zettaquark Posted October 15, 2012 Share Posted October 15, 2012 (edited) I really like the way Petertfm worked the random roll mod. Was wondering if anyone has interest in putting a similar style mod together with various phish pages? I'm not much on the sh but would be willing to learn and assist in creating such a mod? R/ Z** Edited October 15, 2012 by zettaquark Quote Link to comment Share on other sites More sharing options...
Gamehacker953 Posted October 15, 2012 Share Posted October 15, 2012 i could attempt to make one if needed just give me some time with the templates of other mods and i will see what i can do. Quote Link to comment Share on other sites More sharing options...
leonshon Posted October 16, 2012 Share Posted October 16, 2012 this can be great , will wait to see your progress, by the way what is your aim ? Java Drive by ? , fake Update page or some kind of Exploit Pack ? maybe i can help here Quote Link to comment Share on other sites More sharing options...
Gamehacker953 Posted October 16, 2012 Share Posted October 16, 2012 this can be great , will wait to see your progress, by the way what is your aim ? Java Drive by ? , fake Update page or some kind of Exploit Pack ? maybe i can help here i will have to see i messed up my usb for my pineapple and going to redo it soon but dont have much time atm so idk when i can do it. Quote Link to comment Share on other sites More sharing options...
zettaquark Posted October 17, 2012 Author Share Posted October 17, 2012 Soooo..... I will be making this my first project and hopefully I can get together with a few other guy's for input. I have some big ideas don't know if they are realistic though.... Time to find out. :) Quote Link to comment Share on other sites More sharing options...
zettaquark Posted October 18, 2012 Author Share Posted October 18, 2012 Any Ideas for features for this module? Select-a-phish? auto page conversion? Quote Link to comment Share on other sites More sharing options...
zettaquark Posted October 26, 2012 Author Share Posted October 26, 2012 Petertfm Tried the code. Had some issues as discussed. check ur inbox Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 26, 2012 Share Posted October 26, 2012 Petertfm Tried the code. Had some issues as discussed. check ur inbox no message? Quote Link to comment Share on other sites More sharing options...
zettaquark Posted October 26, 2012 Author Share Posted October 26, 2012 I sent you a updated all in one mod Quote Link to comment Share on other sites More sharing options...
zettaquark Posted October 26, 2012 Author Share Posted October 26, 2012 very kewl.... got it working and I see what your talking about with https.. Something interesting though.... any thoughts on identifying, qualifying and spoofing m-dots (mobile) Quote Link to comment Share on other sites More sharing options...
zettaquark Posted October 26, 2012 Author Share Posted October 26, 2012 Nevermind... I found it... I have the logs being re-directed via the dnsspoof mod. heres the output: 2012-10-25 22:55:12 | facebook.com | User: donwon@dsdsd.net | Pass: byteme 2012-10-25 22:55:12 | facebook.com | User: donwon@dsdsd.net | Pass: byteme 2012-10-25 22:56:46 | gmail.com | User: this is not real | Pass: passmenow 2012-10-25 22:58:39 | paypal.com | User: gotcha@gmail.com | Pass: paymenow 2012-10-25 22:59:32 | hulu.com | User: huluun | Pass: hulupass Quote Link to comment Share on other sites More sharing options...
zettaquark Posted October 26, 2012 Author Share Posted October 26, 2012 Adding Netflix from Gamehacker953 to GonePhishing Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 26, 2012 Share Posted October 26, 2012 When we finnaly make the Gone Fishing module I think the easiest way would be to take RandomRoll module and convert it to GoneFishing replace the rolls with phish pages and keep the log how it is but logging when peopple are redirected to a phish page. then have another log for usernames and passwords. this would take some work but I could do the switch over and maybe you could do the phish files, then after we and others can add different phish sites. some aditional code will have to be added for dealing with the spoof host file. and how to deal with all in one sites IE what sites get spoofed to an all in wonder. if an all in one has links for twitter facebook and gmail and the gmail phish site was allso enabled, the gmail phish site would take precidance. Quote Link to comment Share on other sites More sharing options...
hfam Posted October 27, 2012 Share Posted October 27, 2012 "...patience Mr. Bigglesworth..." :) I can't WAIT to see what you guys are cooking up!! Sounds brilliant!!! Quote Link to comment Share on other sites More sharing options...
zettaquark Posted October 28, 2012 Author Share Posted October 28, 2012 You got it! A phishin I will file ! :) Let's get this party started. Quote Link to comment Share on other sites More sharing options...
NullNull Posted October 31, 2012 Share Posted October 31, 2012 Just an idea i had this morning... Lets say for example i am using a MITM attack with out providing internet to my pineapple. So everyone gets redirect to 172.16.42.1 where i have put my phishing page logging emails and passwords victims type. Wouldn't be nice after the victim type in his password and try to connect the phishing page redirect him to a page like the one the particular website use when you are typing a wrong password? This can be done 3 times and after that a message saying "You have try to many times, try again in 10 minutes." with the official logo of the website on top. All the passwords can be compared and if they are the same just log it once alse log the ones that doesn't match. This way we can be sure that the victim is typing the right password/email and that he gets less suspicious about not connecting to the website. Quote Link to comment Share on other sites More sharing options...
