Darren Kitchen

Open a new command prompt from Start > Run > CMD <enter> That way when you run the program.bat it won't disappear on completion. Also you must specify the hex file to be programmed. I believe the syntax is program.bat duck.hex Also keep in mind there are no drivers to install if flashing on the Linux side. Cheers, Darren

What version of the duck encoder are you using? IIRC ALT TAB should work since 1.0.

This is what I'm seeing from dmesg on 2.6.32 [195381.975755] usb 6-1: new full speed USB device using uhci_hcd and address 8 [195382.156921] usb 6-1: configuration #1 chosen from 1 choice [195382.159936] scsi22 : SCSI emulation for USB Mass Storage devices [195382.160016] usb-storage: device found at 8 [195382.160019] usb-storage: waiting for device to settle before scanning [195382.165870] input: Apple Inc. Keyboard as /devices/pci0000:00/0000:00:1d.0/usb6/6-1/6-1:1.1/input/input12 [195382.165951] generic-usb 0003:16C0:047C.0009: input,hidraw6: USB HID v1.11 Keyboard [Apple Inc. Keyboard] on usb-0000:00:1d.0-1/input1 And it's executing my payloads.

I've tested it against 2.6.32-38-generic. Will try 3.1 later today.

That's pretty much it. My time is torn between the pineapple, this, and the show -- for now. I've thankfully been able to switch gears here recently and dedicate more time to the duck. Recently I've been working on a script to convert PDE files generated by SET - the Social Engineering Toolkit - to work with the duck, but I may just end up rewriting it into a much easier to use web based payload generator. It feels bad reading this. Especially when this has been my baby for years and yet I've never had the time to dedicate my all to it. There is hope. Indeed we are working hard on making it a polished user friendly product, and lowering the price to boot. With the newly manufactured White Ducks we're actually able to take a considerable chunk off the retail price - something I wish we had been able to do from the get-go. I agree. We've been pretty bad at embracing the open source side of it. I'm thankfully getting some other developers in the mix here soon and I hope to address some of the issues and feature requests we've been needing. With the latest beta we have Linux support, finally! I haven't been involved with the coding of the firmware so I can't say too much about it. Most is beyond the scope of my knowledge but it is a platform I very much want to learn. At the moment I'm developing on the periphery that encompasses the project. With the latest firmware with Linux support there's a lot of hope for OSX -- it recognizes but invokes the wizard. Anyone know a bypass?

Here's a script in Linux to flash the duck. #!/bin/sh EXIT=0 if lsusb | awk '$6=="03eb:2ff6"{e=1}END{exit e}'; then echo "Is your Ducky connected and in DFU mode? I don't see it. Try" echo "unplugging it, then holding down the button while plugging it back in." EXIT=1 fi FILE=${1:-firmware.hex} # Where to get our dump. if test -r "$FILE"; then if egrep -vq '^:' "$FILE"; then echo "That doesn't look like an ihex file." EXIT=1 fi else echo "No such input file or you don't have permissions to read it." EXIT=1 fi #if ! which dfu-programmer &amp;&gt;/dev/null; # echo "dfu-programmer not found. Go install it and try again." # EXIT=1 #fi test $EXIT -eq 1 &amp;&amp; exit 1 # Get all the errors at once, then exit die() { echo "$*" exit 2 } echo Erasing... sudo dfu-programmer at32uc3b1256 erase || die "Failed to erase" echo Flashing... sudo dfu-programmer at32uc3b1256 flash --suppress-bootloader-mem "$FILE" \ || die "Failed to flash" echo Flash complete. Resetting your Ducky... sudo dfu-programmer at32uc3b1256 reset || die "Failed to reset" And a script to backup the existing firmware from the duck. #!/bin/sh EXIT=0 if lsusb | awk '$6=="03eb:2ff6"{e=1}END{exit e}'; then echo "Is your Ducky connected and in DFU mode? I don't see it. Try" echo "unplugging it, then holding down the button while plugging it back in." EXIT=1 fi FILE=${1:-dump.bin} # Where to put our dump. if [ -f "$FILE" ]; then echo "Output file already exists. Remove it or specify another." EXIT=1 fi if ! which dfu-programmer &amp;&gt;/dev/null; then echo "dfu-programmer not found. Go install it and try again." EXIT=1 fi test $EXIT -eq 1 &amp;&amp; exit 1 # Get all the errors at once, then exit sudo dfu-programmer at32uc3b1256 dump &gt;$FILE echo Dump complete. Resetting your Ducky... sudo dfu-programmer at32uc3b1256 reset So sorry I forget the user who posted the scripts, will update with credit with I find it.

The biggest difference being that the aircrack route emulates master mode so it's a lot slower in comparison to Jasager. Also you should understand that the initial concept of the WiFi Pineapple was to create an inexpensive battery powered device that can be concealed and remotely managed.

