Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Mr.miYagi

  1. At the setup screen the pineapple doesent accept any ssh connection. With the manipulated packed, it skips the reset button part, i can enter all settings like pw ssid etc. When i press continue, it goes back to the welcome setup screen and doesent set the pw etc. Maybe i broke the setup, and trying to find out, how to reset it or restart the setup. Maybe this helps. The other thing is, its not meant for this device. I mean, maybe the setup doesent work on mk5.
  2. Seems burp suite is the answer. Passed the secure setup, but could not finish the setup till now. Fummeling with the packets...
  3. Hi this is a cross-post from Pineaple Mk5 I upgraded my Pineapple MK5 on the newest Openwrt NANO image and now stuck in the setup The initial setup in the web interface is asking to press the reset button wich is not present on hardware side. Someone an idea how to skip this? Tried already to watch on wireshark, if there is something interesting, but i dont know if i can use this: 90 14.140287391 HTTP 497 HTTP/1.1 200 OK (application/json) )]}', {"buttonPressed":false,"booted":true} Can i manipulate some packets, in the way to trick the interface to continue? Or im searching on the wrons side?
  4. As i wrote in the title, be warned. You can brick your Device, loose you guarantee (MK5 should be out of guarantee), lose wife and children etc. Im not responsable for all the bad thing will happen to you, if you follow this flash procedure as i wrote here its possible to flash a MK5 with the newest Opwnwrt NANO image. it boots, but im stuck in the setup. It asks for pressing the "reset" button, wich i don't have. Idk if im right, but as i can see, there is no way to trigger the GPIO/reset button on hardware side, since GPIO (reset button on NANO) isn't wired up. I could flash back 2.4 with my bus pirate, but like to hack and break things 🙂 Can we work out something to skip the secure setup? On PHP side? Or triggering some pins on the PCB directly? Would appreciate some idea. I already tried to manipulate some TCP package with wireshark, im not really good at it, maybe someone can explain to me it if makes sense to continue to search there for the weak point.
  5. And because i was bored and already experimenting, i tried to flash the newest Nano 2.5.4 img... Aaaaand its boots up. Im stuck now at the setup screen, it ask to push the reset button to continue, wich i dont have. I tried already with a few DIP switch combination, but it didn't work. I try now: - More DIP switch combinations - Try to find out if some GPIO pins triggers it - Try ro find out, how i cuould skip this part of the setup Edit: Reset on Nano seems on gpio12, no DIP switches are 12 on mkv
  6. Trows me erros about dependencies, dont installs. https://github.com/adde88/hostapd-mana-openwrt-simple/blob/master/bin/ar71xx/packages/base/hostapd-mana-light_2.6-2_mips_24kc.ipk installs fine and work. Already tested
  7. Hey @Allegria Just install https://github.com/adde88/hostapd-mana-openwrt-simple/blob/master/bin/ar71xx/packages/base/hostapd-mana-light_2.6-2_mips_24kc.ipk?raw=true and launch with "hostapd-mana /etc/mana-toolkit/hostapd-mana.conf" The hostapd part seems to work. Now we need to get dns2proxy and sslstrip working
  8. thx foxtrott I know nothing is official, but hey, we are here for hacking 😉 btw Mana seems to work with the provided .ipk fom @Zylla , have still some trouble to start it correctly. Got clients associated!!! Even wlan1 connected to elan0 with a fake AP!! most of the time i get: root@OpenWrt:~# hostapd-mana /etc/mana-toolkit/hostapd-mana.conf Configuration file: /etc/mana-toolkit/hostapd-mana.conf Could not read interface wlan1 flags: No such device nl80211: Driver does not support authentication/association or connect commands nl80211: deinit ifname=wlan1 disabled_11b_rates=0 Could not read interface wlan1 flags: No such device nl80211 driver initialization failed. wlan1: interface state UNINITIALIZED->DISABLED wlan1: AP-DISABLED i switched to wlan0, killed wpa_supplicant and dnsmasq, and sometime it works. but if i deactivate the wlan1 in the web interface, it doesen't show up in iwconfig, and i get that error. And if i activate, networkmanager etc makes a mess... im sure
  9. copy fw to /tmp cd to /tmp mtd write -r 3.0upgradexxxx.bin firmware edit: Be patient, tooks long to flash and the 1. boot
  10. Tried to go back to 3.0 and made the https://openwrt.org/toh/hwdata/hak5/hak5_wifi_pineapple_nano upgrade. I was thinking the nano upgrade is only a upgrade and not a full image, so i was thinking that is a better idea to upgrade from 3.0. but pineapple stuff seems removed here, so no package for the actual distro/architecture. Try to figure out how how to compile mana and the other stuff on 18.06.
