RebelCork

Anyone take a look at the other products that they have on the site?? 500 bucks for a pwn plug?? Not exactly conducive for a pentest. In relation to the pwerstrip, I once worked in an establishment where we installed nice new mini UPS systems with surge protectors for the front office, about the same size as the one above. The aim was to allow the systems in the front a graceful shutdown. One stormy night, and the whole system in the front went down, and one of the machines fried. When we went to look, someone swapped out the UPS with a cheapo socket and took it home, presumably for their rig at home. I'm still surprised that no-one has done anymore research into the Pogoplug/Svarkast idea from Irongeek. The only problem I see is the pitiful 256mb ram. I can get Debian squeeze working well, but metasploit brings the whole thing to a crawl. I personally cant see the Raspberry pi faring much better. Perhaps the apc barebones model (apc.io), with 512mb ram might be a faster option and will cost around 35 bucks. Any ideas

VMBox is not great on MacOSX, I would highly suggets using VMWare essentials, I think you can pick it up for less than 40 dollars at the moment. Virtual Machines cannot access the hardware directly, it is a basic security system to prevent something screwing up your computer. Even when you are using an ethernet cable on a VM, what is happening is a software bridge between the VM and your Mac/PC. If you get a cheap USB network dongle, you can connect directly to the pineapple (in VMWare it even gives you the opportunity to permanently assign the device to the VM so that it is associated every time you boot the VM) Follow the guides elsewhere on the forum, on how to continue from there. I use a MacBook, running VMware - BT5 R2, and have never had an issue so far. Had it set up in minutes.

Short answer - no, unless you can create a duplicate app and install that on the victims phone. Long answer: This is theoretically possible on Android, but not so far on Apple. (Barring the foobar this week) There have been MITM attacks on Android devices, the most common ones being redirects and click-through insertions. If you remember, WhatsApp was hacked last year, because details were sent in plain text.

What SSID's are you seeing? You should be seeing the pineapple ssid and whatever other SSID's in your iphone's history. iOS (iPhone/iPad etc) handles the wifi issues a bit differently. The best way to test karma with your iPhone is to turn off your home wifi. Turn on/off the wifi on the phone and give it a couple of seconds. iOS isnt the fastest at connecting to networks. It "should" connect to your pineapple under the old name. Remember, karma only works effectively when the client has connected to a wifi network before and will send out probe requests. Also, check to make sure your connections are tight (aerial), as the pineapple isnt exactly the strongest.

Can you do a write on how you install SET on the pineapple or post a link to how its done, as one common thread here on the forums is on how to clone websites. SET's inbuilt cloner would be ideal, and it would only take a quick module to access the data that is received ( i believe SET generates a html/xml file for you) This would make the pineapple more deadly :)

Could you point me in the way of necessary drivers. I would be happy to beta test it, and get it going. Finally give something back to people.

Well I used IronGeek's guide (here: www.irongeek.com/i.php?page=security/svartkast-pogoplug-dropbox ) to install debian squeeze (and later update to wheezy). I dont know whether it'll work with the pro, as I am not familiar with it. I use two no-name wifi cards (atheros based). I havent set up karma yet, but I do connect the pogoplug to the pineapple via ethernet. In my lab tests at home, I can use it quite well, the plug deauth (mkd3) and the pineapple picking up the wifi clients almost instantly. Metasploit and SET work perfectly, although MS is a bit slow to initially load (blame 256mb ram). I have the BT repos installed and am setting up a little mini BT box. I haven't really had the time to do much with it lately, and it really is a project on the slow burner. I like the idea of having a mini 'DropBox' to insert on a network. My next plan, would be to test out a PI version, but I have to stand in line with everyone else to get on that ship. Looking through IronGeek's site, I would really love to set up an i2p server from the box for secure access. I wonder if Darren could do an episode on this (If he already has, I apologise, as I am still working through the shows)

Thanks Seb. You guys dont seem to get any break at all, churning out version after version ! +1 again.

Still catching up on my reading , but looking at this has probably answered some of my questions in a different thread, but was just wondering, is there any update on iphone tethering?? (OMG - I sound like a n00b)

I want to try to keep this question in this thread, as I have been on holidays for the last month, and I come back to see so many new faces around the forum. :) So I wonder if any reader can update me: Has there been any update on either the iPhone tethering or the wifi card support over the last month or so. I would love wifi card support, as I currently have 3 different (all not compatible) cards, and before I go and buy a new one (the Alfa's are not available here in Eire), I want to see how support is progressing. I currently use a pogoplug/plugbox with two of my cards to perform deauth attacks on (my ;) ) wifi router. Whilst great, it's not exactly mobile.

How is SET working out for you ? I presume its the Metasploit-less version ?

I was thinking something similar. You can walk in with the device in the ringbinder and just put it on a shelf anywhere. Label it "TPS Reports" or something similar. Hiding in plain sight !

