stealthkit

Make sure not to share you internet to "br-lan" that is a bridge or virtual interface. You will have to share your internet to physical interface "eth0-1" or "wlan0-1" to get the module to work. Also make sure that you turn off sslstrip or anything else that that is cpu intensive. Hopefully this helps :) -Stealthkit

By no means did I mean all open source software is crap. I understand where "Drei" is coming from, as I also work in education. I have to support 35,000 users and not to mention the 3:1 wireless model that I am in the process of implementing. I to have to work with a budget that seems to always be getting smaller. I know that Open-Source is "free" but in reality it is not free. The time you will have to work troubleshooting the issue and that time costs money. *Salary* Not to mention if for some reason you leave the company, no one will know how to work it. At least with Cisco I have one neck to choke. BTW I have a good amount to Open-Source tools I use on a regular basis (Cacti, Netdisco, and etc) but the situation I heard, you would be better off going with an enterprise solution depending on company size. *If you have the funds* It is like me trying to deploy Asteric VOIP for my users. The management would be a nightmare and not to mention I would need a crap ton of servers to host it off of. Sorry I don't mean to come off like I hate Open Source *I don't* If Open Source does everything you need, then by all means use it but you will never no if that software will go cold or not. You have to figure out how much risk you want to take on going the Open Source route. -Stealthkit

Gotcha ;) Ya Fool.py worked very quickly... Impressed -Stealthkit

BTW WM are the python scripts UpsideDown.py and Fool.py doing basically the same thing? Not complaining just curious as last night was the first time I was able to see the Fool.py script work. Glad to see it working. :) -Stealthkit

You are right... I am not sure why I did not think of it. I will make a note that my brain shuts off after 4am. On a side note I did come up with an idea for a module at 4am. It is basically a spanning-tree exploit/DOS for people who did not set up spanning-tree correctly across their network. I have seen about 2 out 3 networks or so, have spanning-tree emplemented incorrectly. Just enabling spanning-tree on the switchports which it seems a fair amount of people are guilty of doing, will not pertect them against a spanning-tree loop. It would basically let a broadcast storm occur and if they don't know how to troubleshoot it, then their network will be down for a long time till they can find the loop. I need to figure out how to get both the LAN/WAN ethernet interfaces to be just a dumb switch with no layer 3. Basically those 2 ports would have to act like a mini switch. I might persue this if I get some down time at the office to set up a test enviroment, so I don't crash my compaines core 6509-E VSS stack testing. Sorry for being off topic a little bit. -Stealthkit

If you want live traffic monitoring and a true mitm attack, then you need to look at doing ARP Poisoning. You can do this in Windows and or Linux as all you are doing is creating an anouncement to the router that you are basically now the router. This is done by poisioning the ARP cache to think you are the default gateway and so everything is routed to you which you NAT back to the router. Since you keep asking about live captures I would recommend "easy-creds" in Backtrack 5 r3. Everything is contained in one package just follow each part 1 and so on. It is scripted so you don't have to do it manually. Also remember it is illegal to take creds from someone who hasen't agreeed to a pen test. Hope this helps ;) -Stealthkit

Haroo, This is what I told you about in your other post. Like Zephyr said after enabling ICS then go back into your NIC interface and reset the static IP address. -Stealthkit

Did you set ICS on the Pineapple? The easiest way would be to use WM's "Network Manager" and click on the ICS tab in the module. Enable at boot and share "Eth0" to "br-lan. If you are going to be using the "MITM" module then "eth0" to "wlan0 or however you want it to be set up. One other thing is check you IP settings again in command prompt. Issue "ipconfig" and just double check. The last guy I fixed needed to turn on Internet Sharing again. Not sure why it turned off but it might be worth a look to see if it is an easy fix. Is your laptop connected to a wireless network because if it lost its connection you will need to reconnect it. Let me know if you can ping these from your laptop. ping www.google.com ping 172.16.42.42 ping 172.16.42.1 The ping to Google should tell me if you have a good wireless connection but if you could ping your ISPs default gateway ( More that likely 192.168.1.1 or 192.168.0.1 ) it would help get an understanding of your network connectivity. Hope this makes sense -Stealthkit

Did you set up your internet sharing on the pineapple?

