hfam

No problem! I put a link to the tripod that I purchased from Amazon above. Did a lot of searching, tried to get one that looked sturdy and similar to Darren's from what I could see on the show. Here's the tripod, folded up, next to the hakshop-purchased Yagi: Here's a closer shot of the tripod connection plate. Note that the threaded screw is in the center, and in front of that is a spring-loaded peg. I intend to drill the appropriate hole for it soon, but for now it just compresses when I screw the antenna on: Here's a shot of where I drilled the hole in the mounting plate attached to the Yagi, and then used a tap to thread the hole. I left it on to provide more thickness (for more thread surface), as well as stability: Here's the Yagi attached to the tripod. Rock Solid! And lastly, here's a shot of the same, only showing the full extension of the tripod, both on the legs and the center post: I hope this helps you and anyone else wanting to mount the Yagi on a tripod! Next project is to mount the scope and/or laser pointer. I'll be sure to share what method I manage to come up with! Good luck!

I'm talking about the Deauth button on the Status page, upper right, just under the Airmon-ng options. Has anyone got this working yet, or can explain why it's not working, and if you DID get it working, what am I doing wrong? The dialog box asks for a BSSID. This is essentially the MAC address of an AP. So, we're trying to send "deauth" packets to that AP, dumping their clients, and forcing them to reconnect to MY Karma-enabled MK3. Here is the Association log as shown on my Status page: Association Log Enabled Checking SSID for start of association, pass through 001-sWLAN Successful association of 00:27:13:e9:4c:36 Checking SSID for start of association, pass through GroundZero Successful association of c8:aa:21:41:95:5b Checking SSID for start of association, pass through Guest Successful association of 00:40:9d:41:ae:78 Checking SSID for start of association, pass through Apple Network 0e5153 Successful association of 00:16:a4:01:1d:b1 Checking SSID for start of association, pass through Schneider Successful association of 00:16:a4:fe:08:ab In this example, I'm using the BSSID from the "Schneider" entry, which is: 00:16:a4:fe:08:ab I enter it into the dialog box containing the string BSSID, I leave the packet count at "5", and I hit "Deauth" After a few moments, the following appears on a new page: Deauth Host: 00:C0:CA:32:8D:68 Deauth Target: 00:16:a4:fe:08:ab Deauth Times: 5 Executing: aireplay-ng -0 5 -a 00:C0:CA:32:8D:68 -c 00:16:a4:fe:08:ab --ignore-negative-one mon0 00:31:25 Waiting for beacon frame (BSSID: 00:C0:CA:32:8D:68) on channel 1 00:31:50 No such BSSID available. Please specify an ESSID (-e). This occurs for any BSSID I enter, I generate the same results, with the exception of the "-c" entry, which reflects the BSSID I entered to try to send deauth's to. I'm stumped. How is this feature supposed to work? Am I doing something wrong? Any assistance would be greatly appreciated.

I'll be back home later on tonight and mucking about with my setup, so I'll try to assist, if you can provide some info below I'll see what I can offer: - Windows 7? - Laptop? - Using internal laptop wireless to provide Internet, and laptop eth0 to connect to MK3? - Are you configured per the Quick Start guide? Drive safe. ;)

Thanks seb, sorry to the poster in question, I knew I was forgetting to do something yesterday! :) On that note, in the latest firmware flash (v1.9), ALL included ngrep examples are commented out by default. This isn't a problem, just good for all to note that snapping on ngrep from the main page will result in 0 results. You must go and uncomment the appropriate line in the config file, or add your own, as well as turning on ngrep. The good news is that the ^M issue appears to have gone away (but I'll be keeping a close eye on it if I ever again use the GUI to edit the configs, just to be sure). Thanks again seb, amazing work! Noticed a lot of fixes and tweaks in this latest version...WiFi light is working on AP51, reboot button included (though it still just hangs and never does reboot), lots of other small but important fixes...you're the man!

If you're using a W7 box and the FreiFunk Gui to flash a AP51, I recently.posted some tips and revelations on how to get it working smoothly in Ghost's How To thread, it may be of some help to you.

Ahhh, forgot about the advanced box, thanks! Ill definitely try some command line options! The dialog box for the deauth is labled as BSSID in the web Gui. I assume that's the Xx:Xx:Xx:Xx:Xx:Xx format, so I tried it both ways. Only using the Mac generated results that looked like it actually ran, but with the beacon.error. Ill try some command line options tomorrow and stop.back with the results.

