Darren Kitchen

Sorry if the SSH help section doesn't make complete sense. I plan to do a video tutorial soon. Basically what I'm trying to say is that before you can have autossh keep a reverse tunnel persistent you'll need to do a ssh key pair exchange, and to do so you'll need to first ssh into the pineapple itself and from there ssh over to your remote host so that there's an entry in known_hosts. So in short, to setup autossh you'll first need to ssh from laptop -> pineapple -> remotehost. Once you've made the first connection (via password auth) the public key of your remote host will be in the pineapple's known_hosts file and your pineapple's public key should be placed in the remotehost's authorized_keys file. After that initial setup just enable ssh on boot & keepalive and the pineapple will maintain a persistent connection.

While deep in dev I remember seeing all the time via serial "press f to enter failsafe" or something like that. Not sure if the reset button counts - never tried it. This was pretty early in the init, well within 30 seconds. If you can't contact the router over ethernet your only bet is serial. try "ifconfig eth0 172.16.42.42 netmask 255.255.255.0; ping 172.16.42.1" while connected to the PoE / LAN port (where eth0 = your ethernet device). It's more clicking in Windows but you get the idea. If you can ping it you should be able to ssh in as root with the default password "pineapplesareyummy" and flash the latest firmware by scp'ing over upgrade.bin to /tmp and issuing "sysupgrade -v -n /tmp/upgrade.bin" Alternatively you can contact shop@hak5.org and Shannon will exchange your bricked pineapple for a fresh one. Also, this is why the "hold reset for 5 seconds to replace /etc/config/network with defaults" was implemented in 1.0.1 ;)

As others have said Deauth helps - which is why a Neinsager backpack (deauth drone) using either a MK3/4 or AWUS036H is on the roadmap. Here's a screenshot from my galaxy note from a recent pineapple outing. No deauth's running and as you can see it did quite well. Just a matter of getting out to a target rich environment.

If you have a sort of network manager running you may want to turn it off and just setup your connections in terminal. The NetworkManager applet in Ubuntu is notorious for screwing me up.

Been busy with prep for SXSW but will get back to this as soon as that's over. This is kind of a pet project and I'd like to see it blossom. Though the more I research the more I realize with kmod-rtl8187 an alfa awus036h could do the trick over usb, which is a less expensive (both money and battery) option that may work.

OMG You just can't make this shit up, folks. Thanks Telot -- you made my night. Ha!

wowza. um, plans for that puppy?

Yikes! Careful out there folks :)

Not to preempt Seb but it's at http://www.wifipineapple.com/upgrade.bin (Note to future people: link not likely to work after 3/7/2012) and we'll have a proper changelog post here shortly. ICS Firewall fix, macchanger, update checker & reset button network config restore.

Sounds like you're doing it right - as far as I can tell. Though you'll need to check the config of the remote server to ensure that it supports key authentication. Have you consulted the documentation from the SSH page on the MK4?

I've been using the ALFA proper console board with a USB to Serial adapter from Belkin. I had a PL2303 from Prolific but it died in an unfortunate cross-wiring incident. I have a few more Prolific chips on order and as soon as I find the perfect board I'll be posting my findings here.

I haven't seen anything on tethering a phone to an openwrt router before but if the phone allows you to speak to it over serial as a modem, I don't see why not.

My math is as follows: At 5V (USB) the MK4 takes the following Amp draw under various configurations. I took these measurements using an in-line multimeter with a MK4 and a USB battery pack measuring amperage. WiFi Off - 1A WiFi On - 1.7A WiFi and 3G On (GSM) - 3.5 - 4A WiFi and 3G On (CDMA) - 5+A Of course these figures are from 5V calculations. The batter packs I'm making offer 7.2V, so the Amp draw should be about 1.44x less. So instead of 1.7A with WiFi it should be 1.18A per hour. So with twelve 3000mAh 3.7V batteries in a 6P2S configuration I should be outputting 7.2V with 18,000mAh, which for a WiFi On situation should last for (18 / 1.18) = 15.25 hours. That said this doesn't seem to be the case in the real world. When I took a MK4 to an RSA event I was using an 18650 USB battery pack with two cells. I ended up with over 100 clients and the pineapple lasted for well over 4 hours because I eventually turned it off at the end of the night. Based on my calculations it should have only lasted 2 hours - not 4 - so there is some wild wiggle room here. Obviously further testing is in order, something I plan to do when I return from Austin next week. I've been evaluating nearly a dozen battery packs for the HakShop and think I've found the two we'll carry as they offer the best quality, value and performance. These raw 18650 cells alone are great - they're what you have in your laptop today and the tesla roadster uses thousands of 'em, but they offer no sort of protection for over-voltage and could easily catch fire if not cared for properly. I recommend 'em as cheap sources of power, but just please be careful. I made a mistake with my first pack of 'em, not leaving venting. If these batteries don't breathe you'll have a problem on your hands. =/

My math is saying 15 hours but in practice it's looking more like 30. Going to have to do some real world tests. I built a pack for RSA using two cells which based on my calculations should have lasted 2 hours, ended up running well over 4. Turned it off before it went completely dead so who knows. This guy is rocking 12 cells.

