Razzlerock

Sure thing Seb, I'll get onto it shortly :-)

BTW, its fairly obvious about the missing /etc/init.d/firewall but what changes are required to get it working? Razzlerock

Hi guys... Well, I thought life was going well with my beloved pineapple until I experienced an issue today Basically, I have the pineapple connect to a USB hub and the hub connects to a 3g dongle and a USB sandisk. Nothing special. The pineapple is configured to start 3g on boot and 3g keepalive. In addition, ssh on boot, ssh keepalive is also setup. I basically want my pineapple to autossh 'home' using 3g on boot up. If, for some reason, the 3g dies it should restart it....and if the ssh tunnel dies it should re-attempt a new tunnel. This works, on boot up. However, after about 1-2 hours I lose connectivity over ssh. Investigation shows that the 3g is 'down' and it cannot restart itself. I have to power cycle the pineapple but then 1-2 hours later the same thing happens. The 3g dongle has a blue lit display, which indicates it is connected, but there is no IP address assigned on the pineapple??? Pineapple Hardware Version: Mark IV Pineapple Software Version: 2.7.0 OS used to connect to the pineapple: Firefox All the tools/options that are running on the pineapple when the issue happened: 3g/autossh/karma Ping results from computer to pineapple: Is the problem repeatable (Yes/No): Yes, the problem does re-occur but the time interval varie When I tried to manually invoke the 3g-keepalive script I get; root@Pineapple:~# /pineapple/3g/3g-keepalive.sh ifconfig: 3g-wan2: error fetching interface information: Device not found Searching for attached 3G Modems 1d6b:0002 05e3:0606 0781:5571 12d1:1506 Huawei E398 detected. Attempting mode switch Looking for default devices ... found matching product ID adding device Found device in default mode, class or configuration (1) Accessing device 004 on bus 001 ... Getting the current device configuration ... OK, got current device configuration (1) Using first interface: 0x00 Using endpoints 0x01 (out) and 0x82 (in) Not a storage device, skipping SCSI inquiry USB description data (for identification) ------------------------- Manufacturer: Huawei Technologies Product: HUAWEI Mobile Serial No.: not provided ------------------------- Warning: no switching method given. -> Run lsusb to note any changes. Bye. rmmod: can't unload 'usbserial': Resource temporarily unavailable insmod: can't insert 'usbserial': File exists /pineapple/3g/3g.sh: line 59: /etc/init.d/firewall: not found /pineapple/3g/3g.sh: line 59: /etc/init.d/firewall: not found root@Pineapple:~# When I try to manually start the 3g-connect script I get; root@Pineapple:~# /pineapple/3g/3g.sh Searching for attached 3G Modems 1d6b:0002 05e3:0606 0781:5571 12d1:1506 Huawei E398 detected. Attempting mode switch Looking for default devices ... found matching product ID adding device Found device in default mode, class or configuration (1) Accessing device 004 on bus 001 ... Getting the current device configuration ... OK, got current device configuration (1) Using first interface: 0x00 Using endpoints 0x01 (out) and 0x82 (in) Not a storage device, skipping SCSI inquiry USB description data (for identification) ------------------------- Manufacturer: Huawei Technologies Product: HUAWEI Mobile Serial No.: not provided ------------------------- Warning: no switching method given. -> Run lsusb to note any changes. Bye. rmmod: can't unload 'usbserial': Resource temporarily unavailable insmod: can't insert 'usbserial': File exists /pineapple/3g/3g.sh: line 59: /etc/init.d/firewall: not found /pineapple/3g/3g.sh: line 59: /etc/init.d/firewall: not found root@Pineapple:~# Any ideas? Razzlerock

OK, so I got this working but its a little manual First of all autossh on the pineapple connects, via 3g, to my relay server. I use this command; autossh -M 20000 -f -N -R 4255:localhost:22 root@my-dns-name.com -i /etc/dropbear/id_rsa my-dns-name-com (fictitious) is my router ADSL interface IP address using dyn-dns. I then NAT any TCP connections hitting my ADSL IP address on TCP port 22 (SSH) to a BackTrack5 R2 machine on my LAN on IP address 192.168.1.100. This BackTrack is my SSH relay server. Once the autossh has done its magic, I can then ssh from any machine on the internet to TCP port 4255, which is tunneled to the pineapple. Note, you must also add a NAT statement for TCP port 4255 on the ADSL interface IP address to the relay server (192.168.1.100). At this point, I can manage the pineapple from the internet across the two ssh tunnels by 'bridging' the ssh tunnels that terminate on the relay server. I think we all got to this stage, hopefully Now, what if you want to manage the pineapple via HTTP 'as well' as SSH? Well, using the SSH connection established above on TCP port 4255, simply paste the following into the SSH session (change parameters accordingly); ssh -f -N -R 4266:localhost:1471 root@my-dns-name.com -i /etc/dropbear/id_rsa Now, open your browser on a machine on the internet and browse to root@my-dns-name.com:4266 This should then be tunneled across both ssh tunnels and 'lands' on the pineapple TCP port 1471 (assuming 2.7.0 software). Note, you must also add a NAT statement for TCP port 4266 on the ADSL interface IP address to the relay server (192.168.1.100). Because of the silent -f flag your SSH session remains 'up' and you can manage via HTTP too - great stuff. You have the flexibility of SSH and HTTP to launch attacks. I have no idea how many of ssh sessions you can create, maybe if you identified a vulnerable TCP service on a client you could create a tunnel and penetrate the client from a machine sitting on the internet, across the SSH tunnels? Hope this helps someone.... Razzlerock

