Jump to content

billyblaxsta

Active Members
  • Posts

    71
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by billyblaxsta

  1. Hello,

    I am having the same php problems as a few other forum users so I wanted to provide a detailed analysis of the problem. Hopefully someone more knowledgeable can help.

    I installed php using opkg and tested that a php file loads in Firefox which it does. I added *.php:/usr/bin/php to httpd.conf (on the Fon) and added cgi.force_redirect=0 to php.ini (the = sign is not in the instructions at http://hak5.org/hack/pineapple-phishing but is necessary otherwise the browser tries to download the php file rather than executing it).

    I create dnsmasq.conf and edit it to show /#/192.168.1.1

    Here is what should happen:

    Client enters any URL ---> dnsmasq forwards them to 192.168.1.1 ---> the index.html file in /www issues a redirection to /www/redirect.php (code below) ---> the template for the specific redirected sites should load.

    Redirect.php is:

    <?php

    $ref = $_SERVER['HTTP_HOST'];

    if (strpos($ref, "facebook")) { header('Location: facebook.html'); }

    require('peets.html');

    ?>

    AIUI the server URL reference is checked by strpos. If the word "facebook" is in the URL then the user is forwarded to facebook.html; otherwise the user is forwarded to peets.html.

    The problem is that all websites forward to peets.html including facebook.com.

    My edited HTTP headers show:

    http://www.facebook.com/

    GET / HTTP/1.1

    Host: www.facebook.com

    HTTP/1.0 200 OK

    ----------------------------------------------------------

    http://www.facebook.com/redirect.php

    GET /redirect.php HTTP/1.1

    Host: www.facebook.com

    HTTP/1.0 200 OK

    X-Powered-By: PHP/4.4.7

    Content-Type: text/html

    ----------------------------------------------------------

    http://www.facebook.com/peets_files/lhm.css

    GET /peets_files/lhm.css HTTP/1.1

    Host: www.facebook.com

    Referer: http://www.facebook.com/redirect.php

    www.facebook.com/redirect.php should redirect to facebook.html but, as we can see, it redirects to peets.html.

    Why? Thanks for the help!

  2. Unless you started a dhcp server on Jasager then it doesn't come with one so you'll have to run one on your ICS machine.

    I don't want to sound pedantic but there is something I don't understand.

    If I connect a client to the Fon then look at its settings it says that the DHCP is 192.168.2.2 (which is the IP of the Fon).

    If I have not started a DHCP server on Jasager on on my computer then why would the client claim there is a DHCP server? And how would it receive an IP from the Fon if there is no DHCP?

    Edit:

    From http://hak5.org/hack/wifi-pineapple-first-connect

    Power up and connect an Ethernet cable between your computer and the router’s. In its stock configuration the WiFi Pineapple is configured with the static IPv4 address of 192.168.1.1. It is also setup to hand out IP addresses in the 192.168.1.0/24 range via DHCP. If your machine is configured to obtain an IP address automatically you should get something like 192.168.1.100 from it momentarily.

    This is what happens - the Fon provides my laptop with an eth0 address of 192.168.1.x. Does this not indicate that my Fon does have a DHCP server?

  3. What is listening on 192.168.2.234?

    If this is the gateway then it should be the IP address of the wifi interface (ath0 or wifi0) on the Fon.

    My impression is that I tried this previously and it didn't work but let me provide more detail.

    Before I begin let me stress that I have eth0 (not ath0) and wlan0 (not wifi0) - does that matter? Eth0 is the connection between the Fon and the Laptop and wifi0 is the connection between the Laptop and my wireless network.

    I also want to note that all I am trying to do at this stage is have a laptop connected to a wireless network then plug in the Fon and make sure that I can continue to get internet. I am not yet connecting another client to the Fon.

    So the connection is: Fon ---> Ethernet Cable ---> Laptop ---> Wireless network.

