telot
-
Posts
803 -
Joined
-
Last visited
-
Days Won
12
Posts posted by telot
-
-
Hey Zete: Heres the script I used to download the karma-patched hostapd.
#/bin/sh# bootup Module setup script#leave this echoecho "## Apt-getting ##"apt-get install libnl-dev -y#leave this echoecho "## Compiling ##"if ! which /usr/local/bin/hostapd > /dev/null; thenecho "### Installing hostapd-karma ###" >>cd /tmptar -jvxf hostapd-1.0-karma.tar.bz2cd hostapd-1.0-karma/hostapdmake && make installcd ~hostapd -vvecho "### Installed hostapd-karma ###"fi#leave this echoecho "## Final Commands ##"# Enjoy - Leave me at Bottom - EOFGo into /etc/dnsmasq.conf and make sure interface=wlan0 and then uncomment/add this line:dhcp-range=192.168.0.5,192.168.0.254,255.255.255.0,12hAnd you may need to change some things around in the patched karma hostapd.conf file as well. I had to change my drivers to match my card, and changed the ssid to be broadcasted.interface=wlan0driver=nl80211ssid=FreeInternetchannel=1Then I made up a quick n dirty telotscript to start it all up:#!/bin/shecho 1 > /proc/sys/net/ipv4/ip_forwardiptables -t nat -A POSTROUTING -j MASQUERADEcd /root/hostapd-1.0-karma/hostapd/./hostapd -B /root/hostapd-1.0-karma/hostapd/hostapd.conftcpdump -i wlan0 -w /root/cap.pcap -n net 192.168.0.0/24 &iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000sslstrip -w /root/sslstrip.log &Theres nothing fancy about this install, theres no gui, theres no dancing fruit, but it does work and works well. Please keep in mind I did this several months ago and may have missed something. So if the instructions are really bad (and they very well could be haha) let me know and I can do a proper write up. But I think this should get you going in the right direction.telot -
Telot, did you get dhcp server running on the raspberry pi?
Yes
And how you give Internet to the pineapple? When you live it or you live it with usb hub? It will be interesting to see your config.
Easily with a 3G dongle or (what I prefer) a 3G cellular router.
@ telot, did you follow a tutorial for the Pi ? or are all the packages available ?
If I recall, I just followed digininja's instructions on his site. They're not pi-specific, so I had to do some tweaking...I can fire it up and report back the exact config if you want.
telot
-
I've had the same mark4 pineapple since the day they started preorders for forum members and I've never had a problem (with any firmware version) with clients associating. It can be frustrating sometimes, because you see the probe requests going around, but they don't always associate because of many reasons (low signal strength, the ssid's the clients are probing for are secured, etc). I'm with Seb on this one, I don't think its device related. Go to a target rich environment and chill for an hour, you'll get clients karma'd to your fruit.
telot
-
All the time working with them on the site and artwork, and I still haven't even had a chance to download the final release and play with it. I had the bare bones, no tools shell just for working on the icons and wallpapers, etc. Contemplating on wiping the laptop to put it on here, but I finally just got sound working on this damn thing in BT5 and copied my 20GB music collection over after hex editing VLC to run as root...so might just wait till I can load it in a VM. Most likely though, this laptop is going to get wiped anyway and go back to win7 and just run VMware and get a new USB wifi card for it.
Haha I'm in the exact same boat...I did all of Darren's battery/ssd hacks featured recently, plus all the hex editing for vlc, chrome, etc. Plus the time spent copying over rainbow tables and dictionaries and music. I don't know if I can handle wiping away hours of configuration! Arg
telot
-
Is your computer automatically connecting to your pineapple? This could happen if you've got a saved open access point, and your signal strength to your netgear is really really weak. This would be particularly likely if your netgear has open authentication...
Either way, more details are needed. Please see Mr. Protocol's pinned thread about posting help questions in this forum.
telot
-
Just went to dx.com for the first time...WHAT HAVE YOU DONE TO ME!?!?!?!
haha thanks for the link!
telot
-
I've probably posted it already, but searching on these forums is pretty fubar, so I couldn't find it. Unfortunately I borrowed my pineapple to a colleague, so I can't just dial in and grab it. I'll send him a note and see if he can send it to me.
Really it was pretty easy if I recall...I'm sure anyone can hack it together. Give it a try and post your results! Learning time!
telot
-
I like to run my pineapple as a "headless" sorta thing, so I do it via button press. I run an old firmware, cause I'm old school like that (don't ask, Seb will kick my ass if I encourage people to not upgrade lol) so the wps button still works for me. Maybe its fixed on 2.8? I'm not positive...
