Jump to content

Keylogger


Sebkinne

Recommended Posts

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Yes.

That says that you typed a h (which has ascii code 104) on a form element called password, the element doesn't have an id and the form doesn't have a name. The URL you typed it on is http://cloud.wifipineapple.com/index.php?portal .

The group is there to tie multiple key presses together if you have multiple users all typing at once.

Link to comment
Share on other sites

  • 3 weeks later...

Seb, any info on the next version release? I have come back from the dead and it looks like the injection issues have been figured out!

I tested this out and found that upon the initial connection of the client the first site seems to get the injection but after that no injection occurs. Additionally I noticed the horrible lag indicated above, let me know if there is anything I can assist with.

Link to comment
Share on other sites

Seb, any info on the next version release? I have come back from the dead and it looks like the injection issues have been figured out!

I tested this out and found that upon the initial connection of the client the first site seems to get the injection but after that no injection occurs. Additionally I noticed the horrible lag indicated above, let me know if there is anything I can assist with.

Nice to have you back!

Personally I am more focused on the new UI than this module right now - but I'll put out a new version soon as lots of people seem to want it.

I'll have to talk to Digininja a little before that though.

Best,

Seb

Link to comment
Share on other sites

  • 1 month later...

Can somebody make a guide please and then link me to that guide?

In what directory must I put my clonedsite.html?

Can I just place any clonedsite.html in that location?

Can somebody incorporate the jsapi api into the mark 4 firmware?

Edited by --nick--
Link to comment
Share on other sites

Hey Seb,
GREAT WORK!! on the keylogger! :)

how is the group id generated?

... i thought it would be cool to have a clean "chat-based" output file, grouped by users, something like:

USER1

Thu, May 2nd 2013 - 17:30 | http://www.imdb.com/find?q=BLAAAA&s=all

Inputtext

Inputtext2 a little later in the same box

Thu, May 2nd 2013 - 17:35 | http://www.anothersite.com

another site or another box

USER2

Thu, May 2nd 2013 - 17:32 | http://www.site.com

typed between lines of user1

Thu, May 2nd 2013 - 17:45 | http://www.anothersite.com

bla bla

are you working currently on something like that?
... if not i can try it myself to write a litte script :P

to assign a log to a user, i think it would be nice to have a few more infos like "unique" user-id (mac, ip, etc.) and date/time

Link to comment
Share on other sites

The group id is a random number generated each time the k.js file is downloaded and ran. Its purpose is to allow all inputs from that page to be tied together.

Feel free to make changes and send them over, we will have a look and see what we think.

And not wanting to blow my own trumpet but I wrote the script. Seb helped with some debugging and packaging and WM helped with some stuff as well.

Link to comment
Share on other sites

And not wanting to blow my own trumpet but I wrote the script. Seb helped with some debugging and packaging and WM helped with some stuff as well.

I was just about to post this. I just helped with packaging and debugging it. Digininja did the magic and WM did the module magic ;)

Link to comment
Share on other sites

Total beginner question, I am seeing the javascript file being injected, I am using Wikipedia.org so it is not SSL, and can reach the file from my victim machine but I am not seeing data in the log on the module. Any ideas? I am running the pineapple through a shared network connection on a my Win8 laptop.

Link to comment
Share on other sites

It sounds like you know at least a bit about debugging so I'd suggest running something like Firebug and checking that the the javascript is loaded when the page loads. If it is then put a break point on the key press function and see if that gets hit. At some point something will be missing and hopefully we can help you fix it from there.

Link to comment
Share on other sites

Worked on this a bit more tonight and below is what I have found:

  • Found the URL generated and can put that URL in FireFox or IE and it posts data to the module screen without issue
  • Loaded FireBug and stepped through the code and it looked like it was working fine
  • Closed FireBug and continued entering in form fields and it worked
  • Went to IE or a new page in FireFox and nothing was sent
  • Verified that the file was included
  • Started FireBug in FireFox on the same page and it started working again

In summary, I am still not sure since it runs fine when FireBug is loaded but not before that. Any thoughts?

Link to comment
Share on other sites

  • 2 weeks later...

Has anybody else noticed this in the install.sh output?

root@Pineapple:/usb/infusions/keylogger# ./install.sh
Installing kmod-ebtables (3.7.6-1) to root...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:
* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) *
* opkg_install_cmd: Cannot install package kmod-ebtables.
Installing kmod-ebtables-ipv4 (3.7.6-1) to root...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables-ipv4:
* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) * kmod-ebtables *
* opkg_install_cmd: Cannot install package kmod-ebtables-ipv4.
Installing ebtables (2.0.10-4-1) to usb...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for ebtables:
* kmod-ebtables *
* opkg_install_cmd: Cannot install package ebtables.
Downloading http://cloud.wifipineapple.com/packages/Packages.gz.

Link to comment
Share on other sites

Has anybody else noticed this in the install.sh output?

root@Pineapple:/usb/infusions/keylogger# ./install.sh

Installing kmod-ebtables (3.7.6-1) to root...

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:

* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) *

* opkg_install_cmd: Cannot install package kmod-ebtables.