    The problem appears to be that plugging in the Fon changes the default gateway. Previously the default gateway is (for example) 192.168.1.1 on wlan0. The Fon changes it to a certain IP on eth0. So your question is: what is listening on this IP on eth0?

    The spacing below screws up but it shows the IPs for wlan0 and eth0.

    Wlan0 Eth0

    IP - 192.168.1.95 192.168.2.234 (different subnet to wlan0 IP)

    Broadcast 192.168.1.255 192.168.2.255

    Subnet 255.255.255.0 255.255.255.0

    Default gateway 192.168.1.254 192.168.1.95 (wlan0 IP) or 192.168.2.234 (eth0 IP)

    DNS 192.168.1.254 192.168.1.254

    It does not seem to matter whether the Fon's default gateway is the IP of wlan0 or the IP of eth0 - the following happens as recorded by Wireshark.

    There are three stages:

    First: wlan0

    192.168.1.95 (wlan0 IP) --> 192.168.1.254 (wlan0 DNS) DNS standard query A for website.com

    192.168.1.254 (wlan0 DNS) --> 192.168.1.95 (wlan0 IP) DNS standard response CNAME for website.com

    Second: eth0

    eth0 MAC ---> broadcast ARP who has IP of website.com - please tell 192.168.2.243 (eth0 IP).

    Third: eth0

    192.168.2.243 (eth0 IP) ---> 192.168.2.243 (eth0 IP) - ICMP destination unreachable

    What am I doing wrong? There is obviously some connectivity hence the DNS request on wlan0. All help gratefully appreciated.

  4. the gateway of the fon should be the ip of your eth0 on the laptop

    I am afraid that changing the eth0 gateway IP to the eth0 IP (as provided by the Fon's DHCP) does not change anything.

    I type in www.yahoo.com. Wireshark on wlan0 shows a request from my IP (192.168.1.96) to the DNS on wlan0 (192.168.1.254) then the DNS replies to 192.168.1.96 and that's it - no more traffic.

    Perhaps I have somehow misconfigured the relevant files:

    Here is my /etc/config/network file:

    config interface loopback

    option ifname lo

    option proto static

    option ipaddr 127.0.0.1

    option netmask 255.0.0.0

    config interface lan

    option ifname eth0

    option type bridge

    option proto static

    option ipaddr 192.168.2.2 # Fon IP.

    option netmask 255.255.255.0

    Here is my /etc/config/dhcp file:

    onfig dnsmasq

    option domainneeded 1

    option boguspriv 1

    option filterwin2k '0' #enable for dial on demand

    option localise_queries 1

    option local '/lan/'

    option domain 'lan'

    option expandhosts 1

    option nonegcache 0

    option authoritative 1

    option readethers 1

    option leasefile '/tmp/dhcp.leases'

    option resolvfile '/tmp/resolv.conf.auto'

    config dhcp lan

    option interface lan

    option start 100

    option limit 150

    option leasetime 12h

    list 'dhcp_option' '3,192.168.2.234' # Gateway IP - this is the same IP as the Fon gives to me.

    list 'dhcp_option' '6,192.168.1.254' # DNS - same as wlan0 DNS but I have also tried Google's DNS. Anyhow it appears that wlan0 queries its own DNS not that of the Fon.

    config dhcp wan

    option interface wan

    option ignore 1

    Any more ideas - thanks!

  5. what i think that happens is that the laptop see's both the subnets on both interfaces. most of the time the kabel connection has a lower metric then the wifi one.

    if you type route print in a cmd prompt you can see what your laptop thinks.

    either give your fon a other subnet or what maybe helps is bridge the wifi and eth connection on your laptop (not sure if that helps).

    Thanks for this suggestions and also thanks to Mr. Protocol. I have made some progression.

    The Fon (eth0) now provides an IP of 192.168.2.234. Its default gateway is 192.168.2.254.

    route -n shows:

    0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 eth0

    The connection between my laptop and the wireless network provides me with an IP of 192.168.1.95 with a default gateway of 192.168.1.254. Obviously the Fon is now on a different subnet.

