Jump to content

Recommended Posts

I really like the way Petertfm worked the random roll mod. Was wondering if anyone has interest in putting a similar style mod together with various phish pages? I'm not much on the sh but would be willing to learn and assist in creating such a mod?

R/

Z**

Edited by zettaquark
Link to comment
Share on other sites

this can be great , will wait to see your progress, by the way what is your aim ? Java Drive by ? , fake Update page or some kind of Exploit Pack ? maybe i can help here

i will have to see i messed up my usb for my pineapple and going to redo it soon but dont have much time atm so idk when i can do it.

Link to comment
Share on other sites

Nevermind... I found it... I have the logs being re-directed via the dnsspoof mod. heres the output:

2012-10-25 22:55:12 | facebook.com | User: donwon@dsdsd.net | Pass: byteme

2012-10-25 22:55:12 | facebook.com | User: donwon@dsdsd.net | Pass: byteme

2012-10-25 22:56:46 | gmail.com | User: this is not real | Pass: passmenow

2012-10-25 22:58:39 | paypal.com | User: gotcha@gmail.com | Pass: paymenow

2012-10-25 22:59:32 | hulu.com | User: huluun | Pass: hulupass

Link to comment
Share on other sites

When we finnaly make the Gone Fishing module I think the easiest way would be to take RandomRoll module and convert it to GoneFishing replace the rolls with phish pages and keep the log how it is but logging when peopple are redirected to a phish page. then have another log for usernames and passwords.

this would take some work but I could do the switch over and maybe you could do the phish files, then after we and others can add different phish sites.

some aditional code will have to be added for dealing with the spoof host file. and how to deal with all in one sites IE what sites get spoofed to an all in wonder.

if an all in one has links for twitter facebook and gmail and the gmail phish site was allso enabled, the gmail phish site would take precidance.

Link to comment
Share on other sites

Just an idea i had this morning...

Lets say for example i am using a MITM attack with out providing internet to my pineapple. So everyone gets redirect to 172.16.42.1 where i have put my phishing page logging emails and passwords victims type. Wouldn't be nice after the victim type in his password and try to connect the phishing page redirect him to a page like the one the particular website use when you are typing a wrong password? This can be done 3 times and after that a message saying "You have try to many times, try again in 10 minutes." with the official logo of the website on top. All the passwords can be compared and if they are the same just log it once alse log the ones that doesn't match. This way we can be sure that the victim is typing the right password/email and that he gets less suspicious about not connecting to the website.

Link to comment
Share on other sites

Just an idea i had this morning...

Lets say for example i am using a MITM attack with out providing internet to my pineapple. So everyone gets redirect to 172.16.42.1 where i have put my phishing page logging emails and passwords victims type. Wouldn't be nice after the victim type in his password and try to connect the phishing page redirect him to a page like the one the particular website use when you are typing a wrong password? This can be done 3 times and after that a message saying "You have try to many times, try again in 10 minutes." with the official logo of the website on top. All the passwords can be compared and if they are the same just log it once alse log the ones that doesn't match. This way we can be sure that the victim is typing the right password/email and that he gets less suspicious about not connecting to the website.

I like this idea because then the user may not think something is up.

could be done with the code zettaquark and I have started.

Link to comment
Share on other sites

First off I have to say that this is an great idea for a module.

However this is not so great for those of us that do not use english as our language. I would (most likely) still have to make my own phishing pages, and then why should I use this module?

And how often do various sites change? Would there have to be continuous updates to keep the phishing files "valid"?

Just being curious about this though, I think this would be a good module. And I will surely look into the coding you choose to use, and perhaps this will make the post-script evolve, and maybe add some features to the phishing, like sending the victims to the real site afterwards, preferably logged in.

(sorry if my text is hard to understand..)

Link to comment
Share on other sites

I have been working on a module extremely similar to this. The only difference is that there is no reason this sort of module should not be able to work offline. The idea is simple. Change SSID to "Free Public Wifi". Reroute (dnsspoof) all traffic to 172.16.42.1. Default landing page is a walled garden page explaining that free internet access is limited to a certain number of websites, and give links to all websites (all of these websites are phishing pages). Perhaps even put in a clause about unlimited internet access for 'Premium Members'. You have to modify most phishing pages by downloading all the dependencies and referencing them locally, but after that, you have an fully enclosed offline credential harvester. You can keep it running all day, in your backpack or something, riding the train, on a bus, airports, etc.. You get the drift.

On a more technical note:

The main problem that I am running into is the Network Connection Status Indicator (the systray icon for wireless) that will indicate the user that they do not have internet access. A bit of digging and a great superuser post (http://blog.superuser.com/2011/05/16/windows-7-network-awareness/) shows that the way Windows detects Internet access is first by requesting a text file (http://www.msftncsi.com/ncsi.txt) , If this fails, it tries to DNS resolve dns.msftncsi.com. If both of these fail, the internet connection will show no internet access. if the second passes, but the first fails, NCSI will display a message 'Additional log on information is required', which is really the best were going to get with a pineapple, unless someone knows how to make the pineapple both resolve dns correctly, and respond to requests heading for that ip.

Link to comment
Share on other sites

Mondrianaire that's perfect!!!! I am using exactly the same idea but manualy and it's a mess with the links and all that! I am very happy you are working on a module like this!! Because my knowledge in php is minimal I used wix.com to make my own "website" but for mobiles. It had the official logo of a local cafe on top and a message that was saying that only the pages in the links bellow are available. I Downloaded it and put it in 172.16.42.1 i also downloaded the modile versions of the links my webpage had (Facebook,twitter, Youtube, Google, hotmail) and put them all together. And then logging passwords and emails ;) Maybe in your module you can add the option of choosing the title of the main page the SSID the message saying that they will have a "limited" ;) internet access and also a background image or a logo :D

Edited by KiatoG
Link to comment
Share on other sites

@petertfm, @zettaquark, @mondrianaire

are you thinking/working on something like mondirianaire mentioned in his previous post? I am very excited about that and just want to put 2-3 ideas together :) . So a module that will have o "welcome page" with links wich will be downloaded and modified so we can log emails/passwords pages and let you choose:

# SSID

# the title of the main page (landing page)

# background image or logo on top of the page

# a welcome message, e.g. "Welcome, due to limited internet access only the links bellow are available"

I used this method but manualy, with out a module. I made my "welcome" page at wix.com and i downloaded through my iphone(iSaveWeb was the name of the app i used) the modile version of it (because i think most of the victims in an attack like this, taking place in a coffee shop or an airport or a train will be smartphones/tablets). I removed wix advertisment that was on the top of the page and with the rest of the links that i had also dowlnloaded through my modile and modifed them for logging the passwords an emails i put them all together at 172.16.42.1 with dns spoof running.

Here is my "welcome page": yialo.rar. It looks prety good on a mobile ;)

Link to comment
Share on other sites

On a more technical note:

The main problem that I am running into is the Network Connection Status Indicator (the systray icon for wireless) that will indicate the user that they do not have internet access. A bit of digging and a great superuser post (http://blog.superuse...work-awareness/) shows that the way Windows detects Internet access is first by requesting a text file (http://www.msftncsi.com/ncsi.txt) , If this fails, it tries to DNS resolve dns.msftncsi.com. If both of these fail, the internet connection will show no internet access. if the second passes, but the first fails, NCSI will display a message 'Additional log on information is required', which is really the best were going to get with a pineapple, unless someone knows how to make the pineapple both resolve dns correctly, and respond to requests heading for that ip.

Is this similar to how apple devices check for internet connection? If so i guess it can be easily fixed :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...