Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About confuded

  • Rank
    Hak5 Fan

Recent Profile Visitors

1,711 profile views
  1. It actually does work - you just have to wait a few seconds ^_^. So impatient nowadays with all this fastness of processing and internet... Sorry zoro25 for hijacking your post. I just booted my pineapple to see if I can find something to help you (don't bet on it though - i am not proficient with the command line tools underlying the pineapple). ~confuded
  2. This isn't so relevant to the thread... but as far as I can understand, yes. You can associate a client theoretically with your rogue AP, but your AP has no idea what the client is saying since its encrypting the traffic. I don't know which precisely which portion is the problem and is probably different for different protocols (WPA, WEP), but the basic point is clear anyway. On a side note, if you have the time I am at the moment watching this DefCon 23 where Darren and Sebastian talk about the Pineapple and describe some of the implementation and a lot of the basics quite nicely - very helpful to understand how some of the options work to know how to use them effectively. ~confuded
  3. Is this intended behaviour, that the recon scan find the open APs created by PineAP? Shouldn't the MAC address be filtered out from the recon list? Not quite sure if this is a bug or intended functionality. I already know that PineAP is broadcasting those SSIDs and know how many clients are connected to PineAP. The only useful purpose I can see, is to know which clients connected to which spoofed SSIDs. ~confuded
  4. audibleblink, hmm. Can't apache, or whatever is running the web server, configured to only listen to certain networks? Same for ssh? Then the victims can be segmented into their own network maybe not in the tethering network. Although if a victim decides to change his NIC to an address in the pool, it probably can still reach everything. Is there a way to segment that whole victim or tethered network off? It's a bit of a flaw having victims on your tethered network... ~confuded EDIT (as not to double post): I found Sebastian Kinne at DefCon 23 here (41m, 46s) speaking and saying that it is currently a problem, that you as the pineapple user and your victims are on the same network, so you are vulnerable to arp poisoning too. SSL is also off by default (they mentioned this problem and that there is a wiki for it). So i guess it isn't so simple. Darren Kitchen, if you are reading this - do you have any information on this point. Why can't we have 2 networks, one for victims and one for the pineapple user? They are on different NICs after all (in case of using the USB NIC).
  5. audibleblink, no I can't ping my Mac nor can I see it using Fing (network tool for android). What I could see, and is a huge derp, is my pineapple! I can even log in form my victim! Fing reports ports 22, 53 and 80 open (ssh, dns and http). This is a big problem. I really don't want my targets knowing that they are being pwned... My thread was moves here. Maybe it is appropriate to rename the thread as it has to do more with ICS for Mac than for Client mode... Here is my /etc/config/network: config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '' option netmask '' config interface 'lan' option ifname 'eth0' option type 'bridge' option proto 'static' option ipaddr '' option netmask '' option gateway '' option dns ',' config interface 'usb' option ifname 'usb0' option proto 'dhcp' option dns ',' config interface 'wan' option proto 'dhcp' option dns ',' And here if the output from ifconfig: br-lan Link encap:Ethernet HWaddr 00:C0:CA:8D:A6:55 inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9394 errors:0 dropped:64 overruns:0 frame:0 TX packets:5959 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1818930 (1.7 MiB) TX bytes:2447761 (2.3 MiB) eth0 Link encap:Ethernet HWaddr 00:C0:CA:8D:A6:55 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5732 errors:0 dropped:0 overruns:0 frame:0 TX packets:8048 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1646855 (1.5 MiB) TX bytes:2289132 (2.1 MiB) Interrupt:4 lo Link encap:Local Loopback inet addr: Mask: UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:42 errors:0 dropped:0 overruns:0 frame:0 TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3442 (3.3 KiB) TX bytes:3442 (3.3 KiB) wlan0 Link encap:Ethernet HWaddr 00:C0:CA:8D:8F:E3 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6540 errors:0 dropped:0 overruns:0 frame:0 TX packets:4011 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:571506 (558.1 KiB) TX bytes:648241 (633.0 KiB) wlan1mon Link encap:UNSPEC HWaddr 00-C0-CA-8D-C0-6D-00-44-00-00-00-00-00-00-00-00 UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1 RX packets:69413 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:10567832 (10.0 MiB) TX bytes:0 (0.0 B) ~confuded P.S. How can I make the code quotes collapsable as not to clutter the thread?
