sud0nick Posted March 31, 2015 Author Share Posted March 31, 2015 InfoTomb is back online. Everything should be functioning normally now. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted April 17, 2015 Author Share Posted April 17, 2015 A new test version is available on my server (v2.5.1). Included in this version is a command line executable that has multiple functions. These functions include scanning for open access points and automatically connecting as well as cloning a captive portal on that AP if it exists. Right now the automatic scan is not optional but cloning is. Here is the help output from the script that displays all of the functionality: Usage: executable [-h] [-c] [-a] [-b] [-w] [-ijs] [-ihtml] [-icss] [-sjs] [-scss] [-sl] [-sf] [-iset] interface Automatically search and connect to an open access point. Optionally, clone and authenticate with a captive portal. positional arguments: interface Wireless interface to scan and connect optional arguments: -h, --help show this help message and exit -c, --clone Attempt to clone a portal if it exists -a, --authenticate Attempt to authenticate with a portal if it exists -b , --blacklist Path to file containing SSIDs to ignore in scan -w , --whitelist Path to file containing SSIDs to accept in scan -ijs, --injectjs Cloner Option: Inject JavaScript from Injection Set -ihtml, --injecthtml Cloner Option: Inject HTML from Injection Set -icss, --injectcss Cloner Option: Inject CSS from Injection Set -sjs, --stripjs Cloner Option: Strip JavaScript from cloned portal -scss, --stripcss Cloner Option: Strip inline CSS from cloned portal -sl, --striplinks Cloner Option: Strip links from cloned portal -sf, --stripforms Cloner Option: Strip forms from cloned portal -iset , --injectionset Cloner Option: Name of Injection Set to use when cloning You'll notice that there is an option to include a blacklist or whitelist. The blacklist allows for you to skip over access points you don't want to connect to and the whitelist will attempt to connect only to the SSIDs listed within it. Here are a couple of examples to run the script with these modes and attempt to clone a portal if it exists. pineapple infusion portalauth -w whitelist.txt -c wlan1 pineapple infusion portalauth -b blacklist.txt -c wlan1 Remember that if you want to inject code into the portal you will need to include the name of the injection set along with the flags for what to inject/strip. Current Bugs As of now there is an issue when using the commands above to run the script. The entire script executes properly but it will hang afterward. If you cd to /sd/infusions/portalauth/executable/ and run ./executable wlan1 it will not hang. I don't know why it is doing this so if anyone has a solution please let me know. One last note, the authentication portion has not been built in to the command line executable. If you attempt to use it nothing will happen. Quote Link to comment Share on other sites More sharing options...
stunner2xx Posted August 14, 2015 Share Posted August 14, 2015 i cant seem to get it to work with mark 5 with latest firmware Quote Link to comment Share on other sites More sharing options...
ZeteMkaa Posted August 15, 2015 Share Posted August 15, 2015 Same here, "Failed to install dependencies." Quote Link to comment Share on other sites More sharing options...
