Jump to content

Search the Community

Showing results for tags 'Phishing'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. So i bought the wifipineapple TETRA, and ive been experimenting with modules and such. Now i have 2 questions which i couldent really figure out my self, thus im asking here. (Im also not sure into which subforum to post this but hey...) - i thought about creating a "fake ap" which, when you connect to it, asks you to login w/ your gmail or facebook account. If someone could suggest me a module that enables me to do this (with a reasonable tutorial), i would be very greatfull. - 2cnd question is probably simple but yet indid not find this option... How do i protect my fake ap
  2. Hi there, I just finished the first version of my BB keylogger. It basicly launches a powershell which keylogs to the loot folder of the BB. Features: Fast launching (thanks to USB Exfil for the one line launcher) Leaves no traces when cleanup is enabled. (Insert feature?) Link: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger VincBreaker PS: I will create a push request upon positive feedback and improve the payload in the other case.
  3. I thought this might be a good topic for discussion. I had wondered how hard it would be add a bunch of people I didn't know to facebook or LinkedIn. I had noticed when I signed up for some social media sites that there is an option to import contacts from your email contact list. While it's illegal to send spam emails I don't think it's illegal to use the email addresses to add friends on facebook. So basically if you wanted to find a bunch of people from a company or a school on LinkedIn or facebook you could pretty much use a method like this in social engineering or phishing on social
  4. anyone get this working ---- nano connecting to vps which is serving up web pages to grab crews and then sending it back to the nano. obviously the vps would have a ton or all the major pages in cache to grab the reds and then pass the traffic...??? or how can i make a splash page on the nano that the user clicks on - like free wifi - click for TOS - and it installs a cert of mine and then just sniff the business all day long? one last bit of guidance needed --- how can i use the nano to have it install an EXE on windows pc's???
  5. Hey everyone, I wrapped some of the Karma functionality in PHP so you can do AP name-based phishing, and maybe some other things. I only have a Mark IV WFP so I don't know how this integrates with the Mark V. Check it out, and let me know what you think! https://github.com/memyselfandm/wfp_karma_php
  6. Hi guys, im having troubles with the credential harvester. Im testing it with facebook on my local network, and firefox/Iceweasel doesn't detect anything, but chrome detects it after 5'. I've read that this is a built in function, not a blacklisted url. Does anybody know how to bypass this phishing alert? I've tried obfuscating the html code and that didin't work out. Thanks!
  7. Hi all, just saw the interesting project WifiPhisher (https://github.com/sophron/wifiphisher) and asked myself if it could not be a nice feature/infusion for the MKV? Sorry, I'm not able to code this infusion but perhaps could it be a challenge for somebody else (in the future)? ;-)
  8. Merry xmass to all readers !!! After reading a lot of stuff about Mark V i finally got it but as all manuals related to mark IV im really stuck.. For example : http://hak5.org/hack/pineapple-phishing Can anyone explain what do i need to change to make it working on Mark V ? Thanks
  9. Hi !! Lets discuss correct redirection in this topic Since iOS 7 blocked the spoofing of http://www.apple.com/library/test/success.html I start looking for another way to block the Captive Network Assistant login page. After some research i have found some alternative addresses ios uses www.appleiphonecell.com captive.apple.com captive.apple.com www.apple.com www.itools.info www.ibook.info www.airport.us www.thinkdifferent.us response is (apple.php) <HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML> Just not sure if
  10. Ok now that i've hopelessly given up on SSLstrip, i've moved on to Phishing. I followed this guide to the letter however I still can't get it to work. I was able to get to the example page but that's just about it. PLEASE SOMEONE HELP!!!