The commands I use are on the wiki, which should be the first stop for any newbie imho, but I'll link them here for ya.
tcpdump:
http://forums.hak5.org/index.php?/topic/25695-quicky-how-to-tcpdump-on-markiv/
sslstrip:
http://cloud.wifipineapple.com/wiki/doku.php?id=guidesslstrip
As for speed, the pineapple has never slowed down due to capturing packets/ssl, but I typically have 2-3 clients, not 20. At SXSW, Darren had like 40+ clients and the pineapple continued ass kicking, so it should be do-able.
Anyways, I just put the tcpdump and sslstrip commands into a small script thats tied to my wps button - as an added trick, I have the LED's turn off when the script is run so I have visual confirmation that its working. Then I have a cronjob that sends me an email every 10 minutes with status updates (a how-to is also linked on the wiki) so I can casually check my email on my phone, and no ones the wiser. This is just one way of doing things, and it works well for me. Some people run the stock UI with custom CSS and all the infusions, others run Moriarty's UWUI, which is also pretty awesome and something to check out. The worlds your hacked open oyster with the pineapple, so welcome to the community and be sure to contribute as much as you can!
telot
-
/bow
One thing that wasn't mentioned in the video, or on the website, is that you need to open up port 1723 on your firewall and direct it to your server. After that, it worked like a charm for me
telot
-
I have it tattoo'd on my arm. Pineappler for LIFE!
telot
-
Currently you can't/shouldn't run urlsnarf and sslstrip at the same time. They both redirect all the traffic from the bridged interface to themselves. So I'm guessing that is causing your problems. The granddad of the pineapple, Sir Digininja is working on a workaround. You can see more details on this post: http://forums.hak5.org/index.php?/topic/28666-keylogger-module-release/page-2?
Just an FYI, you can do tcpdump and sslstrip at the same time, and accomplish the same thing. I do it all day long every day and it works fine with no reboots. Try that and let us know!
telot
-
Its down for me as well. Heres the script from the ep tho with Darren changes already made. Enjoy!
#!/bin/bash# Interactive PoPToP install script on a OpenVZ VPS# Tested on Debian 5, 6, and Ubuntu 11.04# 2011 v1.1# Author: Commander Wafflesecho "######################################################"echo "Interactive PoPToP Install Script for OpenVZ VPS"echo "by Commander Waffles http://www.putdispenserhere.com"echo "Should work on various deb-based Linux distos."echo "Tested on Debian 5, 6, and Ubuntu 11.04"echoecho "Make sure to message your provider and have them enable"echo "IPtables and ppp modules prior to setting up PoPToP."echoecho "You need to set up the server before creating more users."echo "A separate user is required per connection or machine."echo "######################################################"echoechoecho "######################################################"echo "Select on option:"echo "1) Set up new PoPToP server AND create one user"echo "2) Create additional users"echo "######################################################"read xif test $x -eq 1; thenecho "Enter username that you want to create (eg. client1 or john):"read uecho "Specify password that you want the server to use:"read p# get the VPS IPip=`ifconfig eth0 | grep 'inet addr' | awk {'print $2'} | sed s/.*://`echoecho "######################################################"echo "Downloading and Installing PoPToP"echo "######################################################"apt-get updateapt-get install pptpdechoecho "######################################################"echo "Creating Server Config"echo "######################################################"cat > /etc/ppp/pptpd-options <<ENDname pptpdrefuse-paprefuse-chaprefuse-mschaprequire-mschap-v2require-mppe-128ms-dns 8.8.8.8ms-dns 8.8.4.4proxyarp#nodefaultroutelocknobsdcompEND# setting up pptpd.confecho "option /etc/ppp/pptpd-options" > /etc/pptpd.confecho "logwtmp" >> /etc/pptpd.confecho "localip $ip" >> /etc/pptpd.confecho "remoteip 10.1.0.1-100" >> /etc/pptpd.conf# adding new userecho "$u * $p *" >> /etc/ppp/chap-secretsechoecho "######################################################"echo "Forwarding IPv4 and Enabling it on boot"echo "######################################################"cat >> /etc/sysctl.conf <<ENDnet.ipv4.ip_forward=1ENDsysctl -pechoecho "######################################################"echo "Updating IPtables Routing and Enabling it on boot"echo "######################################################"iptables -t nat -A POSTROUTING -j SNAT --to $ip# saves iptables routing rules and enables them on-bootiptables-save > /etc/iptables.confcat > /etc/network/if-pre-up.d/iptables <<END#!/bin/shiptables-restore < /etc/iptables.confENDchmod +x /etc/network/if-pre-up.d/iptablescat >> /etc/ppp/ip-up <<ENDifconfig ppp0 mtu 1400ENDechoecho "######################################################"echo "Restarting PoPToP"echo "######################################################"/etc/init.d/pptpd restartechoecho "######################################################"echo "Server setup complete!"echo "Connect to your VPS at $ip with these credentials:"echo "Username:$u ##### Password: $p"echo "######################################################"# runs this if option 2 is selectedelif test $x -eq 2; thenecho "Enter username that you want to create (eg. client1 or john):"read uecho "Specify password that you want the server to use:"read p# get the VPS IPip=`ifconfig eth0 | grep 'inet addr' | awk {'print $2'} | sed s/.*://`# adding new userecho "$u * $p *" >> /etc/ppp/chap-secretsechoecho "######################################################"echo "Addtional user added!"echo "Connect to your VPS at $ip with these credentials:"echo "Username:$u ##### Password: $p"echo "######################################################"elseecho "Invalid selection, quitting."exitfitelot -
