Jump to content

Sebkinne

Root Admin
  • Posts

    3,978
  • Joined

  • Days Won

    331

Everything posted by Sebkinne

  1. Dear All, First off, let me apologize for earlier this year, I promised to release my work on the OM1P work on things and just didn't ever really get the chance to. Now that MK3 has been released, I thought I would build the MK3 interface into my previous work. The files in the link below are your complete set up. No need to install extra packages or awkwardly copy files over! So, without further ado, here are the .lzma and .squashfs files: 1.9 Release I do not accept any responsibility if you brick your device. I doubt you will but flashing is always risky! The files should work for the MK2, MK3, OM1P and most Atheros based routers. If you have a different router and want to get this firmware, let me know and I will see what I can do. After flashing these two files, the pineapple is available under 172.16.42.1. The first boot after flashing will take around five minutes, depending on your device, maybe longer. It is executing boot scripts configuring itself. Don't worry though! After about five minutes, ssh into the router. If you can't ssh, wait a bit longer. It will work. When you ssh, use "root" as the username and "pineapplesareyummy" as the password. To change the password please execute "passwd" and change it there. There you go, you should be all set up now! I hope you enjoy this and accept my apology ;) Credits go to Darren and Robin for Karma and MK3. Thank you guys for your amazing work! If there are any questions, do not hesitate to ask. Best Regards, Sebkinne Changelog: 1.0: Initial Release 1.1: Fixed Mac address in /etc/conf/wireless 1.2: Added boot scripts 1.3: Enabled SSH by default. Set root password. 1.4: Sped up boot process. 1.5: Eliminated reboot + added macchanger (Not added to the startkarma script though, I will be adding a toggle / I am sure Darren has thought of that) 1.6-Beta: Fixed startup WIFI. (Not tested yet) 1.7: Protected pineapple interface, fixed wifi, added tweaks. 1.8: Added wifi LED. Note: Wifi LED will only activate when karma is activated. Normal wifi will not turn LED on. 1.9: Fixed the "restore factory defaults" in pineapple interface. Upcoming / todo: *Look into ngrep not working *Fix de-auth webinterface *fix wifi mode to g
  2. Simply "vi httpd.conf" and remove the unwanted line. Try then, if it still does not work, try obtaining a tarball containing the php files. Seb
  3. Hey guys, I am just creating an extra thread in hope that someone knows the answer: What exact open-mesh router model is the V2? It looks like an OM1P, but that seems unlikely, except if Darren found a way to make the old firmware work (which I would still be interested in, just to know how). So what model is it? Could someone that has a Pineapple v2 check the back? Best, Seb
  4. No, there is no "master reset", but you could try running a ping to the router with it not having power. Then connect the power and see if you get any returned pings. Make sure that you are on the same subnet. If you do get a reply, you can manually use something like putty or if you are using linux the built in client to telnet to the routers IP. I had that problem with the old Fon, I cant use any standard flash app for some reason, I can only do it by going into redboot myself. Lastly there is always using a serial cable to access redboot, allowing you to flash and enable telnet listening. Hope that helped a bit, Seb
  5. Does it flash anyway? I get the same error with an OM1P, but it still flashes after about 5-6 seconds. If it flashes I would not worry about it. Best, Seb
  6. It is quite easy as ICS is built into OSX. You do however make your pineapple listen on 192.168.2.1 (that being your osx machine), you can set the pineapple to 192.168.2.2, with the default route set to 192.168.2.1. As far as I know, it is not easily possible to change the ip. It is fairly simple and works out of the box on the mac side. Seb
  7. Yeah, the strange thing is, that I thought Darren uses the OM1P too for the Pineapple V2. If that where so, we should be able to do exactly what he does.. I am still working on the Backfire version though. Seb
  8. Hey, if you check the forum, I am releasing a firmware hopefully today, using the new hostapd karma by Digininja. Check the thread in this forum. Best, Sebkinne
  9. Thank you for posting this again! I will give it a shot and let you know how it went! Best, Seb
  10. Yeah, the idea of updating came to mind to me too of course, tried it, even recompiled the toolchain. As SWFu said, BT4 repos are way out of date, which is kind of sad but yeah...oh well. I got it working now actually, i messed up my avr install, removed it, and reinstalled using apt-get. suddenly it recognized the chip and yeah, thanks for the suggestions though Seb
  11. Hey everyone, As many of you, i have been busily coding for the ducky. Now, I have run into a problem: AVR for backtrack4 does not support the teensy 2.0 yet (it does support the 2.0++). Now, I do have a 2.0++ too but I want to make use of the 2.0 on my version of backtrack. Did anyone have the same problem? Can anyone point me in the right direction? Thanks in advance, Seb
  12. Yeah, sorry to break you the bad news.. :) Wait, thats not how its done? More beer? :)
  13. Didnt think of that, great :) Ill add it to my list..should really write that up today :) Seb
  14. In regards of disconnecting the ducky, great idea, good that you thought of that! I dont think copy con will work if the antivirus running (if not killed as discussed in another thread) has an instant scanning feature scanning contents of currently modified files.. Seb
  15. Looks good, I will try it out on a range of different machienes, good work! Seb
  16. You have a point there. However, when I gave it a try with McAfee, after 10 minutes the program will start the processes again. That does however give us a timeframe of 10 minutes.. :) Seb
  17. The Duck hunt program blocks HIDs I believe (correct me if Im wrong..). That would mean any HID device. Nice thought, but not going to work. Seb Source: DuckHunt 1.1.1: This application will prevent all keyboard and mouse input when new USB devices are attached and will only allow input again when the device is removed. It will prevent the USB Rubber Duck from functioning and on Vista and higher it will also prevent the use of the Autorun dialog. Requires .net Framework 3.5 and on Vista/7 also requires Administrator privileges.
  18. All really good ideas, but it would really require it to be between the keyboard and computer.. OR another thing you could do is execute TWO payloads. One that is dormant waiting for it to be activated, the other would be executed right away, sniffing the packets from the keyboard to the computer. Im pretty sure that that is the only software way this is possible. Seb
  19. Dyndns normally should work, but surprisingly i noticed that metasploit will generate a payload that seems to resolve the dns name and use the ip adress to create the payload.. Meaning that its still not going to update the ip.. I might be wrong, but thats what I noticed when i did my experimentations.. But reverse TCP is always better than using a bind, who now doesnt own a router that blocks all the standard ports..? Seb
  20. Actually, I had the same problem the first time I flashed. As digininja said: Reflashing gives you a clean install and that did the trick for me :)
  21. What I would do in your case: Open the casing up, see if on the top part of the casing you see any black / brown marks (caused by heat). If that is the case, it is most likely fried. Did you experiment with any battery packs or other way of powering? 4 double A batteries should not fry your device, and a USB cable cut off should also be allright. I suggest you dont try with other batteries, cables etc. as there is the potential of it going "boom" Seb
  22. Yeah, thats why I was a little unsure but bytes sounds right, otherwise we have a problem. ;) I guess we can then tie in metasploit reverse shells, they are below the 32 bytes I think... although I think the reverse vnc is 36 bytes, but still, this method should help a lot. Maybe we should start a thread with a compilation of ideas or methods such as this?
  23. Actually, thats a good idea, I will take a look at that in a bit. Problem could potentially be space though? Seb
  24. Actually, the av will recognize it when the ducky just creates it like above in the CommandPromt.. when you write the commands to the file dl.vb with the > and >>, it writes to the file. once the last part of the file is complete, the av will call it, because it monitors files that are JUST being written to... so, a different method needs to be found...
×
×
  • Create New...