Isolot

It would be say, more powerful with a massive feature jump, don't all the peripherals for the current pineapple go straight over to the rpi? I.e. Hak5 will offer them at the same price as they currently do for the pineapple? Even if the price is $25 difference the feature jump of having local msf is massive. Think Meterpreter shells in the pineapple web ui.The discussion wasn't anti pineapple go do it yourself, pen testers already know hey can do it themselves. The discussion was if the pineapple changes platform rather than diy. The hak5 team still release an end to end wifi testing platform but it's base os and hardware are more powerful. They then have the whole rpi hardware community at their fingertips for upgrades, i.e. build a custom rpi pineapple with internal radios, touch screen and solar panel. As for the noobs Kali version comment, kinda emplies the pineapple dev community is bigger than the Kali one. The tools get released to Kali and ported to the pineapple not the the other way around. The hak5 team just switch to writing future patches on Kali rather than open wrt. I would have thought the more powerful rpi would make the hak5 dev teams life easier rather than harder, time is money as you say and the platform change would address a lot of the negative comments I have read of late.

Agreed Barry, a few of the negative posts do look like they are after a turnkey solution rather than a platform. Re the Linux support on the compute stick, you can order them from Amazon with Ubuntu pre installed. Perhaps there could be a raspberry pi fork in the future at a higher price point (pineapple pro), there are starting to be some really nice looking compact battery + touch screen raspberry pi designs out there. Imagine this bad boy with dual antenna booting up to a touch screen interface designed by hak5 http://www.au.engadget.com/2015/11/25/this-rasberry-pi-handheld-wants-to-be-every-gadget-in-the-world/ after a hard days pentest, you could crank some handheld quake 3 on the way home....

Wow, it's been a while since I have visited this forum but a new comer would be forgiven if they thought the wheels had fallen off this project. There are negative posts all over the show. Are Seb and Darren taking note of the negative downturn in comments and discussing if their new products direction will increase their customer satisfaction? Is increasing the spec of their custom hardware and continuing the use of open wrt going to solve the customer questions posted in the forum? Times have changed since previous versions of the pineapple, we now have Intel sticks running Windows 10 in Australia delivered for $150aud, the $99usd pineapple specs don't come close and after the dollar conversion the pineapple costs more. I'm not interested in flaming the pineapple, I'm interested in a discussion of would a raspberry pi or Intel stick running a full Linux distro with external adapters be a better solution moving forward? We all know the evil ap scripts have existed for a while and the pineapples competitors are running full distros (pwny), so running a router distro is not a requirement. Hak5 can still have their wifi pineapple custom case and custom web interface but they could then leave the base hardware iterations to the external companies. Hell I would get super excited about a hak5 web interface designed for the touch screen that sits ontop of a raspberry pi. Swiping through connected clients and live meterpreter sessions would be wild. The wifi pineapple would be opened up to the hardware addons everyone is designing for the raspberry pi. Hak5 already recommends to use USB wifi adapters with their current hardware. Full distros+ more hardware grunt enable all the latest tools to be used straight away and enable onboard interaction with beef and metasploit rather than sending the reverse call off to a listener on another device.

I have not studied digital forensics but if it were me i would teach myself by capturing a pcap of multiple different scenarios: - client requests private ip name resolution - client requests public ip reverse look up - client requests public host name resolution - client requests resolution of an ip that the dns server contains a record for - client requests resolution of an ip that the server does not have a record for - client requests requests different types of records ie mx records. now open up each of the captures and strip them down to just the dns request..(add dns specific filters eg. udp). Now ask yourself, If i were a detective, what information might be important to me? - time of the request - time of the response - time between the request and response - source ip of the request - destination ip of the request - type of request - size of the request - what was the data in the request? where was the user trying to go (right click follow udp stream) - what what was the servers response - what was the mac address in the request? (this can give you the last hop and give an idea of the network route taken) - source and destination port used. google searching will provide the how to's on where to find the answer to the above questions in the packets. you could also now go a step further - what third party tools can you hand the pcaps to in order to provide automated reports? xplico? etc - was there a tcp handshake after the dns request completed to say the user actually went ahead with the connection?

"Thats just simply not true lol." Really? i didn't have to look far for other people experiencing the same thing: (note the business as usual comment) https://forums.hak5.org/index.php?/topic/30908-fbi-police-confiscating-the-pineapple-lawyer-up-and-shut-your-mouth/?p=233389 "OpenWRT is the best choice because it runs smooth on routers." My interest was in moving away from router hardware and running the whole thing from a rasberry pi. I'm not aware of any functions open-wrt can do that kali with usb wifi cant, kali has all the evil ap scripts ready to go. As for stability, there is no issues with competitors such as the pwnie plug 2 cranking a smooth AP from a kali distro. Im talking about the evolution of the pineapple as a pen test tool once cheap technology is available..staying agile etc. Meterpreter reverse shells on the same device as the evil AP would be rad. Anyway i think i have answered your "why would anyone want to" question, by the sound of it you cant see any advantage in moving away from open-wrt. i am still interested if the hak5 team have it in their pineapple pipeline (or kicked around the idea)....maybe a more expensive pineapple pro for example.

