WUWA

Also, I noticed that the phishing pages rendered well on a Windows victim, but I had trouble with my Linux victims being redirected to the pages. Just something to watch out for.

THANKS TTOT!!! The semicoln in front of the cgi.force_redirect = 0 at around line number 277 of /etc/php.ini was my problem as well! That seems to have fixed me!

Bueller? Bueller?

Rgr that. Per the directions on the Hak5 website, I installed: libopenssl_0.9.8i-3.2_mips.ipk php4-cgi_4.4.7-1_mips.ipk php4_4.4.7-1_mips.ipk zlib_1.2.3-5_mips.ipk via opkg install *.ipk I then added "*.php:/usr/bin/php" to the httpd.conf file, and made "cgi.force_redirect 0" in the /etc/php.ini file. That is all the configurations that the video and the show notes say to change... but since it won't render php pages, there seems to be more that needs to be done for the webserver to process php files. Anybody know what that would be?

The test.php file just contains "<?php phpinfo(); ?>" per the instructions on the website. The strange thing is that when I open this file, and save it (as the dialog suggests), and cat it, it is empty. But that is what is in the original file. But as I said, it renders no php files correctly, so I figure it is in the web server. The question is: how can I make it render php files correctly? (especially when I don't really know why it isn't processing them).

I've been trying to duplicate the phishing pineapple posted on 4 May. I've followed the flashing instructions, gotten the WiFi RickRoller to work, and then have been trying to duplicate the Twitter/Facebook phishing instructions. My problem is that when I get to the test.php page (or any php page, for that matter), my browser won't open it, it gives me a dialog that states "You have chosen to open test.php which is a: PHP file from ... What should Firefox do with this file?... Save file" I get this error with Backtrack, Ubuntu, and Windows, in Firefox, IE, and Chrome, so I suspect the php rendering engine vs any browser issue. It seems that my php pages are not being processed correctly by the web server. I've installed all the *.ipk packages, updated the httpd.conf and php.ini files, and can't figure out what I'm missing. I've reflashed my router and started from scratch a few times, and I always run into this problem. I think that there may be a step missing from the instructions at http://hak5.org/hack/pineapple-phishing which would make the kernel process php files correctly. Any suggestions on how to fix this? Has anyone duplicated these instructions successfully, or found a missing step?

Got it. I just had to add this to the end of the start section of /etc/init.d/karma_ui wlanconfig ath0 create wlandev wifi0 wlanmode master & ifconfig ath0 192.168.1.2 up & iwpriv ath0 karma 1 &

Thanks for your help, I really do appreciate it. Your posts led me to try out the GUI to get dnsmasq.conf configured and using that I got it all working. If you want to see it, go to http://beboblog.johnbebo.com/2010/03/13/fo...nd-jasager.aspx Don't mind the formatting of the site... Godaddy has a way of messing it up on me after I've posted it.

So yours are on separate networks by default? I didn't do anything special to bridge them--I thought they were bridged by default=same network. The webif says lan configuration is bridged (by default).

Now we are getting somewhere--the /etc/config/dhcp, like I initially thought. I've tried changing the wan config to ignore 0, setting a start and limit, lease time etc., and it still didn't assign an IP. I don't need a gateway and DNS since it is a stand-alone. I do have a question on the Lan and Wan. Both of yours 192.168.169.xx... did you just change them because the subnet conflicted with your network? I think that both the wan and lan need to be on the same subnet because the Lan and Wan are bridged, right? Anyway, I'll try your config with 192.168.1.x, but leave off the dhcp_options 3 and 6 (gw/dns). Are there any other files besides /etc/config/dhcp and /etc/dnsmasq.conf that you think may need to be changed to enable dhcp to the wan?

The question is how do I make dnsmasq hand out an IP address on the wan interface when it is currently not doing that?

Correct, I DON'T want to MitM with it, well, not with a connected laptop at least. I want it to be a stand-alone MitM. I want to use Jasager to answer any probes, and have the built-in-website serve up pages with no Ethernet (wired) connection to anything, and resolve all dns queries to the same IP. That is why I want to forward all dns queries to the Fon--it's answering the pages itself. That should be possible with -A --address=/#/192.168.1.1 in the dnsmasq.config but first I have to get the Fon to hand out IPs on the wan. Right now Jasager works, but it connects with just the MAC. I've tried numerous settings to get the FON to hand out IPs on the wan, but it hasn't yet. I have noticed that sometimes dnsmasq handles Linux/Mac/Windows clients differently. It could be an issue that I'm using a iPhone as my troubleshooting victim, but I doubt it. Anyway, I looked at your configuration. Maybe because you are using 2.1 and I'm using Jasager 1.0 yours hands out IPs on the wan by default, but there is nothing in your configuration that sets that up, and mine won't hand out IPs on the wan. Your dhcp configuration put the laptop as the gateway, which I suppose won't hurt since I'm staying on the local subnet, but that is not needed. I just need the dhcp on the wan interface. Thoughts?

