Jump to content

MK2: Best HowTo - Setup Internet Connection Forwarding on "Linux" & Jasager


Recommended Posts

Internet Connection Sharing on "LINUX"
& Jasager Pineapple Setup


All credit for this HowTo go's to taiyed14
I just made this HowTo page for the Hak5 forums and commented/tidied up the shell scrip & added the sslstrip stuff

---------------------------------------

When you get to setting the IP address in the Webif and the /etc/config/dhcp
Set then to the IP address I have in there

i.e. 10.110.0.2 for the pineapple and stuff

---------------------------------------

- On Pineapple -
IP address = 10.110.0.2
Ethernet Interface = ETH0
WiFi Interface = WiFi

- On laptop -
Ethernet Interface - Pineapple GW IP address = 10.110.0.1
Internet Facing Interface & Wireless Interface = wlan0
Pineapple Facing Interface & Ethernet Interface = eth0



This is how it will all work in the end.
[internet+DNS > ("DHCP"GW > wlan0) > (eth0 > "DHCP"ETH0 > WiFi)]


----------------------------------------------
If you have a FON La Fonera NOT a la Fonera+
Then you can just use this scrip to set up your pineapple for use with the Pineapple.sh script below

And then skip to section - 2 -

Otherwise just keep on reading the HowTo. It is simple anyway.


Follow the README file inside

Uploaded at these two sites

pineapple-setup-0.1
http://rapidshare.com/files/324684119/pine...etup-0.1.tar.gz
http://www.filefactory.com/file/a13045d/n/...etup-0_1_tar_gz

sha1-sum = 096eba367c6d570685f623ae84ba5288aef0e08e
md5-sum = 11a48e9a7e73c7729daeb32b5cee06bd

----------------------------------------------

( Section - 1 - )

First lets set up the Jasager-Pineapple

Connect to the Jasager-Pineapple and SSH into it
ssh -c blowfish root@<IP ADDRESS OF YOUR PINEAPPLE AT THIS TIME>



Now you need to edit the /etc/config/dhcp Configuration file. So, it looks like this.

config 'dnsmasq'
    option 'domainneeded' '1'
    option 'boguspriv' '1'
    option 'filterwin2k' '0'
    option 'localise_queries' '1'
    option 'local' '/lan/'
    option 'domain' 'lan'
    option 'expandhosts' '1'
    option 'nonegcache' '0'
    option 'authoritative' '1'
    option 'readethers' '1'
    option 'leasefile' '/tmp/dhcp.leases'
    option 'resolvfile' '/tmp/resolv.conf.auto'

config 'dhcp' 'lan'
    option 'interface' 'lan'
    option 'start' '100'
    option 'limit' '150'
    option 'leasetime' '720m'
    option 'ignore' '0'
    list 'dhcp_option' '3,10.110.0.1' # This is the IP address of . .
     #.  . The Host Laptop's Net-Interface acting as GW
    list 'dhcp_option' '6,10.110.0.2,8.8.8.8' # This is Option 6 define the DNS server, . .
     # .  . Then IP of Pineapple, Then Googles DNS IP

config 'dhcp' 'wan'
    option 'interface' 'wan'
    option 'ignore' '1'
    option 'start' '100'
    option 'limit' '150'
    option 'leasetime' '720m'



! Don't Reboot Yet !

Now, Navigate to the Webif Admin Web Page of Network/Networks i.e.
http://<IP ADDRESS OF YOUR PINEAPPLE AT THIS TIME>/cgi-bin/webif/network.sh

OK Now, Fill in the input fields with this information. . .

Connection Type = Static IP
Type = Bridged
IP Address = 10.110.0.2
Netmask = 255.255.255.0
Default Gateway = 10.110.0.1

Lan DNS servers = Leave Blank Or Set To 10.110.0.2


NOTE: Make sure there is not 10.110.0.1 in the DNS box or Anything ells It will mess things up.


