ahbvrh

Install elinks, which is a curses based browser. This will allow you to auth Via ssh

Hi leapole , any news on you Raspberry image ? I just got my second Raspberry (still waiting for my Odroid) and I'm itching for some new toy to play with

ok, I think I got it. it appear that my clients are not connecting to network unless the ESSID is being broadcast (even if set to automatic mode) , meaning they will not send probes. if I set the option "connect even if this network is not broadcasting" in the wireless connection than hostapd is responding to their probes. can someone test it and confim that is working as designed ?

not a bad way to spend a Sunday . much better than working on a pineapplepi setup !!!

my config look like this: interface=wlan7 driver=nl80211 ssid=FreeInternet channel=1 # Both open and shared auth auth_algs=1 # no SSID cloaking ignore_broadcast_ssid=0 # -1 = log all messages logger_syslog=-1 logger_stdout=-1 # 2 = informational messages logger_syslog_level=2 logger_stdout_level=2 # Dump file for state information (on SIGUSR1) # example: kill -USR1 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd-phy0 ctrl_interface_group=0 # 0 = accept unless in deny list macaddr_acl=0 # only used if you want to do filter by MAC address accept_mac_file=/etc/hostapd/hostapd.accept deny_mac_file=/etc/hostapd/hostapd.deny # Finally, enable Karma enable_karma=1 # Black and white listing # 0 = while # 1 = black karma_black_white=1 I am seeing "KARMA CTRL_IFACE Karam is enabled for handling probe request" but no device is actually auto connecting. I enabled Karma is blacklist mode (with empty list) and my understanding is that it will answer all probe request. I also tried with the pineapple config file without success. one note , as I mentioned earlier if I set my hostapd ssid to be the known SSID my client connect (so I know my dhcp is working).

Im trying to get the tp-wn821n (ath9k) to do karma , hostapd is saying "karma is enabled" but I cant seem to get my machines to auto connect to the pi. the only way it's auto-connecting is if I set my hostapd ssid to be a know save ssid (instead of the karma to answer all probes). beside downloading and compiling the hostapd version from http://www.digininja.org/karma/ do I need to do anything else with ath9K driver (patch them??). I thought all atheros based device will work out-of the box. what am I missing ?

It tried the Pwnpi , but I had a lot of stability issues with it. as leapole mentioned it is based on armel, and I found that I couldn't run 4g and deauthentication at the same time (even using powered hub). So I started with a fresh Rasbian hardfp , and updated the firmware (since a lot of the usb issues were solved in the newer firmware) and compiled most of things myself. I totally agree with leapols that the Pi is not the device for a gui , I wrote different scripts for the task that I wanted (4G connection/disconnecioned , tcpdump ,sslsniff etc..) and then I used my android phone to run them as button . very simple and it works perfect (no more usb issues). I hope that with the odroid I can do everything without the need for a power hub or the pineapple. now I also hope to run Karma on the odroid so really to have one device that can do it all (Karma , deauth , SSLstrip , Set and metasploit ) and do it headless , with only my phone to run tasks as a simple buttons while the Odroid is packed in Pelican 1040.

where will you put the updated img (your server address?

Leapole , I checked the Odroid-x schamtics again , and it seems that 2 USB ports indeed share the bus with the ethernet (as you already mentioned ). however the good news are that there are 4 (2x2) extra ports that seems to have seperate access to the CPU http://www.flickr.com/photos/86799748@N07/7949071966/. This gives me hope that It will have enough juice for 2 alfa cards :NHA(karma) , H (mdk3) and a 3g Modem ....... or is it too much. also , I'm about to get one extra Pi and I'll be willing to open reverse ssh port to someones else machine if you or someone else that doesn't have Pi want to test their development project on it. So any chance in getting smaller image for the new Pieweb ? I really want to play with it but I dont want to use my 32G card for it and my 2 8G SD dont fit. I can always just partclone the partition manually , but it would be nice if you could simply create smaller image (I'm sure other will benefit from it as well.)