sud0nick Posted August 15, 2015 Author Share Posted August 15, 2015 Sorry about that guys. I'm not sure if InfoTomb took the files offline. I'm away from home for a couple more weeks on a business trip but once I get home I'll get this fixed. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted August 27, 2015 Author Share Posted August 27, 2015 (edited) I'm home now and I've looked into the issue. It seems that the MD5 hash for BS4 doesn't match what I originally uploaded which leaves me wondering who changed the file on InfoTomb. This is why everyone is seeing errors when installing depends. I may just move these files back to my server but it would be awesome if Hak5 could find some space for the devs to store depends so user's don't have to worry about where their downloads are coming from. I'll get this fixed and push an update to the Pineapple Bar. Edit: It seems as if the dependency files were deleted rather than modified on InfoTomb (I still don't know why). While we wait for the infusion approval process here is an updated version of the install_depends script: #!/bin/sh # Update the opkg list opkg update > /dev/null; # Check if wget (SSL version) is installed test=$(opkg list-installed | grep 'wget') if [ -z "$test" ]; then opkg install wget > /dev/null; fi # Make a temporary directory for downloading depends if ! [ -d "/sd/tmp/" ]; then mkdir /sd/tmp fi mkdir /sd/tmp/portalauth; cd /sd/tmp/portalauth; # Download the depends wget -q http://www.puffycode.com/download/PortalAuth/beautifulsoup4-4.4.0.tar.gz > /dev/null; wget -q http://www.puffycode.com/download/PortalAuth/requests-v2.5.1.tar.gz > /dev/null; wget -q http://www.puffycode.com/download/PortalAuth/tinycss-0.3.tar.gz > /dev/null; wget -q http://www.puffycode.com/download/PortalAuth/setuptools-18.2.tar.gz > /dev/null; # Check MD5 of BS4 if ! [ `md5sum beautifulsoup4-4.4.0.tar.gz | awk '{print $1}'` == "63d1f33e6524f408cb6efbc5da1ae8a5" ]; then echo "MD5 of BS4 does not match" rm -rf /sd/tmp/portalauth exit fi # Check MD5 of Requests library if ! [ `md5sum requests-v2.5.1.tar.gz | awk '{print $1}'` == "3c5bd282c56353d56ac39b6dee12560f" ]; then echo "MD5 of Requests does not match" rm -rf /sd/tmp/portalauth exit fi # Check MD5 of TinyCSS library if ! [ `md5sum tinycss-0.3.tar.gz | awk '{print $1}'` == "13999e54453d4fbc9d1539f4b95d235e" ]; then echo "MD5 of TinyCSS does not match" rm -rf /sd/tmp/portalauth exit fi # Check MD5 of SetupTools if ! [ `md5sum setuptools-18.2.tar.gz | awk '{print $1}'` == "52b4e48939ef311d7204f8fe940764f4" ]; then echo "MD5 of SetupTools does not match" rm -rf /sd/tmp/portalauth exit fi # Unpack tar -xzf beautifulsoup4-4.4.0.tar.gz > /dev/null 2>&1; tar -xzf requests-v2.5.1.tar.gz > /dev/null 2>&1; tar -xzf tinycss-0.3.tar.gz > /dev/null 2>&1; tar -xzf setuptools-18.2.tar.gz > /dev/null 2>&1; # If /sd/depends does not exist, create it if ! [ -d "/sd/depends/" ] then mkdir /sd/depends/; fi # Install the libraries cp -R beautifulsoup4-4.4.0 /sd/depends/bs4; cp -R kennethreitz-requests-d2d576b /sd/depends/requests; cp -R tinycss-0.3 /sd/depends/tinycss; cp -R setuptools-18.2 /sd/depends/setuptools; # Create symbolic links for the dependencies so they can be accessed by the default search path ln -s /sd/depends/bs4 /usr/lib/python2.7/site-packages/bs4; ln -s /sd/depends/requests /usr/lib/python2.7/site-packages/requests; ln -s /sd/depends/tinycss/ /usr/lib/python2.7/site-packages/tinycss; # Run the setup.py scripts cd /sd/depends/setuptools/; python setup.py build > /dev/null 2>&1; python setup.py install > /dev/null 2>&1; cd /sd/depends/bs4/; python setup.py build > /dev/null 2>&1; python setup.py install > /dev/null 2>&1; cd /sd/depends/requests/; python setup.py build > /dev/null 2>&1; python setup.py install > /dev/null 2>&1; cd /sd/depends/tinycss/; python setup.py build > /dev/null 2>&1; python setup.py install > /dev/null 2>&1; # Remove tmp directory rm -rf /sd/tmp/portalauth; echo "Complete" Just place this file in /pineapple/components/infusions/portalauth/includes/scripts/ and click Install Dependencies from the web interface. Everything should install properly now. Keep in mind that these dependencies are being downloaded from my personal server and not InfoTomb or Hak5. I am still using InfoTomb for the Captive Portal check file as that has not been deleted. Edit 2: Since it appears the Injection Sets were also deleted I will be moving them to my site as well. Edit 3: Version 2.6 has been submitted to the Pineapple Bar. During testing I noticed that my Pineapple was running out of space for the libraries required (I may just have more stuff installed than others) but if you run into this problem I recommend the following: 1. Move /usr/lib/python2.7/site-packages/ to /sd/depends/site-packages. 2. Create a symlink between the two. 3. Install dependencies. mv /usr/lib/python2.7/site-packages /sd/depends/site-packages ln -s /sd/depends/site-packages/ /usr/lib/python2.7/site-packages Edited August 28, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
