Jump to content

Thermostaten

Active Members
  • Posts

    72
  • Joined

  • Last visited

Profile Information

  • Gender
    Male

Recent Profile Visitors

3,243 profile views

Thermostaten's Achievements

  1. *2 <-- is a big deal :) # ONELINER TO ADD IPTABLES RULES TO THE STARTUP ( /etc/rc.local ): ssh -2 -4 root@172.16.42.1 'echo "iptables -I INPUT 1 -i wlan0 -p tcp -m tcp --dport 1471 -j DROP iptables -I INPUT 1 -i wlan1mon -p tcp -m tcp --dport 1471 -j DROP iptables -I INPUT 1 -i br-lan -p tcp -m tcp ! -s 172.16.42.42 --dport 1471 -j DROP # Enter commands above this line exit 0" > /etc/rc.local'
  2. II found that on the latest firmware as of today (12 sep 2021) the mark-7 does not automatically add a filter for the managetment wifi name you give it.. so i see that name as an open accesspoint and then cant connect because the managetment accesspoint it has with the same name has a wpa2 code and for some reason it only appears very seldom ( i have hidden it now and can still not connect to it every time and it is still added to the SSID when the mark7 discovers that I am asking for that SSID ) .. Every time i let it collect SSIDS from the people around it i can see see that a ssid with " " <- space often is found and added to the list. I added 1000 SSIDS to it via the API but that stoppet from working, then i reduced it to below 100 and it started working again .. letting the ssid discovery run and seeing it add >200 SSIDS it then stops responding, lagging a lot and "victims" cant connect any more. There are so many security tightenings you could add like use iptables to block the web interface and icmp (ping) so yes.. it is a little beta - even with a version 7. I wonder who beta tests them :) did you ever try to add a SSID with special country chars in it ? like blåbærgrød ?
  3. I found the RTFM :) .. ( Read the friendly manuals ) .. You can use something like this to import the SSID's - just upload it to your pineapple + the text file containing the list of SSID's and run it ./add_ssids.sh ./file_with_ssids.txt #!/bin/bash clear #set -x #---------------------------------------------------------------------------- # Need txt file containing list of SSID's as parameter #---------------------------------------------------------------------------- if [ ! $# -eq 1 ]; then printf "\n ### ERROR - Missing file containing SSID names as parameter\n\n"} exit fi #---------------------------------------------------------------------------- # Check if the import file exist #---------------------------------------------------------------------------- if [ ! -s $1 ]; then printf "\n ### ERROR - The SSID list file is missing or empty ($1)" exit 1 fi #---------------------------------------------------------------------------- # Generate API token #---------------------------------------------------------------------------- TOKEN=$(curl -X POST http://172.16.42.1:1471/api/login -d '{"username": "root", "password": "pineapplesareyummy?"}' 2>/dev/null|grep "token"|cut -d '"' -f4) if [ -z "${TOKEN}" ]; then printf "\n ### ERROR - Failed to get an API token!" exit 1 fi #---------------------------------------------------------------------------- # Import the SSIDS #---------------------------------------------------------------------------- printf "\n Importing $(cat $1|wc -l) SSID's..\n\n" cat ${1}|grep -v ^#|while read SSID; do # SSID_SAFE=$(echo ${SSID}|LC_ALL=C sed -e 's/[^a-zA-Z0-9,._+@%/-]/\\&/g; 1{$s/^$/""/}; 1!s/^/"/; $!s/$/"/') SSID_SAFE="${SSID}" # SSID_SAFE="${SSID_SAFE//\\/\\\\}" # remove all backslashes first # SSID_SAFE="${SSID_SAFE//\//\\/}" # remove slashes # SSID_SAFE="${SSID_SAFE//\*/\\*}" # remove asterisks # SSID_SAFE="${SSID_SAFE//./\\.