Xcellerator

No, not at all. Heartbleed is (as far as the general public and industry are aware) a bug that has only just been found. It works by sending a specially crafted request to the server that results in the client receiving a small chunk of memory (64 K to be exact) that *can* contain things like secret keys that can lead to user login details. SSLStrip just forwards all HTTPS requests to the equivalent HTTP site. You can then perform a MITM attack to snatch all the plaintext login attempts sent over the network to the gateway.

After the initial boot, SSH will always start by default, unless you were to set a boot mode that disabled it for some reason. Reaver and Bully exploit a particular weakness that most routers that use WPA have - WPS. Reaver and Bully will only work against a router that has WPS enabled. Even then, the processing power of the pineapple combined with the fact that most routers will lockout WPS attempts for a certain amount of time after a few failed tries means that it can still be very slow. However compared to the old-fashioned ways of bruteforcing a WPA handshake, its still fairly quick. I'd still recommend running reaver or bully from a laptop if possible. If WPS is not enabled, then you have to resort to the old-fashioned ways. I've used wifite with some success from my pineapple (its just a python script you can run over SSH - google it.). Personally, I would advise you to read up on how WPA works (4-way handshakes etc) and how you go about cracking it before using a script. It's always better to know what the programs you use are actually doing!

One thing I forgot to mention, that a LOT of people have asked about: during the first boot, it does take while (around 5 minutes) to complete the first flash. Don't panic, just leave it and let it run..

Glad to hear you've ordered a pineapple! 1) Here is the location of the manual included with the Pineapple: http://wifipineapple.com/mk5/booklet.pdf 2) Absolutely, in fact you're encouraged to do so! After first boot and initial setup, you can go straight ahead and whip out the sd card. The pineapple will actually function just fine without an sd card, but the internal storage is quite limited so thats why nearly everyone just leaves an sd in. 3) It won't do it automatically, you just have to go into the Configuration Tab and click a single button. Very straightforward. 4) Nope, not at all. You can leave them on, or delete them. They'll serve no purpose just sitting there on the SD card. Hope this helps!

There has been talk from both Darren and Seb that "work is in progress" concerning updating Karma. There was a thread a while back where someone got pretty close by broadcasting specific beacons of the requested SSIDs which seemed to work. Only problem was the nic crashing when too many SSIDs were setup.

I suppose you could write a script similar to the android brute force one to try an outrageous number of passwords. If the password was longer than ~5 characters alpha-numeric or even just alpha, then you're gonna be waiting a heck of a long time. It might just be better to try some commercial or opensource software that will bruteforce the password. I know they exist, but couldn't recommend one as I've never used one.

Surely you'd just need to arpspoof the device you're after, as theyettihunta said. You're not the gateway, so you wouldn't be able to pick up ALL the devices, but if you pick a specific device - no problem. You don't actually need a pineapple for it though, a laptop would work just fine. Have a look at this, its basically the same thing that I've followed before (albeit from a laptop, never tried with my pineapple) http://robospatula.blogspot.co.uk/2013/12/man-in-the-middle-attack-arpspoof-sslstrip.html

It reformists everything apart from what's on the SD card. Any infusions found on the ds card are automatically added to the web interface after an update though.

I understand your predicament. As far as full system images go, I'm unaware of anything that fits exactly. However, for your circumstances, I would personally write a script for each configuration that would both set your interfaces how you want them and copy out backups of your various config files. So basically copy out your configuration files (rc.d/init.d/etc) to some folder in the home directory. Then have a script copy them out to their proper place on boot. So you can then use the DIP switches to call on the scripts automatically. It's a bit of a fudged fix, but it would work out, and seeing as each of the files are so small it would take no time at all. Secondly, I'd recommend you take a look at this site here from the OpenWRT website: http://wiki.openwrt.org/doc/devel/crosscompile. The executables on the Mark V are not unique to the Mark V at all, they are just compiled for OpenWRT (hence why there are so many packages available in opkg manager). It's quite an easy setup especially if you're familiar with linux, which it sounds like you are. Hope this helps!

For the first thing, what exactly are you after? What kind of configurations are you looking for that couldn't be accomplished via the DIP switches? I just have the DIP switches take care of it all. Maybe if you tell us a little more about what you're after we might have some better solutions. Secondly, by compiling I assume that you're talking about actual executables seeing as you mentioned ettercap. Is there a problem with your openwrt toolchain? I've had no problems compiling a few executables on my linux machine with the tool chain and just copying them over to the pineapple.

Just a reminder that the Mark V has been specified as the LTS model, so a new hardware revision isn't gonna happen for quite a long time. That said, the PoE would be fantastic.

First off, karma runs on wlan0 and has nothing to do with wlan1 which is what client mode uses. You can keep your network key on your router and just use client mode to connect as normal. In order to attract clients, you need to have Karma running, but the Karma SSID can be called anything you like. Although it would probably be a good idea to change it from the default "Pineapple5_XXXX" to something inconspicuous like "NETGEAR" or even "Free WiFi" - you never know, you might attract even more people who unwittingly connect to "Free WiFi"..