I also find that while I can use the USB port on my laptop to power the spikey beast, my usb drive doesnt always run. For that reason (as well as the obvious looking wifi router connected to my laptop), I use an 11000mAh pack. Goes for ages :) With that I've had no issues with USB/3G modems.

If you have money to spend, this looks good: http://www.hypershop.com/SearchResults.asp?Cat=220 It promises to supply 15,600 mAh to 2 ipads at once giving a total of 15w, but at a cost of 130 bucks it isnt cheap :)

To quickly answer your points above: Try out using Backtrack - version 5 is the latest. This comes with a tool called metasploit already pre-configured. Metasploit* is basically the de facto tool for penetration testing at the moment, and a part of that is a GUI tool called Armitage, which is a very straight-forward way to see how you can test the security of connected devices. Once a device is connected to your pineapple, you can scan it and see OS information, possible attack vectors and such. Metasploit can also create tunnels back to your machine for further control. While the pineapple is great for pentesting, I personally think it's a waste to use it for a home network, it's a bit like buying a porsche for going to the shops. Looks cool, but so much more potential. Buy a cheap wrt router and install openwrt on that. * I know that there are other tools Social Engineering Toolkit, BEef Toolkit etc, but because of Armitage, I think metasploit is just better: Links: Metasploit Unleashed - Good Place to get info Here Penetration testing using Armitage (Hak5) Video Pineapple as AP Here PS: Why own the box when you can snarf their details?? :)

Do we need an extra wi-fi card/ pineapple to both block/use karma?

That setup should work ok, but when out & about, you won't be able to connect via another openwrt. The method I use may sound a bit clunky, but it works 100% for me every time. I don't have to perform a lengthy setup every-time. I use Mac 10.7, running Backtrack5 in parrallels. I Also use a USB wifi card that supports monitor mode (look around this site for your favorite. I then use Internet connection sharing on my mac to provide internet to the vm. The vm then uses the usb as its own native wifi. I run the wp4.sh script, selecting my wired(virtual) connection (eth0) as my connection to the internet, and wlan0 as my connection to the spikey fruit. This setup allows for a wire-free setup which should work anywhere - i.e, you are in at a cafe, you legitimately connect with your mac connection, and this passes the connection to the Pineapple. It's actually fairly easy. My description doesn't do it proper justice.

+1 I've been dying this. I have an unlimited data plan for my iphone. The problem is that none of the usb cards on sale are supported in Ireland. I have an older Huawei from about 3yrs ago, but cant top it up with credit as the newer models all have built in software for doing this. My only worry would be the draw from the pineapple by connecting them together, the iphone is a hungry beast. My main ask is about wifi card support

When you mean plug and play, what do you mean? I know it sounds like standard advice, but check the forums, as there is just about every sort of configuration available out there in the forums. Only for the likes of telot and co, at the beginning, I would have had lots of trouble (VM on Mac), but now I am flying along. Describe what you want to do and we'll help.

Files are duds, they overwrite the navbar.php file with a link to mediafire and some redirect code. Funny little script kiddie we have. First post is to give shortcuts for other users. Not good at all. Only trust tips on downloading modules to the author themselves, such as WM and BrianZimm. Somebody please delete this twats links above before he does moe damage

I must be lucky so. Actually this was the first time I ordered anythng online that came so quick, usually the stuff from UK takes a week too (you know who you are - Amazon) What would be col if someone in Europe could resell them for Darren & Co, if they are reading this, tell us what you think. I know there would be many happy hak5 fans purchasing not only this but the accessories too, if there was a European centre too.

It cost me €105 euros including shipping to Ireland. I didnt get caught for any duty. PS, chose the cheapest shipping method and I still got it within 8 days. Ordered it on a Sat night and got it on the Monday of the following week. Absolutely excellent service from all @ Hak5 so far !!

The thing I especially like, is that people don't actually realise how insecure hotel systems are (speaking from experience) I worked in hotels for many a year (not in IT), and I am telling you I have seen it all. I once saw a guy bring in his own wifi router, plugging it into his hotel socket. A lot of smaller hotels, especially those trying to push conference business, use basic (cheap) equipment, and it is often not secure. Sure, some companies are savvy and provide vpn facilities, but how many people have vpn on their smartphone/tablet (besides us paranoid freaks :) ?? ) One place where I worked, catered for business travellers in particular, and the subject of internet security in relation to guests came up at a management meeting, as we have a lot of high profile business from a certain fruit company. We spent a money on a firewall for the guest side of the network. Within 1 month, we had to take it down, purely because of complaints that ports were being blocked, etc. Another place where I worked, jut used cheap ass Belkin routers everywhere to serve wifi. I wish I had the pineapple then !!

I've just been reading this article ( http://www.theregister.co.uk/2012/05/09/hotel_wi_fi_malware_warning/ ), from theregister.co.uk. It seems that the IC3 is warning travellers not to upgrade their machines when on holiday over hotel networks, as if anyone here would do that !! Nice article, showing a flaw in peoples own security (people hack)