}" # remove full stops # SSID_SAFE="${SSID_SAFE//\[/\\[}" # remove [ # SSID_SAFE="${SSID_SAFE//\[/\\]}" # remove ] # SSID_SAFE="${SSID_SAFE//^/\\^}" # remove ^ # SSID_SAFE="${SSID_SAFE//\$/\\\$}" # remove $ # SSID_SAFE="${SSID_SAFE//[$'\n']/}" # remove newlines # printf " Adding SSID: %-64s Original_Name: %-64s" "${SSID_SAFE}" "${SSID}" printf " Adding SSID: %-64s" "${SSID_SAFE}" STATUS=$(\ curl --silent \ -X PUT \ -H "Content-type: application/json" \ -H "Authorization: Bearer ${TOKEN}" \ -d '{"ssid":"'"${SSID_SAFE}"'"}' \ "http://172.16.42.1:1471/api/pineap/ssids/ssid") HOW_DID_IT_GO=$(echo ${STATUS}|grep -c '{"success":true}') if [ ${HOW_DID_IT_GO:-0} -eq 1 ]; then echo " [OK]" else printf " [FAILED] - ${STATUS}\n" fi done printf " $(date) - End of import!\n\n" #---------------------------------------------------------------------------- # END OF SCRIPT #----------------------------------------------------------------------------
  4. I have my favorite list of SSID's that i really like to keep on my Pineapple, but EVERYTIME i upgrade I have to re-add them. In "older days.." you could just ssh to the pineapple and import them via the command line like: cat ${SSID_LIST_FILE}|grep -v ^#|while read SSID; do # SSID_SAFE=$(echo ${SSID}|LC_ALL=C sed -e 's/[^a-zA-Z0-9,._+@%/-]/\\&/g; 1{$s/^$/""/}; 1!s/^/"/; $!s/$/"/') SSID_SAFE="${SSID}" # SSID_SAFE="${SSID_SAFE//\\/\\\\}" # remove all backslashes first # SSID_SAFE="${SSID_SAFE//\//\\/}" # remove slashes # SSID_SAFE="${SSID_SAFE//\*/\\*}" # remove asterisks # SSID_SAFE="${SSID_SAFE//./\\.}" # remove full stops # SSID_SAFE="${SSID_SAFE//\[/\\[}" # remove [ # SSID_SAFE="${SSID_SAFE//\[/\\]}" # remove ] # SSID_SAFE="${SSID_SAFE//^/\\^}" # remove ^ # SSID_SAFE="${SSID_SAFE//\$/\\\$}" # remove $ # SSID_SAFE="${SSID_SAFE//[$'\n']/}" # remove newlines # printf "Adding SSID: %-64s Original_Name: %-64s" "${SSID_SAFE}" "${SSID}" printf "Adding SSID: %-64s" "${SSID_SAFE}" GOOD=$(\ curl --silent \ -X POST \ -H "Content-type: application/json" \ -d '{"module":\ "PineAP",\ "action":"addSSID",\ "ssid":"'"${SSID_SAFE}"'",\ "apiToken":"put-yout-api-key-here"}' \ "http://172.16.42.1:1471/api/"|grep -c success) if [ ${GOOD:-0} -eq 1 ]; then echo " [OK]" else echo " [FAILED]" fi done How the bleep do I do that today ? Regards Keld Norman
  5. I think i ended up with this My Pineapple Nano with the modem and got it to work: #opkg install wwan guide pineapple wan sierra u320 air opkg update opkg install usb-modeswitch kmod-usb-net-cdc-ether # vi /etc/config/network option ifname 'wwan0' # under wwan # vi /etc/config/dhcp option ignore 0 # under wan
  6. Doh ! 1 point to Foxtrot - 0 to me You are so good ! of course it is there already :) - thanks :) I will look at the page source code - and see if i can get it to show it in the default listing so I can spot the devices i am looking for without hovering
  7. The card is called AirCard 320U BigPond ( a qualcomm chip) 3G The ttyUSB does not appear - but the SD card on the modem is shown root@mk7:~# lsusb -s 001:006 Bus 001 Device 006: ID 0f3d:68aa Airprime, Incorporated root@mk7:~# lsusb -s 001:006 -v Bus 001 Device 006: ID 0f3d:68aa Airprime, Incorporated Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x0f3d Airprime, Incorporated idProduct 0x68aa bcdDevice 0.06 iManufacturer 3 Sierra Wireless, Incorporated iProduct 2 AirCard 320U iSerial 4 redacted bNumConfigurations 1 ... Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 191 bNumInterfaces 7 bConfigurationValue 1 iConfiguration 1 Sierra Configuration bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 500mA Interface Descriptor: ... the dmesg: [ 63.470496] wlan2: authenticate with xx:re:da:ct:ed:xx [ 63.555564] wlan2: send auth to xx:re:da:ct:ed:xx (try 1/3) [ 63.570812] wlan2: authenticated [ 63.597942] wlan2: associate with xx:re:da:ct:ed:xx (try 1/3) [ 63.618587] wlan2: RX AssocResp from xx:re:da:ct:ed:xx (capab=0x31 status=0 aid=5) [ 63.699849] wlan2: associated [ 63.737384] IPv6: