telot
-
Posts
803 -
Joined
-
Last visited
-
Days Won
12
Posts posted by telot
-
-
I got pwnpi running and I gotta say - you've done a great job! While I'm still running into near-constant issues, they are all usb port related and not pwnpi related. I can't seem to get my 036H working, despite having the rtl8187 drives loaded up just fine. dhclient wlan0 stalls the device and I have to do a hard reboot (yank the power cable). I'll keep trying different hubs and different configurations.
telot
-
Yes the USB's seem to be picky in general - not just with hubs. I tried my wireless keyboard/mouse (only 1 usb stick so I'd have one spare) but randoms key presses get dropped - even when thats the only thing plugged into it. Also neither the 036H or the 036NHA work plugged in direct to the pineapple - even when using a wired keyboard (no mouse) - they just suck too much power...which could mean its my power supply as well. I tried a hub and things seem to work ok for a while but die off (most likely the hub?). The other issue relating to USB is the fact that the ethernet port is actually a usb-to-ethernet adapter, so it shares bandwidth with the two usb ports...basically the pi is finicky as hell and requires a lot of patience and trial/error. If you're not up for this back n forth frustration, I'd hold off a bit until people have developed lists of "Ok, I know for a fact that this configuration works solid" - until then its a giant guessing game.
telot
-
Love the story Isolot!
I too had osx lion rawr it's ugly head all over my otherwise awesome pineapple. Tell me this though, what's your parallels networking configuration set to? Have you tried whichever one gives you a dhcp ip addy from your router (as opposed to one from your computer...can't remember the name of the mode).
telot
-
Just so everyone knows - in order to get your AWUS036NHA up and running on the pineapple you simply ssh in and type:
ifconfig wlan1 up
Simple, but just thought I'd nip this future question thread right away :) After that you can airmon-ng start wlan1 and rock out some monitor mode. Including the bridge and lo, that leaves you with no less than EIGHT interfaces of glory, karma'ing, and aridropping goodness.
Now, with our USB plug no longer capable of holding GB's of storage, as the usb hubs seem to be having trouble, we should put our heads together and get sshfs going or some other remote storage solution. I started a thread a while back about sshfs but couldn't get it working. I then tried to pipe the tcpdump over ssh to my server, but that leaves me with a non-readable cap file. Any suggestions on how we overcome the loss of the usb storage and still continue to wtfpwn every packet going through the little fruit?
Thread about sshfs for reference: http://forums.hak5.org/index.php?showtopic=26605&st=0&p=203347entry203347
telot
-
Yes - you should be able to use autossh to maintain a persistent ssh connection to your cloud server and with some iptables magic route all traffic over that port. So your app tries to access port 1000, well iptables is chugging that through 22 instead to your cloud box. Unfortunately I'm no iptables magician, I've only started dipping my big toe into it (for sslstrip mods) but I'm sure someone here can you get your some specifics. In the meantime, google up iptables and start learning!
telot
-
Have you guys checked out routerpwn?!
https://github.com/D4rkOperat0r/pina-wifi/blob/master/pineapple/modules/routerpwn/routerpwn.php
Holy shit this looks sweet - it runs a series of known exploits on routers in order to access their http interface...why didn't we think of that?! Haha I'll be checking these out this weekend for sure!
bobbub1980- this is what we want to make contact about! They've been dev 'ing innovative/awesome modules that we'd like to be part of the community! Darrens right, why fork it when its all open source? Lets just add in some language support on the pineapple (easier said than done, I'm sure...) and invite them to these forums. I'm happy to use google translate...Estoy feliz de usar el traductor de google
telot
-
So whats going on here? Our spanish-speaking brethren don't want to share their awesome modules with us? Any of you regulars speak spanish and can reach out to them? We should do a cross-translation of everyones modules so everyone can enjoy!
telot
-
Interesting idea gsporter - please let us know the results here on this thread so we can follow suit!
telot
-
Glad I could help! :)
I'm so very tempted to pick up the AWUS036NHA (even though I've already got a couple AWUS036Hs sitting around). The black just goes so well with the new pineapple...
Exactly what I was faced with! I have two of the 036H's around...but between the wireless N and the hacker black...who can say no?
That and the hakshop price for the NHA is very competitive, all the more reason to support the crew!
telot
-
Hilarious! You could also set up a pineapple to rick roll her after bed time!
telot
-
I wasn't able to get pwnpi working - but I only had about 30 seconds to screw around with it before it turned from "telot's play time" to "telot's wife time".
I first loaded debian squeeze, and if you startx, its pretty dang slow. Apparently they've yet to nail down the drivers for the gpu acceleration in x, so its using the little 700mhz cpu to push a 1080p desktop enviroment on my big TV. Theres no ETA yet, but there seems to be about a thousand people working to get it going. They liken it to a xbox 1 as far as awesome graphics performance, and so-so general cpu performance. Fortunately where I live (the command line) is snappy and awesome - its like working on a twice as fast pineapple really, except its full blown debian...which of course is awesome.