Now, hit the "Save Changes" Button then Apply Changes at the bottom.
It probably will not reconnect so just let it sit for like 5min's then Power Cycle

------------------------------------------------

OK Jasager Powered Pineapple is all setup
------------------------------------------------

( Section - 2 - )


Now connect to the Internet through a Wireless Router with your Host Laptop's Wireless Interface "wlan0"


You can download this script pineapple-0.9.1 from this link.
Extract the tar.gz file. Navigate into it and run the installer as root

sudo ./install.sh



NEW PINEAPPLE-0.9.1 Support for BackTrack4 included in the installer!
http://rapidshare.com/files/393232951/pineapple-0.9.1.tar.gz

md5sum = 317f6e9fd878d0e062950b435d22f6e9
sha1sum = e2f982e6f9bebfd7fee2b5c02065a5fd75456ac0


OLD PINEAPPLE-0.9
http://rapidshare.com/files/381908032/pineapple-0.9.tar.gz

md5sum = d904beabab441a8990d6423d7a02e9fb
sha1sum = b29583126a3ad4e8dc65ea219b56f293d46a8bd9


OLD PINEAPPLE-0.8
http://rapidshare.com/files/377906412/pineapple-0.8.tar.gz

md5sum = d6db93a2befab50a23a92785934a9289
sha1sum = b4f04d06e99361c7dbeb48cfeacd810182710d22



===========================
OLD PINEAPPLE-0.6
http://rapidshare.com/files/363545320/pineapple-0.6.tar.gz

md5sum = aedec7f15ff5f37f0ceaa6ddbe740232
sha1sum = 4f641e61455eac36af2bb036812e10770d44d084


OLD PINAPPLE-0.4
http://rapidshare.com/files/324710329/pineapple-0.4.tar.gz

----------------------------------

All Right then
----------------------------------

Now you can just connect to a Wireless Router with the Wireless Interface on the Host Laptop


Then run this command after install with root privileges

sudo pineapple.sh




Then Plug in the Pineapple :)
----------------------------------------------------------------------

Navigate to the Jasager Admin Webpage and turn Karma ON.
Make sure you add Your Fon Routers essid of "pineapple" or "OpenWrt" to the "Black List" - Every Time you Reboot the router ! ! !

Now Start up Wireshark on your Host Laptop and listen on interface "eth0" and get your packet sniffing on.


Check out the dsniff tools too.
Maybe Run an Attacker WebPage with all the latest Exploits & redirect victims there.
Maybe inject Javascrip or Flash and take control of the users WebCam

Also, If you deauth victims and maybe run a DOS on there AP they will connect to your Pineapple.
Maybe have an open WiFi LAN with an essid of "Free Public WiFi" and victims will connect on purpose.

--------------------------

The possibilities are endless.
SOOO much better then attacking one network at a time.


================================================
To Kill all of this just Run these commands with Root privileges

iptables -X
iptables -F
/etc/init.d/iptables stop



================================================
If you have problems with Pineapples Clients not being able to connect to the internet.
Ping your way out... Watch Wireshark and find out where the brake is.


Start up a VirtualBox. Give it it's own Wireless NIC Via USB Pass Through
Open a Shell and . . .

ping 10.110.0.2
ping 10.110.0.1
ping (The wlan0 IP address)
ping (The GW address)
ping 8.8.8.8
ping google.com

Edited by echoblack
Link to comment
Share on other sites

  • Replies 98
  • Created
  • Last Reply

Top Posters In This Topic

Thanks for doing this write up. It looks good!

You can make the SSLStrip config section of the bash script cleaner by doing combining both IF statements

if [ $SSL == "y" -o $SSL == "Y" -o $SSL == "yes" ]; then

&lt;SNIP&gt;

if $SSL is y OR $SSL is Y OR $SSL is yes. Now there is only one IF.

More troubleshooting tips:

1. SSH into the Fon.

2. ping 4.2.2.2

3. Is there a responds?

No: ICS is not set up properly

Yes: ping 4.2.2.2 from a client connected to the Fon.

1. Is there a responds?

No: Please post the output of ipconfig /all (I want to see the IP/Gateway/DNS server of the client)

Yes: ping google.com

1. Is there a responds?

No: The clients aren't getting a DNS server

Yes: What's the problem?

Link to comment
Share on other sites

Nice, I was looking how to convert the text to lower case or how to do that IF [1=x OR 1=y]; then but just gave up.

