Mr.miYagi
-
Posts
94 -
Joined
-
Last visited
Posts posted by Mr.miYagi
-
-
Hi Seb
Thanks for explanation.
But i think it must be locked 'more'.
Since you cant move up or down with the dBm. Also with the mW.
Cant go even lower than 18dBm
If the SW is reading correctly now, means that the AR9331 chipset has a maximum of 18dBm? On the openwrt forums, i saw them putting over 20dBm, And finally, there is a big difference between the wlan0 and wlan1 output power, with the same SW.
wlan1 unknown transmit-power information.
Current Tx-Power=29 dBm (794 mW)
wlan0 unknown transmit-power information.
Current Tx-Power=18 dBm (63 mW)on openwrt Forums:
Yes, the AR9331 soc chip is at 20dbM, check qulcomm's product page.
Jow's patch... -
I was wrong with the firmware (i think so). I downgraded till 1.1.1 but still @18dBm
-
Hi all
I have 3 Pineapples that (was) working very well.
As i booted the pineapples for the first time i got 27dBm on both radios wlan0/wlan1.
But after a few FW updates, the TX-power of wlan0 was restricted to 18dBm. I tried to change my location to BO, but no chance to get wlan0 over 18dBm.
iw reg get - gives me BO and up to 30dBm, but wlan0 is locked to 18dBm. wlan1 works fine up to 30dBm.
I tried to remove the lock, trough this:
https://forums.hak5.org/index.php?/topic/29082-signal-boosting/
With no increase.
Several people here and in the openwrt forums, ar claiming about it. But nobody has posted a working solution as i can see.
Somebody has a solution? @ 18dBm the pineapple is very low...
Several threads about that:
https://forums.hak5.org/index.php?/topic/30889-set-txpower-on-boot/
https://forums.hak5.org/index.php?/topic/25935-signal-booster-with-mark-iv/
https://forums.hak5.org/index.php?/topic/30748-txpower-woes/
Tried all. No succes.
Seems a common problem...
-
would it be possible for clients to be able to connect to the fake SSID's? This would make the infusion realy powerfull. I know it wasn't the goal.
Give Occupineapple a list WITH mac adresses (tried with the one from pineapple), and clients connects.
I use airbase-ng, so i can emulate + reponse to more probes.
Karma + airbase/mdk3 is the killer.
Can somebody figure out if its possible to use Karma+airbase/mdk3 on the same interface?
-
I dont have a wlan2 interface
Airmon-ng start wlan1 creates a mon0 interface
Airbase-ng creates a at0 interface and sends the ssid
so the client connects to at0 first right?
putting up wlan1 resulting in this log:
dnsmasq-dhcp[1265]: DHCP packet received on at0 which has no address
so i think i must put up at0.
Thats what im doing and dnsmask dont give a ip to the client.
-
The laptop has a static ip 172.16.42.42
This is made by the wp4.sh script from the pineapple wiki.
So you mean i have to change this adress?
But when i do this, the pineapple will loose connection to my Laptop?!
When i activate the wlan0 as ap, it dosent change the ip from the laptop and its working. So it must work also with the wlan1/at0?
Iprefer to keep the setting on my laptop, because they are set automatically and later i want to change to a 3g stick.
It must be possible to swap the configuration from wlan0 to at0.
-
more like that:
Alfa <=USB=>Pineapple(172.16.42.1 on br-lan)<=ethernet=>laptop(172.16.42.42 on eth0)
^
||
Wireless (192.168.2.102 on wlan0)
||
v
Router/gw/ap/internet (192.168.2.100)
After a factory reset and fresh connection to a laptop i have in ifconfig:
br-lan ip:172.16.42.1 bcadd:172.16.42.255 mask: 255.255.255.0
eth0 with no ip
and routes as statet in post above
/etc/config/dhcp
config 'dnsmasq'
option 'domainneeded' '1'
option 'boguspriv' '1'
option 'filterwin2k' '0'
option 'localise_queries' '1'
option 'rebind_protection' '1'
option 'rebind_localhost' '1'
option 'local' '/lan/'
option 'domain' 'lan'
option 'expandhosts' '1'
option 'nonegcache' '0'
option 'authoritative' '1'
option 'readethers' '1'
option 'leasefile' '/tmp/dhcp.leases'
option 'resolvfile' '/tmp/resolv.conf.auto'
config 'dhcp' 'lan'
option 'interface' 'lan'
option 'start' '100'
option 'limit' '150'
option 'leasetime' '12h'
option 'ignore' '0'
list 'dhcp_option' '3,172.16.42.42'
list 'dhcp_option' '3,172.16.42.1'
list 'dhcp_option' '6,172.16.42.1,8.8.8.8'
list 'dhcp_option' '6,172.16.42.1,208.67.222.222'
#config 'dhcp' 'wan'
# option 'interface' 'wan'
# option 'ignore' '1'
# option 'start' '100'
# option 'limit' '150'
# option 'leasetime' '12h'
# list 'dhcp_option' '3,172.16.42.42'
# list 'dhcp_option' '6,172.16.42.1,8.8.8.8'
# list 'dhcp_option' '6,172.16.42.1,208.67.222.222' -
Postet also in Security.
