WUWA Posted May 28, 2011 Share Posted May 28, 2011 I've been trying to duplicate the phishing pineapple posted on 4 May. I've followed the flashing instructions, gotten the WiFi RickRoller to work, and then have been trying to duplicate the Twitter/Facebook phishing instructions. My problem is that when I get to the test.php page (or any php page, for that matter), my browser won't open it, it gives me a dialog that states "You have chosen to open test.php which is a: PHP file from ... What should Firefox do with this file?... Save file" I get this error with Backtrack, Ubuntu, and Windows, in Firefox, IE, and Chrome, so I suspect the php rendering engine vs any browser issue. It seems that my php pages are not being processed correctly by the web server. I've installed all the *.ipk packages, updated the httpd.conf and php.ini files, and can't figure out what I'm missing. I've reflashed my router and started from scratch a few times, and I always run into this problem. I think that there may be a step missing from the instructions at http://hak5.org/hack/pineapple-phishing which would make the kernel process php files correctly. Any suggestions on how to fix this? Has anyone duplicated these instructions successfully, or found a missing step? Quote Link to comment Share on other sites More sharing options...
digip Posted May 28, 2011 Share Posted May 28, 2011 Is the php service running on the device? Sounds like its not rendering the php files and instead making it spit them out as a normal file not associated with any mime-types or handler, so it doesn't know what to do with it and makes it downloadable. Download the file it spits out and open it in notepad. php code begins and ends with <?php ?> If you can see all the php tags then something with your php service is not working. Quote Link to comment Share on other sites More sharing options...
WUWA Posted May 29, 2011 Author Share Posted May 29, 2011 Is the php service running on the device? Sounds like its not rendering the php files and instead making it spit them out as a normal file not associated with any mime-types or handler, so it doesn't know what to do with it and makes it downloadable. Download the file it spits out and open it in notepad. php code begins and ends with <?php ?> If you can see all the php tags then something with your php service is not working. The test.php file just contains "<?php phpinfo(); ?>" per the instructions on the website. The strange thing is that when I open this file, and save it (as the dialog suggests), and cat it, it is empty. But that is what is in the original file. But as I said, it renders no php files correctly, so I figure it is in the web server. The question is: how can I make it render php files correctly? (especially when I don't really know why it isn't processing them). Quote Link to comment Share on other sites More sharing options...
digip Posted May 29, 2011 Share Posted May 29, 2011 I didn't really pay attention to the install instructions from the episode but I would say go back and watch it again for the php install section. Make sure php service is running on the device to handle php files and try again. It may be something as simple as associating the file type on the webserver to use php to render it, or a misconfiguration in the php setup, settings, or just need to start whatever relevant service is associated with php. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 29, 2011 Share Posted May 29, 2011 The issue is definitely a misconfiguration, if the service wasn't running you wouldn't be able to download the php file in the first place. Make sure your config file has all correct attributes set and try again. Quote Link to comment Share on other sites More sharing options...
WUWA Posted May 29, 2011 Author Share Posted May 29, 2011 The issue is definitely a misconfiguration, if the service wasn't running you wouldn't be able to download the php file in the first place. Make sure your config file has all correct attributes set and try again. Rgr that. Per the directions on the Hak5 website, I installed: libopenssl_0.9.8i-3.2_mips.ipk php4-cgi_4.4.7-1_mips.ipk php4_4.4.7-1_mips.ipk zlib_1.2.3-5_mips.ipk via opkg install *.ipk I then added "*.php:/usr/bin/php" to the httpd.conf file, and made "cgi.force_redirect 0" in the /etc/php.ini file. That is all the configurations that the video and the show notes say to change... but since it won't render php pages, there seems to be more that needs to be done for the webserver to process php files. Anybody know what that would be? Quote Link to comment Share on other sites More sharing options...
WUWA Posted June 3, 2011 Author Share Posted June 3, 2011 Rgr that. Per the directions on the Hak5 website, I installed: libopenssl_0.9.8i-3.2_mips.ipk php4-cgi_4.4.7-1_mips.ipk php4_4.4.7-1_mips.ipk zlib_1.2.3-5_mips.ipk via opkg install *.ipk I then added "*.php:/usr/bin/php" to the httpd.conf file, and made "cgi.force_redirect 0" in the /etc/php.ini file. That is all the configurations that the video and the show notes say to change... but since it won't render php pages, there seems to be more that needs to be done for the webserver to process php files. Anybody know what that would be? Bueller? Bueller? Quote Link to comment Share on other sites More sharing options...
digip Posted June 3, 2011 Share Posted June 3, 2011 Bueller? Bueller? Um, he's sick. My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. Quote Link to comment Share on other sites More sharing options...
Sitwon Posted June 3, 2011 Share Posted June 3, 2011 Sounds like your web server is not configured correctly and it's sending the wrong doctype. It's also probably hosting up the raw PHP script instead of executing it. Make sure the script has execute permission and double check your server's configuration. Quote Link to comment Share on other sites More sharing options...
TT0T Posted June 10, 2011 Share Posted June 10, 2011 Im having the same problem, Installed everything as per instructions and still nothing... Trying to troubleshoot what im doing wrong, is php supposed to show up on the available services in x-wrt? because its not for me... Quote Link to comment Share on other sites More sharing options...
digip Posted June 10, 2011 Share Posted June 10, 2011 See here - http://forums.hak5.org/index.php?showtopic=20321 By the way, this should be moved to the Jasegar forum section. Quote Link to comment Share on other sites More sharing options...
TT0T Posted June 10, 2011 Share Posted June 10, 2011 No still not working, there is no . infront of *.php Quote Link to comment Share on other sites More sharing options...
TT0T Posted June 10, 2011 Share Posted June 10, 2011 looooooooooooooooooooool I finally figured it out.... seems the echo command wasn't working out.. “echo “cgi.force_redirect 0″ >> /etc/php.ini” was showing 0 but it didnt change a thing, so I manually went on a hunt.... vi /etc/php.ini scrolled down to "; cgi.force_redirect = 0" and removed the ";" to make it look like "cgi.force_redirect = 0" soo simple, soo many hours wasted Quote Link to comment Share on other sites More sharing options...
WUWA Posted June 10, 2011 Author Share Posted June 10, 2011 (edited) looooooooooooooooooooool I finally figured it out.... seems the echo command wasn't working out.. “echo “cgi.force_redirect 0″ >> /etc/php.ini” was showing 0 but it didnt change a thing, so I manually went on a hunt.... vi /etc/php.ini scrolled down to "; cgi.force_redirect = 0" and removed the ";" to make it look like "cgi.force_redirect = 0" soo simple, soo many hours wasted THANKS TTOT!!! The semicoln in front of the cgi.force_redirect = 0 at around line number 277 of /etc/php.ini was my problem as well! That seems to have fixed me! Edited June 10, 2011 by WUWA Quote Link to comment Share on other sites More sharing options...
WUWA Posted June 10, 2011 Author Share Posted June 10, 2011 (edited) Also, I noticed that the phishing pages rendered well on a Windows victim, but I had trouble with my Linux victims being redirected to the pages. Just something to watch out for. Edited June 10, 2011 by WUWA Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.