Jump to content
Hak5 Forums

Archived

This topic is now archived and is closed to further replies.

sud0nick

[Support] Portal Auth

Recommended Posts

so i couldnt get it to work. says drive space is full.

root@Pineapple:/# df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 3200 3112 88 97% /
/dev/root 12032 12032 0 100% /rom
tmpfs 30904 440 30464 1% /tmp
tmpfs 512 0 512 0% /dev
/dev/mtdblock3 3200 3112 88 97% /overlay
overlayfs:/overlay 3200 3112 88 97% /
/dev/sdcard/sd1 14497704 360396 13409968 3% /sd

this is what happens when i run the other commands

root@Pineapple:/sd/infusions/portalauth/includes/scripts# ./check_depends.sh
Not Installed
root@Pineapple:/sd/infusions/portalauth/includes/scripts# ./install_depends.sh
md5sum: can't open 'beautifulsoup4-4.4.0.tar.gz': No such file or directory
sh: 63d1f33e6524f408cb6efbc5da1ae8a5: unknown operand
MD5 of BS4 does not match

Share this post


Link to post
Share on other sites

What tells you your drive space is full? There is nothing in what you posted from the command line that states that. If your drive space is full you'll need to clear it out.

Share this post


Link to post
Share on other sites

Every time I try to activate a portal capture from portal auth its breaking evil portal. system logs throw a write error. any ideas on what I am doing wrong?

Share this post


Link to post
Share on other sites

I know I already responded to you on Twitter but I'll reiterate here.

Your issue with nodogsplash being removed has nothing to do with PA but you should try to refresh the small tile for Evil Portal to see if the dependencies are actually missing. I've run into this problem many times where EP throws a message that says depends are missing but if I refresh the tile all is well.

You can clone websites that are not captive portals by entering the URL of the site in the Test Site field in the Config tab. Everything should work well but I have run into network timeout errors on larger sites.

Check out my video on Portal Auth that describes every aspect of the infusion. It's a little long but teaches every part of it.

Share this post


Link to post
Share on other sites

This is a very interesting infusion and im looking forward to its first stable version.

Just wanted to confirm something;

Is it possible or at least planed to use this infusion to clone and harvest unique password/username based portals?

I saw your demonstration from the pineapple 5 where you cloned a Starbucks portal that would require a user to get a password from a downloaded exe.

My question is, could you clone something along the line of an offices's internet filter or a collage university portal. A portal that everyone has their own username and password to.

And gather their username/password then push them to the web. The portal would have to look exactly like the original with just the 2 text boxes, without any popups as not to raise any red flags from IT admins who might get pulled onto the network by pineAP. (that would be a red flag in itself)

Example:

<spoiler> <--- i have no idea how these work

result-authscreen.png

</spoiler>

Share this post


Link to post
Share on other sites

This is a very interesting infusion and im looking forward to its first stable version.

The current release is a stable release.

Just wanted to confirm something;

Is it possible or at least planed to use this infusion to clone and harvest unique password/username based portals?

I saw your demonstration from the pineapple 5 where you cloned a Starbucks portal that would require a user to get a password from a downloaded exe.

My question is, could you clone something along the line of an offices's internet filter or a collage university portal. A portal that everyone has their own username and password to. And gather their username/password then push them to the web.

You can absolutely do this, however, you will not be able to clone the database that contains the expected usernames and passwords. If that were the case we wouldn't need to trick the user (except to maybe get a plaintext version of a hashed password). The demonstration you are talking about shows a special injection set I created to grant users an access key to further portray a valid captive portal. The .exe they download to get that key executes a root shell on their system so you can access it. This functionality is not dependent upon any particular captive portal and can even be used on a cloned website.

You can definitely clone the portal pictured in your post and use that to get the user's credentials. However, Portal Auth will not automatically send those credentials to the original portal so you will have to first authenticate your Pineapple on that AP or by some other means (i.e. 3G/4G modem) to give your target users internet access after they give you their credentials.

Share this post


Link to post
Share on other sites

The current release is a stable release.

You can absolutely do this, however, you will not be able to clone the database that contains the expected usernames and passwords. If that were the case we wouldn't need to trick the user (except to maybe get a plaintext version of a hashed password). The demonstration you are talking about shows a special injection set I created to grant users an access key to further portray a valid captive portal. The .exe they download to get that key executes a root shell on their system so you can access it. This functionality is not dependent upon any particular captive portal and can even be used on a cloned website.

You can definitely clone the portal pictured in your post and use that to get the user's credentials. However, Portal Auth will not automatically send those credentials to the original portal so you will have to first authenticate your Pineapple on that AP or by some other means (i.e. 3G/4G modem) to give your target users internet access after they give you their credentials.

Thanks,

From knowledge ive gathered, all passwords for the portal I plan to clone are all 6 chars long, and are a mix of random numbers and letters. (users are a mix of the persons first and last name so brute forcing isnt an option)

Im sure its possible to put some extra java in there that keeps them on the page if the password entered isnt exactly 6 chars long.

That will hopefully prevent any wrong passwords being entered, or ITs attempting to inspect the portal by entering random info.

Share this post


Link to post
Share on other sites

Thanks,

From knowledge ive gathered, all passwords for the portal I plan to clone are all 6 chars long, and are a mix of random numbers and letters. (users are a mix of the persons first and last name so brute forcing isnt an option)

Im sure its possible to put some extra java in there that keeps them on the page if the password entered isnt exactly 6 chars long.

That will hopefully prevent any wrong passwords being entered, or ITs attempting to inspect the portal by entering random info.

It should go without saying but I hope what you are doing is all legal and with the permission of the owners of the AP / portal. If not then I recommend you don't do it.

Share this post


Link to post
Share on other sites

Sud0Nick - This tool looks absolutley great. I was just wondering if something like this existed. I have unwrapped my nano and got it all installed unfortunatley im in a wifi blackspot so need to go hunting for some portals to try this on. I was wondering a few things:

- Do you host a repository of cloned portals? It would be great if there were a way to download some templates so I could popup in the middle of somewhere, throw up a generic portal 'a la xfinity' without the need to clone it myself?

- Is there a way I can test this without needing to find my local startbucks etc? I guess I would need to host a captive portal myself form my laptop - I could do this with NDS from Kali I guess, but again there would be limited content for PA to clone.

 

Great work on this one.

Share this post


Link to post
Share on other sites

1. I do not host a portal repository.

2. You don't necessarily need to clone a "portal" as you can point the Test Site field setting to any URL and clone its page.

Since you mentioned you're using the NANO you will want to look in this thread for the latest information about the module.  This thread we're in pertains to the old MK V version of Portal Auth which I no longer update.

Share this post


Link to post
Share on other sites

Sud0nick - thanks for the quick post back. I guess that the portal repo would be welcomed by many, is there an aversion to hosting one - if you aren't willing to host one do you have an objection to anyone else doing so? To the rest of the modules users would you want one and contribute if we hosted one?

Share this post


Link to post
Share on other sites

I will not endorse a portal repo.  It would quickly become a place for social media phishing templates which have no value in a legal pentest.  If someone chooses to clone Facebook and attempt to steal people's creds that's on them but I won't encourage that behavior.

Share this post


Link to post
Share on other sites
6 hours ago, sud0nick said:

I will not endorse a portal repo.  It would quickly become a place for social media phishing templates which have no value in a legal pentest.  If someone chooses to clone Facebook and attempt to steal people's creds that's on them but I won't encourage that behavior.

This. 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×