sud0nick Posted August 29, 2015 Author Share Posted August 29, 2015 v2.6 is now available. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted August 30, 2015 Author Share Posted August 30, 2015 I found a couple of things that needed fixing so I've released yet another version. v2.7 has been submitted to the Pineapple Bar with the following updates: Version 2.7 - Released Aug 30, 2015 [->] Added support for downloading multiple files with the same name from a site. [->] Fixed encoding/decoding issue with external CSS files that would cause the operation to crash. [->] Removed AP search from command line executable and updated cloning options. The encoding issue was what prompted me to push an update. I didn't have a problem with it in previous versions but for some reason I couldn't clone websites that I could before. I looked into the problem, with my handy error logs, and realized when the script attempts to modify the CSS files it wasn't able to decode them properly which would cause the program to crash and leave you with all of the files from the site but no splash.html file. I also updated the command line executable so you can now clone portals from the command line or in a script and activate them immediately. I originally had the script set up to scan for open WiFi networks, connect automatically, check for a captive portal, and clone it if one existed. I took that out as I don't have the proper means to test it fully and I doubt it was used much anyway. If anyone still wants that feature I can probably find a place around town that has that type of environment. Just let me know. Enjoy Quote Link to comment Share on other sites More sharing options...
onion2346 Posted September 12, 2015 Share Posted September 12, 2015 Hi, quick question, not sure if this is the right thread to post in but... in portal auth, i click on the "activate now" button after saving/creating a copy of the "freewifi" infusion (just named it freewificopy) that is already provided there... and then how i understand that is suppose to transfer this over to evil portal where i can find it under libraries > saved portals? however when i do all this and then check in evil portal it simply says "you have no saved portals to view" please help am i missing something or what? Cheers, onion Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 12, 2015 Author Share Posted September 12, 2015 This is the proper thread for Portal Auth questions. Please only use the Injection Sets thread for questions about injection sets. When you click activate now, while cloning a portal, the portal is placed in the /etc/nodogsplash/htdocs/ directory. Your saved portals from Portal Auth appear, by default, in /sd/portals/. Mine appear in Evil Portal II but they can't be edited or activated from there. What I normally do to activate my portals is use the activateportal.sh script in /sd/infusions/portalauth/includes/scripts/ which requires two arguments: 1. portal directory, and 2. portal name. ./activateportal.sh /sd/portals/ TestPortal Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 13, 2015 Author Share Posted September 13, 2015 It seems that InfoTomb doesn't hold on to files forever like they claim. The portal test page has disappeared now as well. Although I always recommend you use your own so you know which servers your Pineapple is connecting to when checking for captive portals I do have a page setup on my server. http://www.puffycode.com/download/PortalAuth/cptest.txt The expected data field in Portal Auth should be set to "No Captive Portal" Quote Link to comment Share on other sites More sharing options...
onion2346 Posted September 14, 2015 Share Posted September 14, 2015 Hi, Many thanks for this good info! For me however, nothing saves in the /sd/portals/ folder at all?? It seems that InfoTomb doesn't hold on to files forever like they claim. The portal test page has disappeared now as well. Although I always recommend you use your own so you know which servers your Pineapple is connecting to when checking for captive portals I do have a page setup on my server. http://www.puffycode.com/download/PortalAuth/cptest.txt The expected data field in Portal Auth should be set to "No Captive Portal" Also, not quite sure what you mean by this?? apologies... not sure what to do... Cheers,onion Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 14, 2015 Author Share Posted September 14, 2015 Hi, Many thanks for this good info! For me however, nothing saves in the /sd/portals/ folder at all?? So, after you clone a captive portal, and the message appears that the portal was cloned successfully, you SSH into the Pineapple and check /sd/portals/ and nothing is there? If you open the large tile in Portal Auth, under the config tab, you should see a field for the portal directory that by default has /sd/portals/ in it. If it doesn't then you need to check the directory that's listed there instead. Also, not quite sure what you mean by this?? apologies... not sure what to do... Cheers, onion Under the Config tab in the large tile there is a field labeled Test Website. This is a URL to a webpage for Portal Auth to check if a captive portal is present. Since InfoTomb took down the file that Portal Auth links to by default I put up another link to my server. You can put that link in the Test Website field so you don't get false positives. Quote Link to comment Share on other sites More sharing options...
