Search the Community

I have been working around the Evil Twin Airbase-ng for quite a while and i am unable to get my victim PC which is my other windows 10 machine to connect; It did connect to the AP once(rarely) and when it did it had no internet connect which has kept me up for sometime, i am going to post the proccess i have performed please go through them and guide me through the issue. Note:i have tried iptables and echo 1 it didnt help Setting up USB Adapter TP-LINK TL-WN722N Version 1 to monitor mode airmon-ng start wlan0 Checking for background proccesses that can interfere with the work airmon-ng check wlan0mon(assigned new name) Setting up the Fake AP airbase-ng -a 72:02:71:73:0D:B6 --essid Ryan -c 1 wlan0mon 17:19:25 Created tap interface at0 17:19:25 Trying to set MTU on at0 to 1500 17:19:25 Trying to set MTU on wlan0mon to 1800 17:19:25 Access Point with BSSID 72:02:71:73:0D:B6 started. 17:19:40 Client D0:13:FD:07:79:07 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:41 Client 20:16:D8:F4:0D:98 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:57 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" 17:20:03 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" Deauthorizing clients on another terminal aireplay-ng -0 0 -a 72:02:71:73:0D:B6 wlan0mon 17:22:11 Waiting for beacon frame (BSSID: 72:02:71:73:0D:B6) on channel 1 NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:15 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 Installing DHCP server apt-get install isc-dhcp-server Reading package lists... Done Building dependency tree Reading state information... Done isc-dhcp-server is already the newest version (4.3.5-3+b1). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Configuring nano /etc/dhcp/dhcpd.conf authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { option broadcast-address 192.168.1.255; option routers 192.168.1.1; option domain-name-servers 8.8.8.8; range 192.168.1.10 192.168.1.200; default-lease-time 600; max-lease-time 7200; } Installing bridging utilities apt-get install bridge-utils Reading package lists... Done Building dependency tree Reading state information... Done bridge-utils is already the newest version (1.5-14). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Bridging interface root@kali:~# brctl addbr evil \\Name of the bridge i made root@kali:~# brctl addif evil eth0 \\my ethernet connection root@kali:~# brctl addif evil at0 root@kali:~# ifconfig at0 0.0.0.0 up root@kali:~# ifconfig evil up Starting DHCP server root@kali:~# systemctl start smbd.service root@kali:~# dhclient evil root@kali:~# service isc-dhcp-server restart root@kali:~# service isc-dhcp-server status ? isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server; generated; vendor preset: disabled) Active: active (running) since Wed 2017-12-06 17:32:35 EST; 6s ago Docs: man:systemd-sysv-generator(8) Process: 2049 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4915) CGroup: /system.slice/isc-dhcp-server.service +-2061 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0 Dec 06 17:32:33 kali systemd1: Starting LSB: DHCP server... Dec 06 17:32:33 kali isc-dhcp-server2049: Launching IPv4 server only. Dec 06 17:32:33 kali dhcpd2060: Wrote 11 leases to leases file. Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same subnet: eth0 evil Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same shared network: eth0 evil Dec 06 17:32:33 kali dhcpd2061: Server starting service. Dec 06 17:32:35 kali isc-dhcp-server2049: Starting ISC DHCPv4 server: dhcpd. Dec 06 17:32:35 kali systemd1: Started LSB: DHCP server. /etc/init.d/isc-dhcp-server start ok Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service. IP gateway root@kali:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0

Hey folks, i searched the Forum, but found nothing really helpful to my issue, so I decided to start my own thread. Recieved my NANO yesterday and most of the things work fine. Just the client mode wont work with the delivered wifi dongle. It doesnt show up my router or my hotspot from android tablet if i scan with wlan2. Even if the nano lies in front of it. Tried it with a TP-Link and it works fine. But i really dont want to stick that white bulky thing into the pineapple while its in the elite bag. Hows that looking? Actual setup: Factory resetted NANO with elite antennas. OS 1.1.3 installed. only module installed is DWall The included wifi dongle is plugged in. I scan with wlan1 and find all the APs sorrounding me.But I want to use the PineAP, so I scan with wlan2. Most of the time it finds no single AP. Any ideas how to fix this?

Can someone tell me how to give a totally free access without password (the AP Key) to the Fake Wifi Access Point created by the Pineapple? In the Networking Tab @ http://172.16.42.1:1471/#/modules/Networking , I have no other choice than to give a password as if the "Management AP Key" is left blank, it doesn't work and the configuration can't be saved. Thank you for your help.

hello Hak5 forums users, I'm currently using dual TP-link USB wireless cards for airbase-ng rouge karma AP / airodump-ng / MDK3 with BRCTL and dhclient to enable internet access for network auditing. I've been looking into a wifi pineapple as an upgrade to this eclectic setup. As I understand from defcon talks / wiki, the Nano enables an access point after setup for administration over wifi. If I am exclusively using the Nano using the USB ethernet connection to my laptop, can the administration AP be disabled? What interface of the two onboard radios does that AP run on? Does the Nano feature / offer USB 3.0 for operation? Thanks , dr_deconstruct

Here's something I've been thinking about for a long time: you know when you go into a bar, ask for the wifi password and notice that the router has the default user and pass set? How easy if at all possible would it be to somehow sniff that traffic from somewhere else? Maybe it's even possible to automate things like capturing certain types of packages, cookies or even capture some credentials? Maybe I'm way off, I'm a complete rookie in this field. In that case I'd be very grateful if somebody explained why it can't be done! Thanks in advance!

