billius
-
Posts
32 -
Joined
-
Last visited
-
Days Won
1
Posts posted by billius
-
-
i'm currently in the process of testing the pineapple firmware on the carambola 2, which has double the RAM and flash of the current pineapple IV.
more info on the board can be found here: http://8devices.com/carambola-2
the best thing about it is the size. it's small enough to fit in your pocket with an enclosure and antenna, and uses a fraction of the power that the pineapple IV does. i've had one connected to a LiPo battery without recharging for about a week, whereas the pineapple IV drained it in less than 36 hours.
unfortunately i don't have any time to work on this, as the board belongs to someone at my local hackerspace, but i can recommend the board to anyone who's interested in messing with a board with higher specs. -
i thought of a nice and simple addition to the webUI- being able to force certain MAC addresses to have a particular IP through the DHCP server.
-
In my opinion this is straying away from the main idea of the pineapple is to be a network vector, lets focus on ideas that has to do with getting in air and dominating it.
I believe that the pineapple is more of a multipurpose development platform for pentesting and the like. what jdogherman suggested is what i was thinking of in the first place- having permission to put the pineapple on a vehicle and wardrive/track locations. with gpsd and a USB gps we could actively wardrive, but i'm also assuming that the vast majority of people don't have one, thus making a purely wifi based setup an interesting prospect.
-
hey guys, just wondering if anyone would be interested in a module that searches for and logs networks over time- just like wardriving, but instead looks up the location on wigle and reports back that location over 3g to you.
tell me any ideas you have- I have some time on my hands to develop this as a module.
-
you simply have to input NMEA compatible signals into gpsd, which then serves kismet and the like for wardriving. put one of these on a friend's car for a week and you can both wardrive and track where someone goes!
-
you have to set up the pineapple to be a wireless client. you can do it from the command line, but there should be a module for that soon if there isn't one now.
-
That. But I assume he means the WEP/WPA/Whatever passwords.
The answer to this is that the pineapple is currently and likely never going to be able to do this.
i'm not so sure. with the addition of RTL8187s etc. we have the opportunity to do the wireless capture/replay aspect on the device, then offload the actual cracking to a vps.
-
i recommend looking at usb over IP solutions. it'd make your life a lot easier, though you wouldn't have the option to compress the data. perhaps even just have the pineapple take a snapshot every now and then, encode it in a jpeg and send it to you/scp it to a VPS?
-
it'd be nice to use the rtl8187 chipset since everyone seems to have it already... it seems like the only limiting factor is the rolling release nature of attitude adjustment, that means that the kernel modules are incompatible. did anyone take a snapshot of the trunk? I did for 3.3.6.
also, the splash login through ssh still says version 2.1.
-
If the webUI doesn't work, then I suggest plugging it in via Ethernet, setting your computer's ip manually to be 172.16.42.42 and pinging 172.16.42.1. If you can ping it, scp over the upgrade.bin into /tmp/ then do sysupgrade -n -v /tmp/upgrade.bin
-
Pineapple Hardware Version: Mark IV
Pineapple Software Version: 2.0.0
OS used to connect to the pineapple: linux and osx
Network layout of how your setup is connected (including IP information): main router (172.16.42.2) mk4 wired over poe/lan to main router (172.16.42.1)
All the tools/options that are running on the pineapple when the issue happened: Added the modules: opkg, sslstrip, tcpdump, urlsnarf I have the 4GB usb drive on the mk4
Ping results from computer to pineapple:
ping 172.16.42.1
PING 172.16.42.1 (172.16.42.1): 56 data bytes
64 bytes from 172.16.42.1: icmp_seq=0 ttl=64 time=4.480 ms
64 bytes from 172.16.42.1: icmp_seq=1 ttl=64 time=1.385 ms
Is the problem repeatable (Yes/No): Yes
Steps taken which created the problem:
-launch the opkg manager
-search for: ssls
-attempt install sslstrip (have tried both install to root and usb)
Install appears to stall only showing this output:
Installing sslstrip (0.7-1) to usb...
Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/ssltrip_0.7-1_ar71xx.ipk.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or PREFER. Using latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or PREFER. Using latest.
Installing pythong (2.7.3-1) to usb...