I know this was a few months ago, but was there any progress? I've been trying to get ANY type of VPN setup working (racoon, ipsec-tools, openvpn, etc) and have had zero joy. Pretty frustrating. I just received a TL-MR3020 router and tried to stick ipsec-tools on it but not enough space. No joy with openvpn either - grrrrr. Any comments or help would be very welcome, im at the point where I cannot go any further. Razzlerock

Hey Seb, thanks for the reply. So basically, it should run everything that runs on OpenWRT and if I encounter any problems its likely to be down to the software not being stable. Right?

Hi guys, apologies if this has been covered elsewhere - I did have a search of the forums and couldn't find the answer I wanted. Basically, I am trying to understand the compatibility between the Pineapple Mark IV and OpenWRT. My understanding is that the pineapple is running OpenWRT. However, there are certain things that my pineapple doesn't seem to support that OpenWRT does support :( I have tried openswan - installed to USB - service won't start. Today I tried to set up a basic GRE tunnel and this too doesn't work (see below). root@Pineapple:~# ip tunnel add tun0 mode gre remote 172.16.42.42 local 172.16.42.1 ttl 255 add tunnel gre0 failed: No such device root@Pineapple:~# I'm assuming its a cut-down version of OpenWRT - if so, how do I know what is and isn't supported on the pineapple? Thanks in advance. Razzlerock

Correct error below; root@Pineapple:~# /usb/etc/init.d/ipsec start ipsec_setup: cannot find ipsec command -- `start' aborted

I wasn't aware in the interceptor would be doing this. I will still look into a VPN tunnel in the mean time. I have downloaded and installed openswan to my USB, but I cannot start the service - any ideas why anyone? root@Pineapple:/usb/etc# /usb/etc/init.d/ipsec -h Syntax: /usb/etc/init.d/ipsec [command] Available commands: start Start the service stop Stop the service restart Restart the service reload Reload configuration files (or restart if that fails) enable Enable service autostart disable Disable service autostart status Show the status of the service root@Pineapple:/ root@Pineapple:/usb/etc# service ipsec start -ash: service: not found ?

Hi guys. Using the autossh reverse tunnel is great, and allows you to launch attacks against client 'from' the pineapple, once you have either an SSH or a HTTP connection to the pineapple. What would be even better, is for the pineapple to create a dynamic VPN tunnel back to your home router. You can then launch attacks to clients from a Back Track machine on your home network, across the tunnel. This means that you don't necessarily need stuff like nmap modules on the pineapple, you could simply use nmap on a home machine across the VPN. This sounds too logical and common sense to me. I'm assuming either a) it can't be done for some reason B) there is already a variant of this in existence that I am not aware of Razzlerock

I too wanted to do this. Seems like either SSH 'OR' HTTP over the reverse SSH tunnel - not both at the same time. At least that is what I am currently seeing...... :-(

Surprised no-one jumped onto this one with assistance. Anyhow, I fixed on my own now so life is good again. DJ

Hi all. I have v2.6.3 and have followed the instructions (i believe) as per the forums and Hak5 1112. I have shared keys, updated sshd_config, etc etc. Whenever I try 'ssh 192.168.11.20 -i /etc/dropbear/id_rsa' I am ALWAYS prompted for a password which shouldn't happen of course.... I cannot get the pineapple to authenticate without passwords. 192.168.11.20 in this case is a BackTrack 5 R2 VM. I recall having a similar problem in the past (maybe 9 months ago) and I can't recall if I had to use another distro. So that I can rule out my BackTrack SSH configuration, does someone have a WORKING 'sshd_config' ideally for BackTrack 5 that they could share - I would be extremely grateful. Thanks in advance, I've spent about 10 hours trying to get this mofo working :-( DJ

Thanks for the reply! I just tried this using BT5 and it looks pretty close to what I want. However, this tool opens a new tab for each screen the user visits instead of a single screen whereby the content is updated in real-time. In addition, it seems a little tempramental and some sites don't display properly (this seems a common complaint having watched some YouTube videos....). The reason I ask about this in the first place is because I saw a demo a few weeks ago where the HTTP MITM was playing the users HTTP traffic in what looked like a real-time stream of the pwned client. I can't remember exactly where I saw this demo though :( ARGH!! Any other pointers will be greatly appreciated.