ADDRCONF(NETDEV_CHANGE): wlan2: link becomes ready <-- LAST LINE BEFORE ATTACHING THE Aircard 320U BigPond MODEM [ 287.378195] usb 1-1.3: new high-speed USB device number 5 using ehci-platform [ 287.539842] usb 1-1.3: config 1 has an invalid interface number: 9 but max is 0 [ 287.554445] usb 1-1.3: config 1 has no interface number 0 [ 287.571789] usb-storage 1-1.3:1.9: USB Mass Storage device detected [ 287.625020] usb-storage: probe of 1-1.3:1.9 failed with error -5 [ 290.157559] usb 1-1.3: USB disconnect, device number 5 [ 290.538269] usb 1-1.3: new high-speed USB device number 6 using ehci-platform [ 290.740515] usb 1-1.3: config 1 has an invalid interface number: 9 but max is 6 [ 290.755229] usb 1-1.3: config 1 has an invalid interface number: 7 but max is 6 [ 290.770073] usb 1-1.3: config 1 has no interface number 5 [ 290.781241] usb 1-1.3: config 1 has no interface number 6 [ 290.932927] usb-storage 1-1.3:1.9: USB Mass Storage device detected [ 291.013949] scsi host0: usb-storage 1-1.3:1.9 [ 292.070278] scsi 0:0:0:0: Direct-Access SWI SD Card 2.31 PQ: 0 ANSI: 2 [ 292.097114] sd 0:0:0:0: [sda] 124735488 512-byte logical blocks: (63.9 GB/59.5 GiB) [ 292.165271] sd 0:0:0:0: [sda] Write Protect is off [ 292.174934] sd 0:0:0:0: [sda] Mode Sense: 0f 0e 00 00 [ 292.212427] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 292.314471] sda: sda1 sda2 [ 292.356832] sd 0:0:0:0: [sda] Attached SCSI removable disk [ 298.568580] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null) root@mk7:~# cat /etc/*release* DISTRIB_ID='OpenWrt' DISTRIB_RELEASE='19.07.3' DISTRIB_REVISION='r11063-85e04e9f46' DISTRIB_TARGET='ramips/mt76x8' DISTRIB_ARCH='mipsel_24kc' DISTRIB_DESCRIPTION='OpenWrt 19.07.3 r11063-85e04e9f46' DISTRIB_TAINTS='no-all busybox' NAME="OpenWrt" VERSION="19.07.3" ID="openwrt" ID_LIKE="lede openwrt" PRETTY_NAME="OpenWrt 19.07.3" VERSION_ID="19.07.3" HOME_URL="https://openwrt.org/" BUG_URL="https://bugs.openwrt.org/" SUPPORT_URL="https://forum.openwrt.org/" BUILD_ID="r11063-85e04e9f46" OPENWRT_BOARD="ramips/mt76x8" OPENWRT_ARCH="mipsel_24kc" OPENWRT_TAINTS="no-all busybox" OPENWRT_DEVICE_MANUFACTURER="OpenWrt" OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/" OPENWRT_DEVICE_PRODUCT="Generic" OPENWRT_DEVICE_REVISION="v0" OPENWRT_RELEASE="OpenWrt 19.07.3 r11063-85e04e9f46"
  8. In Recon mode.. it would be nice to get all the client and AP mac's translated to what hardware it is (https://macvendors.com/) /K
  9. On the older Tetra i could use my Sierra Aircard modem out of the box. When I made a SSH connection to the Pineapple Tetra and ran ifconfig -a then i could see it as wwan0 I only had to vi /etc/config/network option ifname 'wwan0' # add this line under wwan and vi /etc/config/dhcp option ignore 0 # set this under under wan Then it worked. But here on the Pineapple VII i cant see the card What opkg update && opkg install xxx do i need ? I cant find kmod-usb-net-sierrawireless kmod-usb-serial-wwan kmod-usb-serial-sierrawireless kmod-usb-serial-qualcomm or anything that would make the card work ( like opkg list|grep -i sierra ) Any hints ?
  10. I got hold of two other Nano's and tested if they had the same problem ( errors indicated when using the /sd filesystem ) and tested on different SD card types and with different power supplys. I found that the SD card reader / driver in the design of the nano is f..... up. But i found a solution.. Now instead of the build in SD-card reader I am using the reader in the 3G Modem i am using ( AirCard 320U ) ( By the way it is really easy to get the 3G dongle to work. You only need to alter two files in /etc/config - add the wwan interface name as wwan0 and enable it in the dhcp file by adding a 1 to the setting for if dhcp is enabled on wwan) [ I would have added some images here but the forum did not allow me to upload them ]