  11. with the original 3.0 beta and the Nano upgrade now im on 18.06.02 and kinda of official release. New enough for me. Never portet aps with sdk, only compiled for debian et. But i have no experience in it. Hope i get it. Already installed the MANA Light package from you git. It seems to install. I dont know what exactly, bit it installs 😄 Every help is appreciated
  12. Wow fast answer So then... I try to get 18.06.2 running. As i understand, every image that has "generic" as subtarged and is for AR9331 should work? You think i can flash a image from here? https://openwrt.org/toh/views/toh_fwdownload like the one for the TL-WR710N? I bricked my MKV a lot of time, but i have a soldering station and a bus pirate. Could fix it every time till now Thanks for your help Edit: Found This: https://openwrt.org/toh/hwdata/hak5/hak5_wifi_pineapple_nano openwrt 18.06 for the nano. Can we use just this image? is this only a upgrade or a full image? @Zylla the problem is not to get a new image for the 18.06, my problem is i cant port all the tools to the ne architure.
  13. Hi all Wanna share how i got LEDE Reboot 17.01.5 running on my MKV Download http://downloads.openwrt.org/releases/17.01.5/targets/ar71xx/generic/lede-17.01.5-ar71xx-generic-tl-mr3040-v2-squashfs-factory.bin Ssh to pineapple mtd write -r /firmwarelocation.bin firmware (edit, wron command: sysupgrade -n /tmp/lede-17.01.5-ar71xx-generic-tl-mr3040-v2-squashfs-factory.bin) Connect to the new FW Set PC LAN to DCHP(dont use wp5.sh script) Connect lan cable Browse to login with user root, pass toor Get sd card working Get a wifi connection with wlan0 or provide other internet connection Go to software and install folowing packages, or use opkg trough ssh (this are more package as you need, if someone knows wich one aren't needed, we can sort them out, but sd works with these): opkg update opkg install kmod-scsi-core kmod-scsi-generic \ kmod-usb-core kmod-usb-ohci kmod-usb-uhci kmod-usb2 kmod-usb3 \ kmod-fs-msdos kmod-fs-vfat kmod-fs-ext4 usbutils \ kmod-usb-storage kmod-usb-storage-extras block-mount Reboot Insert a previosly formatted sd card (etx4 and swap partition) Check with dmesg if its reconized, or check with "block info" Now you get the menu "Mount points" in the web interface Click on "generate conf" and the 2 partition will appear Edit sda1/the ext4 partition Change mount point to /overlay click on save & apply Click on "enable" ckeckbox, save and apply afterwards Reboot Bam! you have a Openwrt installation with XGB of storage Install second wifi Go to software or use opkg: opkg update / update list first or you won't get results Search for RTL8187 Install kmod-rtl8187 Here you have your 2. wireless If you mess up something, you can reset it trough the web interface (didnt find the dip switch/combination for factory reset yet) Network setting are by pressing the DIP switch 5 for a few second. Please share your findings about. First of all i wanna thanks @Allegria for the idea and command to upgrade to Lede and @Zylla that already made MANA possible on the old FW Open questions: I tried to install the MANA packages for the Nano and i get several errors, like wrong Architecture or missing libc etc. @Zylla can you help me out to get it running? If i have to compile it from scratch, it better to switch to lede 18 first and compile it there? can we port the rest of it like these methods: https://penturalabs.wordpress.com/2013/04/25/blue-for-the-pineapple/ Thx for the help edit: its faster that way: update to 3.0 and make the https://openwrt.org/toh/hwdata/hak5/hak5_wifi_pineapple_nano upgrade Model Hak5 WiFi Pineapple NANO Architecture Atheros AR9330 rev 1 Firmware Version OpenWrt 18.06.2 r7676-cddd7b4c77 / LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d) runs fine that way. The only prolem is how to port all applications? Compile all fom scratch?
  14. after i changed the location of the dhcp file: /etc/init.d/dnsmasq will reset your config file. Im connected with ethernet. On FW 3.0 (similar to nano, i think) i could empty the wireless file and its stays empty. Now it would populated with the standart settings, and fter i reboot my pineapple are broadcasting Pineapple_XXXX. I found out, if i connect with my new device to the ssid that are configured on the hostapd file, i get a ip. If i connect to a invisible network, not. to the startup scrip. I havent really one, i try to get it working manually, till all works. But changes i made: i launch a scrip that starts your script on screen, so it dont stops on disconnect /bin/echo 'sleep 5s' sleep 5 /bin/echo 'launch mana on screen -r mana' /usr/sbin/screen -dmS mana /usr/share/mana-toolkit/run-mana/mana-pineapple.sh also you have to use absolute path's if you want to launch it on boot. on your script i had do add - absolute path's - mkdir /var/lib/misc (or you get: dnsmasq: cannot open or create lease file /var/lib/misc/dnsmasq.leases: No such file or directory) - /usr/bin/killall hostapd - changed wlan1 to wlan0 ps output http://pastebin.com/D1r9PLAW top output http://pastebin.com/4HYmgkkJ launcher http://pastebin.com/fRt3H30W and to launch it, i modified the Karma tile, so it lauches your script instead of mana, with 1click ;) function toggle_karma($enable) { if ($enable) { exec("/sd/manalauncher.sh"); } else { # exec("pineapple karma stop"); exec("killall screen"); } return true; } edit: dnsmasq seems to listen correctly: sudo netstat -tulpen | grep dnsmasq -ash: sudo: not found root@Pineapple:~# netstat -tulpen | grep dnsmasq tcp 0 0* LISTEN 5960/dnsmasq netstat: /proc/net/tcp6: No such file or directory udp 0 0* 5960/dnsmasq udp 0 0* 5960/dnsmasq or not? Edit: Seems some devices/android versions doesent get a ip. Headache for nothing.... its a android 4.2.2 tablet, all other devices connects nice
  15. Maybe i messed uf some configuration. the path to /etc/mana-toolkit/dnsmasq-dhcpd.conf is correct in the launch script. But when i restart dnmasq, the first line of the conf file shows me: auto-generated config file from /etc/config/dhcp Also the wireless settings are reset, if i change it or delete it. wlan0 has the right ip (, dnmasq associate the (new)client, the client didnt get a ip. Devices that already was connected, gets ip. Maybe i changed to much conf files and i have to begin from scratch... And back to 3.0 is a no go, because of the SD corruptions Edit: The changes to : ./rom/etc/init.d/dnsmasq maybe are the problem they overwrite my dchp settings
  16. i switched back to FW 2.4 where all the packages are installed. Managed to get mana to work. But have trouble get the DHCP client to work correctly. Something is overwriting the conf file. Im still searching what the reason. I guess some cronjob...
