Jump to content

Evil portal downloads


Pineappled
 Share

Recommended Posts

  • 1 month later...

It's not ipk's in this case, it's non-pineapple-related. In other words; not installing on the Pineapple itself (where ipk's are used since it's OpenWrt) but make the connected client to download an installer package/executable (apk, exe, or whatever) that fits the connected device and install it.

This is the basic flow of the intended idea as I see it:
1) Client connects to Pineapple AP
2) Client is greeted with whatever page the EP is serving the client
3) When the user of the connected client does something on the EP page, it should trigger a download of an APK, EXE or such depending on the client architecture
4) The APK/EXE/? should then be installed on the client device (not the Pineapple)

The last step is the hard part since there are a number of obstacles to pass to be successful (if even possible at all). Also, getting the download to be accepted can be tricky and will probably need its fair share of skills when it comes to some form of social engineering. The Cliqq evil portal (from Kleo) has an APK download button. But, speaking of obstacles, getting an APK installed on a standard Android device won't be that easy.

Edited by dark_pyrro
Link to comment
Share on other sites

On 3/18/2022 at 11:26 AM, dark_pyrro said:

It's not ipk's in this case, it's non-pineapple-related. In other words; not installing on the Pineapple itself (where ipk's are used since it's OpenWrt) but make the connected client to download an installer package/executable (apk, exe, or whatever) that fits the connected device and install it.

This is the basic flow of the intended idea as I see it:
1) Client connects to Pineapple AP
2) Client is greeted with whatever page the EP is serving the client
3) When the user of the connected client does something on the EP page, it should trigger a download of an APK, EXE or such depending on the client architecture
4) The APK/EXE/? should then be installed on the client device (not the Pineapple)

The last step is the hard part since there are a number of obstacles to pass to be successful (if even possible at all). Also, getting the download to be accepted can be tricky and will probably need its fair share of skills when it comes to some form of social engineering. The Cliqq evil portal (from Kleo) has an APK download button. But, speaking of obstacles, getting an APK installed on a standard Android device won't be that easy.

Ah interesting, I didn't read the question correct. 

As I was typing this, I was investigating Storm-Breaker and fiddling with steganography to make an image trigger the target to get screenshots from a mobile phone. I got it to work but need to deal with the Target that has to accept the use of it's webcam or microphone everytime they receive a Stego Picture. I guess the Poster will need to deal with the same problem at some point right? 

Follow +1

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...