I did search, didn't find a solution. I appreciate your reply, but your solution is not what I'm looking for. As I mentioned, I am not IP forwarding through my laptop. I want the Fon to hand out dhcp addresses and DNS replies. Got a suggestion for the /etc/config/dhcp and /etc/dnsmasq.conf to make this work?

I set up my Fon using these instructions: http://www.hak5.org/w/index.php/Fon_Jasager_Install, and the Fon and Jasager (1.0) seem stable. However, the Fon does NOT give out IP addresses to wireless clients. I have tried several versions of editing /etc/config/dhcp and /etc/dnsmasq.conf, but to no avail. My goal is NOT to IP forward through my laptop. I want to host a website on the Fon and direct clients to that site. I think that I can do that by resolving all addresses in dnsmasq to the localhost via "-A --address=/#/192.168.1.1" So my two tasks are: 1) get the Fon to hand out IPs to clients trying to connect via the wireless 2) change the dnsmasq to resolve all addresses to the local host so that I can point clients to the /www/index.html site. Does anyone know how to set up either of these?

I have used the command line ap51-flash-fonera-1.0-42 in linux for the 2100, and it seemed to work fine. The files in the http://www.hak5.org/w/index.php/Fon_Jasager_Install zip had them all. The key for me was that after you execute the ap51flash file, you have to reboot the Fon to have the installation process start. I'm still working on getting it to serve out an IP and DNS and stuff like that, but it seems stable.

I never was able to get the 1.0 firmware to work. Sorry. I went back to the instructions at http://www.hak5.org/w/index.php/Fon_Jasager_Install These seem to be pretty stable, with the exception of if I am not IP forwarding through my laptop, the Fon doesn't seem to give out an IP address. I think I can fix that somewhere in the configuration. My goal is to have a stand alone Pineapple, which users connect to (and obtain an IP address), and dnsmasq redirects any query that they make to a webpage stored on the FON. Any suggestions on how to set up the dhcp on the Fon to serve out an IP address, and how to set up dnsmasq to redirect any query to, say, index.html?

I didn't have a lot of time to get minicom working, but I did reflash again using putty. same result. Changing nothing but the password, it locks up whenever a victim tries to connect, and it isn't even pingable. I'll try to get it working in Linux later.

You were right on the money... the driver is built into my Lynx. I just had to use a USB hub to get the driver to work (I had to do the same in Windows to get it to work). Here is the working output [ 1650.112459] usb 1-5.3: new full speed USB device using ehci_hcd and address 7 [ 1650.205781] usb 1-5.3: configuration #1 chosen from 1 choice [ 1650.257841] usbcore: registered new interface driver usbserial [ 1650.258782] USB Serial support registered for generic [ 1650.259751] usbcore: registered new interface driver usbserial_generic [ 1650.259765] usbserial: USB Serial Driver core [ 1650.272840] USB Serial support registered for pl2303 [ 1650.273521] pl2303 1-5.3:1.0: pl2303 converter detected [ 1650.275783] usb 1-5.3: pl2303 converter now attached to ttyUSB0 [ 1650.275850] usbcore: registered new interface driver pl2303 [ 1650.275857] pl2303: Prolific PL2303 USB to serial adaptor driver Now I'm going to try out Minicom to see if I can flash with Linux

I don't think that the pl2303 module is in either my Lynx or Backtrack machine, as both give me results similar to the below: [ 290.228087] usb 4-2: new full speed USB device using uhci_hcd and address 2 [ 290.348117] usb 4-2: device descriptor read/64, error -71 [ 290.572110] usb 4-2: device descriptor read/64, error -71 [ 290.788129] usb 4-2: new full speed USB device using uhci_hcd and address 3 [ 290.908120] usb 4-2: device descriptor read/64, error -71 [ 291.133125] usb 4-2: device descriptor read/64, error -71 [ 291.348144] usb 4-2: new full speed USB device using uhci_hcd and address 4 [ 291.756119] usb 4-2: device not accepting address 4, error -71 [ 291.868154] usb 4-2: new full speed USB device using uhci_hcd and address 5 [ 292.285096] usb 4-2: device not accepting address 5, error -71 [ 292.285147] hub 4-0:1.0: unable to enumerate USB device on port 2 If you have a stable version, using the same 1.0 firmware, using UK routers, and yours doesn't lock up like mine do, then I'm leaning toward a problem with the flashing. perhaps Windows is throwing extra network traffic over the line. So I'll try to get the usb to serial driver working in Linux and use minicom vs putty to flash my router. Is that how you do it?