Now 0.10 BTC bounty for the Solution
https://forums.hak5.org/index.php?/topic/32349-set-the-correct-routes-for-at0-bounty-for-solution/
-
Route Table:
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.16.42.42 0.0.0.0 UG 0 0 0 br-lan
172.16.42.0 * 255.255.255.0 U 0 0 0 br-lanWlan1 has no ip, since the command "ifconfig at0 up" is executed without a ip nor netmask.
Tried something new:
The wlan0/1 is managed by hostapd, and maybe cause some problem to my at0 interface.
So now i tried to stop the hostapd with "killall hostapd"
now wlan0/1 disappears from ifconfig. Still there the br-lan interface with the 172.16.42.1 adress.
then i restart my steps,
airmon-ng start wlan1 (create interface mon0)
airbase-ng -e test -P -C 30 -c 6 mon0 (create interface at0)
ifconfig at0 up
brctl addif br-lan at0
now i see at0 on ifconfig and brctl. But now i dindt get even an ip on clients.
This is the job from dnsmasq right? How to repoint dnsmasq on at0 without messing up the already working settings?
-
The pineapple has already bridget eth0(wan)/wlan0/1
Before i start "brctl show" lists this:
Bridge-namebr-lan
STP enabled
no
interfaces
eth0
wlan1
So your solution:
ifconfig at0 up (thats exactly what im doing)
br-ctl addif br-lan at0 (same as by now)
br-ctl addif br-lan wlan0 (i dont use this interface, why bridge it? U meant wlan1? Itsalready bridged...)
In the logs i see dnsmasq ack for IP, but still no internet for my clients...
so at0 and eth0 are bridget correctly, something with the IP routing must be wrong. Do i have to set a IP for at0?
So still no internet on my clients...
-
ath0 if for athereos chipsets.
when i start airbase-ng it will create the interface at0.
I dont have a ath0 interface.
-
Hi all
Im stuck @ setting up a wifi AP on a Pineapple. Tried on a laptop with the same results. Im sure the fault is a routing issue. Its driving me crazy since day's / weeks.
Tried different setups and infusions but i dont get it working.
So now im willing to give 0.10 BTC (or equivalent in you FIAT) bounty for a solution.
Here the setup:
PIneapple is connected trough a lan cable to a linux laptop, wp5 script is running there, so the pineapple has WAN, laptop too.
Plug in Alfa wifi card, will be listed as wlan1
airmon-ng start wlan1
start airbase-ng, on wlan1 - created interface at0 is listed
After that i put at0 up and bridge it with br-lan
ifconfig at0 up
br-ctl addif br-lan at0
Now the clients gets a ip (range 172.16.42.100-150) in the logs i can see the replies from dnsmask. But the clients didnt get WAN/internet. While the to connection to the Pineapple (172.16.42.1) web portal is very slow.
I can install infusions, so internet is working, And with the networkmanager infusion i can get up and working a AP with wlan1.
I think im missing something with setting up at0 on a Ip or set a route. But every combinazion a try, it didnt work.
Something like: ifconfig at0 172.16.42.xxx netmask 255.255.255.0
add route -net xxx.xxx.xxx.xxx netmask 255.255.255.0 gw xxx.xxx.xxx.xxx
I used the search function and google. Found a lot about that, but not specific in case of at0 and wifi pineapple.
Thanks for help
-
changed
Ifconfig at0 up 172.16.42.1 netmask 255.255.255.0
Now i have a very slow connection to the pineapple but still no wan. Must be some routing issue.
Pineapple has wan over laptop ics and working...
I dont get this, tried many configurations.
-
Hi all
I like to use the airbase-ng script.
so i connect my Alfa (wlan1) to my pineapple and start my script.
After that:
Ifconfig at0 up
Brctl addif br-lan at0
Clients gets ip, but no internet. Can someone give me a hint, what im forgetting?
Thx
-
Hmm i liked to use msf, but seems to much for our pineapple...
The Raspberry's specs arent much better, slow cpu, not much Ram, and isn't avaiable now...
So only the server thing, is avaiable. Never done that, and to get it work like the msf, it will be a very hard work :)
Maybe someone can script some fake imap/pop/http server? So we can get the ssl connections....?!
-
An my question is, if somebody here knows wich one..? Or where is the problem why isnt running.