  6. You haven't mentioned what settings you've set in PineAP. Here is are the steps to ensure your targets connect: 0. First and foremost, this will only work with open networks - meaning the clients need to have an open network saved in their AP list. 1. Set your PineAP settings (making sure the service is on) to "Allow Associations", "Capture SSIDs to Pool", "Beacon Response" and if you want to be a little more certain and aggressive also "Broadcast SSID Pool". 2. Go back to your recon tab (I keep it open as it does not save scan results) and click deauthenticate your clients, which kicks them off their current networks. a) You can either do it one by one, by clicking the arrow next to their MAC, at the bottom of the new window you can set the deauth multiplier (2 is 2 times more, 4 is 4 times more aggressive etc). b) Or if you want to kick all the clients off from a particular AP, you can click the arrow next to the SSID of an AP and perform a similar procedure. Works for me. As in regards to the randomisation of the MAC - i do it out of paranoia. If you are practicing on your own gear - who cares. For some reason that button does not work for me... ~confuded
  7. Well, it sounds like all you are doing is deauthenticating the client and allowing it to connect back to the network it was searching for. You need to ensure the client connects to a known (i.e. saved in the configuration of the client) open network. Here you have 2 choices: if you know the saved network, input it manually in the SSID Pool in PineAP (on the right). OR Enable Capture SSIDs to Pool so that the Pineapple captures any SSIDs any clients ask for. As you already have done, you need to ensure the "Beacon response" option is checked. Then you can proceed to deauth the client and allow it to connect to your rogue network (i.e. the pineapple). I've just tested it and it works. ~confuded
  8. I didn't use package manager, rather tried using the GUI install dependencies button and got an "Error installing dependencies". ~confuded
  9. Nexus 7 2013 is a nethunter tablet. Are you running nethunter? Maybe the kernel could be causing some issues. ~confuded
  10. winter_soldier, thanks for the script. I won't try it as it works it seems otherwise. I saw that thread, but the first post mentioned other issues and I thought it was not related to mine. barry99705, at least they didn't completely hijack the thread... audibleblink, Nano: IP: (or anything up to Gateway: OS X : IP: NOT Anything but that. Gateway: Empty - or you will lose your internet connection. Just for kicks. ~confuded
  11. xrad, unless you need the RAM... Please read the thread. audibleblink, thanks for the cron job tip (you can congratulate me as its my first time using cron =P; i wish it wasn't vi that opened though on the -e option - i am sure there is a way to change that). IT WORKS. But here is the trick... You need to have the the pineapple in the network - that part is obvious and audibleblink showed how to change that (to a nobb like me). The non-obvious part is you need to set its gateway to and make sure that is NOT the address of the Mac on that adapter. You can set it at DHCP if you want or make it static on the netowkr, but don't set it to I was using the network configuration tab in the settings as opposed to the terminal and I guess that tab does not reflect the ICS settings. Thanks to all for explaining things and a special thanks to audibleblink. ~confuded
  12. ZaraByte, thank you for that reply against "Mac sucks" comment. I was typing something out when I got a notification of 2 new posts. Gents, let us not make this thread about another OS war shall we. audibleblink, if I will have no access to the device via network, how would I reflash... I am not afraid of braking configs if I know how to reflash =). Also, that first link is not applicate to El Capitan as that plist do not exist... Reading the stackechange now... ~confuded EDIT: ZeraByte, I won't hate you if I brick =P. I just won't do anything until I know I can reflash safely... Its not exactly the price of a real pineapple ;).
  13. b0N3z, thanks for the suggestion - I was not aware you can bridge that networks. I use VirtualBox and thought I can just select the USB device. I did mention though, that I am trying to avoid running a VM. audibleblink, thanks for the links; will check them out. Do you also know how to change the pineapple's IP safely so I don't lock myself out? I think this will be the easier option... ~confuded
  14. ZeraByte, I lose internet sometimes too when I enable ICS... barry99705, you think it is worth it posting on apple forums somewhere of this issue? In truth, I don't really know exactly what the issue is, so I can't really report it properly. Is it something to do with a certain hardcoded local network in ICS? Can I not change NANO's network to match Apple's ICS? ~confuded
  15. Greetings to all, I've been trying to tether my MBP's Wi-Fi to the Pineapple nano. For starters, I've set the network connection to the nano (via its USB networking adapter) to an IP of Simply enabling ICS from Wi-Fi to Pineapple and adding the default route of on the nano does not work. I've skimmed through this topic and tried TGYK's script to no avail. I also posted a ticket on the script's github page. Tethering from my Android phone is great, but I need the phone for other things. I am aware I can run a VM and pipe the USB to the VM, but I need that extra RAM for other things while I tinker with the nano. On a side note, really cool tactical package! Any help would be great, ~confuded
  • Create New...