Jump to content

telot

Dedicated Members
  • Posts

    803
  • Joined

  • Last visited

  • Days Won

    12

Posts posted by telot

  1. This will get pinned to my title bar the moment its released! Whistle Master, you need a Donate button man. I'm sure I'm not the only one who wouldn't mind supporting the guy who has created 90% of the pineapple bar! Or at least be sure to come to DerbyCon so I can buy you dinner or something.

    Thanks again WM

    telot

  2. Or you can build/buy a Lan Star from the hakshop (theres guides on the internet to build your own of course too) and install it between the router and his computer, then with wireshark for windows put your card in promiscuous (windows supports prom but not mon right?) mode and sniff the traffic. Again as digip rightfully reminds us, this is totally illegal, especially if you don't own the network and all the machines on it...

    telot

  3. I ran into this same problem with tcpdump...the way I got around it is to bind my tcpdump script to the wps button press. This may not be ideal for you, but works for my situation (where I am nearby my pineapple whenever I boot it - I don't have it stashed out of sight anywhere). Perhaps Seb can chime in with info on rc.local and any available alternatives?

    telot

  4. What browser(s) display a certificate error in your experience Inf? When I tested sslstrip on my pineapple with Chrome I received no errors...more testing is needed on my end apparently...

    As for your ramus313 - I'd implore you to get a pineapple, they're wonderful tools that are great for gaining an understanding of the ins and outs of networking. Theres dozens/hundreds of us all at different levels of knowledge helping each other out, so be sure to hop over to the Pineapple forums if you run into any issues - we're noob and guru friendly! I have to admit that I mention this for selfish reasons too, as it's always great to have another fluent programmer in the community, so I hope to see you over there!

    telot

  5. mon0 is your wlan0 in monitor mode. So when mon0 showed up in your first ifconfig up there, that was your wifi going into monitor mode via airmon-ng. Theres no need to put wlan0 into monitor mode as you've done here.

    If you want to read up on how ifconfig downing mon.wlan0 and wlan0 effects your pineapple, heres a good post to read:

    For your convenience, heres the awesome part:

    I've been playing around with site survey this morning - and of course I love it. Does exactly what I need it to do, bring down APs. One issue I'm curious about is why are we given the ability to turn off/on the monitor interface? For instance:

    In this scenario there are three ssid's I'll reference: 'netgear' (the legit AP), 'free_wifi' (my default pineapple ssid) and 'FAKEAP' for my stored open auth ssid on my victim. I connect my victim (evo4g android phone) to my legit AP, 'netgear'. I fire up my pineapple, connected to a BT5 laptop, turn on karma and goto 172.16.42.1/pineapple/site_survey.php and theres nothing listed as expected. If I turn off mon.wlan0 first and turn it back on, I lose all ability to karma victims. I still have my free_wifi ssid (my default ssid, as opposed to "pineapple") but no FAKEAP is ever responded to my victim. Manually instigating a probe request by turning off/on my wifi on the victim does nothing, as the pineapple is not "listening" for AP's on wlan0, its using mon.wlan0 to listen for probe requests (it HAS to be! its the only way this makes sense). So by turning off mon.wlan0 you destroy the pineapples ability to say "YES" anymore, even if you bring it back up as mon0 (standard airmon-ng fare).

    Power cycle the pineapple fixes it all of course. Now if instead of bringing down mon.wlan0 and bringing it back up as mon0 - if I just turn off WLAN0 and bring it back up, I see my list of nearby APs and it deauths the netgear AP just fine and karma's my victim right to the pineapple, like a champ. So my question is why do we even give the option to turn off/on mon.wlan0? There doesn't seem to be a need to, and in fact it hurts what we're trying to accomplish.