It just sits in this state indefinitely
Error Messages: N/A
Log file information:
Anything else that was attempted to 'fix' the problem: reboots, attempt multiple times
Anyone else experiencing this issue or know how to get an install working correctly for ssl strip?
are you using the webUI? if so you should try sshing in and issuing the opkg command manually.
most likely your problem is with running out of ram. the pineapple only has 32MB, so if you have a lot of stuff (urlsnarf,karma etc) running, then you will crash it without swap. try clearing the caches too, i think you may be able to do this from the resources tab.
-
metasploit requires >512MB of ram to work properly. the pineapple has 32. the only way to do it would be through swap- essentially (assuming you could get it on there and cross compiled etc) your pineapple would buckle under the load. my suggestion is to buy a RaPi and hook them up together.
-
i already covered this with the RTL8187. if anyone has snapshots of the repository, it'd be useful. is there any way to compile a kernel module for an older kernel?
-
Just thinking that you could make a simple game that when won adds the clients mac to the blacklist and possibly deauths them? that by far is my favorite
maybe trivia from the movie hackers? lol
I like that idea!
just building on from that, maybe have a SECURITY quiz in which they have to complete before being allowed back onto their network?
-
I was just hanging out on the hak5 IRC, and metalwolf suggested a non malicious way of having some fun with your client;
have a simple page saying that their internet had been taken down because of a DMCA infringement.
does anyone want to make a professional looking page to do just this? In my opinion it's better than phishing or rickrolling your client.
-
Hi webdirector
I used the 12d1:1506 Worked as a charm, JUST be sure you are not on battery power I am currently using a bit overpower, At 12V 2A. and have done so successfully for as long as i had the Apple
that shouldn't be an issue. the device is designed for 12v; making 2A available is no worse than having 12v 10A. it's the voltage you have to worry about. if you go significantly higher or lower, you'll start getting problems, but with your setup it should be fine.
-
Hello,
When I do the ls /dev/ttyUSB* I get the :
/dev/ttyUSB0
/dev/ttyUSB1
/dev/ttyUSB2
/dev/ttyUSB3
I am using o2 and the APN is "internet"
Rgds
in the above script, the line that says
uci set network.wan2.apn=gprs.swisscom.ch
should be
uci set network.wan2.apn=internet
-
Hello,
I am using a Huawei E353 brand new from Amazon it had all seal untouched. I am saying this as when I insert the 3G Modem and LSUSB I get:
Bus 001 Device 003: ID 12d1:1506 Huawei Technologies Co., Ltd. E398 LTE/UMTS/GSM Modem/Networkcard
So it is showing a E398 instead of the E353.
Up until version 1.1.0 I had no issues using it with the pineapple. But now with version 1.1.1
But now I do not get any connects anymore. I reflashed the Pineapple 2 times already. But that did not change anything.
does anybody have an idea for me ?
Thanks
first of all, we need to check whether the serial interface is working. issue:
ls /dev/ttyUSB*
and you should get something like:
/dev/ttyUSB0 /dev/ttyUSB1 /dev/ttyUSB2 /dev/ttyUSB3
the only other thing that I can think of is checking your APN is correct. some providers have different APNs for different methods of billing (prepaid vs. post paid)
-
;) However, what I do not understand is why we need to add two mount points, one for sda and another for sda1
it seems that mount has to query the 3g dongle for its partition layout before the kernel can see the partitions on the USB. This should happen automatically, but it may be a by-product of the usb modeswitch.
-
there are many GPIO outputs from the atheros AR9331, but only a few are actually used for LEDs and buttons?
where are the rest going?
can we use some sort of script to pulse the GPIO to help us identify where each GPIO line is?
I can see there's somewhere where an extra switch may be placed, being labelled as "SW3" on the pcb, right next to the serial headers.
I really want any excuse to break out the soldering iron and get some hardware hacks started :)
-
Yeah. Anon_swap should do it, I don't have it enabled in mine because its configuration is in another file. When you changed your fstab to be like mine, it meant that everything on / that is created/edited (changes to the initial file system) went on the USB.
