Jump to content

Phishing Pineapple And Php


WUWA

Recommended Posts

I've been trying to duplicate the phishing pineapple posted on 4 May. I've followed the flashing instructions, gotten the WiFi RickRoller to work, and then have been trying to duplicate the Twitter/Facebook phishing instructions.

My problem is that when I get to the test.php page (or any php page, for that matter), my browser won't open it, it gives me a dialog that states "You have chosen to open test.php which is a: PHP file from ... What should Firefox do with this file?... Save file"

I get this error with Backtrack, Ubuntu, and Windows, in Firefox, IE, and Chrome, so I suspect the php rendering engine vs any browser issue. It seems that my php pages are not being processed correctly by the web server.

I've installed all the *.ipk packages, updated the httpd.conf and php.ini files, and can't figure out what I'm missing. I've reflashed my router and started from scratch a few times, and I always run into this problem. I think that there may be a step missing from the instructions at http://hak5.org/hack/pineapple-phishing which would make the kernel process php files correctly.

Any suggestions on how to fix this? Has anyone duplicated these instructions successfully, or found a missing step?

Link to comment
Share on other sites

Is the php service running on the device? Sounds like its not rendering the php files and instead making it spit them out as a normal file not associated with any mime-types or handler, so it doesn't know what to do with it and makes it downloadable. Download the file it spits out and open it in notepad.

php code begins and ends with

<?php 

?>

If you can see all the php tags then something with your php service is not working.

Link to comment
Share on other sites

Is the php service running on the device? Sounds like its not rendering the php files and instead making it spit them out as a normal file not associated with any mime-types or handler, so it doesn't know what to do with it and makes it downloadable. Download the file it spits out and open it in notepad.

php code begins and ends with

<?php 

?>

If you can see all the php tags then something with your php service is not working.

The test.php file just contains "<?php phpinfo(); ?>" per the instructions on the website. The strange thing is that when I open this file, and save it (as the dialog suggests), and cat it, it is empty. But that is what is in the original file. But as I said, it renders no php files correctly, so I figure it is in the web server. The question is: how can I make it render php files correctly? (especially when I don't really know why it isn't processing them).

Link to comment
Share on other sites

I didn't really pay attention to the install instructions from the episode but I would say go back and watch it again for the php install section. Make sure php service is running on the device to handle php files and try again. It may be something as simple as associating the file type on the webserver to use php to render it, or a misconfiguration in the php setup, settings, or just need to start whatever relevant service is associated with php.

Link to comment
Share on other sites

The issue is definitely a misconfiguration, if the service wasn't running you wouldn't be able to download the php file in the first place. Make sure your config file has all correct attributes set and try again.

Link to comment
Share on other sites

The issue is definitely a misconfiguration, if the service wasn't running you wouldn't be able to download the php file in the first place. Make sure your config file has all correct attributes set and try again.

Rgr that. Per the directions on the Hak5 website, I installed:

libopenssl_0.9.8i-3.2_mips.ipk

php4-cgi_4.4.7-1_mips.ipk

php4_4.4.7-1_mips.ipk

zlib_1.2.3-5_mips.ipk

via opkg install *.ipk

I then added "*.php:/usr/bin/php" to the httpd.conf file, and made "cgi.force_redirect 0" in the /etc/php.ini file. That is all the configurations that the video and the show notes say to change... but since it won't render php pages, there seems to be more that needs to be done for the webserver to process php files.

Anybody know what that would be?

Link to comment
Share on other sites

Rgr that. Per the directions on the Hak5 website, I installed:

libopenssl_0.9.8i-3.2_mips.ipk

php4-cgi_4.4.7-1_mips.ipk

php4_4.4.7-1_mips.ipk

zlib_1.2.3-5_mips.ipk

via opkg install *.ipk

I then added "*.php:/usr/bin/php" to the httpd.conf file, and made "cgi.force_redirect 0" in the /etc/php.ini file. That is all the configurations that the video and the show notes say to change... but since it won't render php pages, there seems to be more that needs to be done for the webserver to process php files.

Anybody know what that would be?

Bueller? Bueller?

Link to comment
Share on other sites

Bueller? Bueller?

Um, he's sick. My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious.

Link to comment
Share on other sites

Sounds like your web server is not configured correctly and it's sending the wrong doctype. It's also probably hosting up the raw PHP script instead of executing it. Make sure the script has execute permission and double check your server's configuration.

Link to comment
Share on other sites

Im having the same problem, Installed everything as per instructions and still nothing...

Trying to troubleshoot what im doing wrong, is php supposed to show up on the available services in x-wrt? because its not for me... :huh:

Link to comment
Share on other sites

looooooooooooooooooooool I finally figured it out.... seems the echo command wasn't working out..

“echo “cgi.force_redirect 0″ >> /etc/php.ini” was showing 0 but it didnt change a thing, so I manually went on a hunt....

vi /etc/php.ini

scrolled down to "; cgi.force_redirect = 0" and removed the ";" to make it look like "cgi.force_redirect = 0"

soo simple, soo many hours wasted :angry:

Link to comment
Share on other sites

looooooooooooooooooooool I finally figured it out.... seems the echo command wasn't working out..

“echo “cgi.force_redirect 0″ >> /etc/php.ini” was showing 0 but it didnt change a thing, so I manually went on a hunt....

vi /etc/php.ini

scrolled down to "; cgi.force_redirect = 0" and removed the ";" to make it look like "cgi.force_redirect = 0"

soo simple, soo many hours wasted :angry:

THANKS TTOT!!! The semicoln in front of the cgi.force_redirect = 0 at around line number 277 of /etc/php.ini was my problem as well! That seems to have fixed me!

Edited by WUWA
Link to comment
Share on other sites

Also, I noticed that the phishing pages rendered well on a Windows victim, but I had trouble with my Linux victims being redirected to the pages. Just something to watch out for.

Edited by WUWA
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...