Right, that's what I thought and how I was using it, but was getting a beacon error every time so I second guessed myself and thought maybe I got it wrong or there was something I was missing. Its the Mac addy of the AP, but I haven't been able to get it to work for me, not sure why though other than I get a beacon error.

I was.putting in the hw addy. I.e. 76:a4:35 etc....thinking command line options. I.don't have it fired up at.the.moment, but you're saying take the.actual SSID string, enter it in that field, hit deauth, and the MK3 will broadcast the deauth to all clients on the target AP X times as specified? That's how I thought it worked, I tried it using the SSID, no go. I then tried it using the hw addy of that AP, but.I kept getting a beacon error so I thought I was doing something wrong. I guess I got it right but I cant make it work for.some reason

I was also wondering how that is used? I'm probably being rather thick here, but it only has one input. In other words, what is that field asking for? the SSID? The MAC addy of the client you wish to deauth? I can't seem to find enough relevant info as to how we use the button with only one variable to input, and how that would work...again, sorry if it sounds stupid. Would you mind giving a brief explanation as to how that deauth button works? I'd sure appreciate it. Thanks!

VERY nice, I also did not know this! Just ordered a few...USB to type M for $2.39/ea on amazon, delivahed! ;) Thanks for the info!

HA! That's awesome!! I'm glad it helped, congrats!! :)

*edited* Had a few issues, seemed the flash wouldn't take on my AP51 MK3 from hakshop. If you're using a Windows 7 machine, and it's the one you've configured to work with the pineapple using the Quick Start method, and everything is working fine as is: - you do NOT need to reconfigure your eth. Continue to use 42.42. I then followed the Ghost's guide. However, I'd tried it before this, and it didn't take, used both a patch and a crossover, neither worked. When it finally worked, I'd made sure that I was *quick* to hit the router power as soon as "no packet" came up, within a second. Only then did it take...FreiFunk started showing the transfer of the files, indicated it was flashing the fs and kernel, etc, and finished about 4 minutes later. The other odd thing was that I was running ping /t against 42.1 the entire time. Wanted to see if when I tried it again exactly when the interface came to life. Sure enough, that, and being quick on the power, was when it took. So, for what it's worth, if you're having trouble, maybe some of the above will be helpful. Summary: If you're running Windows 7, have a hakshop AP51 MK3, and you're using the machine you setup in Quick Start for the MK3, you don't have to change the eth IP, just follow the rest of Ghost's guide. Also maybe helpful for some: You can confirm that WinPcap is installed and running on W7 by doing the following: Start/Run/msinfo32 Then: Software Environment/System Drivers/NPF confirm that it's running in the far right column. If you see it there, that's WinPcap, and you're good. If not, get it started, or reinstall 4.1.2 Sorry for the long post, figured maybe there'd be some helpful info in there. It's replacing my pre-got-it-fixed post. :) Thanks Ghost for putting that guide together!!

ahahah! Well, whaddya know about that? :) I'm about to flash my hakshop MK3 to 1.9...awaiting my two separate shipments of 2 ea :) :) :)

Now THAT'S what I'm talkin' 'bout, Willis!! One could easily own an entire city block with a handful of these. I work in a high-rise office building with a LOT of ground floor cafe's, etc, all around on the adjacent blocks, all with free wifi!! It's like fish in a barrel!! There are dozens upon dozens of open WAPs, and they're all heavily populated. I think I'm gonna grab 2 more, just to be sure I have enough. :)

IIRC it's in /www/pineapple, but it's been a few days since I was mucking about with it. Look there, I'll confirm tonight and stop back here.

Yeah, wasn't sure about the "Evil MK3 PineNet" thing. :) There are so many "targets" in the area where I work, figured strategically placed, capturing on their own, the results might be interesting to say the least. Place and gather routines. :) Well, it seems I'm quite late to the whole Pineapple concept, and I'm definitely hooked! Since the chipset this project is currently working with is truly discontinued, I figured I'd better get caught up with some extra hardware. :) I grabbed two yesterday, and with the hakshop one that makes 3, so I'm probably good to go with that. It sounds like the AP51 is a perfect platform for this project, and always nice to have a working spare if nothing else. :) Thanks again for all the assistance. Now if my workload can just relax a bit I could actually start having some fun instead of coming home exhausted every day!! :)

Nice!! Where do *I* sign up for THAT deal?? ;) Am I understanding correctly that this.particular chipset is disco'd? Im thinking of.ordering even a.few.more if that's the case, they're cheap enough and it seems like this.project is going to keep building on this platform for quite a while, so its an investment of sorts. So, good idea to stock up on a few more now? Plus, how cool would it be to setup an Evil MK3 PineNet...5 or 6 of em setup in a.very.target rich enviroment...office building with coffee shops on the ground floor. ;)

K know.what you're talking about. This one I got (link above) is just a screw and the alignment pin thing. So, I too left the plate on to.afford more thickness/thread surface. I drilled and tapped the hole, and it works PERFECT! ! Going to drill a small hole for that spring loaded alignment pin,.and its.good to go! Rock solid and super stable! Tap is definitely the way to go.

