telot
-
Posts
803 -
Joined
-
Last visited
-
Days Won
12
Posts posted by telot
-
-
It's not RS232. It is TTL, you would need a USB to TTL
Roger that - worth a shot but oh well. Thanks guys
telot
-
(and there is a fuse in there, right next to the big cap in front of the power port)
Sweet jesus that is awesome. The commercial grade modems I use everyday (Digi International) are spec wise very similar to Alfas except they are weather hardened and shock resistant and cost $700-$1000 and they don't have any fuses. Gogo Alfa!
telot
-
!!!!WARNING!!!!
Make sure you select your usb thumb drive!!
You have been warned.
:D
Haha I came back to edit my post to add this, but you did a fantastic job! So no need! Thanks Barry
And thank you for reminding me - downloading R2 now :)
telot
-
Thanks for all the help Darren. I will give this a shot once my cable comes in.
I bought this one:
http://microcontrollershop.com/product_info.php?products_id=2728&osCsid=v44mj9hdkmm00af3lgt607k9h4
petertfm - looks like you got a good deal! my cable is probably a bit over priced, but oh well, it's ordered and shipped already.
I've already got dozens of USB to DB9 Serial cables from work lying around. So I'm vividly familiar with serial cables. Can anyone confirm the pinouts of the cable needed? A quick google got me this:
1 : Black : Ground
2 : Brown : CTS (Clear to Send)
3 : Red : Vcc +5V typical (output)
4 : Orange : TTL Transmit Tx (output)
5 : Yellow : TTL Receive Rx (input)
6 : Green : RTS (Request to Send)
7 : ----- : Shield / GND
That seem right to you guys? Thanks very much
telot
-
Use a multi-meter and test it. If it's a USB to DC plug you can plug it in a check the voltages. If it is just a DC plug with wires, do a continuity check on the wires to be sure which ones is connected where.
Damn you Mr. Protocol! Again you pressed Add Reply before I could get a chance to!
I'm 99% sure theres no fuse inside these alfas, so always double check any custom wiring you might be doing before plugging it in to the pineapple with a voltmeter. You can pick them up for as little as $5 at any home store (lowes/home depot/menards/fleet farm). It only takes 1ms of negative voltage to fry these little puppies. A very expensive whoopsie.
telot
-
I had "awe yea" face on until I got to your last two sentences. Then I bust out laughing. Cheers!
Original Obi Wan all the way!
telot
-
Heres an oddity for the pile: I only ran my commands once, like this:
/etc/init.d/firewall disable
/etc/init.d/firewall off
Seeing the syntax error, and thinking Darren mistyped it I did:
/etc/init.d/firewall stop
Then re-reading some more posts I did the follow for a second time:
/etc/init.d/firewall off
And it works great.
WEIRD THING IS - when I reboot it works out the bag. I never added it to the cron whatsoever. Very strange indeed and perhaps something for people to try if they're still having probs.
telot
-
Seb/Darren/Anyone could you please clarify the following phrase in the Help section of the SSH tab:
- Note the RSA public key presented above. You'll need the from "ssh-rsa" to "root@Pineapple"
Any clues that can set me in the right direction?
Thank you
telot
-
The pineapple mark4 has no problem recognizing the realtek rtl8187, which I confirm in the USB tab on the gui and by ssh'ing in and running lsusb. In typical linux distros, after plugging in the realtek I just fire up the old ifconfig wlan0 up or wlan1 which is relevant. I tried it on the pineapple to no avail. I'm not vividly familiar with Fstab enough to go modifying it should that be whats required. My end goal is to have a powered USB hub that has a 4G dongle, fat 16gb usb stick, and the alfa AWUS036H. So to that end I'm first getting each to work individually. USB thumbdrive was a no brainer - now does anyone have any ideas on how to get the two alfa's to play nice? Thanks!
telot
-
Pretty basic stuff, but I thought I'd stem a bunch of questions from the windows users or whatever with a quicky guide on partitioning a usb thumbdrive for use with the markIV.
Download BT5R1 and burn the .iso to a CD. I use deepburner in windows to accomplish this.
Put it in and boot it up and startx after logging in (uname/pass=root/toor)
Once your in the GUI open a terminal and type:
apt-get install gparted
Then, after its installed, plug in your thumbdrive and type:
gparted &
That will launch the creamy gui of gparted. From the top right dropdown menu select your thumb drive from the list and click the big center box that contains the drive size information. Then click "Delete" button on the top near the left. Then click the "New" button on the top far left. Select Primary and EXT4 from the drop downs. Click OK or whatever and then click "Apply" (the big green checkmark). Enjoy!
telot
-
Yeah, really sorry about that. It should have worked right out of the box. Well, it does if you try 3G first. *Grumble*
We'll have a 1.0.1 out soon with macchanger, sniffer page, this fix and a few other odds and ends probably over the weekend or Monday. Stay tuned.