Why would anyone want Kali on a drop box? Because with open-wrt you are in dependency hell! Surely i am not the only one who has experienced this? Have you tried to do much custom outside of the infusions? its like smacking your head against a wall. WOOOOOW HOLD up dude you cant do that with this kernel!!! the infusion releases are slow because of the dev time involved in getting them to work with the pineapples hardware and open-wrt (really appreciate the people who put time into this work). Each of those infusions would have been available day 1 if the dropbox was based on Kali or similar stripped down Arm distro. The release rate of available infusions would see astronomical growth. Sure, if you look at it from the point of view that its a dumb connect one network to another device then yes Kali is overkill, but are we seeing the device used for more than that? I remember back when it took months to iron out sslstrip issues on open-wrt...if the pineapple moved to kali then there isn't any mucking around, we see a new tool released then bam is available to enhance the functionality of our pivot box. we had to wait years for dependencies required to get nodogsplash running. openvpn? etc. So why would anyone not want to run kali on their Pivot box? Probably because open-wrt was the best choice before ARM compatible distro's and cheap hardware were available.... I could be totally off the mark here, i am interested in why you think open-wrt is the superior choice for a pivot box?

Thanks for the links guys.So once you have the swap on the class 10 sd, would you say VNC is usable whilst running multiple tasks? thinking about using vnc for gui tasks like w3af...etc. I must admit, i did expect hak5 to move the project over to a web front end for kali on low cost hardware such as the pi. Open-wrt was great but wasn't that decision made in a time when there was no Arm pentest distro's and hardware costs were much higher? the kali linux powered pineapple would cost more yes, but you might make that back in stability + dev time mucking around with open wrt installs. It can be done much cheaper than the pwnie plug 2 price. By staying with opwn wrt, it has left the market wide open for a low cost kali linux based evil AP.

I canned swapping my Kali VM for a rasberry pi due to seeing posts about performance issues. Sounds like you are getting your raspberry to do a lot! beef, SET, metasploit, spoofed page web services.. how do you find the performance? what connection method are you using, CLI or VNC? Also, how do you rate limit the connections using your iPhone hotspot? nodogsplash with injected beef hook? would hate for a client to start a massive download like an ios update for example. Some links to buying the equip mentioned in this post would be excellent i.e.. the battery that can run both raspberry and pineapple, rasberrypi itself and clear pi cover. Thanks in advance, Isolot.

Melbourne Darren! I would be more than happy to give you a Melbourne tour, Anthony Bourdain style! Best Bars, best restaurants...best wifi's. It would also give us Aussie pen testers a chance to meet each other. I would love to start an aussie pen testers user group, maybe a location based hak5 chapters type set up (pictures a group of dudes (and Angelina Jolie) stealing each others fries with roller bladers cruising past). It's time to notch up some corks to the cowboy hat!

My set-up: adsl modem in full bridged mode ------> apple usb ethernet dongle, the usb dongle is passed through to a PFsense Virtual machine as its WAN Nic. Pfsense handles the PPOE and all other network tasks (Firewall, DHCP, DNS etc...), out of the box it also handles your open vpn end points. Then i configure the VM to also use the hosts Nic as its LAN port. The hosts LAN port ------> apple airport extreme---->wifi to all my internal machines. With this setup i run OSSIM monitoring the hosts NIC, which in turn gives me a complete Intrusion detection system as all the network traffic runs through this nic. Even the host machine sends a dhcp request out its nic, it hits the airport extreme comes back to its own pfsense virtual machine which hands back the ip. It can get confusing but works really well. I thought i might mention it because pfsense has a web gui that is capable of everything you need (even a snort module for intrusion detection). I highly recommend both pfsense and alienvault OSSIM. cheers, Isolot.

Hi Spazi, You need to be careful about the terminology you are using...active scanning is illegal, passive scanning is legal. Making active requests which probe the website for "weaknesses" is breaking the law but passively reviewing the source to make sure there isn't things like persistent beef hook XSS code isn't. If you start using automated scanners against public websites then you are in the bad guy camp regardless of your intentions. If the problem is as widespread as you say it is, then i would go into business retrofitting each house with a pfsense router. Implement the Snort intrusion prevention system and work on making a solid rule set that you can deploy to clients. If your clients are loosing millions then they have plenty to spend on implementing defence. Isolot.

Moriarty, Dude! this looks like it could speed up my workflow and make me feel like i'm playing tron bikes at the same time! I will have a play tonight. beef hook injection would be a nice mitm option. cheers, isolot.

I been AWOL doing the Ceh exam and pesky work etc, sorry for the late reply.. how did you go dude? i'll get back into it this weekend, will see how good bt5 r3 is at holding a wifi connection with low signal strength. Super keen on giving that mitm pen testing web ui that was posted a go too! if that works it will speed up my workflow. In general though, i love the macbook air, wouldn't trade it for any other pentesting lappy! cheers buddy, Isolot. Isolot.

It's on it's way, i will let you know how i go. I am also testing snort on the rasberrypi with the ninja throwing star for intrusion detection on my home network.