    When I enter a URL e.g. www.yahoo.com, Wireshark on wlan0 shows that 192.168.1.95 does a DNS request on 192.168.1.254 which returns the Yahoo IP. However, after a few seconds the website refuses to load. Using the IP of Yahoo does not change anything (which, AIUI, suggests that the wireless network's DNS is not the problem). All websites refuse to load.

    I am getting closer but clearly something is wrong. Any more suggestions? Thanks.

  6. I'm guessing your laptop has a default gateway on the ethernet interface. If so, it shouldn't.

    I'm sorry but I don't understand what you mean.

    Here is the situation:

    Fon --> Ethernet cable --> Laptop --> Wireless internet connection.

    The ethernet cable connects to the laptop on eth0. The IP is 192.168.1.234.

    The laptop connects to the wireless internet connection on wlan0. The IP is 192.168.1.93.

    The Fon's IP is 192.168.1.5. This is the IP I use to ssh into.

    Forwarding is setup using (as root):

    echo "1" > /proc/sys/net/ipv4/ip_forward

    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    All ideas gratefully received.

  7. Here is what I am trying to achieve:

    Client --> Fon --> Ethernet cable --> Laptop --> Wireless internet connection.

    Here is what happens (and what goes wrong):

    The Laptop connects to the Wireless internet connection. The IP is 192.168.1.50. The DNS and gateway is 192.168.1.254. The subnet is 255.255.255.0.

    I then connect the Fon to the Laptop. The Fon's IP is 192.168.1.5 (same subnet). The DNS and gateway shows 192.168.1.254. The subnet is 255.255.255.0. These details are based on my editing of /etc/config/dhcp and /etc/config/network.

    I can connect the Client to the Fon's network. The client has the IP 192.168.1.20 (same subnet). It also claims that 192.168.1.5 is its DHCP server.

    The problem:

    The Laptop's internet connection stops working the second a connection is made between the Fon and the Laptop via ethernet cable. Disconnecting the ethernet cable allows the Laptop's internet to start working again.

    What am I doing wrong?

    Thanks.

  8. It is probably someone who knows about Karma style attacks and has put that as their most preferred network so that they know if they connect to it then they are being attacked.

    Have you seen anything like this before then?

    Especially from a RIM - I wouldn't have thought most people would use the wifi for internet when it has EDGE.

    So to clarify your point: if what you are saying is correct then the person always selects his network rather than automatically connecting so if an automatic connection takes place it will be the preferred network hence they know there is a problem. Yes?

  9. Hello,

    I have a legitimate connection to the eduroam network (www.eduroam.org). This networks allows students throughout the world to connect to the eduroam network. Eduroam is WPA2 Enterprise and so I need a username, password, and certificate. My University uses Protected EAP and MSCHAPv2.

    The first time I connected I used my external card (wlan1). Everything worked.

    Here are the relevant logs from syslog:

    Apr 26 21:39:20 myname wpa_supplicant[736]: CTRL-EVENT-EAP-STARTED EAP authentication started

    Apr 26 21:39:20 myname NetworkManager: <info> (wlan1): supplicant connection state: associating -> associated

    Apr 26 21:39:20 myname wpa_supplicant[736]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected

    Apr 26 21:39:21 myname wpa_supplicant[736]: OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)

    Apr 26 21:39:22 myname wpa_supplicant[736]: EAP-MSCHAPV2: Authentication succeeded

    Apr 26 21:39:22 myname wpa_supplicant[736]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed

    Apr 26 21:39:22 myname wpa_supplicant[736]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

    Apr 26 21:39:22 myname NetworkManager: <info> (wlan1): supplicant connection state: associated -> 4-way handshake

    I then disconnected and spoofed my MAC on wlan1. Then I tried to connect again. It failed.