  17. Hi I have the same issue an my MKV with FW 3.0 Had the same issue with downloading files from the sslsplit modules. And now i get errors with some modules installed on the sd. I installed python 2.7 on the SD. When i start SSLstrip, i get a BUS error. After that i can see in dmesg the I/O error or a bad superblock warnig. Badblock cant find any bad blocks.... I remove the swap partition and retry the hole story, mabe this helps to reduce the bottleneck or read/write errors. Maybe it helps. same issues with original sd / samsung 16GB class 10 / Kingston 16GB class 10 Edit: copied all files from SD to PC, formatted the SD, checked for errors. Created only 1 ext4 partition without swap. Copied the files back, after boot, copied a big folder and i get this: [ 682.750000] blk_update_request: I/O error, dev sdb, sector 397280 [ 683.280000] EXT4-fs warning (device sdb1): ext4_end_bio:317: I/O error -5 writing to inode 2841 (offset 0 size 4096 starting block 54878) [ 683.280000] Buffer I/O error on device sdb1, logical block 54621 [ 683.290000] Aborting journal on device sdb1-8. [ 683.300000] JBD2: Error -5 detected when updating journal superblock for sdb1-8. [ 683.310000] EXT4-fs error (device sdb1): ext4_journal_check_start:56: Detected aborted journal [ 683.310000] EXT4-fs (sdb1): Remounting filesystem read-only [ 683.320000] EXT4-fs (sdb1): previous I/O error to superblock detected
  18. the folder is 100% on the SD and its your folder. removed all python packages from root: python-base python-light python-openssl phython-sqlite3 python-codecs reinstalled all to -d sd removed all files and folders in /sd/usr/lib/python2.7/ and unpacked your files get me: python /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip.py Traceback (most recent call last): File "/usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip.py", line 27, in <module> from twisted.web import http ImportError: No module named twisted.web but since in my opkg manager python-twisted web is missing, the system did not reconize anyhow the module, no matter if the files are in the folder. i have to search a python-twisted web package for my version - i think and i saw in line 28 twisted.internet is needed. i try to search a package and i hope i dont brick it... Thanks for all the help Edit: Im not the only one, package is missing....
  19. Exactly whats i done, after my my google-foo. But it was only a short try. Try again later in the evening. The files are now on the sd. But at first try it didn't work. For sure my fault...
  20. thanks for the advise. Installed an sdcard. But sslstrip is still missing some modules (twisted web etc). i try to find out whats the matter. mybe i have to reinstall python or register the modules in some wise. Thank i apreciate much your help. Thanks
  21. Easy? wait for realease? Too boring :D You are my hero, i try to set up phyton soon. THX
  22. SSLstrip seems to miss some dependencies: Traceback (most recent call last): File "/usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip.py", line 27, in <module> from twisted.web import http And for getting hostnames in the Client page (WEBGUI) modify: nano /pineapple/modules/Clients/api/module.php the line leases = explode("\n", @file_get_contents('/var/run/dnsmasq.leases')); leases = explode("\n", @file_get_contents('/var/lib/misc/dnsmasq.leases'));
  23. mana starts nice with your script. i try to implement dniff and sslplit, if i get i working, i will post it here.
  24. Thanks for your patience. Solution was reset wifi settings run your script (not sure is necessary) and bam: ANA - Attempting to generate Broadcast response : xxxxxxxxxxxxxxxxxxxxxxxxxxxxx MANA - Attempting to generate Broadcast response : xxxxxxxxxxxxxxxxxxxxxxxxxxxxx MANA - Attempting to generate Broadcast response : xxxxxxxxxxxxxxxxxxxxxx MANA - Attempting to generate Broadcast response : xxxxxxxxxxxxxxxxxxxxxxxxxx MANA - Attempting to generate Broadcast response :xxxxxxxxxxxxxxxxxxxxxxxxxxxxx seems to run very nice till now now i try to get sslstrip and the other toll to run properly. Thanks a lot
  • Create New...