7ncubane

Got my Mark V last year at Defcon. Didn't have chance to play with it till now. Plugged in Pineapple - after few minutes, solid green light and other lights flashing on and off. Seemed to have booted up OK. I know Mac doesn't play well with Pineapple, but gave it a try with my MacBook. I tried joining the Pineapple over wifi and also Ethernet/LAN. Same results. The Pineapple assigned me an IP via DHCP in 172.16.42.x range. Everything looked OK, but when I tried to go to 172.16.42.1:1471 on both Safari and Firefox, no server found error came up. Went to terminal and double checked the IP of whatever interface I was using - looked OK. I was able to ping Pineapple. When I tried to ssh into it, got "connection refused". Tried nmap on it - only port 22 and 53 open. I thought it might be my Mac so tried something different. Fired up VMware Kali Linux. Isolated the virtual machine from my Mac host machine. No network connectivity between Kali and Mac. Plugged in an Alfa card and tried to connect to Pineapple via wifi. (basically tried to use the virtual Kali as a standalone real Linux box.) I was able to join the Pineapple network. However, exactly the same problem was before. Again, only able to ping. Not browser interface; no ssh. Any help would be appreciated.

IMHO running urlsnarf and sslstrip does not work at the same time. Also running either from modules seem buggy. Had much better luck running them from command line. Make sure you are running and logging to usb, not enough room for running from internal memory. Also seems to work better with usb swap. Seems to be not enough RAM to run stuff together esp sslstrip. I use sandisk cruzer 8gig usb 2.0. may be usb 3.0 issue?

i think your firewall routing needs to be set so that port 443 forwards to port 10000 (sslstrip listening port). i can't remember exact commands but try searching "sslstrip installation guide" in the forums.

Will give it a try. Thanks.

Hi. If I'm using a relay server that uses non-standard ssh port, how does it work. My server has ssh port on 45678. The standard autossh command, "autossh -M 20000 -N -R 4255:localhost:22 user@server.com -i /etc/dropbear/id_rsa" doesn't work. Before I changed the ssh port, it worked fine, but too many break-in attempt with port 22. I tried adding -o "Port 45678" to the command, but didn't work. Any tips?

Thanks for the reply, but how would I use it with Ducky script? I don't think you can invoke hex code value (if I'm looking at it right) directly from Ducky script, can you?

How do you encode Apple/command key for Macs? Like command-I, command-O, etc. Really need these to do anything on Mac's.

It seems that there are a few threads on getting the ducky working correctly on OSX, but all of them kind of stop mid-conversation or "it's in the works". Did OSX support ever get squared away? Specifically: 1. keyboard set-up dialog - did the vendor ID thing get implemented? 2. I have a ducky I bought at defcon 20. After the keyboard setup, it will type but only after pressing the black button. It will not trigger on its own. 3. Has anyone figured out how to do command/Apple key -<keystroke> sequence? Doing stuff on the keyboard without mouse absolutely requires it. ( I hope someone figuredbthis out already.) (edit: ducky DOES trigger on its own. As suggested on Windows and Linux posts, I added DELAY 5000, and it works fine. I guess it fires off too fast!)

It's working well for me with both port 80 and 443 being forwarded. Kind of interesting how some people have it working with port 443 forwarded and some without 443 forwarding. My problem with sslstrip and urlsnarf is if I'm running sslstrip and port 80 traffic is being redirected to port 10000, how can urlsnarf get to that traffic. I've tried running both at the same time. I get entries in sslstrip logs but blank urlsnarf logs.

thanks for input. I can run karma and sslstrip at the same time. sslstrip on usb, set up with swap space. Make sure to use powered usb hub. I use separate power source for the hub and pineapple. Next question is, can you run urlsnarf with sslstrip? How can I set up the iptables? sslstrip needs packets routed to port 10000 but url snarf need packets directly from port 80. (I think.)

Don't plug in Alfa till AFTER the pineapple boots. You probably figured this out by now.

To TunezNZ - have you tried other wifi cards, dongles, etc.? It could be either driver or hardware issue. In my case, an old Hawking dongle actually works most reliably. Also ... I thought I had all this figured out till ... firmware 2.5. Since I upgraded, the connection seems much less reliable. It takes much longer to get an IP assigned by DHCP from the AP. Also when I ping various IP's to test the connection (signed in as root from the pineapple and as a client going through the pineapple), I get approximately 30-40% packet loss pinging google, yahoo, AND my own gateway. I'm in S. California, but 100-200msec response times from google and yahoo seems way too long. response time for my router @ 192.168.1.254 is about 30-40msec which is WAAAY too long. When I'm signed in directly to the router/AP, the response time is about 1-2msec. (My entire relay set-up is about 5 feet from the AP and I'm about 5 feet from AP and the pineapple. It almost feels like my packets are getting lost and wondering around the inside of the pineapple. Some make it; some don't. Any thoughts or suggestions? PS Any other driver than nl80211 I can try?

Sorry for 2 postings in a row. I've been playing with sslstrip and noticed something. I was able to sniff my passwords on yahoo mail, gmail, amazon, capital one credit card, and twitter. However, when I tried Chase, Wells Fargo, and Charles Schwab, sign in pages would not even load. The the browser just got "stuck". It seems that sslstrip passes through http traffic ok and processes regular https traffic ok, but seems to be not able to process certain https sites. Anybody have similar experience? Any idea what this "non-standard https/ssl traffic might be?