Hey guys, I was wondering if you all knew of a tool that could play a pwned clients HTTP sessions in REAL-TIME (that are being sniffed)? The idea here is that the HTTP traffic is flowing across your laptop and the tool re-builds the HTTP packets to effectively play a live view of what the client is viewing (only HTTP clear text at this stage). I'm happy with a Linux or Windows tool to do this. The only thing I can find so far is 'EffeTech HTTP Sniffer' (Windows tool) but you have to manually select the captured HTTP packet and re-build the packet one at a time, which is painful and not very 'live' or real-time. Surely there is a tool out there? Sadly driftnet only captures images but I'd like to think a Linux tool does what I want. Thanks for any pointers, I have researched myself but came to a dead end *sigh* Razzlerock

Hate replying to my own posts, make me feel schizophrenic One more query. I see the Alfa WiFi adaptor is included in the 'Elite Bundle', but has anyone got this working fully yet with the pineapple? The posts I read on this forum no-one had got it up and running properly.... :( Razzlerock

Hi all, I see on the Hak5 shop they have an 'Elite Bundle' for sale; http://hakshop.myshopify.com/products/wifi-pineapple This includes many items, including; •4GB SanDisk Cruzer Fit •Atheros USB WiFi Adapter My question is, there is only 1 USB port on the pineapple. How are you going to connect 2 USB devices (SanDisk and WiFi Adapter) with 1 USB port? I tried to connect a USB hub but the pineapple didnt have the power to support it..... Also, if a USB hub can be used why isnt one included in the Elite Bundle? Thanks in advance Razzlerock

You are sick - very nice work dude ;)

Hey guys, I just wanted to clarify what is probably extremely basic..... With SSH reverse tunnels (and AutoSSH), the pineapple creates an SSH tunnel to your SSH server (BT5 or whatever). Then, your SSH server can connect to the pineapple using SSH, HTTP, etc. I got this all working, which is perfect if the pineapple is deployed with 3g or behind a firewall. My questions are; 1) Is the feature PURELY used for management of the pineapple (as described above)? or 2) Is there a way to use this SSH tunnel to communicate with wireless (pwned) clients from my SSH server (BT5)? I'm thinking that this is more for management of the pineapple. In order to route client traffic to my SSH server and then out to the internet, I guess I'm looking for a proper VPN tunnel configuration (SSH reverse tunnel was not intended for this application). I wanted to establish IP connectivity from my SSH server to the wireless clients, whereby I could launch metasploit etc..... Can anyone confirm/deny the above? Thanks Razzlerock

I saw your tweet this morning about this and it looks so very cool. Here is the youtube link from your tweet for the other guys to view; The sky is the limit with this pineapple and the dedicated team/forum. Razzlerock

Why can't the kernel packages (such as kmod-video-uvc) be installed directly to the pineapple?

The openwrt forums seem to support the use of directly connected webcams as long as the appropriate drivers, etc are shown the love. http://wiki.openwrt.org/doc/howto/webcam From some brief reading, looks like the 'Logitech QuickCam Pro 9000' (which can be picked up for <$50) is supported on OpenWRT; https://forum.openwrt.org/viewtopic.php?id=17529 I guess the question I keep asking myself (no I haven't had time to test) is will the pineapple mark 4 have enough processing power for the webcam..... It would be so cool, if we could develop a webcam module, where the video stream could be viewed from inside the pineapple GUI. Razzlerock

Good to hear the various inputs, sounds like I'm not the only one interested in this. Seb, what do you think?

Here is another potential idea. The scene; Your pineapple is in a public place for *testing purposes* and creates a SSH tunnel back to your home device (running Backtrack or whatever). It would be cool if you could plug a USB webcam into the pineapples and view the physical area where the pineapple is positioned (the video traffic is sent over the SSH tunnel to your home device). I know bandwidth would be a potential problem for video and therefore requires further investigation, but technically could a usb webcam be connected to the pineapple? I'm thinking that the pineapple is not powerful enough but would like confirmation. I was thinking about something like this (not this exact model, because the system requiremnts are too high for this mode, but a type of small webcam); http://usb.brando.com/usb-mini-web-cam-ii_p01135c043d015.html If it WAS possible, it would be very cool Razzlerock

Hi guys, another module idea for those Gods out there (you know who you are). Would it be possible to create a sidejacking module (such as Hamster & Ferret) so that you could replay captured cookies? This would be an AWESOME addition to the Pineapple, although not sure of the interoperability with Openwrt.... Thoughts anyone? Razzlerock