Hi all, I am working on a project that relies (among other things) on: - Setting an access point in RaspPi that bridges an ethernet connection from my macbook (check! done!). - Hard-assigning a MAC address to this access point. (this is where I am having problems). I was able to set up the whole network, and it works fine. I was also able to change my mac address, using (mainly) ifconfig + ether command. And it also worked. However, after changing the MAC address I cannot connect to such access point anymore with any device. I have tried several different methods, and all have failed. Am I trying to do something impossible here? Is there any work around to such thing? Just to know. I am changing the MAC address using the following lines: sudo service ifplugd stop sudo ifconfig wlan1 down ifconfig wlan1 hw ether [MAC ADDRESS] sudo service ifplugd start And the AP is set up by a bridge between the eth0 and wlan1. Thank you!

Hi all, I am working on a project that spoofs the geolocation of devices by faking MAC addresses from another place through wifi signals (somewhat similar to this). I have a Raspberry B+, connected to an Alfa AWUS036NH running in monitor mode, connected through ETHERNET with an MBP sharing Internet connection. I am currently able to use Aircrack + mdk3 to create multiple (encrypted) AP within a list of fake MAC addresses, using: sudo mdk3 wlan0mon b -v LIST.txt -g -t And this works perfectly. However I also want, at the same time, to use the same wireless adapter to create an AP (with a hand-assigned MAC address) that shares the internet connection the Raspberry shares via ethernet. Thus, both as a router, and as a "fake AP generator". Is this possible? If not, any ideas of what would be the best workaround? I am doing this for test purposes. The spoofing did not work well only faking unconnectable signals, but my theory is that by also creating an actual access point with a fake mac address, the setup will work better. Thanks in advance. LG.

Hi pineapple people. So I'm using dnsspoof in my mark 5 and after lots of beginner trial and error I managed to build a nice looking fully functioning phishing site that is designed to log wifi creds. So now that I have this site working and loaded into the pnpl web server I'm trying to figure out how to force a specific AP into client mode so that I can run this phishing site against said specific AP. Hypothetically i would like network A to link with the pineapple in client mode but exclude networks C, D, E, F.... ect. I understand that you can do something like this with karma whitelist well using the dauth infusion, however I haven't been able to figure out how to do it on my own. Any help would be greatly appreciated thank you.

Hello, I've been using the pineapple's client mode quite happily on my routers in location 1, but am having no luck with any in location 2 - something I must assume is due to encryption types. I had read a few topics here regarding the issue (in particular one from 2013 mentioning a config alteration) but haven't had any luck. If someone could point me to existing topics on the matter or tell me what logs to post here for diagnosis that'd be great. Cheers, HP

I'm trying to connect my Pineapple at my university, but in order to use the wireless, we need to enter our username and password into the wireless log in settings. In the Web UI, there is only a field for entering in the password, how do you enter the username? Is there a way to get around this?

Hi, I'm trying to set up the Pineapple (firmware 2.0.3) as an access point (no Karma at all, just a single SSID) and display a simple page when wireless clients look for some specific websites. This sounds pretty easy to do. I first have to make the Pineapple connect to an access point with wlan1 to route all the traffic. Then use dnsspoof and make a few host entries (eg: 172.16.42.1 website.com) for the websites I want clients to be redirected to and finally, modifying redirect.php to what I want to display. The routing/forwarding part works, it's a bit slow but it works (I guess due to the forwarding to another AP). However, I can't get dnsspoof to work. When I do dns lookup for one of the domains from a connected client, I get the legitimate IP address and not the IP address I entered in dnsspoof. It worked at some point but all I got was a page that kept trying to load (like when you try to reach the pineapple on port 80; even though I changed the index to go to redirect.php) but it stopped working as soon as I rebooted the pineapple. I also tried removing the infusions and reinstalling them, reflashing the pineapple, removing all unnecessary infusions but it is still not working. Am I doing anything wrong? Or is that scenario not doable on the pineapple?

When I create an SSID for the pineapple under Access Point. How do I know if someone is connected to the created network?

Ok here is my issue when i try enabling the Wlan0 it does not enable also when i try enabling wlan1 it says enabled but when i refresh it disables again. Could this be a Firmware issue as i just got it. Note I tried Resetting it to factory defaults already. Some Snap Shots http://imgur.com/LHqHFod,JiS3eTd#0 Note Firmware 1.0.4

Hello Dear Hak5 friends and family. I currently have a EnGenius ENH700EXT Access Point on my property, mounted in the center of the property up high on top of one of my garages. Signal is so so, I just bought this few weeks ago. It is a dual band, the omni antennas seem basic. Maybe you can recommend better antennas (2.4 and 5ghz) I barely get any coverage, my lot is 5-acres so it is large, and I would like it to cover the whole premises, including the homes. Any suggestions? I can put another one out somewhere, but electricity and ethernet is not as easy. I was thinking of something VERY powerful to just cover that range. I wouldn't want to get more than 2 units, I would like just 1. But so far the antennas on thise ENH700EXT isn't cutting it. Maybe just better antennas. Thanks, K