Jump to content

Random Roll Page Php Version


Recommended Posts

OK so thanks to Shadowmmm I convinced myself to look for a better way to randomize the roll pages

EDIT April 16 2012

____________________________ NEW VERSION 2.0 _______________________________

So I was tinkering around and have made a revised random.php setup.

this time backup /www/index.php or the code in the landing page, /www/index.php is the landing page.

then insert the below code in the landing page, with nothing else.

<?php
$mypages = array("web/nyan/index.html", "web/pbj/index.html", "web/rickroll/index.html", "web/rainbow-chicken/index.html");
$myrandompage = $mypages[mt_rand(0, count($mypages) -1)];
include($myrandompage);

/*
Random roll php version 2.0 by petertfm
Instructions found on forums:
http://forums.hak5.org/index.php?/topic/26036-random-roll-page-php-version/
Original landing page backed up: /www/index.php.bak
*/

?>

what's different is we are now loading the index.html page into the current so you get a link that looks like "www.google.com/" and not "www.google.com/web/rickroll/index.html", also I took the /'s in the beginning of the links, causes error. as a plus when you refresh it randomizes again and a new page is displayed:-D

PLEASE NOTE:

I had to go into all my index.html files and put the exact links to images/mp3's/videos IE /web/rickroll/NGGUP.mp3

Edit DNSSpoof Host (under config) to capture all hosts

172.16.42.1 *

and remember to enable dnsspoof

Here are the modified files to make this work http://www.mediafire...h17993t/web.zip remember to put these onto a usb drive and sym link it like this:

ln -s /usb/web/ /www/web

DNSSpoof autostart, add this to Execute on boot script "under scripts in UI":

echo '' > /www/pineapple/logs/dnsspoof.log
/www/pineapple/dnsspoof/dnsspoof.sh &

Edited by petertfm
Link to post
Share on other sites

confirmed working.Thank you.

Thank you

Glad to here It is working

and if anyone is knowledgeable in php?

the only thing I would like to change at the moment is how do I get a new random page by refreshing the victims browser it always gets the same page.

Link to post
Share on other sites

Thank you

Glad to here It is working

and if anyone is knowledgeable in php?

the only thing I would like to change at the moment is how do I get a new random page by refreshing the victims browser it always gets the same page.

You could use sessions.

random.php

<?php
session_start();
$mypages = array("web/nyan/index.html", "web/pbj/index.html", "web/rickroll/index.html");

$myrandompage = $mypages[mt_rand(0, count($mypages) -1)];
$_SESSION

= $myrandompage;
header("Location: $myrandompage");
?>

Now, your pages can't be html but have to be php.

Then redirect them to whatever is in that session variable.

Do some check: "If page != page in sessions, redirect there. Otherwise stay"

You can get the current page with this: "$_SERVER[php_SELF];"

Or better: htmlentities($_SERVER['PHP_SELF']) (strips any "injected" scripts etc)

Maybe that helps a bit.

Best,

Seb

Link to post
Share on other sites

You could use sessions.

random.php

<?php
session_start();
$mypages = array("web/nyan/index.html", "web/pbj/index.html", "web/rickroll/index.html");

$myrandompage = $mypages[mt_rand(0, count($mypages) -1)];
$_SESSION

Now, your pages can't be html but have to be php.

Then redirect them to whatever is in that session variable.

Do some check: "If page != page in sessions, redirect there. Otherwise stay"

You can get the current page with this: "$_SERVER[php_SELF];"

Or better: htmlentities($_SERVER['PHP_SELF']) (strips any "injected" scripts etc)

Maybe that helps a bit.

Best,

Seb


= $myrandompage;
header("Location: $myrandompage");
?>

session_start() gives a fatal error, call to undefined function

Link to post
Share on other sites

/* set the cache expire to 5 minutes */

session_cache_expire(5);

$cache_expire = session_cache_expire();

would something like this maybe work?

tried a bit of stuff and can't get the page to refresh to another random index.html

I originally used "include('web/nyan/index.html');" you get the html just not any of the other files, need a way to include the html as well as setting the relative path to the content?

Link to post
Share on other sites

Excellent work petertfm! I'm foreseeing a module that comes with all the popular rick rolls (call it the prank pack or something) with a guy that lets you choose which roll you want, and also gives the option to randomize! What do you think?

telot

Link to post
Share on other sites

Excellent work petertfm! I'm foreseeing a module that comes with all the popular rick rolls (call it the prank pack or something) with a guy that lets you choose which roll you want, and also gives the option to randomize! What do you think?

telot

I would love It!!

