dustbyter

I imagine this sysupgrade command would work with any flash that you want to make to the device? Even for example our version 2.5.0 flash?

AltezzaBoy, Yup that is the cat! I looked to see if it can be done using several different technologies such as PHP, PERL, etc but none appear to have all the components required on the wifipineapple. In short the idea was to check every device connected for SSH, then try to connect to it to validate if it has any account that is using root:alpine. Regards.

Does one know what is required to cross compile the sshpass source for the pineapple? The source is available on sourceforge; thus if someone has the tool chain installed they can compile it. No?

Glad to hear that everything is working ok for you now.

Well I had some module in mind that I wanted to write. Without letting the cat out of the bag, with sshpass I could try to automatically determine if a device has an ssh port available and then try to connect.

Does anyone know if sshpass is available for the pineapple? I checked the package manager and did not see it there. Is this a complete list of all packages available for our little pineapple?

Is this code still available?

Seb is the list of features requested and what will make it in the next release published somewhere? I guess what I'm asking for is there a release plan documented of the features to add in each release of the firmware? 2.5.0 feature a feature b feature c ... feature n 2.5.1 feature x feature y etc.

Greek 2.5.0 submitted.

Was it on the defcon DVD provided to all attendies?

Darren, The flags used are shown above in the thread. Initially I thought that given the interfaces were bridged I didn't have to perform an ARP attack. I spent a good day or two down that path with no luck. Thus I tried to run an ARP attack on the br-lan interface, this allowed then ettercap to see the traffic. I'll dig up later the actual attributes used if anyone is interested to show what each is.

You can inject any Javascript payload you chose to!

Great work guys! Gonna be nice to have this module to configure the device with an interface

Don't forget to read the sticky in this forum for the ebook. This will help you get your system connected correctly.

Looks good Whistle Master! Can't wait to see it completed.

Looks pretty sweet Whistle Master! I'll let you wrap it up ;)

I haven't looked at how the other infusions are coded yet, but given I haven't written one in the past, I'd have to figure out some of the basics first. For example, how can I get control of the app's output to display it, and how can I pass commands to the application as I would if it was on the commandline as it's executing, etc. If there is a guide for this somewhere, then i can try it out.

Didn't realize that there was this much interest in this area! What I did was pretty straight forward once I got the ettercap command configured correctly. The steps I took are: 1. Wrote an ettercap filter that trashed the Accept-Encoding and modified the HTML to either mess with the images or inject some Javascript. You can get a creative as you'd like in this step. 2. Launched ettercap and configured it to perform a MITM attack on interface br-lan. In my case, I attacked all the clients running through the pineapple. ettercap –Tq –F a.ef –i br-lan –M ARP:remote // // -P autoadd I was going to try and write an infusion for it, but it sounds like others are partially there already! Hopefully this helps someone wrap theirs up.

Awesome! I can inject and modify code HTML now! Darn ettercap!

I've made some progress, but not quite there yet... 1. Wrote a filter to inject an image into the traffic and it didn't work, so I tried to inject an alert message. The filter has a log(...) message to dump the DATA.data field to a log file. When reviewing the log, it is evident that the modification is present. HTTP/1.1 200 OK Connection: close ETag: "500-48-501c2583" Last-Modified: Fri, 03 Aug 2012 19:24:51 GMT Date: Fri, 03 Aug 2012 19:45:19 GMT Content-Type: text/html Content-Length: 72 Transfer-Encoding: chunked 48 <html> <head> </head>[b]<script type="text/javascript">alert('<<<I WAS HERE>>>');</script>[/b] <body> <img src="logo_intro.gif"> </body> </html> 0 HTTP/1.1 200 OK Connection: close ETag: "4ff-257d-501c2825" Last-Modified: Fri, 03 Aug 2012 19:36:05 GMT Date: Fri, 03 Aug 2012 19:45:19 GMT Content-Type: image/gif Content-Length: 9597 Transfer-Encoding: chunked Ettercap on pineapple is launched using the command: ettercap -Tq -F myFilter.ef -i br-lan One think to be aware of is that once ettercap is stopped, then the Internet Connection Sharing on the pineapple doesn't work, ip_forward in /proc/sys/net/ipv4 needs to be set to 1 again. Something has to be up with the network configuration on the device that is not allowing the traffic to pass back to the clients whose HTML is being modified. On the client there is no evidence oof the modification.

I've made some progress. Part of my issue was that I was setting up ettercap on the wrong interface! Duh! The command to use is: ettercap -Tq -F a.ef -i br-lan My filter is running, but its not actually changing the HTML, this will be tested further, however, when I terminate ettercap, the following error is shown.. ip_forwarding was not disabled, but we cannot re-enable it now. remember to re-enable it manually I haven't modified the /etc/ettercap.conf file at all. After getting the above error, then no more traffic flows from the clients and I must reboot the pineapple. Any idea what I'me missing?

Hmm, not sure if my error is the same one that Whistle Master is getting, but it seems that I'm having a hard time getting ettercap to work correctly. I've created my filter and compiled it. Then when I try to run it, i get an error. FATAL: MITM attacks can't be used on unconfigured interfaces What experience have you guys had? Anyone else try to run ettercap on the device? My hardware is the Mark IV, and i'm using the built in ettercap that is version 0.73.

Thanks telot. I'll send Whistle Master a PM regarding it.

Sebkinne - Great idea! I didn't think of that initially. Thanks for the direction!

Hi All, I'm trying to do some experimentation with the Mark IV in my lab and had the idea of trying to manipulate the HTML for pages that are passing over HTTP. Any idea's on how to get something like this going? I though of setting up a proxy such as Squid which could have a url_rewrite_rule, but this would mean that one would need to connect to the proxy port that Squid is on. Is there another way that may be able to do this which I 'm not aware of? Regards.