telot
-
Posts
803 -
Joined
-
Last visited
-
Days Won
12
Posts posted by telot
-
-
Not sure about your first problem, maybe someone else with a mark2 can step in and help?
Your "pickle in the middle" problem is resolved by going into /home/youruser/.ssh/known_hosts and deleting the line that pertains to the pineapple. You can just delete all the lines, but leave the file too. Enjoy
telot
-
I'm downloading 2.0 right now :)
Yesterday was torture. I knew 2.0 was being released, but I had my eyeballs blasted with a laser beam, and couldn't see :( Can't wait to try it out!
telot
-
-
I hacked mine lol. I detailed some instructions in another post I cant find right now as im on my phone. Basically just cut one end off a usb cable and splice the red and black to the barrel positive and negative.
telot
-
here's my home made battery mod (attach file) i cut the barrel plug from my old Motorola modem
i used
- Battery plug (you can get from radio shack) or at ebay link
- 2700mAH Sanyo rechargeable battery (1.2V x 8) = 9.6V
- 8 battery adaptor i used my helicopter Remote control :) :) :)
i think it only cost $3 max :) :)
Badass Malboro! Well done!
telot
-
The problem being that we have a 6 meg internet connection at work, and already are managing to max that out..
One user using Spotify isn't such a problem (other than the fact that he has disregarded our policy) but if he's allowed to do it, then surely the rest of them should be allowed? By which point we will kill our internet connection.
TuX^
Sorry, I didn't adequately specify. What I meant was that your coworker could stream spotify to his phone (with headphones plugged in or whatever) via his phones 3g data connection. That way theres nothing on your work owned computer and no spotify eating up your company owned bandwidth.
telot
-
they ship very quickly :)
Sorry i will search in future.. my bad
Liar!
http://forums.hak5.org/index.php?showtopic=25049
lol :)
telot
-
According to Sebkinne, its pretty tough to brick these little guys. I've personally flashed mine a half dozen times with no problems. Seb flashes these things all day long and claims he never bricks them. Don't be scerd.
See Seb's 2.0 firmware place holder thread on these forums to get a taste of the bug fixes and improvements.
And yes, not being able to get win7 boxes easily does suck. Good news is, theres room for improvement :) mreidiv has already come up with one solution using the USB rubber ducky to make a win7 box susceptible to the pineapple's yes-manning. I'm sure we can come up with other solutions as well!
telot
-
roughly, how long did it take you to get to 21% ?
It happened sometime in the middle of the night last night. I started around 5pm, so roughly 4 to 12 hours. That was with a 10 second delay (-d 10).
Thanks in advance if you have any insight Vodmya!
telot
-
Well this is a great place to get a dose of reality! Is it possible he has it installed spotify to a USB drive? That would explain why you can't find it anywhere on the box. If I were this noob (your coworker, not you tux :) ) I would just run spotify off my phone. I get what I want (music to code to, lots of programmers like this) and you get a clean company owned computer. Perhaps suggest that to him?
One programmer friend of mine watches movies while he codes...it took a bit of time to get the management on board with this, but hes just more productive when he can glance over to Jay and Silent Bob Strike Back and giggle every 20 minutes or so, then get back to programming. Its weird, but programmers are weird. And they make this whole thing possible (computers, the internet, your company, your job). If hes a good programmer, I'd implore you and your boss to work with him to find a suitable compromise that leaves both of you satisfied.
telot
-
Does anyone here use USB to power there mrk iii?
I got this for the pineapple: eBay link but its not actually powering it? the lights stay on fine etc but i cant seem to get the thing to ping or bring up the interface but on battery power it will???
Does anyone have a working equivalent as my battery pack is soooo unreliable!
I use a homemade usb to barrel adapter. The thing to do would be to plug it in and (carefully) check the voltage using a voltmeter. You should have a solid 5.0VDC coming out. I run my pineapple this way and have for days at a time. Yes, the battery pack sucks. Please SEARCH and find a couple other threads on how to solve the problems with the power barrel.
telot
-
Hello all
I've been having some really wierd issues with my wifi pineapple... It wont work half the time... some times i can run wp3.sh and it will work flawlessly other times i have to try over and over until it will ping and let me in...