OMG I love it. I'm taking this to SXSW for sure!

I'm at it again. This time with a plastic enclosure that hides the antenna and looks more discrete. Begin by building a 6 pack of 18650's in parallel Make a second pack and put 'em both in serial This time we're soldering straight to the board. Inner most lead is positive. The other two are negative so take your pick. Positive line running through a push on push off switch. Also, boobies. Mounted switch and test fit. Amazing technology I like to call double sided sticky tape. Storage for ettercap, sslstrip, tcpdump & cat photos. Available at the HakShop </shameless plug> All snug. Notice quick-connect barrel plugs needed to easily take apart cells, hook up to charger. Not a bad voltage when they're supposed to only be 7.2. Not bad, eh? Next up are the magnets - coming in the mail tomorrow.

From the department of devices that won't go through airport security comes my latest mod, the WiFi Pineapple Detonator-inator. We begin with four 3.7v 3000mAh 18650 batteries in a 2 Parallel 2 Serial configuration. Soldered the hot line to a SPDT switch and a right-angle 5.5mm OD 2.1mm ID center positive barrel plug. Cut the case bottom plate to be lower profile and housed inside a split-extruded case. Safety off switch. Fire Ze Missles! With the short antenna inside the metal case I'm only getting about a -54 dB signal from 50 feet. Not great but fine for a small coffee house.

Airmon is not run on boot. Not really 100% sure where mon.wlan0 comes from. I can't imagine it working with KARMA going. Sort of an experimental feature at the moment. It's on the list to build a web interface for.

OK, next con were going to hide a pineapple with a special ssid at the hotel and do a scavenger hunt. Winner keeps the pineapple & enclosure... For all you know it's in the flowers pot at the reception desk! This will be fun. :-)

I'm not worried about anyone on the forums ripping them off. I mean, you guys are pretty chill. Though this could make for a good game of wifi geocaching! Triangulation FTW! As for the gear, I'm evaluating a ton of it and will be adding a DIY department to the hakshop. I'm really eager to see what mods the community comes up with.

We have a bunch of hubs on their way for evaluation. I want to make sure we only carry the best solutions for modding goodness. Same goes for batteries, cases and antennas. I must have tested a dozen of each. I'll be the first to admit it's kinda a fun job, testing all this gear. Just making sure nothing we put up in the shop is crap. Also, very nice rig. Love the tripod. How well does the yagi mount to it?

Yes, I should point out that this is indeed a penetration testing tool and here at Hak5 we don't condone messing with the coffee drinkers. I was only mention that because my target at XYZ corp which I've been legally granted permission to audit frequents this establishment and my pineapple has been configured to white list him only. So, be nice out there. Yep, aluminum with steel plate for the magnets. Next one will be a plastic hobby box with aluminum backing, steel plate & more magnets allowing me to put directional antenna inside the box (like a claymore), 3G, more batteries. I won't get in trouble as SXSW has given me permission to do this for my panel. Or, at least I'm told I have permission. Hope I don't have to ask for forgiveness. Whatever, it's just kittens.

Here's a sneak peak at a mod I'm doing for the SXSW conference. They're not done yet -- still need to add a switch and some laser engraved Ma' Bell logo. I'll be littering these across Austin, TX. Let the pwnage begin. Inside the enclosure lives a massive battery pack and pineapple. No 3G, yet. This one simply replaces the *.* Internet with kitten photos. *The Horrors!* F*cking Magnets, How Do They Work? 12x 3.7v 3000mAh cells. Two packs of 6 in parallel put in serial for 7.2V @ 18,000mAh. Should last all day. For the next box I'll be going for 48,000mAh - nearly 2 days operation. Inconspicuous. Adjective: Not clearly visible or attracting attention; not conspicuous. This is right next to a local Starbucks. I've also found it sticks well to lamp posts and telephone poles in my area. I'll have a full modding segment on Hak5 here shortly going over this as well as many other aspects of operation and urban camouflage.

Funny you guys should mention this! We've got 'em in the HakShop now and in just a bit we'll have an IMG full of MITM tools ready to go just for our friendly little wifi fruit. http://hakshop.myshopify.com/products/sandisk-cruzer-fit-4gb

That should read "You'll need the [bits/info/string/characters] between "ssh-rsa" and "root@Pineapple"" Basically what I'm trying to say, and failing at, is that when you insert the public key on your remote host you only need to copy the bits between ssh-rsa and root@Pineapple to your authorize_hosts file -- typically in ~/.ssh/authorized_hosts or ~/.ssh/authorized_hosts2 (I think. It's late) I'll do a proper video tutorial on this as I understand it's a sorta advanced topic, relatively.