jdogherman

Future security solutions... limit http and ssh access to certain hosts add encryption to a new management ssid enable ssh & http to only eth0 interface enable SSL on http access / https only permit management though ssh access (restrict http access to all but lo) build web user access who is not root disable root access, make user escalate for SU rights Just brainstorming ideas

with all this concern about security it amazes me that we dont have encryption on the management ssid NOR SSL on the web traffic.. Out of the box I guess you could do an shell connection with port forwarding. So the moral of the story is think carefully about changing the root password to something that is familiar to you as it is transmitted in clear text.

How about a file manager as a module. That way you could pull logs and other tools just by connecting and logging in.

Ok I ran MKIV with a 16GB SanDisk Fit on a 5000mAh Battery with wireless and karma on and it after 24 hours straight I still have over 25% left in the battery. The battery I used was... monoprice 5000mAh

target: android ICS Evo LTE

Well ICS is working.

Oh yes I tried reflashing... forgot about that. I changed the IP Scheme to fit into my Macbook ICS restrictions. I didn't know about OSOC. Ill have to look into it.

Just an idea but what if the MKIV could do an OUI lookup on the MAC?

Pineapple Hardware Version: Mark IV Pineapple Software Version: 2.3.1 OS used to connect to the pineapple: OSX Lion Network layout of how your setup is connected (including IP information): mac is connected to wireless AP using WiFi (internet), mac ethernet is connected to Mark IV lan port. Mac WiFI: 10.7.1.132/16 Mac ETH: 192.168.2.200/24 Mark LAN Port: 192.168.2.254/24 GW 192.168.2.200 All the tools/options that are running on the pineapple when the issue happened: usb drive installed with swap space setup Ping results from computer to pineapple: 100% pass Is the problem repeatable (Yes/No): YES Steps taken which created the problem: Haven't gotten it working Error Messages: None Log file information: Anything else that was attempted to 'fix' the problem: Converted address space to 192.168.2.0 instead of 172.16.42.0 following instructions. Mark IV is able to access internet through OSX system (pings and module listings) Wireless is on as I can see the pineapple SSID and connect to it. Mark IV KARMA is ON. I have created other "fake" wireless SSID on target machines to pump out Probe requests but I am still not able to get a karma response.

looks like a lead acid UPS battery.

Might be interesting to have the pineapple be able to monitor the battery and solar health. Maybe send/tweet an SOS if the battery reaches a threshold.

cross platform support was also removed. I really hope this project doesn't go down this path as that is a real waste of time and $.

agreed...

I like that MicroSD slot alot more than the original design.

I tried it at home. over 1/2 dozen laptops sitting around. even took it out and about on a walk and never got any other ssids other than internet and pineapple (the 2 internal ssids)

it does.

Darren I did exactly that. Added "this is a fake" ssid to my cell phone set it to disassociate to any other network and start searching for known networks. No luck. Watched the segment several times trying to make sure I didnt miss a setup.

I am having some issues getting karma to work on my mark 3. I have tried resetting it but I still does not recognize and start responding from my probes. I dont get any error messages. Is there a log where I can get more information on what is going on? The Mrk3 is completely stock and I just received it from the hak-Shop today.

Not until we can access the SD card after a firmware update. Right now you could use 2 devices the USB Rubber duckie and anther usb medium (usb flash drive/usb hard drive/ect) and have the duck run the commands to backup the data to dedicated external device.

Hopefully the FW will be out soon with source.

If a HID is not able to receive data then how does the LED get lit on a physical USB Keyboard?

You might have a bad card. :/ does it work in a reader? You might want to clean the microsd card with rubbing alcohol. Also reformatting the card might be prudent.

I found that if the SD card was not in the duck the LED is RED. Are you sure you had the SD card sitting properly? The SD card should not slide out when the metal door is down.

Im using a 8gb Micro SD without issues. Have you checked how it is formatted? Mine is FAT32.

I just tested this and when using NUMLOCK it affected the Number lock on my keyboard this is the code I used. DELAY 50 NUMLOCK DELAY 50 NUMLOCK DELAY 50 NUMLOCK DELAY 50 NUMLOCK DELAY 50 NUMLOCK The Number lock flashed on my keyboard. My question is there a way for the Duck to read that the number lock is toggled? If so then it could be used as a communication vector.