I cant comment on the MK802 but if I were you I would go for the Odroid-x (if you can have the cash) . the odroid-x is a powerhouse and probably the best SoC available today . it should allow you to do pretty much everything you can do with pineapple ,PI ,MK802 , beagelboard with room to spare. the fact that it can run ubuntu should make porting existing source code pretty easy. I think Ruby is a great choice since metasploit is using it . however I can tell you from experince that I had greate success using python for creating custom payload that can easily bypass any IDS . one advice I can offer you regrading the Pieweb image: I notice that your images are taken from 8G SDcard which is probably only 20 % full , however the image size is full 8Gig, which seems like waste of space . also since not all SD are the same size (even "8Gig" cards) it means that to use your image safly someone will probably need 16Gig card. good solution that was raised over the Raspberry forums was to use partclone to backup only the used space. here (http://www.raspberry...hp?f=29&t=10543 is a script that someone over Pi boards wrote , it will allow you to do just that ,it will give you much smaller image files(you will actually have one per partition and one for the MBR). and BTW, I don't think you are coping the pineapple with you pieweb , I see it as different implantation of the same concept . the way I see it what make the Pineapple so great is the active community they have here at hak5 not necessarily the H/W they sell , so porting it to other SoC is a great progress in my mind.

it's good to have someone to bounce some ideas off . I'm actually very happy with my setup , but the more I think about it he more I realize that I want one stop box that can do it all and still be portable enough . your pieweb intrigue me , unfortunately I have no skills in javascript or Ruby , but Im curious why not get everything in Python or bash (or whatever scripting language you like) instead of trying to duplicate the pineapple module system . the way I see it the pineapple is excellent product , but if you have a full linux system at your disposal (Pi, beagleboard ,odroid-x,etc.. ) than most of the limitation of the openWRT are no longer there ,so a module system is not really needed (sslstrip , NM , ettercap , jammer ,etc..) all can be scripted and used as android / Iphone button, so the web interface is no longer needed. I think it really depend on what is your ultimate goal , mine is to have one box that I can carry around and that is reliable enough so I don't need to manually connect to (maybe just enable disable feature using my phone) later on I plan to collect the information from the box for better analysis. I also plan to write some script to automate S.E.T for some python payload based on some rule engine . I still need to think about that one. assuming of course that the karma can be used reliably using ath9 based usb card.

Hi Leapole , I was actually thinking about combining them into one device but I want sure how to get the karma working on the PI . I then saw you post about the Pieweb.... I'm definitely going to check it out. can you share you experience in running everything on the Pi (including Karma). Regrading the Odroid-x , you are correct that the Ethernet and USB share the same bus but I'm hoping that the odroid-x will not suffer from the PI lack of USB power (limited to ~140) , so I HOPE that 2.1 A will be enough to power the Alfa (injection) ,4G modem , and maybe even the tl-wn821N for karma. I should be getting the odroid-x in the next couple of days so I'll start my testing. do you have any experience with the odroid-x ?

Hi All , As other before me already mentioned here on this boards , the Pineapple is a great product and it’s doing exactly what it suppose to do (MITM via Karma). However, after quite a bit of testing I found that for the sake of performance and stability I need to offload some of the more demanding tasks the an external machine. I wanted to have fully automated setup and still keep it highly portable (no laptop require) and at the same time to overcome the current limitation by having a full Linux box at my disposal. After ~month of testing I have what I believe a very stable POC . Components: 1.MK IV 2. Rasberry Pi (Raspbian -HardFP , over clocked to 930 MHz) 3.Alfa awus0036h (for MDK3) 4.Brookstone battery pack 5.Belkin F4u040 6.Tmobile Rocket 4G 7.Pny 8G Setup: MK IV with PNY 8G connected to the Pi via Rj45. PI is connected to the Belkin hub. Belkin Hub has the Alfa , the 4G modem and is back feeding power to the PI. Brookstone battery pack is feeding the hub via 5v 2.1A USB and the MK IV Automation: · I created several scripts to automate all the tasks I usally use , and then I used SSH remote exec (find it on the market) to send the command from my SGS3 by creating preset buttons · Modified wp4.sh script running on startup in order set the IP and IP tables. Set up the following scripts to be run as buttons from my phone as needed: * Script to connect/disconnect the 4G Modem. * Script to enable SSLstrip (0.9 and tcpdump on the PI) * Script to disable SSLStrip and resore IPtable * MDK3 script to deauthenticate everyone except mi Pineapple MAC This works really great as the Pineapple is only doing Karma(and aircrack if needed) and the PI (over clocked) has enough horse power to do everything else (SSLStrip , Set ,Metasploit,tcpdump, etc...) My next project to port it to the Odroid-x board which should have enough USB power to allow me to ditch the USB hub and therefore make it even more portable (and the fact the Odroid-x board has 4 time the horse power and 6 full USB ports).