telot

Just signed up for the webinar :) Thanks for the heads up on the freebie router! telot

You're looking for the interceptor. See the hak5 video on it. Unfortunately the hardware is hard to find these days (fon+). Irongeek has some how-tos on his site on using a raspberry pi, which is the direction I would recommend if you've got one handy. Otherwise the wifipineapple mark4 should be able to be used as such, but it will cease to act as a pineapple as far as I can tell, and instead be more like an interceptor. This has not been done before, so it will be likely cause headaches, but whats awesome is you can share what you learn with the community and get mad bonus points! telot

Not all the tools are available in apt. Many of them are, but not all (metasploit for example). BT is so popular because they've got all the dependencies, done all the tweaking, and worked through all the bugs for you. Its ready to roll, with nearly every tool available. BT is based on Ubuntu, as you mentioned, so there is certainly nothing stopping you from loading what tools you'd like into Ubuntu. I certainly don't need every tool in backtrack, so I just pick and choose what I'm interested in. That said, I always keep a live disk and Backtrack VM's around just in case. telot

Already got it going :) Now to figure out how to wire up a better switch that can be used with the case on it... Thanks agian midnitesnake telot

Holy shit its happened! Thanks midnitesnake! Now to figure out how to upgrade my old duck... telot

You are quite welcome skrite In order to have backtrack see the alfa, you forward USB devices to the guest OS. Each virtualization suite will handle this differently, but they all have the feature. To get a proper IP from your router (not NAT via your host) to the VM - simply setup bridge mode (at least thats what its called in virtualbox) for your VM. That way you can scan as if you're on the network, just as your mba is. telot

As a fellow mba owner, I can understand why ubuntu (or windows) dual booting is not ideal. OSX is highly optimized for apples hardware and vice versa. You sacrifice battery life and oftentimes driver efficiency by booting into anything but OSX. Its a tradeoff that 90% of consumers never have to deal with, as they just stay in OSX full time. With that in mind, I would recommend going with a virtual machine of backtrack or ubuntu if you need the tools, but for the most part I just do like you were saying and use the terminal and wireshark in OSX. The other downside to going with apple, is it doesn't work great with the pineapples ICS (as you saw from the link from an inebriated Mr-Protocol), but it is workable. These are all tradeoffs we have to make in order to enjoy a great, if not the greatest, laptop. telot

DrDinosaur - I believe Darren was using mdk3 for his occupineapple stuff. I can't really remember the details, but I'm a command line guy myself, so if you ssh into the pineapple, you can use these commands: opkg update opkg install mdk3 Then run the various mdk3 commands that Darren uses for the spoofing of list of fake SSID's. pr0l3 - Have you read the pineapple book? See the pinned thread on these forums. If you're still having trouble, start a new thread and give all the details you can and I'm sure we'll be happy to help. telot

Its been about a week since I last plugged this, so heres the usb card I use everyday, all day long and with all types of power packs (5-12v batteries and usb port powered). I highly recommend it http://www.supertalent.com/products/stt_usb_detail.php?type=Pico Enjoy! telot

Is there a reason you want to run all those separately? I'd take a look at running these alternate OS's in virtual machines. If you get the ODD adapter you're talking about, put the 500GB in there and then buy a SSD for your main OS, of which I'd recommend windows or a well suited distro of linux (not backtrack). Also throw in an 8GB stick of ram (super cheap) and you're set. Running backtrack and windows 7 at the same time, each with 2GB of ram, each pulling as much space as they want from the big old 500GB - all while leaving you with the same 4GB of ram you have now plus a new screaming SSD for your host OS. Theres lots of advantages to this such as snapshots, not constantly rebooting to get into another OS, you can setup vlan's between your "victim" and "attacker" so you won't accidentally hack your roommates, etc. telot

As I've now got Karma working on my raspberry pi, I'd love to see the UWUI ported to that :D Doing a touch-optimized version for android tablets (even better - the n900!) might be fun and add some challenge for you as well. Thanks again for sharing this very nice tool with us Moriarty! Cheers! telot

wychwood: Welcome to the pineapple community! We're always glad to have another pineappler added to our ranks. Here is a link for a powered usb hub that I and other heavy users utilize everyday with great success: http://www.newegg.com/Product/Product.aspx?Item=N82E16817394106&Tpk=F5U404PBLK Perhaps the next iteration of pineapple hardware can be even more specialized and offer us 2 or 3 over-spec-powered usb ports... telot