When I try and issue /etc/init.d/firewall off it comes back with:
Synatx: /etc/init.d/ firewall [command]
start start the service
stop stop the service
restart
reload
enable
disable
You sure you didn't mean "stop" instead of "off" in the second part of the command Darren? Thanks man!
EDIT: Even though it comes back with that syntax response as if it were a bad option, it still made it work! :::Walks away slowly::: Either way - thanks for the hot fix !
telot
-
Hey guys...can we get a big group hug going?
I was nervous at first posting this topic, because I knew I'd be hitting a couple different nerves and also striking a couple chords. I'm so glad we were able to discuss it openly and honestly and I certainly appreciate the reasoning behind not compromising the integrity of the markIV first round for us early adopters (got mine in the mail today! swoot!). Thank you Darren for opening up and letting us peek behind the scenes - transparency is what OSS is all about, and what this community is all about, and its a beautiful thing. You guys fostering this kind of dialogue speaks volumes to us avid forum users and the hak5 community. You built it, we came, and together we can keep making it better and better through sheer willpower of our shared hacker mindsets. It surrounds us, and penetrates us. It binds our community together.
telot
-
I will once I get on my laptop, I have all the history saved there. There although there isn't much to it to be honest.. just a few google searches is all.
Plus Im learning Python as a secondary language to Java, I feel its more portable and it can be compiled written on my little N900 :), I found C to be too advanced for what Im looking to learn <Memory Management> Im not too sure yet to learn it after I feel comfortable with Python. I see quite a few programming spots open for C programmers.
Shit man, the world needs more Java guys...Tomcat's been shitting out jboss all over me ALL DAY LONG. Arg...Sounds good on the googling - I too have done a number of searches, just thought maybe you found some "insider" infos. Its all good. Thanks man and good luck with Java, its a fun one that is in demand...especially in my company where our last Java just quit...and I'm left to put the pieces together with zero programming skills rofl
telot
-
I am sure that seb, robin, Darren, etc, have discussed all this and are all on board with whatever arrangement they've made.
I enjoy DIY, and did a few of the MK3s that way, bit I still bought my MK3 at hakshop, and spent a lot.of bread on.other items as well at hakshop primarily to show my love and support for the show and all the great knowledge they bring to us in an entertaining and informative format.
That said, I would be more than happy to send seb and robin some money for their amazing efforts and undying loyalty to OSS and selflessly offering us all the great opportunity to be a.part of these incredible.projects.
Put up a link and I'm there.
I'm sure its been arranged as well - just interested in how it all works (hacker...you know).
Hehe hfam visits the forums on his android. I can.tell by.all.the periods :)
My pineapple didn't arrive today (curse me for choosing the cheap shipping!) but as soon as it does I'll dive right in and see if we can get ICS working for ya!
telot
-
Im going into the same field, from what ive read pentesters make atleast 70k a year in the U.S. and i bet you will see that number grow as time goes on with all these companys getting hacked. More and more companys will realize that its a problem and can affect them financially instead of just getting a "virus" and causing physical havoc instead of a financial havoc. The degree im going for right now is an associates in information security for homeland security. Then I plan to transfer to a university to get my masters in information assurance. And the offensive security certifications as well as the CISSP. Ill be plenty happy with what ever I make as long as Im doing what i love.
As far as a programming language goes, python and C are probably the 2 best ones you can learn. Most of pentesting seems to be social engineering, if you can get someome to basically give you all you need, then theres no reason to write 0 days. Because no one can prevent those, its the responsibility of the software companys to test, fix, and patch those. If you want to do code security and writeing exploits look into application security and exploit development.
It is pretty funny isn't it? The majority of intrusions (pen testing or not) are done by suave mother fuckers smooth talking their way into a company/system. Speaking with authority or ignorance at will, seeking out the complacent or overworked employees - all social skills. The exact opposite of what lay people think of when they imagine a "computer hacker". I love it
telot
-
I too am very interested in this. Mind sharing what resources you've found on the matter Andrei?
I've been working for the last 3-4 months on a business model somewhat like a employee-owned pen testing company. Each employee would have a share of the company and receive the percentage of profit per stock owned for every project they are involved with. I'm anticipating a team of 10-12, with 2-3 of that in administration (marketing, accts payable/receivable). Does anyone know of a pen testing company that operates this way?
telot
-
Its is tough, because on one hand I want to support Hak5. Unfortunately, unless things have changed with the mark4, pineapple sales fund only hak5 - not seb or robin...Which is okay, as Darren is doing all the marketing and some of the programming and snubs is filling the orders. They certainly deserve a piece of the pie. So it works like this (please correct me if I'm wrong - I've just pieced this together from various posts) Robin created Karma/Jasager and still updates it. Seb creates and updates the firmware that runs on the embedded systems (fons, alfas). Darren codes some of the UI - making it all BBS'ish and whatnot. Darren markets it with ease being that he's the media mogul we all know and love ;) Really he's not just hacking the trust relationship between humans and computers, but also between his audience and himself. It obviously works well for him - longest running show on rev3 (swoot swoot!).
