Darren Kitchen

Karma is one piece of the puzzle, and it's true some vendors have adapted. Taking a step back and looking at the greater picture however, Karma is only a single component of a much larger concept: Hot-Spot Honey-Pot. Since the introduction of the WiFi Pineapple this has been a primary goal - to capture clients for man-in-the-middle attacks, as well as more recently as a pen-test pivot box. Karma in its current form is highly effective against a majority of devices. Right now this is done by taking advantage of a trust relationship in only one of the thirteen 802.11 management frames - probes. Now while 802.11 is a standard, the way in which it's implemented is not - it varies by vendor. Most recently two high profile vendors have changed the way they implement the spec: Google relying less heavily on probes while Apple relying more so. In the case of the former also keep in mind Android is its own hot mess with various vendors implementing the OS in different forms (I'm looking at you Sammy). What does this mean for the WiFi Pineapple and the wireless hot-spot honey-pot? Quite simply, we adapt. In the game of cat-and-mouse that is hacking, tools and techniques evolve as the ever changing landscape shifts. Build a better mouse, build a better mousetrap. The core concept of Karma in its current form relies on a rather limited approach to client harvesting. With the next version, or the next tool in our honey-pot arsenal, we'll implement additional approaches as appropriate and as the bare metal as our disposal allows. We already have some interesting new attacks in testing that have proven quite successful as well as more on the drawing board for later, when it's time to respond again. Once everything is stable and to our liking we'll roll out an update that improves the overall effectiveness of the platform.

ICS forwarding is set on a per-boot basis. In the future we're have flexible forwarding options.

The next update to the Network infusion will include an easy disconnect feature, but until then you have to manually remove the configuration from /etc/config/wireless or comment out the last block which should look similar to: config wifi-iface option device 'radio1' option mode 'sta' option network 'wan' option ssid 'yournetwork' option key 'yourpassword' option encryption 'mixed-psk+ccmp+tkip' #or similar

Your carrier is probably firewalling ports on the WWAN side. Try using autossh to setup forwards for 1471. Similar to forwarding 22. See the following episodes, especially 1112... http://hak5.org/episodes/hak5-1108 http://hak5.org/episodes/hak5-1109 http://hak5.org/episodes/hak5-1110 http://hak5.org/episodes/hak5-1111 http://hak5.org/episodes/hak5-1112 http://hak5.org/episodes/hak5-1113 http://hak5.org/episodes/hak5-1114 http://hak5.org/episodes/hak5-1115 http://hak5.org/episodes/hak5-1116 http://hak5.org/episodes/hak5-1117

That doesn't look right. Checking.

out of curiosity how are the both of you powering your pineapple? It really really shouldn't be a power issue as in our testing all of that has been solved, but in the off chance the both of you are using a USB to barrel with a laptop that isn't supplying enough amperage, this *could* explain. Still thinking its software. Can you guys post the contents of /etc/config/network and /etc/config/wireless ?

Did you blacklist the MAC of wlan1? Might have pineapple'd yourself. Unless of course your network runs on 172.16.42.0/24 as well...

Install the WiFi Manager Infusion. Change the static IP to 172.16.42.42. Set it to be a client on a nearby AP. Connect Ethernet directly between MK4 and MK5. Internet ---AP---> MK4 ---Ethernet---> MK5 ---> Clients They both fit nice and snug in the 1120 pelican case and this frees up the MK5's 2nd interface for....more fun ;-)

What did you do to install sslstrip? Walk me through your processes.

Kismet can, and the pineapple supports kismet :)

Check this list for your device: http://www.draisberghof.de/usb_modeswitch/device_reference.txt You can find the Vendor and Product ID by issuing lsusb or checking Config > USB in the UI. Dial settings will be specific to your provider. There will be a video explaining all of this soon as well as an update to wifipineapple.com with common settings.

Any more information about what it was you did right before the malfunction would be appreciated. You say you connected wlan1 to your home AP? What's your home AP configuration? Can you ping the device over Ethernet? Do you see the pineapple5_xxxx SSID being broadcast? Did you remember to flip all the switches back up after you did the factory reset?

https://forums.hak5.org/index.php?/topic/30579-why-two-different-radios/?hl=compliment#entry230360

The red LED will only light when wlan1 is active (i.e. connected to a network). What's the output of "iwconfig", "ifconfig wlan1 up", "lsusb" and "logread" ?

The 6th DIP switch recovers from hardbricks, overvolts, water submersion and fire.

This is on our list of tutorials to do for the upcoming video series.

Should be noted that duty is likely less for shipments via USPS, though they take a bit longer.

I assure you it is in fact center positive. Try your USB to DC Barrel cable and see. As for replacements, we can't warranty against stupid (no offense) but if you contact shop@hak5.org with your order # we might be able to work out a small dumbass sympathy discount (again no offense). Edit: Also you get to go down in history as the first to fry a five. Johnny Five would be proud...

:-)

I'm at toorcon half asleep but IIRC what you're going to want to do is set eth0 to option proto dhcp.

You can also write the infusion right from within Bartender if you don't feel like SSH'ing in. We'll be starting a video series for the pineapple here shortly and introduction to writing infusions is one of the topics.

It supports FAT* and EXT*. Very odd about the supplied 2GB SD card. If it were bad you wouldn't be able to pull the upgrade files off of it onto your computer.

SD cards mount to /sd and USB drives mount to /usb - it's that simple. :-)

Can you try copying those two files over to another SD card and see if it'll get through the first boot with that? It could be a problem with reading that card. Blinking amber means seeking upgrade files.

If there are two WiFi chipsets most loved by the hacker community it would be the ar9331 and rtl8187 - so we went with those. They both have some amazing strengths that compliment each other beautifully. The AR is in fact wlan0 - it's the SoC (CPU) and does the AP mode. The RTL is great for just about anything from sniffing to injecting to client mode for ICS. Yes, it's stable as a client. The only thing it isn't great at is being an AP - which is what the AR is for. They're unlocked and make a great duo.