Jump to content

Evil Portals


kleo

Recommended Posts

Being new to Linux, I followed the directions to get Evil Portal 2.9 installed and then copied over the SBUX login.

Really nice work!  Directions were clear.  Seems to work on my Nano (no SD card) just fine in the Live Preview.  Very slick!

Now how do I get a Comcast one ported over?  hehe

Tried using this one I found...

https://github.com/MikeDawg/xfinity-pineapple

And while it does show up in the Portals area of Evil Portal (very cool) it doesn't active and it wasn't designed to use with this.  But it's cool.

Edited by mda1125
Link to comment
Share on other sites

It actually works!

It's just not obvious because when you click "Activate" it never looks like it works but when you do a Live Preview.. it's there.

I'm back to the Official 2.1 version.  I am thinking it would have worked with 2.9.. it just didn't look like it was going to work as I clicked "Activate" so I though it didn't.  In fact, the Live Preview shows the page I want.

Update:  While it works.. shows the mobile version of the page and does capture username/password.. no matter how many attempts you try, you never get past that page.  So it doesn't redirect you anywhere?

Edited by mda1125
Added an update
Link to comment
Share on other sites

you have to allow the ip address that is connected to the pineapple to connect to the internet in the EP module. 

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 1 month later...
On 1/24/2017 at 1:15 PM, mercredi said:

Hi!

Good job man! Do you know Wifiphiser? They have good template too. https://github.com/sophron/wifiphisher

Do you know how we can build a template like this for TETRA/NANO?

I think we can make an attack with wlan1 to deauth and force a client to connect on wlan0 with this portal

https://wifiphisher.org/ps/wifi_connect/

or

https://wifiphisher.org/ps/firmware-upgrade

I w'll try to make it. If you can give me a hand, you're welcome.

Has anyone actually done this for the Pineapple yet? This would be a great module.

Link to comment
Share on other sites

Has anyone thought of combining portal auth and evil portal with some of the abilities that SeToolkit, Fluxion, linset and all these others folks bring up.

I got my Nano not too long ago and been looking through the modules and researching and see some that seem to cover the same functions and could be combined.  What I have been doing lately is doing most of mitm stuff on my PC for the Nano only cause my php sucks (never latched to the language, nothing wrong with it just never got into it except for research for vulnhub VMs).

Idea I had in mind is the cloning ability of Set to clone a website or the captive portal you are behind.  Set can clone the active portal you are behind.  Not expecting the automated accuracy of Set.  I seen in demos that Portal Auth can clone and be used after some templating which is way okay in my book.  Would take me a bit to replicate that ability myself.  This ability mixed with the ability to set it either as a Captive or dnsspoofed site would be cool and combine evil portal with portal auth.  Under dns spoofed it could function like Set's portal where after they enter credentials, it just forwards them to the real site login page.  Adding a sub option under Captive to be used as Portal Auth would add the portal authentication to it.  Don't ask me to name it, my names are corny. :-P

Haven't given much though on how you could implement Fluxion (I assume wifiphisher is about the same) into the mix since fluxion captures the handshake of the real wifi point and then deauths it to oblivion while serving an open version that hopefully the person will connect to and get the captive portal that looks like their router model page asking them to validate their wifi password which checks against the handshake with aircrack and if successful drops the deauth and releases them from the rogue.

Edited by PoSHMagiC0de
Link to comment
Share on other sites

  • 3 weeks later...
On 3/3/2017 at 10:21 AM, stilia.johny said:

Hi all. 

 

Great job @kbeflo

I have a suggestion for your captive portal templates. 

I am using it for a while and it is great! 

After searching for a while I found that you can put notifications at the Dashboard notifications tile by using the command 


pineapple notify [text]

 

so what I did, I edit the MyPortal.php from these templates and I add the following code 


exec("pineapple notify $email'-'$pwd");

after the line 18 before the "}"

 

the results are showing bellow at the screenshot! 

 

Let me know about your thoughts! 

 

 

Screen Shot 2017-03-03 at 15.19.52.png

Read this earlier today, just had the thought of adding an audible notification as well. So you could monitor the site in the background, and with headphones perhaps, be alerted to new loot. (?) even considered... 

Link to comment
Share on other sites

  • 1 month later...

I have a problem with the portals.
I have a PineApple V with Evil Portal v2.9 and cloned the template portals to it.

When I activate (let's say the starbuck-login portal) I can see the page correctly in the live preview.

When I test it on a client connected to it - the portal comes up but the pictures and javascript are not run on the client. The webpage is "text-only". I have read some things about problems with the sub directories etc.

The portals are located in the /root/portals directory.

Any help is appreciated.

Johan

Link to comment
Share on other sites

5 hours ago, vanhawk said:

I have a problem with the portals.
I have a PineApple V with Evil Portal v2.9 and cloned the template portals to it.

When I activate (let's say the starbuck-login portal) I can see the page correctly in the live preview.

When I test it on a client connected to it - the portal comes up but the pictures and javascript are not run on the client. The webpage is "text-only". I have read some things about problems with the sub directories etc.

The portals are located in the /root/portals directory.

Any help is appreciated.

Johan

Did you try putting them in the /www/ folder on the pineapple?

Link to comment
Share on other sites

Im pretty sure these portals were created for the 6th gen platform pineapple and the module for that device.  From what your saying, you are using the 5th gen pineapple.  Which if your using the EP for that pineapple it might be work differently with that version of the module.  

Link to comment
Share on other sites

  • 1 month later...

Hey there

Awesome work with the captive portals. Looks really realistic. I just have some issues.

When a client connects to the WiFi and accesses a web page (e.g. www.nfl.com), it doesn't redirect them to the captive portal page. Could anyone provide some insight on this?

Link to comment
Share on other sites

13 hours ago, jtkrl said:

Hey there

Awesome work with the captive portals. Looks really realistic. I just have some issues.

When a client connects to the WiFi and accesses a web page (e.g. www.nfl.com), it doesn't redirect them to the captive portal page. Could anyone provide some insight on this?

Like cheeto says.

Also on some mobile devices once connected to a captive portal you get a popup saying "network requires you to sign in" kind of thing. Your evilportal will also be displayed in this window if clicked on on the mobile device.

This post is also worth a read

 

Edited by Just_a_User
Link to comment
Share on other sites

Hey guys,

I was wondering if anyone could give me some advice...

I'm REALLY trying to make some captive portals.  I'm doing this my carefully analyzing the scripts used in this section.  AWESOME!!

I able to make the captive portal and the nano is able to capture the creds but as soon as the client enters the creds, EP continues to be active thus denying the client internet access.   So my question is.... do think this problem could be in my index.php or Myportal.php?

I know it's a rather broad question but I'm sure this must have happened to someone else.

Thanks guys!!

 

Link to comment
Share on other sites

  • 3 weeks later...

Hi all, 

 

I was thinking if it would be a good idea to have a page ( within the c.portal folder) so we can access this page and see all the saved data

Possibly the portal will export these data to a CSV file and the html page will create a table of the csv file ? 

 

Any opinions? 

 

John

Link to comment
Share on other sites

@cheeto Could you please explain? This is close to my issue. I can capture creds, but client receives message indicating unsuccessful login. If client could enter supersecretpassword and proceed to internet (not their acct, just google.com) it would increase time until suspicion

Edited by aryakangler
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...