Jump to content

Mk4 Questions


mreidiv

Recommended Posts

Ngrep is gone for now.

What issues are you having with urlsnarf?

What do you mean when you say it is on?

Reaver is included. No UI for it yet. SHH in and see.

Best regards,

Sebkinne

urlsnarf is not showing up in the ui like the mk3

& by on i have it enabled in the ui

is there a log file some where that i can look at?

i can confirm that after 8 and a half hours not even a sign of over heating so that's good.

I can cat urlsnarf and phish.log on the advanced page so its working just not in the Web UI

Edited by mreidiv
Link to comment
Share on other sites

I'm having the same issue with urlsnarf not showing up, but that may be related to the issue of clients not being passed to the internet for me... However, I don't see a "urlsnarf" option "heading" like in the mk3 gui.

Edited by iamk3
Link to comment
Share on other sites

just got my mk4 so i have Few questions

Where did Ngrep go?

I cant get urlsnarf to work.

Karma urlsnarf dns spoof and cron jobs is on?

And i though reaver would be included on this?

ngrep is still on there but not in the web UI. We're working on a revised web UI for sniffing which should bring together the power of urlsnarf, ngrep and *ettercap* :)

Very excited about that last one.

You can still use ngrep, urlsnarf from the command line for now. Reaver is included, just SSH in and type reaver.

i can confirm that after 8 and a half hours not even a sign of over heating so that's good.

Yep - I'm very happy with the thermal properties of the mk4. I ran one the other night with a battery pack in a pelican case at an RSA party for over 4 hours with over 100 clients associated and it wasn't even warm. I hadn't even drilled vent holes in the case yet! Even I'm amazed.

Reaver is on the Beta MK IV??? I got the Schmoocon Edition and I do not see it...

Reaver wasn't on the shmoocon edition - it was too new then. We'll have a firmware update out for the shmoo folks in a hot sec. Hang tight.

Link to comment
Share on other sites

Firmware over the weekend. Still toying with the best way to implement ettercap. You can try it yourself. SSH in and:

opkg update

opkg install ettercap-ng # Package might also just be called "ettercap"

also might want to run "df -h" to see if you have enough room on /, otherwise format a USB drive in EXT4, plug it in (shouldn't have to reboot) and you'll notice all that room available in /usb (run df -h to verify)

Installing packages to usb is done by adding --dest usb in the opkg command, as defined in the /etc/opkg.conf

Link to comment
Share on other sites

Thanks Darren, I'll look into it when I get mine, as well as using an alfa instead of a 3g card, since I don't have a card because I just use my hacked wifi hotspot on my droid razr. Also, I see a problem that might occur with that, can I SSH into the pineapple from my phone, when its getting internet from my phone.

phone's internet --> alfa in pineapple --> pineapples network --> ssh from same phone into it? when I can't use the wireless card in phone when it's hotspot is active. say the pineapple is connected to my phone on 192.168.1.5, would I just SSH into that?

Link to comment
Share on other sites

Thanks Darren, I'll look into it when I get mine, as well as using an alfa instead of a 3g card, since I don't have a card because I just use my hacked wifi hotspot on my droid razr. Also, I see a problem that might occur with that, can I SSH into the pineapple from my phone, when its getting internet from my phone.

phone's internet --> alfa in pineapple --> pineapples network --> ssh from same phone into it? when I can't use the wireless card in phone when it's hotspot is active. say the pineapple is connected to my phone on 192.168.1.5, would I just SSH into that?

What are you using as an SSH client on android? The only one I can find (Free) is connectbot...which is kinda a piece of crap as far as ssh clients go...no tab completion FTL :(

telot

Link to comment
Share on other sites

What are you using as an SSH client on android? The only one I can find (Free) is connectbot...which is kinda a piece of crap as far as ssh clients go...no tab completion FTL :(

telot

I've not seen anything with tab completion on Android. I use Android Terminal Emulator.

Link to comment
Share on other sites

I've not seen anything with tab completion on Android. I use Android Terminal Emulator.

You can tab complete with Better Terminal Emulator Pro, on my droid razr is it volume up x2, you can set it in the settings, it wont say tab completion though, set your key as ^[ then when press it twice it auto completes.

Also, Better Terminal Emulator Pro has SSH built into it, I would think most would. Just type shh to check. When I'm using backtrack on my phone it's ssh'ing into the localhost. So if i want multiple terminals I just open a new tab and 'ssh localhost' or 'ssh 127.0.0.1' and then obviously its backtrack, and its on my phone so I'm to lazy to set a new password lol, it asks for the password, in this case toor, and your good.

Edited by soka80
Link to comment
Share on other sites

Make it assignable to a function? enable disable karma or what ever you want?

My hopes...My dreams...

telot

Link to comment
Share on other sites

What are you using as an SSH client on android? The only one I can find (Free) is connectbot...which is kinda a piece of crap as far as ssh clients go...no tab completion FTL :(

telot

I use connectbot with hackers keyboard and can tab complete no problem. That's on my XOOM tab with 4.03.

Link to comment
Share on other sites

Okay, here's a Mk4 question. What's the WPS button for? :lol:

My first thought was that if it was a default image it would be a sign that you were vulnerable to Reaver attacks. That got me thinking... How about assigning it the function of LAUNCHING Reaver. Turn it on its head and use it to our advantage. It would obviously have to write to files for later use but that's the nice thing about Reaver and WPS vulns. Once you have that back door you're golden. Yes, we could just have it launch via gui or ssh but that's not as amusing.

Link to comment
Share on other sites

So here's the 50-wps script.

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
        for dir in /var/run/hostapd-*; do
                [ -d "$dir" ] || continue
                hostapd_cli -p "$dir" wps_pbc
        done
fi

Shouldn't be too hard for someone to whip up an alternate script for it!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...