  11. Thanks to Hak5 for bring the Mark V to the masses--would like to see more examples of various hacks thus I assume this is what the forums are for so, here are some questions. I went to the link below and thinks its a good tutorial but think the person left out a bunch of Stuff and has it wrong on the whole Whitelist thing they mentioned in the guide--I think they met to say you need to black list----- file:///home/q/Downloads/Phishing%20for%20Facebook%20logins%20with%20the%20WiFi%20Pineapple%20Mark%20V%20from%20HAK5%20%28Setup%20Guide%29%20|%20.%20.%20TheSecurityBlogger%20.%20.%20..html ==
  12. I don't know, maybe somebody will find this useful in their pentesting arsenal. #!/usr/local/bin/python # HTMLgetter v1.0 by Forgiven # This is a handy bit of python that will reap the HTML code of any page # and output it to a txt file of your choice. import urllib2 urlStr = raw_input('Input the full URL of the webpage whose HTML code you which to reap:') fileName = raw_input("Input the *.txt filename for the output:") fileName = fileName + ".txt" fileOut = open(fileName, "w") try: fileHandle = urllib2.urlopen(urlStr) str1 = fileHandle.read() fileHandle.close() print '-'*5
  13. Hello, The weirdest thing I've seen on the Pineapple: My pineapple is draing it's internet from a 3G doungle (Alcatel X230M). I can surf the web while using the pineapple as an access point The Pineapple "Features" do NOTHING. There is no phishing, sslstrip doesn't even blink My question to you is: WTF? Why is the data flowing freely? Uri
  14. Hello I have been a SET user for a long time, recently I have tried to use the website vector's site cloning hack and everything seems to work well until I try to use the cloning of the hotmail page, no matter what i try i get a blank page, it loads and shows up in SET but all I get is a blank, I have tried saving an offline page and the only way to get anything is to save as html NOT a complete web page and the sign in bars are tiny and not cloned correctly. Can anyone please give me some advice or help, I am stumped. Please and thanks
  15. Hello everybody I am completely new to this whole hacking thing. I recently just purchased the pineapple mark IV and just wanted a few simple tasks that I could be able to perform using the device. Phishing, scanning networks, etc. I tried phishing yesterday on windows 7 but when I tried dumping the php files in winscp there was "no enough memory on the device". I plan on installing Linux Ubuntu very shortly so if you guys could point me to some easy "hacks" I could perform that would seriously be great. I'm an intern and my boss asked me to do this so I'm just trying to impress him with some
  16. Hey guys, ok so I'm wanting to upload a custom phishing page/landing page. I guess though my files are too large to shove on internal memory for my Mark IV. Can I still upload it to my USB and on the landing page reference it over to that? or is it as simple as putting in the main index for it?
  17. I have more issues with my wifi pineapple right now then Kate Upton doing more cat daddy dances on the internet. Which incase you haven't seen them... MEOW!! Anyway, Issue numero uno Ive been playing around with phishing and so far so good. I can get the sites up and running, my credencials are being captured through the pineapple. Life with my pineapple under the sea is good. However, I am unable to allow other web pages to pass through. Ive added my scripts below incase there was something missing. Issue number 2 This may tie back to the first issue above BUT once I test my page and ent
  18. So ive been playing around with my new wifi pineapple. I'm very interested in learning the in's and outs and hope to reach out to everyone on the forums who have something to share. With that being said I am setting up my phishing files and (Stupid me) wrote my redirect.php verbiage on my error.php file. Not creating a back up I am hoping someone can SCP into their pineapple www folder and copy and paste everything in their error.php in the this topic so I can edit my file. The other option is if someone can send me a copy of their file or at least direct me to where I can get the material mys
  19. So, here's a simple change that could pay out big (in a pinch) on a pentest... How does it work? It embeds a tiny iframe (about the size of a ".") at the bottom of a spoofed webpage. Once someone browses to the site they're immediately connected to the attacking machine. Dozens of exploits are then sent back to the victim. If the attack is successful, the attacking machine will receive a meterpreter shell. How to set it up. Add the iframe below to any/all of your spoofed sites. Example, the "facebook.html" file from Darren's "phish-pineapple.zip". Open msfconsole and "use auxiliary/server/
  20. I just wanted to share some video tutorials that I have found very helpful in setting up and administering the WiFi pineapple: Security4Plus I'm not sure if the creator is active on the forums, but I have not seen any links to these tutorials. This resource was indispensable to me for setting up remote administration through a VPS.
  21. I am almost finished with v0.1 of my offline phishing module. The premise of this module is simple. You set the ssid of an open wireless network (Free Public Wifi, etc.) When enabled, all requests will be forwarded to a 'walled garden' splash page. This will inform the viewer that they have limited access to only certain pages, and will give links to these pages. Every one of these pages are phishing pages that you can upload to the module (even your own!). Since all phishing pages are hosted locally, this module is intended to work all of the time, without internet access. It gives the user
  22. So I just recently got the WiFi Pineapple (Mark IV, upgraded to version 2.7) and have been tinkering with it for the last couple days, but I've run into a few snags that I'm not sure about. First, I've been installing some of the infusions but have run into some trouble with getting some of them (namely, sslstrip and nmap) to work at all. When I visit the page for sslstrip or nmap, it comes up with a box saying that it isn't installed, and when clicking the links for either installing it on the pineapple itself or on the external usb I have, it will show the title of the box go to "Installing
  23. I really like the way Petertfm worked the random roll mod. Was wondering if anyone has interest in putting a similar style mod together with various phish pages? I'm not much on the sh but would be willing to learn and assist in creating such a mod? R/ Z**
  24. First off, my web dev skills are greatly rusty these days. It's been a while since I've had the chance to work on anything. Anyway, I was thinking about a way to use the MKIV for a targeted phishing attack. The Idea: A captive portal for harvesting domain credentials of a targeted company (for legitimate pen testing engagements). Using Karma (and possibly a deauth flood), clients connect to the MKIV. DNSSpoof forwards all requests to the local index.php which checks if the client has a valid session. If session is valid, it redirects the client to their requested URL. If session is NOT v
  25. Last night I started putting together a module that allows you control virtual machines from the pineapple control center. Let me know if this is something that interests anyone. http://youtu.be/7QQEI1Univ0?hd=1
  • Create New...