Wifi Pineapple/f-bomb

[Sleven]

Anyone building this yet, Wifi Pineapple/F-Bomb or maybe raspberry pi? Concept of taking a fairly cheap AP51 and interfacing it with a fairly cheap modified pogoplug. I need something I can drop and and pick up later for analysis (SSLStrip, driftnet etc...) I would be willing to fund some of this project if Hak5 would like to take this on.

http://www.geek.com/articles/chips/f-bomb-50-computer-is-designed-to-hack-secure-networks-20120131/

[telot]

I've said it a million times already, but a raspberry pineapple is a recipe for win. I'm all over this shit man.

The mark4, from what I understand, is a big step towards an all-in-one wifi pwnage box, but I have yet to determine (despite questioning darren and rest on these forums) if it has the horsepower to handle all the necessary tasks itself. Or will it still need a host computer (insert raspberry pi)?

So to copy/paste from the other 10 threads I've mentioned this in...my dream dropbox will:

Upon bootup connect to closest open wifihotspot, if no open hotspots exist, connect to sprints wimax network with 3g as backup (wimax for its no cap on data and speediness). It will then smtp me a message telling me its IP and that its connected and about to wtfpwn everything around it. Then it will rename its karma'd essid to either what I set it for before dropping it (targeted) or to the closest open wifi hotspot's name (coffeshop_wifi att_wifi etc), or default to "Free Wifi". It will start a tcpdump cap of everything on eth0 to external usb stick for later retrieval at pickup time or dial in via vpn/scp. It will then start karma. Then it will airdrop nuke every AP around it for 30 seconds or so and restart another airdrop-ng for 30 seconds every 5 minutes.

So its preventing anyone from getting on a legit wifi hotspot, its bringing all the boys to the yard with karma, and its logging every packet that anyone connected sends. Its also announcing itself to me with its IP so I can dial in and make any changes I might want to or grab the capture file over the air.

The more I think about it, perhaps the wimax should be the default provider of ICS to the pineapple, that way no one can deauth me, the attacker. Or sniff the traffic for that matter.

I anticipate doing this with a rasp pi with powered usb hub, an alfa 036H card, fat 32gb usb stick, and a sprint 4g usb dongle. Along with a pineapple of course. I'm still trying to source good omni antennas for this project, along with a big fat battery. I'm also working on ideas for incognito cases...something that wouldn't look out of place - any ideas?

So yeah, I've put some thought and effort into this (already begun scripting it) but would surely appreciate collaboration from any and all on these forums. The F-BOMB ain't got shit on the pineapple baby! And DARPA ain't got shit on hak5!

telot

[Sleven]

I've said it a million times already, but a raspberry pineapple is a recipe for win. I'm all over this shit man.

The mark4, from what I understand, is a big step towards an all-in-one wifi pwnage box, but I have yet to determine (despite questioning darren and rest on these forums) if it has the horsepower to handle all the necessary tasks itself. Or will it still need a host computer (insert raspberry pi)?

So to copy/paste from the other 10 threads I've mentioned this in...my dream dropbox will:

Upon bootup connect to closest open wifihotspot, if no open hotspots exist, connect to sprints wimax network with 3g as backup (wimax for its no cap on data and speediness). It will then smtp me a message telling me its IP and that its connected and about to wtfpwn everything around it. Then it will rename its karma'd essid to either what I set it for before dropping it (targeted) or to the closest open wifi hotspot's name (coffeshop_wifi att_wifi etc), or default to "Free Wifi". It will start a tcpdump cap of everything on eth0 to external usb stick for later retrieval at pickup time or dial in via vpn/scp. It will then start karma. Then it will airdrop nuke every AP around it for 30 seconds or so and restart another airdrop-ng for 30 seconds every 5 minutes.

So its preventing anyone from getting on a legit wifi hotspot, its bringing all the boys to the yard with karma, and its logging every packet that anyone connected sends. Its also announcing itself to me with its IP so I can dial in and make any changes I might want to or grab the capture file over the air.

The more I think about it, perhaps the wimax should be the default provider of ICS to the pineapple, that way no one can deauth me, the attacker. Or sniff the traffic for that matter.

I anticipate doing this with a rasp pi with powered usb hub, an alfa 036H card, fat 32gb usb stick, and a sprint 4g usb dongle. Along with a pineapple of course. I'm still trying to source good omni antennas for this project, along with a big fat battery. I'm also working on ideas for incognito cases...something that wouldn't look out of place - any ideas?

So yeah, I've put some thought and effort into this (already begun scripting it) but would surely appreciate collaboration from any and all on these forums. The F-BOMB ain't got shit on the pineapple baby! And DARPA ain't got shit on hak5!

telot

I thought about 3G dongle a few days back. I was testing out tethering my androids connection with the pineapple for foot/vehicle pentest. The price of all the hardware being snatched would suck. Not to mention ensure you use a prepaid 3G for a harder paper trail. As far as omni directional antenna I would build an antenna similar to the link below. Just have to cut it to wavelength using a vswr formula. Been a bit since I have had to deal directly with the RF world. I am used to tactical radios that deal with different freqs. As far as enclosures, I stopped by Home Depot took a look at some electrical termination boxes. I have also considered plaster casting a hollow rock. Have a few more ideas but hopefully this gets your wheels turning.

http://www.hobbyking.com/hobbyking/store/uh_viewItem.asp?idProduct=10896

[icedevil433]

win on this. I began scripting this project a few weeks ago, as far as a case goes, right now I've just got the raspi sitting on top of the pelican case with the pineapple, anker usb hub, cruzer & stripped 4g modem all stuffed inside (tight as hell i might add).