For fast shipping, the distributor you listed already shipped my order, like 1 hr after I placed the order, shipped!

That's what I wanted to hear! Thanks again for all you do! :)

God damn I love you guys soooo much!!! Just ordered 2 more AP51's (thanks Mr. P for the tip in the other thread!), can't wait to setup my battery of evil goodness!!! :) Is there any "locked" issues with these 2 I ordered, or can I just go ahead and flash 'em up straight out of the box? Thanks again all!

Hi Darren! Thanks for the reply! Funny thing, this happened after I'd applied 1.0.2. ngrep worked "out of the box" just fine when I enabled it, but I'd cleared cache and changed the comments around in the "preconfigured" ngrep statements (cookies was uncommented by default, wanted to see how effective the password statement was). I performed those changes in the web interface, and I suspect that's what ended up putting those ^M's in there. I've been busy for the past few days, but I'll fire it back up tonight and confirm that it's not putting them back in there. May have just been a goofy fluke, but I'll confirm tonight. I'm having a LOT of fun, and not afraid of a challenge, so no worries there! Thanks for clearing up the ngrep reboot/hang issue too. Understand about the developing cleanup process. I'm just glad you, seb, etc, are all out here doing what you do, thanks millions! BTW: n00b to the show. Put up a Roku2 (dumped CableTV), discovered the Revision3 "channel", discovered Hak5, and the rest is history! :) LOVE the show, and thanks again for the overwhelming awesomeness! I think I bought one of everything that runs on power from the hakshop (thanks to Snubsie for getting my stuff out so quickly, still waiting on the Duckie!!) I have a 15 year old "treat" I have to dig out of storage and send you for the show. :) Keep up the great work, brother!

I just ordered 2 of these. Spoke to customer service on the phone (PayPal doesn't seem to be working on their site, but google checkout is) and he indicated they were out of these for a while, but he confirmed that THEY ARE BACK IN STOCK! Don't let 'em get away! Thanks for the heads-up Mr. Protocol!

Waiting on my tap kit to arrive tomorrow, but I've got the hole drilled and ready to go. I tried something else which some of you may want to try. It failed, but I'll tell you why. I looked for a nut which fit the screw on the tripod. On my tripod, there is the screw, and there is also a little spring-activated post which presumably "snaps" into a corresponding hole on a camera, aligning it seems to be the purpose. So, I noted the depth to which the tripod screw went into the nut. I drilled a small hole (to accommodate over-screw) and then epoxied this nut directly over the hole. I marked the distance to the "spring-post-thingy" and epoxied another nut onto the antenna just in front of the first one, so when screwing in the tripod, the holes would like up. I then epoxied 2 more of the same nuts on either side of it, forming a diamond shape, the rear-most nut being the one the tripod screws into. The 2 I epoxied onto the side were to give it stability when screwing it down onto the tripod. This would have worked REALLY well, but I failed to rough the surface of the plate on the antenna first. When the epoxy dried, the surface of that plate is so smooth that the epoxy just "snapped" off. I already have a tap/die kit on the way, so I'm just going to tap that hole and use that. However, if you were to rough the surface of the plate before applying the epoxy, I could tell it would work excellent. It was stable and sturdy as heck, and most of all, really cheap to achieve. Anyhow, thought I'd throw that out there for those it may help. I'll let you know how the hole tap method goes tomorrow night.

Thanks brother! I was looking over digininja's redboot guide, and would require me doing some serious catching up on how exactly redboot is implemented, etc. Not that I mind, but at this point I'd rather take the path of least resistance regarding flashing a new version to the MK3, and spend more time learning/using the MK3 itself. I'll definitely take the advice you've both given and go with the GUI version tonight. I'm a bit apprehensive, but you guys who are clearly well-versed in this process have given me some confidence :) Looking forward to your guide too! Thanks again for all the assists and great work you're all doing!! I'll stop back in tonight after I've had a chance to flash the latest 1.7 using the GUI.