Thanks, I put that in now and also made all the IP's variables and the sslstrip port a variable. I was going to have the user input the IP's they want but that mite cause problems because the Pineapple needs to be set up for them too. So, I didn't but it is now a lot easyer for the user to change the IP's to the ones they want.

I also figured that just hard coding in sslstrip port of 10000 is fine too because with the default port there is no need to specify the port for sslstrip to listen on.

---------

I'd like to have the scrip make sure sslstrip is installed but it is just a Python scrip that the user may not have in /usr/bin OR they may have even changed the name. This is the same reason I didn't have it open a Xterm and start sslstrip for the user.. . . .

HUM, I "Could" just include sslstrip In the script itself! That would be cool. Then I'd just have to check if Python is installed. I mean come on why would you not run sslstrip ?. . .

Ya, man I am doing that right now. I'm going to put this script and the sslstrip scrip in a tar.gz and write an installer.

Any other cool tools you think I could install with it?

Link to comment
Share on other sites

You know what. that line with all the IF [ 1 == x -o 1 == y -o 1 == z ]; then

That give me a "Too many arguments specified" error

--------

I'm also having problems gettting the output of commands converted to strige values. If you feel like giveing me the answer that'd be cool.

-----------

Never mind I just changed the code so I don't have to do that.

Link to comment
Share on other sites

Hey guys,

I just got this loaded up on my Fon and am stuck on something. I'm sure it's user error on my part, but I cannot get DNS to the wireless client I'm testing with. Pinging 8.8.8.8 works perfectly from the client i'm connecting wirelessly to the fon, but pinging google.com gives me the "no host" error. Pinging google from an ssh into the fon resolves fine.

One thing I am doing differently is rather than using

list 'dhcp_option' '3,10.110.0.1' # This is the IP address of . .
#.  . The Host Laptop's Net-Interface acting as GW
list 'dhcp_option' '6,10.110.0.2,8.8.8.8' # This is Option 6 define the DNS server, . .
# .  . Then IP of Pineapple, Then Googles DNS IP

I'm using

option 'gateway' '10.110.0.1'
option 'dns' '8.8.8.8'

I might be using an out of date version of kamikaze (7.09), because i get errors when using the list commands instead of the option commands. Any tips as to what I have messed up?

Link to comment
Share on other sites

Ya, go ahead and up grade to Kamakaze 9.01 I think it is now.....

That mite not be the problem your haveing though.

What do you meen your useing

option 'gatway' 10.110.0.1'

option 'dns' '8.8.8.8'

?

Try just Cut and Past my /etc/config/dhcp into your Fon router and try that.

-----------

Also, NOTE the BUG in the script I just pointed out in that section of the HowTo

Link to comment
Share on other sites

I'm gonna give the lil' pineapple a flash to the latest version and see if that fixes the issues. I think the 'list' parameters are not supported by the old version I'm working with. Pray I don't brick it. Don't have time to solder up a serial connection before heading home for Christmas.

Link to comment
Share on other sites

echoblack, I could use that link. The links in the install post in this forum and the wiki are out of date. At this point, i have 8.09.1 on the router (latest stable Kamikaze) and need the new .ipk files (I used all the old ones, but the jasager-madwifi_1.ipk is for the old kernel, and i'd rather use the driver if you have the ipk already). Thanks in advance if you have the links.

Update: I found the new haserl, webif, libruby, and ruby packages. Still looking for updated jasager-madwifi and planning to use jasager 2.1 (latest on digininja's site). I have absolutely no experience with patching madwifi drivers, so I'll give it a shot if I can find clear instructions... otherwise, a link to an ipk would be very appreciated.

Link to comment
Share on other sites

This is telling the DHCP server on the Fon to PUSH the default gateway (option 3 - 10.110.0.1) and PUSH the primary and secondary DNS (option 6 - 10.110.0.2 and 8.8.8.8) to any clients connecting to Fon:

list 'dhcp_option' '3,10.110.0.1' # This is the IP address of . .
#.  . The Host Laptop's Net-Interface acting as GW
list 'dhcp_option' '6,10.110.0.2,8.8.8.8' # This is Option 6 define the DNS server, . .
# .  . Then IP of Pineapple, Then Googles DNS IP

This is only setting the gateway (fine) and DNS for the Fon:

option 'gateway' '10.110.0.1'
option 'dns' '8.8.8.8'

In other words, the Fon is a client to the DNS server, it cannot send request for its wireless clients, they must send a request themselves. That is why you are getting a "no host" error.