It's really acting strange and it makes experimenting in public hard...
I have a number of questions also that i would like answered if possible:
1, Do you have to run wp3.sh every time you start from a fresh cold boot etc or is it just to setup ICS etc...? Reason i ask is i only ever seem to be able to connect to the interface IF i run wp3.sh??
2, Is the 1.0.2 firmware stable and fully functional as i tried karma on mine and it didn't really seem to be very effective? I'm not sure if it is actually working?
3, I tried flashing it to 1.9 but it got stuck at a point where it was saying something about your ip is 192.168.0... when i made sure the ip was 172.16.42.42??? Luckily it didn't brick it... what is going wrong here?
4, do i REALLY need to flash it? or is 1.0.2 fine to use? i hate flashing things!!
Any advice greatly appreciated!
Please search first next time. Its really important.
1. yes
2. yes but theres some tricks to it. (see http://forums.hak5.org/index.php?showtopic=25160&hl=%20usb%20%20jasager&st=0)
3. it takes multiple tries. otherwise mr.protocol LOVES giving out the link (hehe)
4. learn to flash it anyways. flashing it is a good thing to know, particularly as firmware 2.0 is coming out very soon (like today hopefully).
telot
-
The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours.
Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.
Usage is simple just specify the target BSSID and the monitor mode interface to use:
# reaver -i mon0 -b 00:01:02:03:04:05
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.
WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network. Reaver will determine an access point's PIN and then extract the PSK and give it to the attacker.
Web source: http://thehackernews.com/2011/12/reaver-brute-force-attack-tool-cracking.html
Anyone else trying this out and want to bounce some ideas around? I've been trying to successfully crack my test WAP here in my basement, to no avail. Either reaver just stops working after some random point, for example:
[!] WARNING: Receive timeout occurred
[+] 21.40% complete @ 12 seconds/attempt
[+] Trying pin 98060122
[!] WARNING: Receive timeout occurred
[+] Trying pin 98060122
...and then it will just hang there for hours/days/weeks if I let it. OR it will bomb out repeating
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
...over and over again. I've messed with the -t and -d operators, but nothing conclusive. Putting -t to 3 or 4 seems to really expand the lifespan of the attack, and -d 0 seems to speed things up quite a bit, but they always end up failing before it reaches 100%. Any ideas would be greatly appreciated, as any documentation or anything at all really regarding this tool, is pretty sparse. Thanks for starting this thread Infiltrator - the tool really is pretty sweet...especially if I could get it working!
PS: I'm rocking BT5R1 with the latest reaver beta 1.3 on a alfa realtek8180.
telot
-
Happens here too.
telot
-
Huzzah!
telot
-
no problem i just tried it on a laptop found out you have to tweak the delay in it because like a dummy i did not take in to account that other computer might be slower than my desktop. lol
Good call! I will certainly keep that in mind. So no ducky programming on the 2600k quad core with 16gb's of ram...fine fine fine...
telot
-
Script that creates association for win 7 to connect to the pine apple. Win 7 will not connect to the pineapple unless it has the connection set to connect even if not broadcasting checked.
http://www.iducke.com/Encoder/IDE/3f
Also can be found in the payloads section of the wiki
Nicely done mreidiv! I just ordered me up a ducky, can't wait to try this out! Thanks man
telot
-
Seb...you' rock mann
Agreed!
Thanks for sharing with us Seb!
telot
-
I am open to any input anyone may have. I was just trying to find a way of making my pineapple useful on win 7 boxes.
If you have any suggestions to make the pineapple work better with win 7 please let me know or any suggestions to clean up my code i am really new to this currently going to school for ISS or as they like to call it now at my school ISCC Information systems cyber crime.
Even if the pineapple isn't "Yes-manning" win7 targets to you, you can still use it as a compromised access point. As I've suggested before, the best way to get noobs (non computer folk that is) to your pineapple is to replicate the nearest free wifi hotspot. So if you're in a coffee shop, and the ESSID of the free wifi is coffee_shop_wifi - deauth the shit out of that access point and edit your karma.conf to be coffee_shop-wifi or something with just one small character off. People will lose their connection, windows/OSX/whatever will autoscan around for another one, and they'll find and manually click on coffee_shop-wifi. The end result is the same - you're wiresharking/ngreping/urlsnarfing their traffic. I think this is best way to maximize the net you're casting out there. If you happen to get some karma'd clients, then great - but everyone will have to connect to you anyways, as the coffee_shop_wifi is now crippled.
