Mr.miYagi

Yes its about wlan0 and the 18dBm. And no, Jow's hack doesent work and turning down the interface doesent too. With my alpha@ 27/30dBm i get a ton more clients/ap's

Hi Seb Thanks for explanation. But i think it must be locked 'more'. Since you cant move up or down with the dBm. Also with the mW. Cant go even lower than 18dBm If the SW is reading correctly now, means that the AR9331 chipset has a maximum of 18dBm? On the openwrt forums, i saw them putting over 20dBm, And finally, there is a big difference between the wlan0 and wlan1 output power, with the same SW. wlan1 unknown transmit-power information. Current Tx-Power=29 dBm (794 mW) wlan0 unknown transmit-power information. Current Tx-Power=18 dBm (63 mW) on openwrt Forums: Yes, the AR9331 soc chip is at 20dbM, check qulcomm's product page. Jow's patch... https://forum.openwrt.org/viewtopic.php?id=50209

I was wrong with the firmware (i think so). I downgraded till 1.1.1 but still @18dBm

Hi all I have 3 Pineapples that (was) working very well. As i booted the pineapples for the first time i got 27dBm on both radios wlan0/wlan1. But after a few FW updates, the TX-power of wlan0 was restricted to 18dBm. I tried to change my location to BO, but no chance to get wlan0 over 18dBm. iw reg get - gives me BO and up to 30dBm, but wlan0 is locked to 18dBm. wlan1 works fine up to 30dBm. I tried to remove the lock, trough this: https://forums.hak5.org/index.php?/topic/29082-signal-boosting/ With no increase. Several people here and in the openwrt forums, ar claiming about it. But nobody has posted a working solution as i can see. Somebody has a solution? @ 18dBm the pineapple is very low... Several threads about that: https://forums.hak5.org/index.php?/topic/30889-set-txpower-on-boot/ https://forums.hak5.org/index.php?/topic/25935-signal-booster-with-mark-iv/ https://forums.hak5.org/index.php?/topic/30748-txpower-woes/ http://pastebin.com/JcGhBBFJ Tried all. No succes. Seems a common problem...

Give Occupineapple a list WITH mac adresses (tried with the one from pineapple), and clients connects. I use airbase-ng, so i can emulate + reponse to more probes. Karma + airbase/mdk3 is the killer. Can somebody figure out if its possible to use Karma+airbase/mdk3 on the same interface?

I dont have a wlan2 interface Airmon-ng start wlan1 creates a mon0 interface Airbase-ng creates a at0 interface and sends the ssid so the client connects to at0 first right? putting up wlan1 resulting in this log: dnsmasq-dhcp[1265]: DHCP packet received on at0 which has no address so i think i must put up at0. Thats what im doing and dnsmask dont give a ip to the client.

The laptop has a static ip 172.16.42.42 This is made by the wp4.sh script from the pineapple wiki. So you mean i have to change this adress? But when i do this, the pineapple will loose connection to my Laptop?! When i activate the wlan0 as ap, it dosent change the ip from the laptop and its working. So it must work also with the wlan1/at0? Iprefer to keep the setting on my laptop, because they are set automatically and later i want to change to a 3g stick. It must be possible to swap the configuration from wlan0 to at0.

more like that: Alfa <=USB=>Pineapple(172.16.42.1 on br-lan)<=ethernet=>laptop(172.16.42.42 on eth0) ^ || Wireless (192.168.2.102 on wlan0) || v Router/gw/ap/internet (192.168.2.100) After a factory reset and fresh connection to a laptop i have in ifconfig: br-lan ip:172.16.42.1 bcadd:172.16.42.255 mask: 255.255.255.0 eth0 with no ip and routes as statet in post above /etc/config/dhcp config 'dnsmasq' option 'domainneeded' '1' option 'boguspriv' '1' option 'filterwin2k' '0' option 'localise_queries' '1' option 'rebind_protection' '1' option 'rebind_localhost' '1' option 'local' '/lan/' option 'domain' 'lan' option 'expandhosts' '1' option 'nonegcache' '0' option 'authoritative' '1' option 'readethers' '1' option 'leasefile' '/tmp/dhcp.leases' option 'resolvfile' '/tmp/resolv.conf.auto' config 'dhcp' 'lan' option 'interface' 'lan' option 'start' '100' option 'limit' '150' option 'leasetime' '12h' option 'ignore' '0' list 'dhcp_option' '3,172.16.42.42' list 'dhcp_option' '3,172.16.42.1' list 'dhcp_option' '6,172.16.42.1,8.8.8.8' list 'dhcp_option' '6,172.16.42.1,208.67.222.222' #config 'dhcp' 'wan' # option 'interface' 'wan' # option 'ignore' '1' # option 'start' '100' # option 'limit' '150' # option 'leasetime' '12h' # list 'dhcp_option' '3,172.16.42.42' # list 'dhcp_option' '6,172.16.42.1,8.8.8.8' # list 'dhcp_option' '6,172.16.42.1,208.67.222.222'

