Neworld Posted September 17, 2012 Share Posted September 17, 2012 Is the social engineering toolkit on the pineapple?? Is anyone working on a module for it? I'm interested in trying out payloads for the first time..... Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted September 17, 2012 Share Posted September 17, 2012 SET requires python and metasploit which is a bit resource heavy for the pineapple. Without USB storage, you will not have enough space, not sure on processing power. My whole ideal is, why try to run it all on the pineapple when you can have it on a VPS and keep the load off the pineapple? Quote Link to comment Share on other sites More sharing options...
itsm0ld Posted September 17, 2012 Share Posted September 17, 2012 Mr-Protocol, I completely agree, but i'm curious what type of VPS are you using and how do you connect it to your pineapple? Quote Link to comment Share on other sites More sharing options...
skimpniff Posted September 17, 2012 Share Posted September 17, 2012 (edited) I have had some success having the pineapple redirect to my BT5R3 box connected via ethernet w/ ICS. The problem I have faced is the persistent DNS loop when SET redirects the victim to the real site after the exploit or credential harvest has completed. I have tried until I was blue in the face to figure out away around this and haven't had any success. I decided an error message after the redirect is acceptable if I am only trying to redirect a specific site. Obviously if you were to try to redirect *, you are going to run into problems. Edited September 17, 2012 by skimpniff Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted September 17, 2012 Share Posted September 17, 2012 Mr-Protocol, I completely agree, but i'm curious what type of VPS are you using and how do you connect it to your pineapple? I typically just connect to my pineapple with a laptop directly to it. But you can do that and instead of having a meterpreter listener or anything on your laptop, just have it on a server at home that is setup for listening or use a VPS in that aspect. You can have it running and ready for connections. Then you re-direct users with your pineapple to your VPS fake site and the only load on the pineapple would be the passing of traffic through it. (In theory) Quote Link to comment Share on other sites More sharing options...
skimpniff Posted September 17, 2012 Share Posted September 17, 2012 I typically just connect to my pineapple with a laptop directly to it. But you can do that and instead of having a meterpreter listener or anything on your laptop, just have it on a server at home that is setup for listening or use a VPS in that aspect. You can have it running and ready for connections. Then you re-direct users with your pineapple to your VPS fake site and the only load on the pineapple would be the passing of traffic through it. (In theory) This set up seems like it would take care of the DNS spoof loop as well, since the pineapple is not sharing the internet connection. Quote Link to comment Share on other sites More sharing options...
skimpniff Posted September 17, 2012 Share Posted September 17, 2012 (edited) Mr-Protocol, I completely agree, but i'm curious what type of VPS are you using and how do you connect it to your pineapple? On another discussion thread somewhere in the forums (about setting up a SSH relay) I was given this link for VPS providers.http://www.lowendbox.com/ Edited September 17, 2012 by skimpniff Quote Link to comment Share on other sites More sharing options...
itsm0ld Posted September 17, 2012 Share Posted September 17, 2012 I typically just connect to my pineapple with a laptop directly to it. But you can do that and instead of having a meterpreter listener or anything on your laptop, just have it on a server at home that is setup for listening or use a VPS in that aspect. You can have it running and ready for connections. Then you re-direct users with your pineapple to your VPS fake site and the only load on the pineapple would be the passing of traffic through it. (In theory) Got it, kinda what I figured but figured I would ask. Sometimes someone has a crazy cool way of doing things I haven't thought of =) Thanks for the replay. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.