Enjoy
telot
-
I have had it work by just clicking the auto connect. When the wifi card is turned off or on it should probe out all known networks. I'll test it again to make sure.
Thank you - please post your testing variables too if you would please (what version of what OS, any pertinent additional software installed, etc). Thanks Mr. Protocol!
telot
-
There is a checkbox to "automatically connect" it's just not turned on by default as a security step.
The automatically connect checkbox isn't enough to make it work with the pineapple though Mr. Protocol. You also need to check "Automatically connect even if the name is not broadcasting" or something to that effect.
telot
-
Woww thank youu very much for quick response and the tutorial you're awesome
Ok i'll post it here for the result
QFT!
Thanks man, can't wait to see if it works for others too
telot
-
I concur.
Quite unfortunate really. This highlights the importance of changing the SSID of the pineapple to something people will stupidly connect to. So att_wifi is the nearest open hotspot, make your pineapple att-wifi. Its not really Jasager'ing as it should, but its a decent workaround to get people to connect (which is the end goal anyways right?).
Be advised that different value-add software that PC manufacturers install (read:bloatware) can change the default behavior of windows7/vista wireless connectivity. Everytime I fire up my win7 lenovo (with "Lenovo Connection Assistant or whatever its called) and my pineapple is karma'd up, it automatically connects to "Holiday Inn Wifi", which is a saved access point on that laptop. So there is hope. The other manufacturer I've tried is Sony - they have a shitty little app called "SmartWi" that manages the wireless networks - it does NOT automatically connect, and requires the same "...if not broadcasting SSID" as default win7.
Also keep in mind, a ton of "air card" (usb/pcmcia cellular cards) have their own software that often takes over the wifi of computers - I will test how these behave soon...maybe tomorrow depending on how hung over I am. I have sprint, verizon, and att aircards, so I've got the 3 big US carriers to check out.
Perhaps we can get a Pinned thread where we can post testing results and keep it as a central repository of which manufacuters/OS's work and which don't.
Great find superfan! Thanks for doing the leg work and researching that for us!
Also, Happy New Year everyone!
telot
-
Telot or somebody : can you help me with the airdrop-ng conf/airdrop rules ? Heres the situation, i have 2 wireless adapter
- (1) Alfa usb wireless (11:22:33:44:55:66)
- (2) alfa usb wireless (aa-bb-cc-dd-ee-ff)
My alfa (1) connected to my 3g phone (qq:ww:ee:rr:tt:yy) if i want to deauth all access point execpt my 3g phone is it possible to use airdrop-ng ? If yes can you help me with airdrop-ng rules ? (i'm new using airdrop) i'm familiar with mdk3 to deauth :( :(
My another usb wifi (2) will be used to deauthentication
Absolutely. You will need the bssid of your phones wifi as well. For this example lets say your phones bssid is 99:88:77:66:55:44. You also need to allow your pineapples bssid. For this example we'll call it ZZ:YY:XX:WW:VV.
That is how I set it up for myself. I haven't exhaustively tested in, only my lab. But it looks like this:
a/99:88:77:66:55:44|11:22:33:44:55:66
a/ZZ:YY:XX:WW:VV|any
d/any|any
Now for a breakdown:
a/ for allow
allow/yourphones mac|you usb client of that access point
a/99:88:77:66:55:44|11:22:33:44:55:66
deny/any accesspoint|any client of that access point
d/any|any
You can find tons of examples here: http://www.aircrack-ng.org/doku.php?id=airdrop-ng
Hope this helps, and even more so, hope this works! Let us know how it goes
telot
Wifi Pineapple Mk Iii
in WiFi Pineapples Mark I, II, III
Posted
Gibbon. Your lack of specificity of your system will make this process a lot harder. Which OS are you running? Are you setting up an internet (wlan0?) connection first before connecting the pineapple? Are you using the wp3.sh script? You make no mention of any of these factors, so its really hard to help you out.
telot