-
Well.. Thanks guy this looks like it helped, but any ideas on wtf is going on with this, i have tried all of my carriers setting for 3g but no luck. at least my modem is found now but i have connection issues
Jan 1 00:10:43 Pineapple local2.info chat[3364]: abort on (BUSY)
Jan 1 00:10:43 Pineapple local2.info chat[3364]: abort on (NO CARRIER)
Jan 1 00:10:43 Pineapple local2.info chat[3364]: abort on (ERROR)
Jan 1 00:10:43 Pineapple local2.info chat[3364]: report (CONNECT)
Jan 1 00:10:43 Pineapple local2.info chat[3364]: timeout set to 10 seconds
Jan 1 00:10:43 Pineapple local2.info chat[3364]: send (AT&F^M)
Jan 1 00:10:43 Pineapple local2.info chat[3364]: expect (OK)
Jan 1 00:10:43 Pineapple user.notice root: 3G: firewall stopped
Jan 1 00:10:53 Pineapple local2.info chat[3364]: alarm
Jan 1 00:10:53 Pineapple local2.info chat[3364]: Failed
Jan 1 00:10:53 Pineapple daemon.err pppd[3359]: Connect script failed
We started a new topic dedicated to getting these huawei modems to work. Check there.
-
Is anyone else interested in getting this working? my adapter is shown with lsusb:
Bus 001 Device 004: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
the driver is available in opkg's repository:
Package: kmod-rtl8187 Version: 3.2.9+2012-02-27-1 Depends: kernel (= 3.2.9-1-7ca3c65ac3709dabad42d460596851da), kmod-eeprom-93cx6, kmod-mac80211, kmod-usb-core Provides: Status: install user installed Architecture: ar71xx Installed-Time: 2340tesccc
as you can see above, it needs kernel 3.2.9, when uname -a reveals that we're running the old 2.6.39.4 kernel.
Linux Pineapple 2.6.39.4 #58 Tue Apr 3 14:50:25 BST 2012 mips GNU/Linux
this raises a couple of questions:
does jasager/karma require this old kernel or can we update it?
if not, can we get a module compatible with our kernel?
I'm sure there are many people who want to get this done so we can have some nice routing through wifi on other channels, or have a USB hub have a backpack such as Darren's in the case mod challenge with a few RTL8187s.
-
after much agony trying to get my Huawei modem to work with the pineapple, I managed it with a slightly unconventional approach.
newer Huawei modems don't support usb modeswitch, but instead wait for the kernel to work out what it is and use the correct kernel module on it.
the first step is to make sure that you have the serial interface enabled. you can check this by issuing:
ls /dev/ttyUSB*
if you get
/dev/ttyUSB0 /dev/ttyUSB1 /dev/ttyUSB2 /dev/ttyUSB3
then your modem is currently in the correct mode; but if not, you need to insert the correct kernel module.
first, find the ID of your USB modem by issuing
lsusb
and find your modem. for me, it was the fourth one.
root@Pineapple:~/sslstrip-0.9# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 0409:0059 NEC Corp. HighSpeed Hub Bus 001 Device 004: ID 0781:5170 SanDisk Corp. Bus 001 Device 007: ID 12d1:140c Huawei Technologies Co., Ltd.
with the above, the vendor ID is 12d1 and the product is 140c.
for the command to insert the correct module with these options, we need to issue
insmod usbserial vendor=0x12d1 product=0x140c
(note that we inserted "0x" before each section of the IDs)
now we should have the serial interfaces in /dev/USB*.
I completely gutted my configuration script in testing (which isn't the best idea; for a better solution read down to the next post to see what Whistle Master did) but my solution works reliably. it simply contains
rmmod usbserial sleep 3; insmod usbserial vendor=0x12d1 product=0x140c sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ifup wan2the pineapple needs to know what wan2 is, which we set above. I changed my /etc/config/network file to have:
config interface wan2 option ifname ppp0 option device /dev/ttyUSB0 option apn yesinternet option service umts option proto 3gif you use multiple 3G cards and switch between them, you should simply add Whistle Master's section of script to the default one.
note that you'll have to change that apn to be your carrier's; my apn is "yesinternet" because i'm using the prepaid mobile package provided by Optus in Australia.
please note that it may take a large amount of tweaking to get this to work correctly for you. It's designed to be a starting point to work out how to configure a Huawei modem for the pineapple, and is almost guaranteed to fail for you because of differences with your 3G network provider.
carambola 2 (AR9331) with pineapple firmware
in WiFi Pineapple Mark IV
Posted
http://www.8devices.com/carambola-2
They list the price of the development board as 33 euros.