USB power can be an issue with some devices. I haven't put a meter on it but the pineapple doesn't have a lot of left over juice for some devices. For instance my T-Mobile modem works beautifully though the CDMA modems from Ting and Virgin will cycle every so often due to power -- which is a real pain. We've tested the 4GB Cruzer Fit, which is why we carry it in the HakShop. I guess it's possible that the 8GB requires a little more... Odd though. We'll have a nice solution for all of this very shortly on the HakShop. Imagine some pineapple juice with *over 9000* mAh and dual usb output hooked up to the pineapple and a mini usb powered hub.

Can I be the first to say, um.... WICKED!

Is the pineapple battery powered or on the mains? One thing I've noticed with the Novatel MC760 is that it will sometimes drop due to power requirements. Try tossing a powered USB hub in line and give it another go -- let's rule out power first. If that's the case we might have just the thing for you - an inline usb power injector. Second, the current 3G script doesn't account for the Micro SD card on board. Let's worry about getting you dialed up first, then we can adjust the script so it doesn't kill /dev/sg0 (or was that sg1?). I'm not near a pineapple to test but will soon.

Glad you got it sorted and thanks for posting on the TTL adapter you used.

Awesome script Whistle Master! This should be added as a module or simply rolled into the next firmware. I love the idea of having one of the lights blink as visual confirmation that something is running. Great for use with the buttons module. I rely on the blinking WPS LED to verify when the pineapple has completed booting. As for the power LED..... Perhaps you could try hot glue or tape? I'm just saying I believe the LED is on the power circuit and removing it may either cut the power or make it significantly higher than it would have otherwise been. Not sure on the value of the LED -- maybe a resistor could fill in the place. Regardless, I admire your determination though I will say simply fair warning that this sort of thing is outside our normal warranty. We'll 'help a brother out' if you do end up phys bricking it - but it's not a freebie like a software debrick.

Using iw you should be able to adjust the tx-power of the WiFi Pineapple. I believe the default is 20 or 23. The values are set in /etc/config/wireless and you can manually adjust them with iw and iwconfig -- though I should point out that if you're not experienced with this sort of stuff I'd refrain from tinkering until some sort of solid guide is posted. You may have to set your region to BO first (Assuming you live in Bolivia *This isn't legal otherwise*) Here's some additional reading on the matter https://forum.openwrt.org/viewtopic.php?pid=152568 https://forum.openwrt.org/viewtopic.php?pid=146550 Next time I'm working on the pineapple I'll see what I can come up with. Cheers!

Oh, bummer. So much for last chance. =/ Sorry guys

In case you missed Ting.com, a new MVNO, sponsored Hak5 for a few weeks. I believe their offer of $50 off a device will end soon so I thought I'd let you know in case you wanted to pick up one of the Novatel MC760 usb 3g modems, which they have for $45 so, essentially free. US only. Just gotta visit http://ting.com/hak5/ Sorry if that seems too ad sales-y but I know there was a lot of interest on this. Cheers!

Dude, this looks wicked. Will you be posting the code? We have the project on github at https://github.com/sebkinne/wifipineapple/wiki

1. Disable the firewall. /etc/init.d/firewall stop. In fact it has been removed in 1.0.1 -- causes more trouble than it's worth for a hacker tool. 2. Look into your routes. By default it looks like this: root@Pineapple:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.42.42 0.0.0.0 UG 0 0 0 br-lan 172.16.42.0 * 255.255.255.0 U 0 0 0 br-lan You want it to look like: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.2.200 0.0.0.0 UG 0 0 0 br-lan 192.168.2.200 * 255.255.255.0 U 0 0 0 br-lan So from the Advanced menu in the Web UI enter: route del default in the bottom text field and click Execute Commands. Then from the first text field enter: route add default gw 192.168.2.200 br-lan and click the Update Routing Table button. If that doesn't do the trick a little iptables lovin' should.

FYI guys, not sure if anyone else has tried this but I recently found out that the MK4 can be back powered through the usb port! Found out while testing a USB hub. That said, I can't guarantee perfect operation in the configuration -- it isn't exactly to spec.