I was thinking some kind of file browser for the pineapple embedded in the module php, In my looking around I could not find what I wanted, was thinking being able to select multiple .html files then when finished it would compile it into the random.php script and change the landing page. I have given up on that for now so your welcome to run with it or similar.

It looks like we might have an official firmware release soon:-D

thanks again:-)

Link to post
Share on other sites

thx petertfm was looking for something like this.no how would we setup to have the phish.log and urlspoof.log files be saved on the /usb/www/ folder instead of the root/www/pineapple folder.

I never gave it thought but I did a bit of digging and came up with something that seems to be working.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! use at own risk !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

usb drive must be inserted all the time after this mod and do not rename or remove the files/folders on the usb IE /usb/logs/

ok so ssh into pineapple with your confirmed working usb drive and issue

mv /www/pineapple/logs/ /usb/

that moves the logs folder to the usb drive root as logs/

then issue

ln -s /usb/logs/ /www/pineapple/logs

sim links the moved logs folder to the original place in /www/pineapple/

please note the above commands may need tweeking because I don't remember if I used some of the /'s

I did have a preconception that the logs were stored in ram not flash, just because all those writes to ram would be a safer bet and every reboot would give you a fresh log, does anyone else agree? I personally would like it in ram and every say 5 minutes write them to usb.

I am more concerned for constant flash writes? with all the added stuff you can log and that is being logged

Edited by petertfm
Link to post
Share on other sites

I am but not as far as how I use the pineapple at the moment.

I do believe It would be a good idea that when sending logs through whatever medium is implemented It might be a good idea to let other scripts/modules add to those logs and be able to flag how important/urgent what was just logged.

that way you could have the logging built-in and the modules could just reference it like such: logger -l logfileName --urgency 10 --importance 10 "credentials collected facebook.com user:someUser pass:lamePass"

logfileName could be the module name or better yet a general credential log, logging to both would be ideal that way if you just wanted to see all the credentials any program/module collected you could see it all on one list and also see everything that went down for just that module?

and if it was high urgency then send the e-mail immediately.

does anyone agree that making this a standard is a good idea?

Edited by petertfm
Link to post
Share on other sites
  • 2 weeks later...

I have made a new version to the way random.php works.

It is easier to set up and shows the redirected url as www.google.com and not www.google.com/web/rickroll/index.html

and as a bonus when refreshed it reloads a random page

Please see the updated version in the original post at the top.

Link to post
Share on other sites
  • 2 weeks later...

i myself made a small adjustment to the cron job and currently use

1-59/1 * * * * php /www/pineapple/dnsspoof/startdnsspoof.php

I loved having the logs on my USB though, thanks petertfm! +1

Edited by Arch_Angel
Link to post
Share on other sites

i myself made a small adjustment to the cron job and currently use

1-59/1 * * * * php /www/pineapple/dnsspoof/startdnsspoof.php

I loved having the logs on my USB though, thanks petertfm! +1

your welcome:-)

Im away but wondered what the 1-59/1 does?

Link to post
Share on other sites
  • 2 months later...

Thanks for this. It works like a charm. Only question I had: When I disable dns spoof, it doesn't go back to normal webpages- any page I to go to times out. Do you think the pineapple has to be rebooted every time to go back to normal? I've tried to clear the cache on the pineapple. I also noticed the Wlan light blinking constantly as if it was still reading one of the roll pages.

Edited by BigFanOHak5
Link to post
Share on other sites

Thanks for this. It works like a charm. Only question I had: When I disable dns spoof, it doesn't go back to normal webpages- any page I to go to times out. Do you think the pineapple has to be rebooted every time to go back to normal? I've tried to clear the cache on the pineapple. I also noticed the Wlan light blinking constantly as if it was still reading one of the roll pages.

BigFanOHak5 I think what is happening is when you get dnsspoofed most devices like I've experienced with my android phone remember the ip addres after the initial dns lookup, can you try visiting a page that you have not tried while the dnsspoof was running.

the wlan led flashing might be normal, what I use for android to reset my cashes is an app called 1tap cleaner free

Link to post
Share on other sites
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...