    telot

  6. If you want to use the gui, there is a module from our resident Grand Master Module Creator (whistle master of course). If you're of the command line persuasion, ssh to the pineapple and run

    opkg update

    opkg install --dest usb nmap

    I'm guessing it didn't work from the advanced menu is because you didn't first opkg update. But if you're a gui guy anyways, might as well use the module :)

    telot

  7. Exactly Sitwon, until nvidia gets its act together gaming on linux will continue to blow. Hopefully valve bringing steam to linux plus getting publicly called out by the godfather of linux himself (the holiest of the holy Linus Torvalds) will wake them up to the growing demand for this. Fingers crossed.

    telot

  8. Just let it be known that XP has tons of holes. For just general surfing you can protect yourself with whats posted above (good updated AV, spybot S&D, MS sec essentials). If you're looking for a truly hardened machine, XP is damn difficult to get secure. If you feel that you could become the target of an attack in the future, XP will fail you. Metasploit eats XP for breakfast lunch and dinner and theres very little you can do as a novice. In which case, with that machine's specs, linux is your best bet by far.

    telot

  9. Darren first realized this soon after the mark4 was released (theres a post somewhere around here about it...). The way around it is to modify the usb cable that goes from the pineapple to the hub. Simply snip the red and black wires, that way only data is transferred between the pineapple and hub, and only devices connected to the hub (3g dongle, alfa wifi card, etc) get the power. I did the same thing with my raspberry pi to protect it, as just like the mark4, theres no fuse.

  10. Like a lot of embeds, the pineapple has pretty limited amperage it can put out over its single usb. If you had two very low power devices to plug in to the USB, a non powered hub would be fine. Two radios (wiifi + 3g) is way too high of a power demand for the mark4. A powered USB hub is needed to supply enough amps to the devices.

    telot

  11. Drop box anyone ?

    ---

    I think the pics can say what is involved, it was painful to get it working but it works now GREAT thanks to hak5, you guys and darren :)

    That looks great Molotof! I'm sure I'm not the only one who would love to read a full post about your comprehensive setup. If you care to make one it'd be greatly appreciated.

    telot

  12. [*] Network setup. Was looking to setup the WLAN (Karma) and LAN ports as pass through from the network connection given to the WAN. Basically bridging the connection and becoming a passthrough AP for the target network. Then using the 3G modem as the egress point for AutoSSH. Possible with the current hardware?

    If you're a whizz with IPTABLES and get this done successfully, please share your results on this forum bismark - this is something thats been on a lot of peoples wish lists for a while now. We've got a few iptables wizards around here, so if you have any questions, please feel free!

    telot

  13. peter - you have to wire up your own to put usb in series. Its awesome though if you have two separate power sources.

    Darren - Somethings not officially supported from a hack shop? Love the pun ;)

    As for you niller - do not, whatever you do, put the + from one usb port to the - of another on a single power source. If you have TWO battery packs, all the power to ya. Please read this thread for more details:

    http://forums.hak5.org/index.php?showtopic=26815

    telot

  14. Thanks Seb, looks to be another great release! I'm especially excited about the language support...maybe now that we've extended the olive branch out to our spanish speaking friends, they'll come join the party over here and share their unique modules!

    Edit: Derp - you totally explain what the bartender is...NM!

    telot

  15. Back to the topic of 3G triangulation - yes it is very easy for cellular companies (and hence anyone who has access to cell companies) to triangulate your physical position using their network. I know because I've had them do it for me a number of times when our cell modems get stolen (cops show up at the thieves door within an hour). The more urban you are, the easier it is for them because they have more + smaller "cells", so triangulating (using 3 overlapping towers, like a venn diagram with you in the middle) becomes simple. The more rural you get, the harder it is because there are fewer, much much bigger cells. So if you're out in the boonies, you're only within range of a single cell, that gives a 5, 10, 20 mile radius depending on topography of where you could be. The other factor at play is the wireless module inside your air card - not the brand or carrier of the air card, the actual chip inside that does the connecting- some modules can triangulate on their own, whereas others cannot.  For example, I've noticed the qualcomm gobis can self triangulate very well whereas most sierra wirelesss cannot. So yeah, I would advise against using a 3G air card for anonymity.

    telot

×
×
  • Create New...