  11. No they are not real (they do not exist "in the air" or at my computer ). They only appear on the Pineapple view and messes everything up inside of the SQLite database..
  12. I updated the firmware today to 2.7 on my Nano - and saw these strange SSID/WiFi names appear in the SSID Pool populated by the "Capture SSIDs to Pool" function (see number 6-8 on the image below) The names can not be deleted by selecting them and pressing remove ) They do not exist for real - ( I know that because I have been monitoring the wifi SSIDs around my location for many years ), so it must be some glitch somewhere - do you have any hint on what the reason could be and the workaround ?
  13. I cant install the rickrole module to SD - the nano crashes and restarts. Also on a clean install / reset with upload of a clean firmware.. any workarounds to this ?
  14. root@server:/srv/hak5# cat /lib/systemd/system/knockd.service [Unit] Description=Port-Knock Daemon After=network.target Documentation=man:knockd(1) [Service] EnvironmentFile=-/etc/default/knockd ExecStart=/usr/sbin/knockd $KNOCKD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillMode=mixed SuccessExitStatus=0 2 15 ProtectSystem=full #CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE #CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN [Install] WantedBy=multi-user.target Alias=knockd.service # Here is the knockd.conf in /etc root@server:/srv/hak5# cat /etc/knockd.conf [options] PidFile = /var/run/knockd.pid LogFile = /var/log/knockd.log Interface = ens192 [startHAK5] sequence = 80,1337,443,6666 seq_timeout = 5 command = /srv/hak5/port_knock_on tcpflags = syn [stopHAK5] sequence = 5555,443,1337,80 seq_timeout = 5 command = /srv/hak5/port_knock_off tcpflags = syn
  15. I got one step closer ( have not tested a client connection yet) Now my covert server is online and when you know the "secret" link you will get the c2 login page - in this example below the secret link is /hak5 To ensure it is not always online i have also installed knockd and run a start / stop script that ensures nothing from the c2 is exposed or running when I do not need the C2. To get knockd to work you have to alter /lib/systemd/system/knockd.service and remove or # outcomment the "CapabilityBoundingSet" line - then it can run the scripts. I am using iptables (not sure it is needed) -A POSTROUTING -o ens192 -j MASQUERADE Starting C2 like this: /srv/hak5/c2/c2_community-linux-64 -db ./c2.db -hostname www.my-covert-server.com -https -listenip 127.0.0.1 And I am use cloudflare and took cloudflares certificate ( they make it for you ) - converted it in to a pem and a .key file And in apache default-ssl.conf i added this: SSLCertificateFile /etc/ssl/private/my-covert-server.com.pem SSLCertificateKeyFile /etc/ssl/private/my-covert-server.com.key Then i found cloudflares CA cert by googling and added it also to the default-ssl.conf SSLCertificateChainFile /usr/share/ca-certificates/cloudflare/cloudflare-ca.crt and for proxying i added this (also to default-ssl.conf).. <IfModule mod_proxy.c> # a2enmod proxy # a2enmod proxy_http ProxyPreserveHost On SSLProxyEngine On ProxyRequests Off ServerName www.my-cover-server.com ServerAlias my-cover-server.com # ProxyPassMatch "/hak5/(.*)" "https://127.0.0.1:443/$1" ProxyPassReverse "/hak5/(.*)" "https://127.0.0.1:443/$1" ProxyPassMatch "/assets/(.*)" "https://127.0.0.1:443/assets/$1" ProxyPassReverse "/assets/(.*)" "https://127.0.0.1:443/assets/$1" ProxyPassMatch "/api/(.*)" "https://127.0.0.1:443/api/$1" ProxyPassReverse "/api/(.*)" "https://127.0.0.1:443/api/$1" ProxyPassMatch "/login/(.*)" "https://127.0.0.1:443/login/$1" ProxyPassReverse "/login/(.*)" "https://127.0.0.1:443/login/$1" ProxyPassMatch "/dapi/(.*)" "https://127.0.0.1:443/dapi/$1" ProxyPassReverse "/dapi/(.*)" "https://127.0.0.1:443/dapi/$1" </IfModule>
×
×
  • Create New...