Watch out for FuzzyNuts though...he is a scammer
He scammed my heart
telot
-
I've already loaded karma onto the pineapple, using a AWUS036NHA as the primary karma radio and it works like a charm. You don't get the fancy UI interface, or the infusions, but I don't use those much anyways. I still prefer to use the purpose-built pineapple for pineappling, but building my own out of a raspberry pi was a fun exercise. I had never played with dnsmasq and hostapd, so it was a great learning experience that I would highly recommend for anyone, but nothing can beat the pineapple at doing what it does best :)
telot
-
s3izur3s: The NHA can be used for all kinds of things with the pineapple, but its best to get a *powered* usb hub to use with it. With the powered hub, you can also combine a usb thumb drive, which is basically mandatory if you want to install the pineapple infusions and store tcpdump captures. I use my NHA for lots of different things, for instance:
You can use it to bring in internet connectivity to the pineapple, negating the need for a laptop.
You can use it as a deauth tool. The NHA deauths the legit AP, and the pineapple steps in and takes over
You can use it as a discovery tool. Airodump'ing with the NHA before firing up karma to view potential victims.
Its awesome and well worth it imho, as long as you combine it with a powered usb hub. Good luck!
telot
-
haha
If it was easy, it wouldn't be hacking amirite?
Good luck mrgray and please share your progress so the community can learn from this project of yours! We're rooting for you (pun totally intended)
telot
-
Its kind of funny that you're trying to start simple, but ended up doing something at the intermediate level of pineapple'ing I'd say :) It really matters not, since you seem very bright and (thankfully!) can express your goals and steps taken to reach those goals. What inTheDMZ is saying above is that the default usage of the pineapple is with the POE port plugged into a laptop that is connected to a legit wireless AP with ICS enabled (internet connection sharing). That is kind of the go-to, standard, default that the pineapple is configured to be expecting upon bootup. In order to deviate from that standard, you'll have to change the routing tables - which makes sense right? It's expecting internet connectivity from one port, in one specific way (poe port with 172.16.42.42) and we're going to force it to do it another way.
So! Connect to the pineapple over the wifi and issue those commands onto the pineapple from either the advanced menu (one at a time) or ssh in. Once you're comfortable with that, I'd recommend using WhistleMasters button script (if its fixed for the latest firmware...I guess I'm not sure) to setup a script thats contingent on the WPS button press+hold. I have mine setup to configure the WAN port if help for 1-3 seconds, then start tcpdump/sslstrip if help for 5 seconds and it works great. Hope this helps you gonzo, and welcome to the pineapple community!
telot
-
I will be stuffing my money down the throat of the nearest google employee once I'm able to buy glass. Looks amazingly awesome and I can't friggin wait
telot
-
yes. pptp was hacked a while back...maybe at derbycon? My memory is failing me...
telot
-
I don't know anything about where or what the logs are for the module, as I use 'strip via cli and wps button, but see my thread on ssmtp for a great start on emailed logs.
http://forums.hak5.org/index.php?/topic/25966-sent-from-my-pineapple/
telot
-
Whats that? I think I heard Barry start a new and completely awesome project!
Unfortunately I'm away from my pineapple for a few days, but can it be as simple as opkg install --dest usb openvpn-server and then configuration?
telot
-
What happens when you disable karma and then re-enable it via the gui?
telot
-
Ooo! It's around 11pm in the UK - Seb, have you had enough pints to start leaking a little preview for us? :D
telot
-
xneonx I'd hate to reward your thread hijacking by helping you. It's not fair to the OP. Please start a new post with detailed information on your problem (see the stickied thread by Mr. Protocol for advice on starting a new "I need help with my pineapple" thread).
telot
Interceptor Module
in Mark IV Infusions
Posted
Hey WM - you still working on this one? I'm curious if you're able to pass through traffic between the wans and also supply internet for karma. If so, I'd love to see your IPTABLES pwnage, as I'm working on doing exactly this with my raspberry pi. Thanks man!
telot