Link to comment
Share on other sites

In other words, the Fon is a client to the DNS server, it cannot send request for its wireless clients, they must send a request themselves. That is why you are getting a "no host" error.

Ah, thanks for the clarification.

I'm in the process of updating firmware to support the "list" option. Looking for the new patched madwifi drivers to go with the new kernel version. You don't happen to know where I might find an updated jasager-madwifi.ipk do you? Google's giving me nothing tonight.

Update: Ok, i'm a noob. I found around page 6 or 7 of this forum that digininja has repackaged jasager into a prebuilt openwrt firmware package. I'm flashing to that now.

Link to comment
Share on other sites

boy, sorry I bought a Pineapple for Darren. So, I don't really know where to get all the stuff that you need. All i needed to do when I got it was get the new haserl, webif but you already have found that.

If you get a working setup I am sure it will work with toughs lines put in the /etc/config/dhcp

---------

You know just and idea could be totally wrong. But my Pineapple Darren made had Both the ipkg packages manger and opkg package manager intalled? Maybe they are really the same but if not then maybe the packages your are looking for are only for the opkg package manager and you need to install that first.

Link to comment
Share on other sites

You know what. that line with all the IF [ 1 == x -o 1 == y -o 1 == z ]; then

That give me a "Too many arguments specified" error

You know what I think I was doing something ells wrong and that is way I was getting that error.

I am almost done with new new "pineapple.sh + sslstrip". I'll probably have it up tomorrow.

I just has to spend 2hr's helping my roommate get ripped off on a new laptop form BestBuy. They made him pay $70 for some crappy antivirus software... And I am just going to install Linux on it anyway... What a rip off !

He refused to change his billing address on his credit card so Newegg.com kept rejecting his order.

Link to comment
Share on other sites

echoblack, I was wondering.... Ive initially setup my fon with jasager to use 192.168.*.* for everything thus far, Id like to switch it up and use what you are usually, especially since I would like to use this awesome script youve come up with. I was wondering if you would be able to post your /etc/config/network , /etc/config/wireless, etc... basically the main files youve used to setup your network... you could use the option in OpenWRT to save a config file backup and upload that, it would make it a lot easier to follow the tutorials too wouldnt it, wouldn't I be able to replace my config files with yours and then boom, everything should plug in together and become a working environment?

Link to comment
Share on other sites

I tried this, and couldn't get a connection on HTTP at all. I ended up doing:

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward &gt; /dev/null
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo ifconfig eth1 192.168.0.1 netmask 255.255.255.0
sudo dhclient eth0
python sslstrip.py -l 64123 -f lock.ico

and now it's working fine

( 2 ethX interfaces because I'm using a VM right now to be the gateway. eth0 is connected to the internet, eth1 connected to the Fon)

Link to comment
Share on other sites

Installer-0.1 has BUG !

LINE #55 - cp ./sslstrip-0.7 /usr/src/sslstrip-0.7

Corrected #55 cp -r ./sslstrip-0.7 /usr/src/sslstrip-0.7

======================

I'll post toughs files in a little bit. But you can just do this to change the IP to 10.110.0.0/24

Edit the /etc/config/dhcp FIRST to the 10.110.0.0/24

THEN "With out rebooting"

++++++++++++++++++++++

Now, Navigate to the Webif Admin Web Page of Network/Networks i.e.

""""

http://192.168.*.*/ cgi-bin/webif/network.sh

""""

OK Now, Fill in the input fields with this information. . .

CODE

Connection Type = Static IP

Type = Bridged

IP Address = 10.110.0.2

Netmask = 255.255.255.0

Default Gateway = 10.110.0.1

Lan DNS servers = Leave Blank Or Set To 10.110.0.2

NOTE: Make sure there is not 10.110.0.1 in the DNS box or Anything ells It will mess things up.