onion2346 Posted September 15, 2015 Share Posted September 15, 2015 Hi Sudonick, very much appreciate your responses! Thank you! I may have miscommunicated my thoughts however, what I was trying to convey was that, I have not yet tried to clone an actual captive portal from scratch, as I have not yet investigated/learned how to do this yet (although your info has helped tremendously!) What I have been doing is trying to somehow utilize the default portal options that are already there (i think one of the default options that is already loaded into there is called "freewifi" or something) cant I just use those just the same as cloning my own portal from scratch? also why are those default options already there for? sorry for all the questions! p.s. i would like to learn how to clone my own portal from scratch etc... and will proceed to do so soon hopefully! Cheers. onion Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 15, 2015 Author Share Posted September 15, 2015 (edited) What I have been doing is trying to somehow utilize the default portal options that are already there (i think one of the default options that is already loaded into there is called "freewifi" or something) cant I just use those just the same as cloning my own portal from scratch? also why are those default options already there for? You have to clone a captive portal, or webpage, to use the injection sets. They are injected into the portal as it is copied to the Pineapple. I'm currently working on a new version of Portal Auth and I'll make a full guide on how to use every feature once it's finished but until then you can watch this video on some of the features. https://forums.hak5.org/index.php?/topic/34421-support-portal-auth/?p=258766 Edited September 15, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 23, 2015 Author Share Posted September 23, 2015 Version 2.8 has been submitted to the Pineapple Bar. Here is the change log: [->] Added Payload tab which includes the Portal Auth Shell Server (PASS), payload upload center, and a default payload for Windows and OS X. [->] Modified the auth log tab to auto refresh. [->] Moved the Test Website and depends back to PuffyCode.com. [->] Added the Payloader injection set for delivering payloads to victim machines. Also, I put together a complete how to video on Portal Auth. Check it out in the Pineapple University forum. Quote Link to comment Share on other sites More sharing options...
cheeto Posted September 24, 2015 Share Posted September 24, 2015 Thanks for this UPDATE & the VIDEO!! I hope to install it this weekend. Couple questions: - If the victim installs the server onto his/her computer, can i have remote access to that computer at a later time too? (like a trojan) - Can a payload be made for android? If so, i think the user might get a warning about installing from outside of the playstore., right? Thanks again and good job! I think I'm going to watch the tutorial again. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 24, 2015 Author Share Posted September 24, 2015 If the victim installs the server onto his/her computer, can i have remote access to that computer at a later time too? (like a trojan) Just to be clear, the victim won't install the server on their computer. The payload I included will set up a listening socket (which is what I think you meant) so as long as that program is running in the background on their system you will be able to access it. Can a payload be made for android? If so, i think the user might get a warning about installing from outside of the playstore., right? The point of the NetClient page is to upload any payload you want. If you can make a payload for android then you can upload it to the Android section. The Payloader injection set will use the user-agent string of the victim's browser to determine what OS they are on. If they are on Android they will receive the Android payload, if they are on Windows they will receive the Windows payload, etc. By default I included the code for a Windows and OS X payload but you can always use the veil framework or metasploit to create your own payloads. I plan on playing around with the veil framework sometime this week as I have recently discovered it and it seems awesome. Quote Link to comment Share on other sites More sharing options...
phibertap Posted September 24, 2015 Share Posted September 24, 2015 Awesome video, and I love the new features you added. I only wish to have the 2.8 update now :) Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 29, 2015 Author Share Posted September 29, 2015 v2.8 is now available! Quote Link to comment Share on other sites More sharing options...