New world, is there any need for the pineapple in your setup? Wouldn't it be cleaner to have your pi pump out the hotspot and do away with the pineapple. pwnstar is a great script to start up the access point and sniffers/ssl strip all from the rasberrypi.

Features I would love to see: - bandwidth limiter for connected clients - captive portal splash screen. (for use with beef injectors and "use at own risk" warnings on a test lab.) - vpn end point I guess the problem is memory, for the ultimate honey pot running sslstrip,ngrep,urlsnarf,ettercap injection,beef,tcpdump, hamster/ferret and openvpn we would need to migrate to pandaboard or rasberrypi and run karmetasploit. Then the project would open up to pimpin hardware mods like touchscreens, gps etc. I'll admit it, i just want to be a cyberpunk with wrist touchscreen showing pwned clients lol. Chuck a bit of hacked femtocell action in there so we have a digital readout of all mobile devices around us and their distance. *Puts cyberpunk back in closet.

Hey guys, Anyone tried the OpenVpn openwrt module on the pineapple? i am keen to have a second deployable pineapple that: a) receives an ip address from the lan its plugged into via eithernet B) bridges the lan to OpenVPN c) setup dyndns out a 3g modem plugged into the pineapple d) VPN my desktop machine through the 3g tunnel and receive an ip from the lan the pineapple is connected too. I like the idea of handing my mates the pineapple so they can plug it into switches at lan parties so i can game with them (on closed lan servers) remotely through the pineapple vpn connection. Could the pineapple handle the flow? mass pineapple mesh network? :) Think this is possible? or will an openvpn endpoint be to resource intensive for the pineapple. Thanks, Isolot.

I have been able to reproduce this problem by conducting the following: 1) Upgrade to the latest firmware with memory stick plugged in 2) Install sslstrip to usb by the module only 3) Enable usb logging 4) Enable sslstrip 5) Interface dead. The problems for me was: 1) The upgrade corrupted my memory stick so sslstrip and the usb logging couldn't install. When you turn sslstrip on the iptables redirects you to nothing. I reformatted the corrupted usb. 2) I have never had success with just installing sslstrip from the module. I always go to ssh and type: - opkg update - opkg install sslstrip --dest usb Not sure if you are having the same issue but i don't get why the module cant run these commands when it works fine from ssh? Perhaps its a timing problem of the module trying to install sslstrip before the opkg update has finished properly? A fail safe for this would be not allowing the sslstrip module to turn on if sslstrip is not installed. Chaos may have set his sslstrip module to autostart so it constantly redirect's him to nothing. Dnsspoofing also does not work when sslstrip is enabled, sslstrip must use some other form of dns lookup rather than checking the local pineapple.

whistle master your a king amongst men! any chance of the same thing for sslstrip?

:( it's developmental and they renamed it from kamikaze to attitude adjustment. Flashing my pineapple with a stable release rather than this experimental one so the packages will work. This post can be deleted. Thanks.

not sure if your having a dig by showing the ssh banner or there is info on there i am missing. I understand its based on openwrt but there seems to be different types. the banner doesnt show any of the following: - Backfire 10.03 branch: ChangeLog svn co svn://svn.openwrt.org/openwrt/branches/backfire Kamikaze 8.09 branch: ChangeLog svn co svn://svn.openwrt.org/openwrt/branches/8.09 Kamikaze 7.09 (deprecated): ChangeLog svn co svn://svn.openwrt.org/openwrt/tags/kamikaze_7.09 Development branch: ChangeLog svn co svn://svn.openwrt.org/openwrt/trunk/

lol how does this post not fall under "What makes the pineapple tick". Moved = deadend...i was hoping for a constructive conversation about the least hassle firmware.

Cheers mate, Do you know what version of openwrt they modified? was it kamikaze? They changed the uname so i cant tell.

Afternoon guys, First of all I am a nub when it comes to Open wrt. Quick question: i am not finding any support out there for "attitude adjustment", is this some kind of spin off from kamikaze or backfire? are they one in the same thing? My research to further my knowledge and in turn contribute to this project is failing badly :( Each package i try and install such as iptables-mod-extra are throwing me the dependency of kernel 3.3.2-1. Is it this distro that's the problem with packages being so hard to install? Is there a more stable/better supported distro we could be running? I'm sure a distro with a bigger community would take away a lot of questions on this forum and open up the project to much more contributors. Any links to better understand the kernel and distro running on the Mark IV would be much appreciated. PS. i reeeeealllllyy need need a captive portal but all the supporting packages fail to install. Nodogsplash is written for "white Russian" but is proved to work on Kamikaze 8.09. can i upgrade the Mark iv to run on Kamikaze 8.09? Cheers, Isolot.

Nice set-up but without usb storage is it usable for anything other than giving free wifi and being chuffed that the device said yes to clients? Any type of monitoring would fill the local storage up with log file's quite quickly wouldn't it? I suppose you could pivot an attack on an end client's machine once they are in your ip range but to actively review traffic would need storage for the packages and logs. We really need two usb ports, anyone tried an unpowered usb hub?