Postet also in Security. Now 0.10 BTC bounty for the Solution https://forums.hak5.org/index.php?/topic/32349-set-the-correct-routes-for-at0-bounty-for-solution/

Route Table: Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.42.42 0.0.0.0 UG 0 0 0 br-lan 172.16.42.0 * 255.255.255.0 U 0 0 0 br-lan Wlan1 has no ip, since the command "ifconfig at0 up" is executed without a ip nor netmask. Tried something new: The wlan0/1 is managed by hostapd, and maybe cause some problem to my at0 interface. So now i tried to stop the hostapd with "killall hostapd" now wlan0/1 disappears from ifconfig. Still there the br-lan interface with the 172.16.42.1 adress. then i restart my steps, airmon-ng start wlan1 (create interface mon0) airbase-ng -e test -P -C 30 -c 6 mon0 (create interface at0) ifconfig at0 up brctl addif br-lan at0 now i see at0 on ifconfig and brctl. But now i dindt get even an ip on clients. This is the job from dnsmasq right? How to repoint dnsmasq on at0 without messing up the already working settings?

The pineapple has already bridget eth0(wan)/wlan0/1 Before i start "brctl show" lists this: Bridge-name br-lan STP enabled no interfaces eth0 wlan1 So your solution: ifconfig at0 up (thats exactly what im doing) br-ctl addif br-lan at0 (same as by now) br-ctl addif br-lan wlan0 (i dont use this interface, why bridge it? U meant wlan1? Itsalready bridged...) In the logs i see dnsmasq ack for IP, but still no internet for my clients... so at0 and eth0 are bridget correctly, something with the IP routing must be wrong. Do i have to set a IP for at0? So still no internet on my clients...

ath0 if for athereos chipsets. when i start airbase-ng it will create the interface at0. I dont have a ath0 interface.

Hi all Im stuck @ setting up a wifi AP on a Pineapple. Tried on a laptop with the same results. Im sure the fault is a routing issue. Its driving me crazy since day's / weeks. Tried different setups and infusions but i dont get it working. So now im willing to give 0.10 BTC (or equivalent in you FIAT) bounty for a solution. Here the setup: PIneapple is connected trough a lan cable to a linux laptop, wp5 script is running there, so the pineapple has WAN, laptop too. Plug in Alfa wifi card, will be listed as wlan1 airmon-ng start wlan1 start airbase-ng, on wlan1 - created interface at0 is listed After that i put at0 up and bridge it with br-lan ifconfig at0 up br-ctl addif br-lan at0 Now the clients gets a ip (range 172.16.42.100-150) in the logs i can see the replies from dnsmask. But the clients didnt get WAN/internet. While the to connection to the Pineapple (172.16.42.1) web portal is very slow. I can install infusions, so internet is working, And with the networkmanager infusion i can get up and working a AP with wlan1. I think im missing something with setting up at0 on a Ip or set a route. But every combinazion a try, it didnt work. Something like: ifconfig at0 172.16.42.xxx netmask 255.255.255.0 add route -net xxx.xxx.xxx.xxx netmask 255.255.255.0 gw xxx.xxx.xxx.xxx I used the search function and google. Found a lot about that, but not specific in case of at0 and wifi pineapple. Thanks for help

changed Ifconfig at0 up 172.16.42.1 netmask 255.255.255.0 Now i have a very slow connection to the pineapple but still no wan. Must be some routing issue. Pineapple has wan over laptop ics and working... I dont get this, tried many configurations.