Can't you just get it from the Launchpad page? https://launchpad.net/ubuntu/+source/gqrx-sdr

It all comes down to wattage. The pineapple can run at 5-12v on around 1.5A (think it's 1.5, might wanna double check). That means it can handle 7.5W up to 18W, of course these will be conservative - the range will be larger than this, but these are the recommend powers. So, you could say run it at 6v at 3A to get 18W safely. (Wattage = Voltage x Current)

Entropy is just a measure of "randomness". It's associated with the order (or lack of order) of a system of particles (or anything else, but usually simplified to terms of just particles). It computing it's usually referring to the entropy in the memory. Writing data to memory will ALWAYS result in a change in heat which in turn causes a change in entropy. So "The Entropy Bunny" is just a loading icon. If it was staying up for too long, it is almost certainly a software bug and it should of disappeared. I'd imagine it's related to when the client mode "connecting" bar stays up too long.

When you connect the pineapple to the computer, and "lose connectivity", can you still ping the pineapple? Are you using Windows or Linux? Have you set the local machines IP address to sit on the same subnet as the pineapple? (i.e 172.16.42.xxx rather than 192.168.1.xxx or 10.73.xxx.xxx)

You've got to remember that Hak5 is composed a very small number of people. They aren't some huge corporation that are going to role our bug fixes within hours of issues being reported. I've had my pineapple for months now and yeah I've had a couple of issues with Karma but not since the latest firmware (1.1.0). I'd encourage anyone interested in WiFi exploration to pick up a pineapple.

Thanks! I only wanted to be a brief intro so people can get started with some of the deeper understanding of whats going on.

The thing is, I take it that you'd also want to execute this executable (I assume its an executable you're talking about extracting) from memory. In-memory execution is not easy to pull off - it requires some kind of executable to already be running. A possible scenario could be powershell executing some base64 encoded payload straight into memory or a buffer overflow exploit that injects a reverse shell. So, you're pretty much stuffed with dumping a binary, which means getting it past the AV. A technique you could try is creating a volume shadow copy (a system restore point but for a specific directory), which cannot be edited once created. This would preserve your binary from any snooping AVs. Then you can mount the shadow copy and execute from there. Any AVs with memory scanning features would *probably* pick up on this, but you'd be screwed anyway if that happened!

A computer can perform the same basic functions as the Pineapple. Look into "Karmetasploit". And as above, 2.4GHz is well above the range of rtl-sdr even if they could transmit.

Alright, so I decided to write up a short intro to RF. Its got the basics of electromagnetic waves, including definitions like wavelenght, frequency and so on. It goes on to describe a few basic digital modulation techniques, how they work and what they're used for. Finally, it goes on about sampling and why we need I/Q sampling and what it actually is. Hope its helpful to someone out there! http://www.mediafire.com/view/yza84fmazflonl0/rf.pdf I quite like writing up tutorials, so if anyone's got any other ideas or requests they'd like in a tutorial like this, comment what you think! It can be more technical, practical or even theoretical if people prefer! Let me know what you all think!

Take a look at AndroRAT, https://github.com/DesignativeDave/androrat It'd take some setting up, but I guess it could be possible to get it installed on an android via the Ducky?

Alright! I'll start off this train, then! I'm using WPA2-Personal with AES. Here is the output of iwlist: Only my AP is shown and I've hidden the MAC Address. In the Pineapple interface, it displays my AP as having the right encryption. However, when I type iwconfig, it claims that wlan1 is connected in managed mode to my SSID, although I get no replies from any ping requests and refreshing the network tab still shows "Wlan1 IP: n/a". This always happens after a reboot (complete power cycle). If I connect again through the web interface, "Connecting, please wait" spins indefinitely and doesn't ever stop. If I exit the page manually and refresh the network tab, it confirms I have an network IP address from my AP, and I get replies to ping requests. In other words, I can get Client Mode to work, but its buggy to get it running.

Well, according to "Down for everyone or just me", the url doesn't exist. http://www.downforeveryoneorjustme.com/www.islayer.com Sslstrip *should* be able to handle that just fine, so I'm not sure why the logs freaked out like that. Maybe try disabling Karma and keep sslstrip running. Then try and browse to "www.islayer.com" or any other site that doesn't exist. If it happens again, it should be reported as a bug. UPDATE: After Googling "islayer" it appears that it was software for Hackintoshes (non-apple computers running hacked versions of OS X) that is no longer available. The device that connected could have been a hackintosh that automatically checked for updates and queried the URL in an odd way that sslstrip didn't like?

It says that the DNS Lookup failed. Are you connected to the internet via the Pineapple in Client Mode on wlan1? On seconds, it appears that the address "www.islayer.com" doesn't actually exist? What were you doing browsing wise when you got this error? If it wasn't you, do you know who or what was connected (possibly through Karma) that made the DNS request?