I agree that something is corrupt, but I don't know what. I didn't change anything from the initial firmware install. Is there some way that the firmware install would be different on my router than on yours (perhaps because it's a UK router)? This is why I went through all the steps I initially posted on in order to try to get a working Jasager. I'm kind of stuck, because the firmware isn't stable, and neither is the install from scratch. I know that I am bugging you, and I really apologize for that, but I just can't seem to get a stable platform no matter which angle I approach it from. By a rebuild, do you mean just reflashing the firmware again? Maybe that is what is hurting me. I'm flashing with putty via a Kyocera cable (the same one you posted about). I'm using putty because I didn't find a linux driver for the Kyocera USB to serial cable, so I'm stuck with flashing from Windows. I am really wondering if a UK router has a different memory address or something and I'm screwed from the get-go when I flash it. Any suggestions?

OK, so with that configuration, when I log in to port 1471 and turn on the wireless Interface and turn on Jasager, the Fon locks up whenever a victim tries to associate to it. After this, it is not even pingable from the Ethernet port. Is this normal, or is there some post-flash set up instructions that you follow to get past this state?

OK, so installing, and changing nothing but the passwd so that I can ssh vs telnet, I have the below install (pic), which looks like 2., not 2.1 to me. Also the web interface (to the router, via http://192.168.1.1, not to the Jasager website interface on port 1471) is not accessible. Since I am now able to ssh, I also ran the ps command. Below is the output. Before I proceed any further, is this a normal configuration? BusyBox v1.11.2 (2009-03-28 00:20:52 GMT) built-in shell (ash) Enter 'help' for a list of built-in commands. _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M KAMIKAZE (8.09, unknown) ---------------------------- * 10 oz Vodka Shake well with ice and strain * 10 oz Triple sec mixture into 10 shot glasses. * 10 oz lime juice Salute! --------------------------------------------------- root@OpenWrt:~# ps | grep dnsm 720 nobody 1284 S /usr/sbin/dnsmasq -K -D -y -Z -b -E -s lan -S /lan/ - 941 root 1956 S grep dnsm

Do you see anything wrong with the below install: RedBoot> ^C RedBoot> ip_address -l 192.168.1.1/24 -h 192.168.1.254 IP: 192.168.1.1/255.255.255.0, Gateway: 192.168.1.254 Default server: 192.168.1.254 RedBoot> fis init About to initialize [format] FLASH image system - continue (y/n)? y *** Initialize FLASH Image System ... Erase from 0xa87e0000-0xa87f0000: . ... Program from 0x80ff0000-0x81000000 at 0xa87e0000: . RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma Using default protocol (TFTP) Raw file loaded 0x80040800-0x800f07ff, assumed entry at 0x80040800 RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7 ... Erase from 0xa8030000-0xa80e0000: ........... ... Program from 0x80040800-0x800f0800 at 0xa8030000: ........... ... Erase from 0xa87e0000-0xa87f0000: . ... Program from 0x80ff0000-0x81000000 at 0xa87e0000: . RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs Using default protocol (TFTP) Raw file loaded 0x80040800-0x802807ff, assumed entry at 0x80040800 RedBoot> fis create -l 0x6F0000 rootfs ... Erase from 0xa80e0000-0xa87d0000: ........................................................................... .................................... ... Program from 0x80040800-0x80280800 at 0xa80e0000: .................................... ... Erase from 0xa87e0000-0xa87f0000: . ... Program from 0x80ff0000-0x81000000 at 0xa87e0000: . RedBoot> fconfig Run script at boot: true Boot script: .. fis load -l vmlinux.bin.l7 .. exec Enter script, terminate with empty line >> fis load -l vmlinux.bin.l7 >> exec >> Boot script timeout (1000ms resolution): 2 Use BOOTP for network configuration: false Gateway IP address: Local IP address: 192.168.1.1 Local IP address mask: 255.255.255.0 Default server IP address: 192.168.1.254 Console baud rate: 9600 GDB connection port: 9000 Force console for special debug messages: false Network debug at boot time: false Update RedBoot non-volatile configuration - continue (y/n)? y ... Erase from 0xa87e0000-0xa87f0000: . ... Program from 0x80ff0000-0x81000000 at 0xa87e0000: . RedBoot> reset

Or perhaps post installation instructions? Maybe I'm doing something wrong after I get done with http://www.digininja.org/jasager/installation.php.

Is there anything that would make them NOT the same, say because I have a UK router, or because I'm flashing via the serial cable, or perhaps I'm getting the firmware from the wrong place (http://www.digininja.org/jasager/download.php), or I need a different memory address (than 0x80041000)? They are definitely very different from what I've seen.