    Logs:

    Apr 26 21:37:04 myname wpa_supplicant[736]: CTRL-EVENT-EAP-STARTED EAP authentication started

    Apr 26 21:37:04 myname NetworkManager: <info> (wlan1): supplicant connection state: associating -> associated

    Apr 26 21:37:04 myname wpa_supplicant[736]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected

    Apr 26 21:37:05 myname wpa_supplicant[736]: OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)

    Apr 26 21:37:05 myname wpa_supplicant[736]: EAP-MSCHAPV2: Authentication succeeded

    Apr 26 21:37:05 myname wpa_supplicant[736]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed

    Apr 26 21:37:05 myname wpa_supplicant[736]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

    Apr 26 21:37:05 myname NetworkManager: <info> (wlan1): supplicant connection state: associated -> 4-way handshake

    Apr 26 21:37:06 myname kernel: [ 320.448925] wlan1: deauthenticated from 00:27:09:2d:88:13 (Reason: 23)

    Apr 26 21:37:06 myname wpa_supplicant[736]: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

    Apr 26 21:37:06 myname NetworkManager: <info> (wlan1): supplicant connection state: 4-way handshake -> disconnected

    Apr 26 21:37:06 myname NetworkManager: <info> (wlan1): supplicant connection state: disconnected -> scanning

    I then looked up "Reason 23" here: http://etutorials.org/Networking/Wireless+lan+security/Chapter+4.+WLAN+Fundamentals/Basic+Choreography/ which told me it meant that IEEE 802.1X authentication failed.

    So I looked up IEEE 802.1X authentication failed and found this https://secure.wikimedia.org/wikipedia/en/wiki/IEEE_802.1X. If you scroll down to "Federations" you will see that eduroam is mentioned as an example of one of the networks that uses 802.1X authentication.

    I also tried with my wlan0 card and also could not connect. The last positive message was CTRL-EVENT-EAP-STARTED EAP. Then deauthentication.

    The only reason I can see that I could not access the network with my username and password is when I connected for the

    first time my MAC was logged and now only that MAC can access the network.

    The eduroam website has a detailed guide but MAC filtering is not mentioned. In fact, I cannot find anything that confirms my problem is the result of MAC filtering.

    Would someone like to confirm or challenge my assumption.

    I don't really understand why MAC filtering is considered sensible. A student cannot connect to eduroam if he changes his laptop, uses a friends laptop, or wants to use his Blackberry or iPhone to connect.

    Thanks.

  10. "The client will not connect to your fon if they have the "HelloNet" in their list of AP's. The fon can only accept open/non-encrypted broadcast connections."

    I'm a bit confused by this remark. I thought the whole point of Karma was that it responded by claiming it was the SSID the client wants. So why does it matter whether or not the client has HelloNet in their list of APs?

    Thanks again!

  11. The client will not connect to your fon if they have the "HelloNet" in their list of AP's. The fon can only accept open/non-encrypted broadcast connections.

    Let us imagine that the client has previously connected to ten networks.

    5 with WPA, 3 with WEP, and two coffee shop networks that were unencrypted.

    Am I right to think that the client will go through all their networks and then connect to the Fon based on one of the two unencrypted networks?

    If so, to return to my original question, would the client have internet access considering me (the laptop) has the key to HelloNet and not the client?

    Thanks again.

  12. thats your problem, it will try to connect then won't be able to complete the encryption handshake so will fail and disconnect again.

    I am a bit confused by this.

    Let us imagine that a client (Andrew) is connecting to the Fon which is connected to via ethernet cable to my laptop. I am then connected to a WPA network called HelloNet for which I have the key so I am able to use its internet.

    Am I right to think that because Andrew does not have the key to HelloNet that any requests he makes for webpages will not work even though I (the bridge) can use HelloNet because I have the key?

    Thanks.

  13. OK, I don't think I explained myself very well before.

    This is my understanding of how the Fon works.