This tutorial applies to the WiFi Pineapple Mark IV. 1. Partition and format your USB Flash Disk. We'll be using the 4GB SanDisk Cruzer Fit (Available in the HakShop /shameless plug) a. Using Ubuntu open Disk Utility from System > Admin. b. Unmount any mounted existing volumes c. Delete any existing partitions. You should now have a blank drive with no partitions as seen below. d. Create your first partition using the Create Partition button and make the partition take 80% of the available space. The unused space will be used for your swap partition. Make sure to uncheck the box regarding taking ownership and select EXT4 as the filesystem. e. Repeat the previous step using the last available space, unchecking the ownership box and selecting EXT4 as the FS. Name the partitions whatever you like. f. Your drive show look like the below image. Remove the USB drive from your Linux box. 2. Configure the Swap partition on your WiFi Pineapple a. On the WiFi Pineapple's Web UI browse the the USB page and ensure that your config looks like the one below. config global automount option from_fstab 1 option anon_mount 1 config global autoswap option from_fstab 1 option anon_swap 1 config mount option target /usb option device /dev/sda1 option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config swap option device /dev/sda2 option enabled 1 b. Plug in the USB drive and wait a minute for everything to settle. c. SSH into the WiFi Pineapple (typically "ssh root@172.16.42.1") d. Issue "mkswap /dev/sda2" root@Pineapple:~# mkswap /dev/sda2 Setting up swapspace version 1, size = 1003741 kB no label, UUID=97996185-a731-4d1e-92d8-1017fdb3603e e. Reboot the WiFi Pineapple by issuing "reboot" 3. Verify that swap space has been enabled a. From the Advanced page issue the command "free" More reading on fstab in openwrt: http://wiki.openwrt.org/doc/uci/fstab Installing packages to the USB partition: Your /etc/opkg.conf file should look like the below. You can verify by issuing "cat /etc/opkg.conf" from a SSH session or from the Advanced pages execute commands box. dest root / dest ram /tmp lists_dir ext /var/opkg-lists option overlay_root /overlay dest usb /usb Update opkg by issuing "opkg update" (Internet connection required so enable 3G or Tether) Install packages using the syntax "opkg install --dest usb packagename" Thoughts?

Here's the revised NYAN Cat payload I used for my talk at SXSW. I noticed an issue with mobile phones not playing the annoying music so I changed the embed code to use HTML5. &lt;HTML&gt;&lt;Head&gt;&lt;Title&gt;NYAN CAT!!! &lt;/Title&gt;&lt;/Head&gt; &lt;Body&gt; &lt;img src="NYAN.gif" width="500" height="350"&gt;&lt;br /&gt; &lt;audio controls="controls" autoplay="true"&gt; &lt;source src="/NYAN.mp3" type="audio/mp3" /&gt; &lt;/audio&gt; &lt;/Body&gt;&lt;/HTML&gt; Works great against desktop browsers and Android phones, but still no pwnage on iPhone. Sad too because the iPhone will pop up the index page thinking it's a captive portal asking for EULA or payment on connect (how convenient) but no sound. Tried various embed methods without much luck. Wish the iphone supported HTML5 properly, or at least Flash. Perhaps there are Quicktime controls that could be used. On a related note it was pointed out that adding: option 'error_page' '/index.php' under the index_page option in /etc/config/uhttpd would nail error pages, not just root domains. Good call.

Oh Jesus! We should have a wall of shame for these :)

Check out this short guide on getting tcpdump on the usb drive http://www.wifipineapple.com/doku.php?id=tcpdump The dns spoofing url is to be expected. A better way would be to use dnsmasq - something I'm considering adding in a future version. We used this method to do redirects on the MK2 with the rickroll, but IIRC isn't doesn't work domain by domain. You're welcome to try it -- just be forewarned that messing with the /etc/config/* files isn't recommended if you're not equipped to deal with a network unreachable situation. Sounds like you should be fine.

Dude I'm sorry to say you bricked it. We put warnings on the upgrade page for this reason. When PHP calls the sysupgrade function it inherently hangs the web server as this process can't be forked. Had you waited a good 3-5 minutes for the flashing to complete you'd be rocking 1.0.1. Sadly yanking the power during the write process results in a corrupted kernel and/or filesystem. Chances are the device still boots -- but there isn't a complete system there to start up. That's why the lights are blinking. If you had a Serial TTL adapter I'd say jack in with a com program and drop into the bootloader -- I'm 99% sure it's still there -- but it's kind of a chore. Hit us up at shop@hak5.org and we'll unbrick it for ya. Really sorry you had this experience. Bricking is never fun and this was my #1 fear in development when it came to the firmware upgrade process. We'll see about getting an onClick javascript alert box warning in the next version to ease the mind when the expected error page pops up.

I've updated the Quick Start Guide on the wiki to include a usage scenario. I'll be doing video tutorials on some of the new features such as 3G and SSH reverse tunnels soon. Also please understand that the MK4 is very different from previous hardware so any flashing guide you see talking about the MK2 or MK3 aren't going to work on this device.

The MK4 comes with a quick start guide that should have you up and running in no time. There is no "right way" to use the WiFi Pineapple however. It's a pretty versatile WiFi auditing tool and comes in a pretty generic configuration. It really depends on what you're trying to achieve. I've heard some pretty crazy stories of what pen testers have done with it. I guess it really just depends on your networking experience and how far you're willing to go with it. Have fun!