Just A Few Questions..

[TheKingUnderTheHill]

Right, so im testing the pineapple and its all going great, i can get the client

to connect, admittedly not automatically, but its a start, and ive got the phishing

nearly figured out!

However, just a few things i bumped into and would like to clarify...

- Instead of the target connecting to the pineapple automatically, it connects to

its memorized network, is this normal?

- When i go to any of the phishing sites (such as google.com) i get the Peetz Café

landing page, but i can go no further, any ideas how?

- Best options to deauth all clients in area on any network except the pineapple?

Cheers Guys! :D

[Pacmandu]

Hi TheKingUnderTheHill

- Instead of the target connecting to the pineapple automatically, it connects to

its memorized network, is this normal?

It depends. If the memorized network is secured with a password then it will connect to the memorized network instead of the pineapple because even though karma is looking at the probe request it can only replicate an open network because it doesn't know the key for the secure network. But if the computer remembered an open network then karma should kick in and grab that client before it can connect to the legit router if you are the stronger signal.

- When i go to any of the phishing sites (such as google.com) i get the Peetz Café

landing page, but i can go no further, any ideas how?

Can elaborate more on what you mean? When you dnsspoof, you are spoofing everyone including yourself if you are not providing internet to your captured clients. So if the pineapple is standalone in terms of just the pineapple and no route to the internet then no you can't go any further which is kind of the point for this type of phishing. Now if you are talking about dnsspoof'ing and providing internet then you will have to come up some type of iptables rule and allow the client out once they hit accept (or whatever your phishing page is). Take a look at g0tm1lk's fakeAP_pwn script (Link) for that kind of stuff.

Best options to deauth all clients in area on any network except the pineapple?

Airdrop for sure, from a laptop. It is easy to setup and there is some good documentation out there so I won't go into detail.

Hope this helps

Pacmandu

Edited January 6, 2012 by Pacmandu

[TheKingUnderTheHill]

In terms of the dnsspoofing, im just following the way darren did it on this site

everything is set up fine, but whenever i go to google.com or any other site that

is set to spoof, i cant advance past the cafe page, despite having the html/php files

for the phising, which wouldnt need access to the internet since theyre in the /www

folder on the pineapple.

Thanks for your help!

[Pacmandu]

In terms of the dnsspoofing, im just following the way darren did it on this site

everything is set up fine, but whenever i go to google.com or any other site that

is set to spoof, i cant advance past the cafe page, despite having the html/php files

for the phising, which wouldnt need access to the internet since theyre in the /www

folder on the pineapple.

Thanks for your help!

I guess I'm not seeing what the issue is. What is your end goal? What are you expecting the pineapple to do? Are you trying get around the spoof yourself or are you trying to get your clients around the spoof once they accept? dnsspoof will never let you go past your landing page as everything is redirected to the pineapple and the phishing pages will not forward you either. So what you are describing is normal use. If you want to actually go to google.com then you will have to stop spoofing yourself.

Pacmandu

Edited January 7, 2012 by Pacmandu

[TheKingUnderTheHill]

I guess I'm not seeing what the issue is. What is your end goal? What are you expecting the pineapple to do? Are you trying get around the spoof yourself or are you trying to get your clients around the spoof once they accept? dnsspoof will never let you go past your landing page as everything is redirected to the pineapple and the phishing pages will not forward you either. So what you are describing is normal use. If you want to actually go to google.com then you will have to stop spoofing yourself.

Pacmandu

Right, im with you now. I thought that if i had the .PHP files for Facebook.com, or Google.com, it would redirect the target to the stored .PHP copies of the spoofed websites, like in this video, instead of all of the listed sites going to the single landing page.

HAK5 LINK: http://www.youtube.com/watch?v=3uNdu9TM3HM

[Pacmandu]

Right, im with you now. I thought that if i had the .PHP files for Facebook.com, or Google.com, it would redirect the target to the stored .PHP copies of the spoofed websites, like in this video, instead of all of the listed sites going to the single landing page.

HAK5 LINK: http://www.youtube.com/watch?v=3uNdu9TM3HM

Yeah I have seen the video.

Yeah, it's not the php files of facebook and google, you have to clone the entire site your are trying to spoof and change the input form fields to point to the pineapples error.php. The landing page redirects to redirect.php and then based on the URL the target came from the redirect.php serves up that spoofed site. Then, once the target enters in their credentials it will send it to error.php and dump what they typed in to /www/pineapple/phish.log and display whatever html is in error.php. Hope that answers your questions.

Pacmandu

Edited January 8, 2012 by Pacmandu

[TheKingUnderTheHill]

Awesome cheers, do i remember Darren doing a video on how to clone the sites? cant seem to find it?