Mr.miYagi Posted May 16, 2012 Share Posted May 16, 2012 Hi Guys Before i begun to play with this wonderfull device, i made a rogue AP wit my Laptop and KARMETASPLOIT. The Jasager dues quite the same thing, in exception of one: The KARMA can capture the SSL connection of the maillogins, and writes down everithing in a wonderfull database. This capturing of the SSL data is what im missing on the jasager... Somebody knows how to set up a fake ssl/imap/pop/hhtp server, or get metasploit to work on openwrt? I googlet alot, but found only 2 refernces about this, and they talking about installing the very outdated msf 2.6, in year 2006... I get installed, but get errors when trying to start. I (tried to)installed all depencies manually... Somebody an idea? Mr.miYagi Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted May 16, 2012 Share Posted May 16, 2012 The Jasager simple does not have enough room for the metasploit framework. My suggestion would be to have your ssl/imap/pop/http server/phishing site on a VPS or something of the like. Quote Link to comment Share on other sites More sharing options...
Mr.miYagi Posted May 16, 2012 Author Share Posted May 16, 2012 (edited) Room? We have room on the USB storage. Sslstrip is installed too, on the usb. I installed msf on the usb, it starts, but stop because of some errors. I think, its a thing of depencies, not of storage, or im wrong? Edited May 16, 2012 by Mr.miYagi Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted May 16, 2012 Share Posted May 16, 2012 Ah, yeah it might be dependencies that are needed. Even starting msfconsole on my VM with pretty high settings still takes a while to load. I'm not sure I'd even want to run something as CPU intense on the pineapple. Quote Link to comment Share on other sites More sharing options...
Mr.miYagi Posted May 18, 2012 Author Share Posted May 18, 2012 (edited) An my question is, if somebody here knows wich one..? Or where is the problem why isnt running. I try to reinstall during the weekend, since the installation is broken, due the fw upgrade. I know that the hw of the pineapple is a little bit slow, but the msf brings a lot of goodies with it, like dsn spoofing, real good creds capture, automated exploiting of targets and alot more... And isn't that what we all here are trying? To bring a device to do, somethin that isn't desingned to? Or can u explain me why we are using a normal wireless router, with al hell of a FW to simulate a evil honeypot :) Edited May 18, 2012 by Mr.miYagi Quote Link to comment Share on other sites More sharing options...
billius Posted May 24, 2012 Share Posted May 24, 2012 metasploit requires >512MB of ram to work properly. the pineapple has 32. the only way to do it would be through swap- essentially (assuming you could get it on there and cross compiled etc) your pineapple would buckle under the load. my suggestion is to buy a RaPi and hook them up together. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted May 24, 2012 Share Posted May 24, 2012 Setup a remote IMAP/POP3/SMTP server that harvests credentials server side (believe this is done via one of metasploit modules, if not depending on the server I don't think it'd take much to script it). Server could be running remotely or on a laptop that the pineapple is with. Use a rogue DNS server to forward all requests from mx.google.com or imap.google.com or smtp.gmail.com or whatever to the IP of your remote mail server. Setup a SSL server to go along with it for further believability. Viola : ) Quote Link to comment Share on other sites More sharing options...
Mr.miYagi Posted May 26, 2012 Author Share Posted May 26, 2012 (edited) Hmm i liked to use msf, but seems to much for our pineapple... The Raspberry's specs arent much better, slow cpu, not much Ram, and isn't avaiable now... So only the server thing, is avaiable. Never done that, and to get it work like the msf, it will be a very hard work :) Maybe someone can script some fake imap/pop/http server? So we can get the ssl connections....?! Edited May 26, 2012 by Mr.miYagi Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.