Windows 7 auto log in.

Well after spending a lot of time on WiFi Pineapples shall we head back to Windows 7.

May of you may not remember computers pre Windows XP, we never had to log in to a system, it used to just start up ready for us.

My desktop doesn't travel around, any I am the only person with access, so why should I have to type in my password to get access? Don't get me wrong my laptop does travel and as a result has a password and full drive encryption.

Now this is the same case with my mother, but I don't want her having admin access to her computer, that would only make more work for me in the long run. As this is the second time I have had to reinstall a full OS for her.
 The default log in account can be a user or an admin, bear in mind if the user attempts to access and admin feature they will be prompted for the admin's password (installed team viewer for my Mum).

Less of my life and lets get into this nice quick tip.

Open the run command by pressing GUI+r.

type in "control userpasswords2" and yes without the quotes.

Then click Apply.

At this point you will be prompted for your password.

Now after the next boot you will be delivered to your desktop.

Don't forget what your password is, you may still want to lock your computer when friends come around or if you have set your computer to prompt for a password after recovering from screensaver.

So I think the next one will have to be how to reset your password if you forget it.

WiFi Pineapple SSL Strip

SSL is used for secured traffic on websites, while it was first used on banking and shopping websites, it is now used by twitter, facebook and even google.

After the firefox extension Firesheep received mainstream media coverage pretty much all social media sites defaulted to HTTPS / SLL, previously most of these website offered HTTPS as an option within the security settings but most users did not know how to enable this or how important it was.

Now SSL would protect you from a man in the middle attack like firesheep but SSL Strip is another MITM attack.

Now the first thing you should be doing is updating to the latest WiFi Pineapple firmware version 1.1.0.
Flashing is very easy just open the WiFi Pineapple MK5 large tile and check for upgrades, flashing takes a few minutes so you may have to put some time aside for this.

Getting started is easy as with all others just click start in the small tile - you can look at the log file in the small tile but I would suggest opening up the large tile.
I attempted to access facebook I had a few problems getting the infusion to log any data, as I was using Chrome that I was logged into was forcing me to use HTTPS as but after logging out and manually typing in www.facebook.com.

I will be logging into facebook with the accoutn chump@facbook.com and the password "lamepassword"



Even though I prefer using the large tile interface, the it turns out the small tile was best for demonstrating on here.

As you can see this has reported a username and password.

You do have to pick it out but 3rd line from the bottom you can see
"&email=chump%40facebook.com"
"&pass=lamepassword"

The reason that the @ symbol is not displayed is because of Percent-encoding or URL encoding.
I won't be covering this in depth basically some characters are unsupported and need to be re-encoded. If you have ever cut and pasted a URL and accidentally included a space you would see that space replaced with %20, for further reading please see the Wikipedia page here and I also found a useful table here.

Remember to keep safe and only exploit systems you have the correct authorisation for.