Installing kmod-ebtables-ipv4 (3.7.6-1) to root...

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables-ipv4:

* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) * kmod-ebtables *

* opkg_install_cmd: Cannot install package kmod-ebtables-ipv4.

Installing ebtables (2.0.10-4-1) to usb...

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for ebtables:

* kmod-ebtables *

* opkg_install_cmd: Cannot install package ebtables.

Downloading http://cloud.wifipineapple.com/packages/Packages.gz.

Yep, I get exactly the same and keylogger doesn't work on mine running 2.8.1. The proxy just crashes by the looks of it. Output from my install.sh below:

Multiple packages (kmod-ebtables and kmod-ebtables) providing same name marked HOLD or PREFER. Using latest.

Installing kmod-ebtables (3.7.6-1) to root...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:
* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) *
* opkg_install_cmd: Cannot install package kmod-ebtables.
Multiple packages (kmod-ebtables-ipv4 and kmod-ebtables-ipv4) providing same name marked HOLD or PREFER. Using latest.
Installing kmod-ebtables-ipv4 (3.7.6-1) to root...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables-ipv4:
* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) * kernel (= 3.3.8-1-d6597ebf6203328d3519ea3c3371a493) *
* opkg_install_cmd: Cannot install package kmod-ebtables-ipv4.
Installing ebtables (2.0.10-4-1) to usb...
Collected errors:
* opkg_install_pkg: Package ebtables md5sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
* opkg_install_cmd: Cannot install package ebtables.
Updated list of available packages in /var/opkg-lists/pineapple_packages.
Package ruby (1.9.2-p0-1) installed in usb is up to date.
Package ruby-gems (1.9.2-p0-1) installed in usb is up to date.
Package ruby-core (1.9.2-p0-1) installed in usb is up to date.
Package ruby-enc (1.9.2-p0-1) installed in usb is up to date.

TS

Link to comment
Share on other sites

Thanks.

Just done a clean install on a 2.8.1 pineapple and with nothing else running apart from networkmanager it still fails.

Symptoms are the same - pineapple will route traffic with the proxy off but as soon as the proxy is started, the traffic stops being routed.

TS

Link to comment
Share on other sites

  • 1 month later...

That will happen. The ebtables package is used to route traffic so if it doesn't get installed then things will break.

Is this already fixed?

I installed the keylogger on a clean pineapple via the infusions web menu. It injects the js, but does not collect data.

Thanks!

PS: This is the output of my keylogger install.sh:

root@Pineapple:/usb/infusions/keylogger# opkg update
Downloading http://cloud.wifipineapple.com/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/pineapple_packages.
root@Pineapple:/usb/infusions/keylogger# ./install.sh
Multiple packages (kmod-ebtables and kmod-ebtables) providing same name marked HOLD or PREFER. Using latest.
Upgrading kmod-ebtables on usb from 3.3.8-1 to 3.7.6-1...
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:
 *      kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) *
 * opkg_install_cmd: Cannot install package kmod-ebtables.
Collected errors:
 * pkg_init_from_file: Malformed package file ./dep/kmod-ebtables-ipv4.ipk.
Installing ebtables (2.0.10-4-1) to usb...
Collected errors:
 * opkg_install_pkg: Package ebtables md5sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
 * opkg_install_cmd: Cannot install package ebtables.
Downloading http://cloud.wifipineapple.com/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/pineapple_packages.
Package ruby (1.9.2-p0-1) installed in usb is up to date.
Package ruby-gems (1.9.2-p0-1) installed in usb is up to date.
Package ruby-core (1.9.2-p0-1) installed in usb is up to date.
Package ruby-enc (1.9.2-p0-1) installed in usb is up to date.

Edited by tstusr
Link to comment
Share on other sites

  • 2 months later...

(is this topic alive? i hope yes)

pineapple (2.8.1) tethering osx

ics eth1 --> wlan0

client connect to pineapple (the ap is open , no security auth)

client open a http site (many) and write on some fields (most in contact form, some in forum and blogs)

i just reset my pineapple

in pineapple running just the keylogger , nothing else

the keylogger not grap key strokes ... i try to refresh ... i open the directory and is empty no file created

when i give on my mac the "http://192.168.2.4/k.js" i receive the code

when i give on client pc the "http://172.16.42.1/k.js" , i receive the code again !!!

(are the above is right? or i have understand something wrong?)

how can i check/test if the keylogger work/running ?

any idea ???

thank you

EDIT >>>

(hi again)

the keylogger begin to work after i close the cron from status page , the cron was start automatically so i thought that is not a problem (?)

something else that i do (i doit after close the cron and before check if work) is that i go to configuration page of key logger , i show here the server ip (was the right) and i press SAVE !!! the "save" shutdown the key logger , so i start it again ... and know grap data ...

now i open again the cron and the key logger still work fine ... !!!!!!!!??????!!!!!!! i cant understand what happen here ... ok i am noobie but that is little strange .... hihihihihi !!! (?)

i have some problems about the results , sometime loose keystrokes and sometimes when i delete the text that i was wrote in the field a letter cant deleted ... i try to make more test 's

thank you

Edited by makfor49
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...