Now, hit the "Save Changes" Button then Apply Changes at the bottom.

It probably will not reconnect so just let it sit for like 5min's then Power Cycle

+++++++++++++++++++++++++++++++++++++

Link to comment
Share on other sites

you know what give me a few more hr's on this script.

The xterm sslstrip window is not staying open for me.

I'd like to clear the "Default route" on fail and start up because it troughs "SIOCADDRT: File exists" if you run twice

I don't really know how to do that yet though.

Also, the installer-0.1 will tell you it install correctly even if it didn't :P

-----------------------

I guess I could just write a scrip to set up the Pineapple too

Then this how to would be nothing but

RUN this on Pineapple

&

RUN this on laptop

-------------------------------

Link to comment
Share on other sites

@echoblack I haven't had much time to work on the development with you. I'll write something up later, but i would do and IF statement to check if the default route is already set to what it will be set, or you like you said, just delete the default route with the command: route del default.

what kind of script do you want to run on the pineapple? you shouldn't need to configure anything.

Link to comment
Share on other sites

OK, pineapple-0.2 is UP

I didn't put in the "Default route" check but it doesn't "Really" cause any problems that I can see... Unless the user already had some other Route set. If that is the case it would not set the correct route.

. . . Maybe I'll write it up really quick and put out 0.3 ...

I don't want to run the sslstrip's installer setup.py

Scents I am putting my version of sslstrip in /usr/src I know that the script will work with it.

Otherwise, If sslstrip gets changed upstream it would brake the script and Block Port 80.

I also don't want to mess with peoples computers more then I have to.

------------

Ya, the script to set up the pineapple will do nothing but

cat ./ConfigWorkingWithPineapple-0.2/dhcp &gt; /etc/config/dhcp

And any other files that need to be set. It would just be a one time thing on the pineapple.

Link to comment
Share on other sites

Ya if anyone can write something new or better then I did go for it. You can tell me your doing it so we don't do double work or not I'll just put in what ever it the best way.

You'd be best off to email me if you to tell me what your working on, if you would like to let me know.

I'll get that with in 5min's. Or if you would like me to log into like the #hakhouse IRC or something.

I'd like to add in more tools like maybe Dsniff or something

I was thinking about starting tcpdump but I was thinking that the user would probably want to use special -flags

Maybe we could ask what -flags the user would like to set? And maybe add the ones to filter out trafftic between the laptop and the pineapple and just log everything ells. I find it best to just capture everything with tcpdump then search through it latter.

It would be cool to have this thing be the only script you need to run to get all your Jasager-Pineapple packet sniffing on.

Link to comment
Share on other sites

Ok v0.3 is up LOL

I just added this because it would have sucked if someone had it set and then the script didn't work

    # Removes the Default Route
    #
    route del default
    
    echo "Default route removed. . ."

v0.2 Has LOADS of bug fixes. And I set a lot more GLOBAL VARIABLES to make it simpler to fix latter on when the script becomes a program. Like all locations of files and stuff. I also verify that the NIC's the user entered are real by running ifconfig. If they leave it blank it will still set $WAN to wlan0 and $LAN to eth0

I can't think of a way to varify the user entered /path/to/log/sslstrip.log. So I just ask them twice and if the leave it blank it logs to /usr/src/sslstrip-0.7/sslstrip.log

--------------

Woops, uploaded again with a small fix. Now it should be all working 100%

SSLSTRIP_LOG_BKP="$SSLSTRIP_INSTALL_DIR/sslstrip.log"

changed to

SSLSTRIP_LOG_BKP="$SSLSTRIP_INSTALL_DIR/sslstrip-0.7/sslstrip.log"

I made /usr/src Owned by root:users and 770 permissions but that is not the default on most Linux systems so.

That line works on my computer but not on anyone ell's computer.

The install.sh dose a chmod 777 /usr/src/sslstrip-0.7 Probably not a good thing to do but the hell with it. I'll change it in v0.4 if you think of a better setting. sslstrip is ran with UID#1000 so not too big of a deal.

Should add in that verification of Root permissions to the install.sh too in v0.4

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...