Hi all I like to use the airbase-ng script. so i connect my Alfa (wlan1) to my pineapple and start my script. After that: Ifconfig at0 up Brctl addif br-lan at0 Clients gets ip, but no internet. Can someone give me a hint, what im forgetting? Thx

Hmm i liked to use msf, but seems to much for our pineapple... The Raspberry's specs arent much better, slow cpu, not much Ram, and isn't avaiable now... So only the server thing, is avaiable. Never done that, and to get it work like the msf, it will be a very hard work :) Maybe someone can script some fake imap/pop/http server? So we can get the ssl connections....?!

An my question is, if somebody here knows wich one..? Or where is the problem why isnt running. I try to reinstall during the weekend, since the installation is broken, due the fw upgrade. I know that the hw of the pineapple is a little bit slow, but the msf brings a lot of goodies with it, like dsn spoofing, real good creds capture, automated exploiting of targets and alot more... And isn't that what we all here are trying? To bring a device to do, somethin that isn't desingned to? Or can u explain me why we are using a normal wireless router, with al hell of a FW to simulate a evil honeypot :)

Room? We have room on the USB storage. Sslstrip is installed too, on the usb. I installed msf on the usb, it starts, but stop because of some errors. I think, its a thing of depencies, not of storage, or im wrong?

Hi Guys Before i begun to play with this wonderfull device, i made a rogue AP wit my Laptop and KARMETASPLOIT. The Jasager dues quite the same thing, in exception of one: The KARMA can capture the SSL connection of the maillogins, and writes down everithing in a wonderfull database. This capturing of the SSL data is what im missing on the jasager... Somebody knows how to set up a fake ssl/imap/pop/hhtp server, or get metasploit to work on openwrt? I googlet alot, but found only 2 refernces about this, and they talking about installing the very outdated msf 2.6, in year 2006... I get installed, but get errors when trying to start. I (tried to)installed all depencies manually... Somebody an idea? Mr.miYagi

Yes, it is indeed VID: 12d1 and PID: 1003. Could you please share your script? Thank you in advance, Nik Here my friend. Don't forged to change apn, user and pw: #!/bin/sh # --------------------------------------------------------- # 3G Connection Script for WiFi Pineapple. "Does the thing" # # Version: 2012-02-17 # Supports: # # ZTE MF591 (T-Mobile) -dkitchen # Novatel MC760 (Virgin) -dkitchen # Novatel MC760 (Ting) -dkitchen # # Updated: wifipineapple.com # --------------------------------------------------------- # ----------------------------------------------------------- # Configure /etc/ppp/options with hard-coded working settings # ----------------------------------------------------------- echo " logfile /dev/null noaccomp nopcomp nocrtscts lock maxfail 0" > /etc/ppp/options # -------------------------------------------------------------------------------------------------- # Check for known usb modem vendor and product IDs then switch 'em from storage to serial modem mode # -------------------------------------------------------------------------------------------------- echo "Searching for attached 3G Modems" logger "3G: Connection Script here, searching for modems" MODEM=$(lsusb | awk '{ print $6 }') echo $MODEM case "$MODEM" in *12d1:1003*) echo "Huawei E180" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=umts uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.apn=gprs.swisscom.ch uci set network.wan2.username= uci set network.wan2.password= uci set network.wan2.defaultroute=1 uci commit network usb_modeswitch -v 12d1 -p 1003 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x12d1 product=0x1003 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;;

I had no disconnects, runned over night an all goes fine. Maybe u have to activate the 3g redial script? Im on the way, i post my script this evening. Someone get the sdcard working? Formated to ext4, but no idea how to mount...

Give me ur PID and VID, i try to modify the script for u. E160 doesent seems really supported, we can try this: ######################################################## # Huawei devices # # Contributor: Hans Kurent, Denis Sutter, Vincent Teoh DefaultVendor= 0x12d1 DefaultProduct= 0x1003 TargetClass= 0xff HuaweiMode=1

Solved, thx

Its listed on the supported devices. But what exactly i have to change on the script, to get it working? Its not supported, out of the box... I have 6 different 3g modems, but didnt get working, i tried to modify the script, but with no luck... Thats what the Lofile tells: user.notice usb-modeswitch: 1-1:1.1: Manufacturer=HUAWEI_Technology Product=HUAWEI_Mobile Serial=? user.notice usb-modeswitch: 1-1:1.1: Selecting /etc/usb_modeswitch.d/12d1:1003 for mode switching user.notice usb-modeswitch: switching seemingly failed

Thx Will try the reflash. Can someone help to add another modem?