[Boba Fett]

There is a posibility that the next Wifi Pineapple can be a Raspberry mod? In theory it´s can.

[telot]

I've already loaded karma onto the pineapple, using a AWUS036NHA as the primary karma radio and it works like a charm. You don't get the fancy UI interface, or the infusions, but I don't use those much anyways. I still prefer to use the purpose-built pineapple for pineappling, but building my own out of a raspberry pi was a fun exercise. I had never played with dnsmasq and hostapd, so it was a great learning experience that I would highly recommend for anyone, but nothing can beat the pineapple at doing what it does best :)

telot

[Molotof]

Telot, did you get dhcp server running on the raspberry pi?

[condor]

If you can get 2 pineapples that actually stay working you can build a very nice neinsager piggy-back,and use second pineapple as a foundation for launching deauth,and logging,leaving resources on pineapple 1 fairly low...

I am BIG on enclosures right now:

Trash can with false bottom.

Power meters

An old boot <~great for alleys and large city applications

Books

Other non-intrusive electronics - shell only

I have lived in some very big cities, and I can tell ya that drug dealers in, like, Oakland, for example, keep stuff in old burgerking coffee cups or mcdonalds paper bags. They tell you what to grab from the gutter.

NOONE picks up trash...

..so fairly safe.

My favorite?

Drop ceilings, drop ceilings, drop ceilings. Even secure buildings have restrooms, which almost always have a drop ceiling. My battery lasts 26 hrs plus...

[Boba Fett]

If you can get 2 pineapples that actually stay working you can build a very nice neinsager piggy-back,and use second pineapple as a foundation for launching deauth,and logging,leaving resources on pineapple 1 fairly low...

I am BIG on enclosures right now:

Trash can with false bottom.

Power meters

An old boot <~great for alleys and large city applications

Books

Other non-intrusive electronics - shell only

I have lived in some very big cities, and I can tell ya that drug dealers in, like, Oakland, for example, keep stuff in old burgerking coffee cups or mcdonalds paper bags. They tell you what to grab from the gutter.

NOONE picks up trash...

..so fairly safe.

My favorite?

Drop ceilings, drop ceilings, drop ceilings. Even secure buildings have restrooms, which almost always have a drop ceiling. My battery lasts 26 hrs plus...

And how you give Internet to the pineapple? When you live it or you live it with usb hub? It will be interesting to see your config.

[ZeteMkaa]

@ telot, did you follow a tutorial for the Pi ? or are all the packages available ?

Edited March 16, 2013 by ZeteMkaa

[telot]

Telot, did you get dhcp server running on the raspberry pi?

Yes

And how you give Internet to the pineapple? When you live it or you live it with usb hub? It will be interesting to see your config.

Easily with a 3G dongle or (what I prefer) a 3G cellular router.

@ telot, did you follow a tutorial for the Pi ? or are all the packages available ?

If I recall, I just followed digininja's instructions on his site. They're not pi-specific, so I had to do some tweaking...I can fire it up and report back the exact config if you want.

telot

Edited March 16, 2013 by telot

[ZeteMkaa]

That would be greatly appreciated :D

[earboybob]

RPi is good but I use the Hackberry A10. Solid for the work load and the built on wireless doesnt drop. Maybe off subject. An idea.

Fueled from Li-Po or Ion. Works good in my drop box.

[telot]

Hey Zete: Heres the script I used to download the karma-patched hostapd.

#/bin/sh

# bootup Module setup script

#leave this echo

echo "## Apt-getting ##"

apt-get install libnl-dev -y

#leave this echo

echo "## Compiling ##"

if ! which /usr/local/bin/hostapd > /dev/null; then

echo "### Installing hostapd-karma ###" >>

cd /tmp

wget http://www.digininja.org/files/hostapd-1.0-karma.tar.bz2

tar -jvxf hostapd-1.0-karma.tar.bz2

cd hostapd-1.0-karma/hostapd

make && make install

cd ~

hostapd -vv

echo "### Installed hostapd-karma ###"

fi

#leave this echo

echo "## Final Commands ##"

# Enjoy - Leave me at Bottom - EOF

Go into /etc/dnsmasq.conf and make sure interface=wlan0 and then uncomment/add this line:

dhcp-range=192.168.0.5,192.168.0.254,255.255.255.0,12h

And you may need to change some things around in the patched karma hostapd.conf file as well. I had to change my drivers to match my card, and changed the ssid to be broadcasted.

interface=wlan0

driver=nl80211

ssid=FreeInternet

channel=1

Then I made up a quick n dirty telotscript to start it all up:

#!/bin/sh

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -j MASQUERADE

cd /root/hostapd-1.0-karma/hostapd/

./hostapd -B /root/hostapd-1.0-karma/hostapd/hostapd.conf

tcpdump -i wlan0 -w /root/cap.pcap -n net 192.168.0.0/24 &

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000

sslstrip -w /root/sslstrip.log &

Theres nothing fancy about this install, theres no gui, theres no dancing fruit, but it does work and works well. Please keep in mind I did this several months ago and may have missed something. So if the instructions are really bad (and they very well could be haha) let me know and I can do a proper write up. But I think this should get you going in the right direction.

telot