All that aside, he's kinda F'd himself in a way, because hak5 encourages DIY at most every turn - a nod to this being the fact they've always released the pineapple firmware for free (which, is it really Hak5's to give away? dunno) so you can buy your own hardware and DIY and save all the markup otherwise lining hak5's pockets. Unfortunately in the case of the mark4, the hardware is not currently available to the public, so we're a bit screwed this time around. I'm happy to purchase through hak5 at a markup, as I have the last two pineapples. Especially with something cutting edge like this - but I'd also like to be supporting the dev's who are really making it happen (not to discount Darren's contribution) i.e. Seb, Robin et al. Selfishly, by doing so I would feel more comfortable requesting features, expecting updates, etc - as is, they're doing it for free, so if we keep pestering them, maybe they'll just walk away. Which they could very well do and we'd all lose.
Donate button for the devs? A portion of proceeds from mark4 sales going to them or a charity of their choice? Just a thought that popped into my head when reading another thread about a guy who lives outside of the country paying mad tariffs/tax on items purchased in the US. He wants to support, but doesn't want to pay 50% on top of the price just because he lives outside the US.
Anyone down for a little thursday morning discussion on the economics of pineapples and the psychological dissonance of wanting to support yet wanting to satiate our DIY fix? :D
telot
-
Got mine on order. But a quick Q. Whats the power consumption? Wanna do some calcs on runtime vs batteries (how come the batteries *always lose? :) )
Being that this is a new SoC, unless Darren and co. step up with some numbers, I'll post the results of some amperage / voltage tests when I have it in hand. Darren's eluded to the fact that he runs it off USB, which means its variability in input voltage stretches at least down to 5V 500 milliamps, which by the way, is awesome news.
telot
-
I came late to work because i refused to stop trying to get a Raspberry Pi for 2 hours straight,
and would like to know if any of you where lucky in the F5 game? :D
I "expressed interest" at both distributors just now...F5 F5 F5 F5 F5 F5 F5 F5 F5 woooot!
telot
-
In your testing w/ the mk4, how much data have you been using a month? Which would be a recommended data plan?
It will directly depend on how many targets you have karma'd and what they're downloading/uploading. This is why I would highly recommend a 4G sprint plan, which offers UNLIMITED wimax downloading. Not sure which cards are supported - I haven't done the homework yet on the 4G.
telot
-
Hi
Thanks for your reply, I flashed it earlier, needed the latest firmware anyway (i was on 2.0.1) so its now running the latest firmware and i can now get access again via 172.16.42.1.. whats the correct way to get it to run under 192.168.0.x networks? or is it best to just leave it?
thanks guys
Being that your not connecting it to any real "network" - you're just communicating to it like this:
laptop<--ethernet-cord-->pineapple
So I'm confused as why you want to run it with 192.167.0.x?
telot
-
Not sure how long you been following Hak5, but hes been on the forums since the beginning of the show and been on the show a number of times. Hes good friends with Darren and the crew.
http://forums.hak5.org/index.php?showuser=4191
Last active :(
telot
-
With the Mark 4, is it still using a DC 12 V, 1A Wall Plug Power Supply? It would be nice if it came with a USB to Pin powercable.
DIY dude:
telot.org/betterusbpoecable1.jpg
telot.org/betterusbpoecable5.jpg
telot
-
The scripts goal is quite admirable and awesome, and I'm very interested in getting it to work. Unfortunately I'm having trouble getting persistence out of this script. It works great during the session after I plug in the ducky - I get the reverse shell onto my evil server but have after reboot it never returns back up (yes, I'm killing netcat and bringing it backup between reboots). I check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run on my target machine and theres no entry for winupdate.bat. Instead theres just an entry for Microsoft Security Essentials and the obligatory Default. Any thoughts on why this would be? My only experience doing registry hacks was back in win98 making the Start button say "FU" instead of Start lol...
Any help would be greatly appreciated as always
telot
Mark 4 First Dibs & Discount
in WiFi Pineapple Mark IV
Posted · Edited by telot
I'm not referring to preventing current in the wrong direction, but protecting against hooking up positive to negative - such as if the barrel plug is mislabeled or whatever.
I hook up the negative to positive and positive to negative on a 12V battery with an inline fuse - the fuse pops and no damage is done to my 12v device. I've seen it a thousand times (not by my doing mind you - customers).
telot