InfiniteDevelopment Posted February 16, 2016 Share Posted February 16, 2016 Hey everyone, I am wondering if you guys have any specific steps you take once you are the MITM? What kind of things are you trying to do with the packets? Push java applets to clients? Use Karmetaspolit? Since SSLStrip is no longer working, what types of things are you doing to gaurentee the most data out of your "victims". I am particularly intrested in emails, social media, etc... Assuming its been approved by the client I am auditing. I really want to show some examples of what can go wrong for a client site when a MITM attack is successfully executed using the pineapple, any ideas? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted February 16, 2016 Share Posted February 16, 2016 I can't speak highly enough of the Evil Portal captive portal in regards to effort:reward ratio. 1 Quote Link to comment Share on other sites More sharing options...
InfiniteDevelopment Posted February 17, 2016 Author Share Posted February 17, 2016 I can't speak highly enough of the Evil Portal captive portal in regards to effort:reward ratio. I cant agree more. This is a very easy and robust step in the front door! I had shiish loads of fun last night with Evil Portal. Also the new landing page in config is nice to have! Now how do we get into more plays like metasploit and other client side exploits via MITM? Is that not to be discussed on the fourm? Ive looked at Karmetasploit and Bettercap and I think to myself, how can I port that over to the pineapple. I see ettercap, but its not the easiest thing to use on the MK5.8T currently lol. Maybe if i had CLI expierence with ettercap beforehand I would be more inuitive on how to use it. Any others out there that have these feelings of wanting to be able to make this thing more effective and automated through community developed scipts and porting of exixting tools? p.s. I saw on my Tetra, the model number was MK5.8 which is why I referred to it in that way. Any particular reason you decided not to go full MK6? Or was that just a lil easter egg for later in the dev cycle? :) Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted February 18, 2016 Share Posted February 18, 2016 Internal code name to differentiate from the NANO - which got its name from a text editor that's better than another text editor that can be read as 6 in roman numerals. If you do the math the TETRA is the 7th WiFi Pineapple hardware to date, but it along with the NANO are sharing the 6th Generation title (and software base). But anyway, the real easter egg is in the stager firmware which you flashed over during initial setup. Oh well... Quote Link to comment Share on other sites More sharing options...
InfiniteDevelopment Posted February 18, 2016 Author Share Posted February 18, 2016 Internal code name to differentiate from the NANO - which got its name from a text editor that's better than another text editor that can be read as 6 in roman numerals. If you do the math the TETRA is the 7th WiFi Pineapple hardware to date, but it along with the NANO are sharing the 6th Generation title (and software base). But anyway, the real easter egg is in the stager firmware which you flashed over during initial setup. Oh well... Makes sense. And trust me, I have another tetra and my first nano in the cart. So please. Elaborate about said Easter egg. ? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted February 18, 2016 Share Posted February 18, 2016 Makes sense. And trust me, I have another tetra and my first nano in the cart. So please. Elaborate about said Easter egg. Never! 1 Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted February 19, 2016 Share Posted February 19, 2016 What's this coconut everybody talking about ;p 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.