Hello all I've been playing with my pineapple and my newly created raspberry pi running karma (all hail digininja!). Normally I test my karma'ing with my trusty "victim" laptop, but this time I decided to use my ipad instead. I couldn't help but notice that when I have sslstrip running, few apps are able to load, and when they do, there is usually some erratic behavior in the app. Either they sit and spin (loading animation) or just straight up fail (...Please check your network connection) or other bizarre behavior (facebook app on iphone says I have no friends when I goto my News Feed). This to me is quite the red flag raised to the vast majority of real world victims, who unless you're targeting a specific persons laptop with white/black lists, will no doubt be using a smartphone/tablet. With the proliferation of "post-pc" mobile devices, the lack of internet-connected-app support does not bode well for those of us who enjoy the benefits of sslstrip. Anyone have any ideas on how I can fix this? It must be something in my sslstrip preparations/command that I can change right? Here is my usual "dump 'n strip" script that I run via wps button press. #!/bin/sh tcpdump -i eth0 -w /usb/cap.pcap -n net 172.16.42.0/24 & iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000 sslstrip -w /usb/sslstrip.log & I know, the port 80 to 10000 is weird, but thats what was in the how-to sslstrip forum post and I've been using this script for 6 months and it works fabulous otherwise. Any help is much appreciated fellas, as always! telot

And do the "Find the Pineapple" game Darren has mentioned before! Next time we'll plan better telot

Parity: I recently learned about this by way of Security Onion. I needed a way to sniff all my traffic in order to run snort and snorby and all these awesome intrusion detection tools (which work best by sniffing the entire networks traffic). For the most part, yes, you'll find these "span" ports on commercial, industry grade switches (mega $$$) but there is a cheap alternative. The company is kind of no-name (Mikrotik), but the product is totally sound. I've been using it for months and it works as advertised without fail. http://www.roc-noc.c...rd/rb250gs.html TheKingUnderTheHill: Another option is to sneak a passive lan tap in there. You can buy one of the two available on the hakshop, or you can build your own quite easily with some spare cat5 cable and some female ends, which you can pick up at home depot...hehe pick up some females at home depot... telot

Also saw it at Derbycon - Mr. P probably heard me guffawing at the ridiculousness of it. Hot chick, sure. Iphone taped to her hand as main plot driver, sure. Good hacker movie? Nuh Uh. No way. Sneakers, Hackers, War Games - now those are decent hacker movies. telot

The way that I know is by using Airbase-ng - a tool found in the aircrack-ng suite. Vivek has some videos on using airbase in his wifi megaprimer on securitytube.net. Theres pros and cons to using airbase over the pineapple (i.e. you can capture a wpa handshake with airbase). As cool as airbase is, I must warn you - its not nearly as slick as the pineapple is. Theres a lot of benefit to using specialized hardware for this task. As an example, you have to configure your own DHCP server if you want to use airbase effectively, whereas the pineapple of course is essentially all plug and play. Since Mr. P didn't really answer this aspect of your question: the fon is another kind of wifi router that the karma/jasager was originally developed for by Mr. Robin Wood (aka digininja). Just google fon router and you'll find all the info you need about it. Good Luck! telot

Honestly, a wifipineapple might be a decent way to start. Its a great platform for getting your head around networking in general, sniffing traffic, deauthing (taking down an access point), phishing, and pranks. Watch the episodes on it and pour through the forums and wiki. Go back and read some old forums posts with lots of views and replies to see what problems and questions people have had. telot

macbook air here - usb 3.0 works fine with virtual box running OSX as host telot

odroid x2 might give you the oomph you're looking for petertfm, though multiple core support would be a must to get max benefit from it... http://www.hardkernel.com/renewal_2011/products/prdt_info.php?g_code=G135235611947 The pi would be a good replacement as well - I've been using pwnpi to run my pineapple for months now and it works great. Use the pi when I need some horsepower (msf and set...though msf is pretty slow still) and use the pineapple soley for karmaing stripping and dumping. Either way, this UI is looking sicker and sicker - can we get some instructions for use on the pineapple Moriarty? I'm sure I can get it going, but with all this rummed up eggnog, I think getting step by step instructions would be most appreciated! lol telot

For example: scp -r -v OSXdir 172.16.42.1:/WP4dir/ so... scp -r -v /Users/chriswhat/Wp4Files/ 172.16.42.1:/usb/ telot

Judging by the nearly ten thousand views this thread has gotten, I'm not the only one waiting with bated breath for this release! This will mark another milestone for our lovely little pineapple...a christmas present from digininja and our resident module master WM. With promises of holiday firmware cheer from Seb too, this is shaping up to be a very merry holiday! telot

Would you mind elaborating so that if someone else has this issue they can easily find the solution? Thanks bmfmancini! telot

Thanks very much reflex! I've been using 2.0 for a couple months now and love it. Keep up the great work! telot

mondrianaire: I aim to please! Pwnd2Pwnr: $50/per gets you the board and you'll need your own microusb cable. telot