PineDominator Posted November 1, 2012 Share Posted November 1, 2012 Just an idea i had this morning... Lets say for example i am using a MITM attack with out providing internet to my pineapple. So everyone gets redirect to 172.16.42.1 where i have put my phishing page logging emails and passwords victims type. Wouldn't be nice after the victim type in his password and try to connect the phishing page redirect him to a page like the one the particular website use when you are typing a wrong password? This can be done 3 times and after that a message saying "You have try to many times, try again in 10 minutes." with the official logo of the website on top. All the passwords can be compared and if they are the same just log it once alse log the ones that doesn't match. This way we can be sure that the victim is typing the right password/email and that he gets less suspicious about not connecting to the website. I like this idea because then the user may not think something is up. could be done with the code zettaquark and I have started. Quote Link to comment Share on other sites More sharing options...
loozr Posted November 5, 2012 Share Posted November 5, 2012 First off I have to say that this is an great idea for a module. However this is not so great for those of us that do not use english as our language. I would (most likely) still have to make my own phishing pages, and then why should I use this module? And how often do various sites change? Would there have to be continuous updates to keep the phishing files "valid"? Just being curious about this though, I think this would be a good module. And I will surely look into the coding you choose to use, and perhaps this will make the post-script evolve, and maybe add some features to the phishing, like sending the victims to the real site afterwards, preferably logged in. (sorry if my text is hard to understand..) Quote Link to comment Share on other sites More sharing options...
shoeless89 Posted November 8, 2012 Share Posted November 8, 2012 Any updates!? :D Quote Link to comment Share on other sites More sharing options...
PineDominator Posted November 9, 2012 Share Posted November 9, 2012 Any updates!? :D I haven't done much, busy with personal stuff. Sorry. Quote Link to comment Share on other sites More sharing options...
mondrianaire Posted November 9, 2012 Share Posted November 9, 2012 I have been working on a module extremely similar to this. The only difference is that there is no reason this sort of module should not be able to work offline. The idea is simple. Change SSID to "Free Public Wifi". Reroute (dnsspoof) all traffic to 172.16.42.1. Default landing page is a walled garden page explaining that free internet access is limited to a certain number of websites, and give links to all websites (all of these websites are phishing pages). Perhaps even put in a clause about unlimited internet access for 'Premium Members'. You have to modify most phishing pages by downloading all the dependencies and referencing them locally, but after that, you have an fully enclosed offline credential harvester. You can keep it running all day, in your backpack or something, riding the train, on a bus, airports, etc.. You get the drift. On a more technical note: The main problem that I am running into is the Network Connection Status Indicator (the systray icon for wireless) that will indicate the user that they do not have internet access. A bit of digging and a great superuser post (http://blog.superuser.com/2011/05/16/windows-7-network-awareness/) shows that the way Windows detects Internet access is first by requesting a text file (http://www.msftncsi.com/ncsi.txt) , If this fails, it tries to DNS resolve dns.msftncsi.com. If both of these fail, the internet connection will show no internet access. if the second passes, but the first fails, NCSI will display a message 'Additional log on information is required', which is really the best were going to get with a pineapple, unless someone knows how to make the pineapple both resolve dns correctly, and respond to requests heading for that ip. Quote Link to comment Share on other sites More sharing options...
NullNull Posted November 9, 2012 Share Posted November 9, 2012 (edited) Mondrianaire that's perfect!!!! I am using exactly the same idea but manualy and it's a mess with the links and all that! I am very happy you are working on a module like this!! Because my knowledge in php is minimal I used wix.com to make my own "website" but for mobiles. It had the official logo of a local cafe on top and a message that was saying that only the pages in the links bellow are available. I Downloaded it and put it in 172.16.42.1 i also downloaded the modile versions of the links my webpage had (Facebook,twitter, Youtube, Google, hotmail) and put them all together. And then logging passwords and emails ;) Maybe in your module you can add the option of choosing the title of the main page the SSID the message saying that they will have a "limited" ;) internet access and also a background image or a logo :D Edited November 9, 2012 by KiatoG Quote Link to comment Share on other sites More sharing options...
zettaquark Posted November 12, 2012 Author Share Posted November 12, 2012 Swamped and pillaged in Las Vegas..... Now I'm back and recovering. Later this week I'll get back on the wagon. Quote Link to comment Share on other sites More sharing options...
NullNull Posted November 12, 2012 Share Posted November 12, 2012 @petertfm, @zettaquark, @mondrianaire are you thinking/working on something like mondirianaire mentioned in his previous post? I am very excited about that and just want to put 2-3 ideas together :) . So a module that will have o "welcome page" with links wich will be downloaded and modified so we can log emails/passwords pages and let you choose: # SSID # the title of the main page (landing page) # background image or logo on top of the page # a welcome message, e.g. "Welcome, due to limited internet access only the links bellow are available" I used this method but manualy, with out a module. I made my "welcome" page at wix.com and i downloaded through my iphone(iSaveWeb was the name of the app i used) the modile version of it (because i think most of the victims in an attack like this, taking place in a coffee shop or an airport or a train will be smartphones/tablets). I removed wix advertisment that was on the top of the page and with the rest of the links that i had also dowlnloaded through my modile and modifed them for logging the passwords an emails i put them all together at 172.16.42.1 with dns spoof running. Here is my "welcome page": yialo.rar. It looks prety good on a mobile ;) Quote Link to comment Share on other sites More sharing options...
NullNull Posted November 12, 2012 Share Posted November 12, 2012 On a more technical note: The main problem that I am running into is the Network Connection Status Indicator (the systray icon for wireless) that will indicate the user that they do not have internet access. A bit of digging and a great superuser post (http://blog.superuse...work-awareness/) shows that the way Windows detects Internet access is first by requesting a text file (http://www.msftncsi.com/ncsi.txt) , If this fails, it tries to DNS resolve dns.msftncsi.com. If both of these fail, the internet connection will show no internet access. if the second passes, but the first fails, NCSI will display a message 'Additional log on information is required', which is really the best were going to get with a pineapple, unless someone knows how to make the pineapple both resolve dns correctly, and respond to requests heading for that ip. Is this similar to how apple devices check for internet connection? If so i guess it can be easily fixed :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.