I try to reinstall during the weekend, since the installation is broken, due the fw upgrade.
I know that the hw of the pineapple is a little bit slow, but the msf brings a lot of goodies with it, like dsn spoofing, real good creds capture, automated exploiting of targets and alot more...
And isn't that what we all here are trying? To bring a device to do, somethin that isn't desingned to? Or can u explain me why we are using a normal wireless router, with al hell of a FW to simulate a evil honeypot :)
-
Room?
We have room on the USB storage.
Sslstrip is installed too, on the usb.
I installed msf on the usb, it starts, but stop because of some errors.
I think, its a thing of depencies, not of storage, or im wrong?
-
Hi Guys
Before i begun to play with this wonderfull device, i made a rogue AP wit my Laptop and KARMETASPLOIT.
The Jasager dues quite the same thing, in exception of one:
The KARMA can capture the SSL connection of the maillogins, and writes down everithing in a wonderfull database.
This capturing of the SSL data is what im missing on the jasager...
Somebody knows how to set up a fake ssl/imap/pop/hhtp server, or get metasploit to work on openwrt?
I googlet alot, but found only 2 refernces about this, and they talking about installing the very outdated msf 2.6,
in year 2006...
I get installed, but get errors when trying to start. I (tried to)installed all depencies manually...
Somebody an idea?
Mr.miYagi
-
Yes, it is indeed VID: 12d1 and PID: 1003.
Could you please share your script?
Thank you in advance,
Nik
Here my friend. Don't forged to change apn, user and pw:
#!/bin/sh
# ---------------------------------------------------------
# 3G Connection Script for WiFi Pineapple. "Does the thing"
#
# Version: 2012-02-17
# Supports:
#
# ZTE MF591 (T-Mobile) -dkitchen
# Novatel MC760 (Virgin) -dkitchen
# Novatel MC760 (Ting) -dkitchen
#
# Updated: wifipineapple.com
# ---------------------------------------------------------
# -----------------------------------------------------------
# Configure /etc/ppp/options with hard-coded working settings
# -----------------------------------------------------------
echo "
logfile /dev/null
noaccomp
nopcomp
nocrtscts
lock
maxfail 0" > /etc/ppp/options
# --------------------------------------------------------------------------------------------------
# Check for known usb modem vendor and product IDs then switch 'em from storage to serial modem mode
# --------------------------------------------------------------------------------------------------
echo "Searching for attached 3G Modems"
logger "3G: Connection Script here, searching for modems"
MODEM=$(lsusb | awk '{ print $6 }')
echo $MODEM
case "$MODEM" in
*12d1:1003*) echo "Huawei E180"
uci delete network.wan2
uci set network.wan2=interface
uci set network.wan2.ifname=ppp0
uci set network.wan2.proto=3g
uci set network.wan2.service=umts
uci set network.wan2.device=/dev/ttyUSB0
uci set network.wan2.apn=gprs.swisscom.ch
uci set network.wan2.username=
uci set network.wan2.password=
uci set network.wan2.defaultroute=1
uci commit network
usb_modeswitch -v 12d1 -p 1003
sleep 10; rmmod usbserial
sleep 3; insmod usbserial vendor=0x12d1 product=0x1003
sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop
logger "3G: firewall stopped"
iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE
iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT
iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT
;;
-
I had no disconnects, runned over night an all goes fine. Maybe u have to activate the 3g redial script?
Im on the way, i post my script this evening.
Someone get the sdcard working? Formated to ext4, but no idea how to mount...
-
Give me ur PID and VID, i try to modify the script for u.
E160 doesent seems really supported, we can try this:
########################################################
# Huawei devices
#
# Contributor: Hans Kurent, Denis Sutter, Vincent Teoh
DefaultVendor= 0x12d1
DefaultProduct= 0x1003
TargetClass= 0xff
HuaweiMode=1
-
Solved, thx
-
Its listed on the supported devices. But what exactly i have to change on the script, to get it working? Its not supported, out of the box...
I have 6 different 3g modems, but didnt get working, i tried to modify the script, but with no luck...
Thats what the Lofile tells:
user.notice usb-modeswitch: 1-1:1.1: Manufacturer=HUAWEI_Technology Product=HUAWEI_Mobile Serial=?
user.notice usb-modeswitch: 1-1:1.1: Selecting /etc/usb_modeswitch.d/12d1:1003 for mode switching
user.notice usb-modeswitch: switching seemingly failed
-
Thx
Will try the reflash.
Can someone help to add another modem?
TX-Power on newer FW
in WiFi Pineapple Mark V
Posted · Edited by Mr.miYagi
Yes its about wlan0 and the 18dBm.
And no, Jow's hack doesent work and turning down the interface doesent too.
With my alpha@ 27/30dBm i get a ton more clients/ap's