victim is. Or even park outside of their work, the best scenario is the attacker being outside of a diner where the victim is eating and you are masquerading as the diner hotspot kind of hard to deny your phone did things while on you at the diner under camera, would be best as you really want to try to gain access to their phone first or at least capture the probes which will also contain their home access point SSID and the SSID's of everywhere he goes, most people do not forget networks they previously connected to, why? For the same reason they don't type web address's, it's too much trouble 🙂 So like I said, the attacker which we will call Joe has not been fortunate enough to catch Larry (our victim) eating out or really doing anything we could use. Joe has spent a month watching Larry, time is up! Joe parks down the street from Larry, Larry is chillin, eatin and watching tv. Lucky for Joe he is watching netflix on his phone, WOOHOOO, this is going to be super easy, btw, Larry has a 82" tv on the wall in front of him, remember the typing web address's ? Again, too damn lazy to get up and grab the remote, but this is good news for Joe! Joe just needs enough hash's to gain instant access to Larry's network, all Joe has to do is deauth Larry from the network over and over again, which with the Pineapple that happens within 3 seconds, the enduser is ignorant, they are already on FB leaving a nastygram for Verizon for the outage 🙂 Joe is happy, Larry keeps rejoining his own network, he does not know his phone connected soon as he got home, he still thinks he is on his phones network LOL. Now you got to admit, that is funny as hell and happens a million times a second I am sure!! Joe finally gets what he needs, the password to the network, now there is the mac address attack and a few other ways to get in but for the sake of this funny story we are breaking Larry's encryption. I hope your real friend is not named Larry..lol Joe is going to use several tools now that he is on the network, Joe is very pleased because now he knows Larry is one lazy sob and he also knows Larry would never find the motivation to log in to the router and look at the logs so Joe completely owns Larry at this point Chapter 2 The Engagement Joe just gained access to Larry's network and now he is running a scan, Joe has an app on his phone called FING that identifies devices, playstations, ios etc... Joe is not looking to hack a playstation! Joe is looking for devices that have storage and that communicate via some means. Joe hit pay dirt, a winders 8 machine, most likely people just look at it, this is perfect for Joe because he can clear all the windows logs when he is finished, getting in? Are you kiddin me? There are an arsenal of exploits you can use in Metasploit. And that is exactly what Joe does and boom, Joe has not only broken the encryption on Larry's network, thanks to Larry being lazy, he now has a root shell on that winders box.. the ideal move for Joe is to see if he can find anything incrimination that already exist this way it can all be traced through the log file, we really don't want to talk about Larry not having the sheer strength to push a computer button.... Joe finds nothing, Larry has no life whatsoever! Joe is going to change all of that buy simply uploading some illegal content to Larry's computer. With root access you may as well be sitting right there at the computer! Joe clears all of the log files from the computer and router, Joe knows clearing the logs will show the fuzz intent to conceal evidence. Joe is one clever joker, but so far Joe has not used any real hacking, he used premade tools designed with 1,2,3 click attack vectors. Joe continues on with his attack by gaining access to other devices and doing the same thing. Now Joe could take this to a whole new level by breaking in to Larry's house and getting on his computer, download tor, create post and upload pics to forums, when the fuzz see's' Tor, they know they got their guy! Joe deletes the icons and hauls @ss. Now Joe can still continue on but he has Larry right where he wants him. Why you say? Because Joe knows some of the sites are FBI honeypots and the posts are in terrorist form. As you can see this attack could go on and on. Joe never did break in to Larry's house but he did manage to get Larry arrested. In closing Framing someone would be extremely easy, however, today's computer forensics are top notch and if someone cared enough, they almost never do btw, they could help Larry but it would be a difficult fight. The point is anyone can frame someone, you don't need to be a computer nerd, but it really helps, seriously, A LOT, but you can frame someone with drugs. I know I cracked jokes and stuff but man I hope your friend is not in an serious trouble and being framed could end his existence. I wish you luck in your pursuit sir and hope your friend is vindicated. When I first got in to computer security the first thing I thought was damn, what if someone try's to frame me doing this? I quickly realized I really needed to be careful of what I do. So some of the programs used in this story are: Kali Linux WifiPinapple Nano being controlled by Joe's phone and using the dauth module, yes like I have said before, the pineapple is still a deadly weapon in 2019 and will continue to be until people change their networking habits and I am here to tell you now THAT WILL NOT HAPPEN ANYTIME SOON!! I am still getting the tetra, got to stack up some extra cash, I only want it because I know Darren is foaming at the mouth over 5G 🙂 FING for scanning the network to detect device makes Fluxion, does not come with Kali, has to be git cloned Metasploit, comes stock with Kali There are many many ways to do this. If someone was to get root on a cellphone man you talkin about a party son 🙂 And it is not as hard as you would think. Create a landing page on the pineapple, have Larry connect by spoofing his SSID, and on the landing page you tell ol' Larry you need this APK to access the internet 🙂 The APK created with msfvenom in Metasploit, again, 1,2,3 clicking system. My 9 yr old can do a killer DNS redirect and in your browser you see the real web address but you are on his apache server on a fake page lol Peace!
  22. Anyone with good knowledge of Metasploit, Set, Ettercap and a good grasp of networking could do any of those things. Hell, there are 10 yr old kids who can do that.
  • Create New...