I'll try and get more telot play time to load up pwnpi and actually get it working, if not today then this weekend for sure!
telot
-
Glad it works!
telot
-
I love the idea of vpn'ing into the pineapple (remember the interceptor?!) and accessing a victims network. I don't see why it wouldn't be possible - 400mhz should handle a little vpn action, but I'm not too sure about gaming over a vpn though...sounds lag-tastic...unless of course you're into MUDs or something hahaha. Give it a shot and let us know!
telot
-
- Connect iPhone. Internet works.
- Set up ICS from iPhone connection to LAN port on laptop (I've never done this - how does iPhone inet connection show up in Network Connections?)
- Set laptop's LAN connection to be static: 172.16.42.42 subnet: 255.255.255.0 DNS: 8.8.8.8
- Plug a cable into the POE port of the Pineapple
- Power up pineapple until WPS light is no longer blinky'ing
- Open browser to 172.16.42.1/pineapple
- Dance a merry jig in telot's honor
telot
-
Swoot!
telot
-
Just received my Pi today! I'll be loading up PwnPi tonight and will report back my results. I love new toys, particularly $35 700mhz toys
telot
-
I'm sure it's on the way, people that already ordered the NHA from the hak shop probably won't see it for a couple days at least;-)
Yep Darren eluded to the upcoming alfa support on another thread - I think the Android tethering thread. Shannon @ the hakshop just hasn't gotten the memo that 2.2.0 isn't out yet!
telot
-
Can you change your name to Module Master? Whistle Master is good and all, but Module Master is a much more apt description!
Can't wait to see it at the bar! Thanks WM
telot
-
lol
Also, what Darren said!
telot
-
Kind of. Heres a -v explanation:
1. Format USB (per Darren's guide on setting up a swap drive: http://forums.hak5.org/index.php?showtopic=25882)
2. Setup Swap settings on the pineapple (fstab stuff) also per darren's guide
3. Plug USB into pineapple
4. Run mkswap /dev/sdb1 per Darren's guide and verify the swap and storage are working correctly
5. Download modules to the USB from the pineapple (while its plugged into the pineapple)
6. Run modules
telot
-
I was reading up about the MiniPwner and the PwnieExpress plugcomputer and comparing their feature sets to our little wifi pineapple. One thing I read was that its "unpingable to prevent discovery" or some such thing - well that made me think "Why the hell ain't our pineapple unpingable to prevent discovery?!". Of course, its very convenient to have it pingable at times, especially when just playing around with it in our houses and stuff - and its a godsend when troubleshooting with nooblets here on these forums. BUT! If you want to use the pineapple as a dropbox by surreptitiously plugging it in via the WAN port on a target network - making it unpingable could be a huge advantage.
Well heres how to do it:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
This setting is not permanent and will need to be run after each reboot.
To re-enable ICMP ping replies run the following command.
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Of course, this will not make your pineapple invisible - any netadmin worth his salt could check the DHCP records, or if he/she's even has moderate skill, they could use hping3 and find your pineapple straight away, but this at least is one more level of obscurity that may save the day sometime. Hope you enjoy
telot
-
Could you be more specific about what you're after? I'm confused.
telot
-
A few things:
Confirm your transmit power on the pineapple by ssh'ing in to it and doing a little 'ifconfig' - txpower is listed right there.
Also ensure your power supply isn't borked. The ones that come with the pineapple are kinda cheapo - if it was supplying less amps than the pineapple requires it would DEFINITELY cause erratic transmit range. If you have a multimeter and know what you're doing - great! Otherwise, just try a different power supply.
Third, open the pineapple up and reseat the antenna connections - theres been a post or two about bad wifi range and they traced it back to a bad connection with the antenna to the onboard wifi chip. Check that out for sure
telot
-
It sounds like you're doing everything right Mr. MAC address (I don't want to type all that out this early in the morning lol). I'd say you're getting everyone you can get - could you try and use airodump-ng on your alfa to monitor the probe requests of the potential victims you're not getting and see if any of the ssid's they probe for seem like they would be open (no authentication) ssid's (such as att_wifi, petes_free_coffee_shop_wifi, etc)? You say you got a dozen victims karma'd - thats pretty dang good! Whats the ratio of victims karma'd/not karma'd? Keep in mind Darren's list of victims were from walking throughout an entire airport terminal - he didn't have all those victims connected simultaneously at the same time. Theres a physical issue of wireless range and how many people can possibly be sitting on a laptop in that range.
The other potential factor here is wireless n vs b - some tests are required to confirm this, but I have a hunch that some OS's put a higher priority on connections to wireless A/N hotspots (open or otherwise) over anything B/G - again, I have zero data to confirm this, its just a hunch.
As for the HTC Rezound, Android treats probes requests/responses quite differently than other mobile OS (namely iOS) - its really rather picky when it comes to open auth. For instance, it will try its hardest to get back to its last known bssid before sending out probe requests looking for another one it has saved, and always puts a priority on secured wifi over open (because android is awesome I suspect).
Hope this helps you out - and if anyone has hard data on the N vs B/G, I'd love to see it!
telot
Blacklister
in Mark IV Infusions
Posted
Badass petertfm! Can't wait to see it in action!
telot