    A random person (Andrew) connects to the Fon. The Fon is connected to my laptop via ethernet cable. I am connected to another wireless network called CoffeeNet Andrew wants to access www.google.com. He is able to do this because his commands are transmitted to the Fon, on to me, and then on to CoffeeNet.

    To do this I need to bridge. I am using Ubuntu.

    This is what I think I need to do (I will test tomorrow but want to understand the procedure now).

    Could someone please tell me if this is correct.

    In /etc/config/network

    option ipaddr 192.168.1.4 # this should be the IP of the Fon. It needs to be on the same subnet as the IP provided to me by CoffeeNet.

    option netmask 255.255.255.0

    In /etc/config/dhcp under config dhcp lan

    list 'dhcp_option' '3,192.168.1.10' # The should be the IP of the default gateway of CoffeeNet.

    list 'dhcp_option' '6,213.122.121.98' # This should be CofeeNet's DNS (although I could also use a free DNS like 8.8.8.8 for Google).

    In /etc/config/wireless

    option ssid MyNetworkName # sets the SSID.

    Could you please confirm the network and dhcp settings above will allow me to enact what I described should happen to Andrew. Thanks!

  14. I understand the theory.

    My question was how exactly do I edit the /etc/config/dhcp and /etc/config/network files to make the theory real?

    All I need to know is what the xxx's below should refer to.

    For /etc/config/dhcp:

    list 'dhcp_option' '3, xxx.xxx.xxx.xxx # what IP address should this be?

    list 'dhcp_option' '6, xxx.xxx.xxx.xxx # please confirm the xxx's are the DNS provided by the network I am using for internet access.

    For /etc/config/network:

    option ipaddr xxx.xxx.xxx.xxx # please confirm this should be the IP of the Pineapple which needs to be on the same subnet as the IP of the network that I am using for internet access

    Thanks!

  15. Hello,

    I am a little confused about editing the files on the Fon in order to bridge between the client who connects to the Fon, which is connected to my laptop by ethernet, and I am then connected to the internet by wireless.

    AIUI I need to edit the config dhcp lan part of /etc/config/dhcp.

    list 'dhcp_option' '3, xxx.xxx.xxx.xxx # the xxx's are the IP of [what exactly? - the IP the network I am using for internet access provides me or something else?]

    list 'dhcp_option' '6, xxx.xxx.xxx.xxx # the xxx's are the DNS provided by the network I am using for internet access.

    For /etc/config/network.

    option ipaddr xxx.xxx.xxx.xxx # IP of the Pineapple which needs to be on the same subnet as the IP of the network that I am using for internet access

    option netmask 255.255.255.0

    I am sure that some of this is incorrect. Any advice would be most helpful, thanks.

  16. Hello,

    I have a question about the bridging.

    The Pineapple can provide all clients with IP addresses. This happens when the Pineapple operates as a DHCP server.

    Those clients want Internet access. To do this you (the Pineapple owner) need to have an Internet connection.

    The Pineapple is connected to your laptop through Ethernet. Now you need to connect to the Internet yourself.

    AIUI this can happen in three ways: via wireless, via a 'phone, and via mobile broadband.

    Wireless means you need to have a connection e.g. be at a cafe. (I think I read somewhere that wireless was not recommended but I cannot find the thread and I cannot remember why it was considered inadvisable if this actually is the case).

    'Phone means you are using your Nokia (or whatever) as a modem. Presumably people who do this have unlimited data so are not charged. Whenever I use my 'phone for data (just checking websites on the phone - not connected to my laptop) the Internet is slow (even with EDGE). I don't understand why anyone would use this option - wouldn't all the clients have very slow connections?

    Mobile broadband means you will rapidly use up all your data (if you are using pay as you go broadband). If five people are connecting through you and using torrents or Youtube then the data will rapidly diminish.

    So what is suggested and why?

    Many thanks!

×
×
  • Create New...