phibertap Posted September 30, 2015 Share Posted September 30, 2015 (edited) To test this new version, I did a factory restore on my pineapple. Then I installed the infusion from the bar. Clicking on the "Install dependancies" link in the small tile does nothing. Executing the following command via ssh gives the following error: # pineapple infusion portalauth Traceback (most recent call last): File "/pineapple/components/infusions/portalauth/executable/executable", line 6, in <module> import requests ImportError: No module named requests Continuing, I manually ran the check_depends.sh script, then the install_depends.sh script. root@Pineapple:/sd/infusions/portalauth/includes/scripts# ./check_depends.sh Not Installed root@Pineapple:/sd/infusions/portalauth/includes/scripts# ./install_depends.sh zip_safe flag not set; analyzing archive contents... unable to execute mips-openwrt-linux-uclibc-gcc: No such file or directory no previously-included directories found matching 'docs/_build' unable to execute mips-openwrt-linux-uclibc-gcc: No such file or directory no previously-included directories found matching 'docs/_build' zip_safe flag not set; analyzing archive contents... tinycss.tests.speed: module references __file__ Complete After that was complete, I tried the "pineapple infusion portalauth" command, this time a different error. root@Pineapple:/sd/infusions/portalauth/includes/scripts# pineapple infusion portalauth Traceback (most recent call last): File "/pineapple/components/infusions/portalauth/executable/executable", line 87, in <module> response = requests.get(settings['testSite'], verify=False) File "/usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg/requests/api.py", line 65, in get return request('get', url, **kwargs) File "/usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg/requests/api.py", line 49, in request response = session.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg/requests/sessions.py", line 447, in request prep = self.prepare_request(req) File "/usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg/requests/sessions.py", line 378, in prepare_request hooks=merge_hooks(request.hooks, self.hooks), File "/usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg/requests/models.py", line 303, in prepare self.prepare_url(url, params) File "/usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg/requests/models.py", line 360, in prepare_url "Perhaps you meant http://{0}?".format(url)) requests.exceptions.MissingSchema: Invalid URL u'': No schema supplied. Perhaps you meant http://? Am I missing something? Thanks! PT Edited September 30, 2015 by phibertap Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 30, 2015 Author Share Posted September 30, 2015 So it appears the depends installed properly but told you they did not. After installing them manually did you check the ./check_depends.sh script again or try from the web GUI? What browser are you using and did a progress bar come up when you clicked Install Depends or did an error come up? That final error came up because you ran it from the command line without a test website set. You should see a link in the small tile to configure the test website. Do that then try the command line version again. That's why you see Invalid URL u'': No schema supplied. Perhaps you meant http://? If the command line version works you should be able to use the GUI version. They are exactly the same. Quote Link to comment Share on other sites More sharing options...
onion2346 Posted September 30, 2015 Share Posted September 30, 2015 Hi Sud0nik, THanks for this great work! I try to click the upload payload button but get the error "failed to upload the payload" ? i followed the default steps for uploading/setting up the default windows payload (netcli.exe) you provided as per your tutorial. any thoughts? Cheers, Onion Quote Link to comment Share on other sites More sharing options...
sud0nick Posted September 30, 2015 Author Share Posted September 30, 2015 Did you click the link for configuring uploads? It will run a script that modifies your nginx and php configuration to allow uploads larger than 2 MB. If you clicked the link and it still isn't working try rebooting your Pineapple. Maybe the configuration files didn't reload even though they should have. Quote Link to comment Share on other sites More sharing options...
onion2346 Posted September 30, 2015 Share Posted September 30, 2015 (edited) yea i tried rebooting, but still get the same issue unfortunately? (and yea i clicked the link to allow higher uploads it says it worked) ? also when running on kali/iceweasel i get that install new dependencies popup you created for portal auth poping up at the bottom of the screen, its like always there, despite everything being installed properly (atleast it all seems to have installed properly). P.s. I get this same issue on the mac using the chrome browser should i try re-flash the pineapple and reinstall? Cheers, Onion Edited September 30, 2015 by onion2346 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.