I am in the market for a 5 gig per second packet shaper for the company I work for. Yes, I know that is a insane amount of bandwidth but I have 32,000 + people that I have to support. Being able to toggle the end users up and down and be able to monitor the ASR is where these things kick major ass. I have talked to BlueShield and they have a nice solution but I would like to find other people that have used a packet shaper in the enterprise setting. Any input would be greatly appreciated. :) Regards, -Stealthkit

Watch out for Cain and Able, as its main purpose is to crack hash keys. I have never tried cracking any hashes with it, I only used the ARP poisoning portion of the software.

Just like "Seb" said, try and go to http://172.16.42.1:1471 to access the UI. You will want to be connected to the LAN/POE port on the Pineapple or you need to be connected to the pineapple via wifi to access the web ui. (You need an address 172.16.42.X /24) If that doesn't work then you should re-flash the pineapple and I would suggest plugging the Pineapple into your home's router via ethernet on the WAN ethernet port on the Pineapple. -Stealthkit

Sorry about that... Fixed the hyperlink in my original post ;) -Stealthkit

Just reflash it again and it will be a lot easier. Just SCP the update.bin file over into the /tmp folder on the Pineapple. Issue "sysupgrade -n -v /tmp/upgrade.bin" through your ssh and go grab a beer. Reference the hyperlink below for exact steps. :) http://cloud.wifipineapple.com/index.php?flashing -Stealthkit

You need a powered USB hub and I would suggest downloading WM's Network Manager first via ethernet. Plug in the Alfa USB adapter into the powered USB hub. Go into the "Network Manager" module web interface click on most likly "wlan1" and click start if not already started. Then you should see it populated below again most likly as "wlan1". Select Access Point as the mode and plug in your SSID of your home network. Select WAN as the interface and you can leave channel on Auto unless you know the channel of your home wifi. Select "OPEN" "WEP", "WPA", or "WPA2" depending on your home wifi set up. Then set your encryption to either "TKIP", "AES", or "Both". Now put in your WEP or WPA key and click on save. Now click the "commit" and this will apply the config and attempt to connect. Watch the light on the Alfa when it looks like it has a link then click on "Request DHCP" and if successful you should see an IP address populate next to it. Finally click on the ICS tab and click apply at boot then select "wlan1" (whatever you wifi adapter mounted as) as the source. Put your destination as "br-lan" if not running any modules and just need to pass on internet. If you are going to be doing "mitm" attacks then put your destination as "wlan0" as this is the built in wifi. Now you should be good to go... hope this helps :) -Stealthkit

Ya, I had the same problem while beta testing the module....WM is right about "br-lan" not being a interface that can have its traffic maniuplated within "mitm" module. *YET* ;) I think this has to do with "br-lan" not being a physical connection but more of a virtual interface. Picture how NAT works.... 1 IP translated to another IP. Strait forward right? Now picture "br-lan" as PAT "multiple ip/ports" to 1 ip address. This is the best way I can think of to explain it. The way I believe the module's backend coding is not set up to be inserted between that interface because it works more on 1 interface to 1 interface and dosen't know how to deal with "many to 1". That being said if you have a usb wifi adapter, then you can set ICS to "wlan1" to "wlan0". Both are physical interfaces and so this works. * I have used it this way but the WAN interface would be better * I hope by using the NAT and PAT comparison, I did not confuse you. This is just what I have found out during the beta testing. -Stealthkit

Did you patch into the POE/LAN port on the Pineapple?It needs to be in the POE/LAN port not WAN. If you just want to get into it to get it set up you can try plugging ethernet from your home router to the WAN port on the Pineapple. Look in your home router to see what IP it DHCPed and browse http://192.168.X.X:1471 . *** The Xs represent your LAN enviroment *** The last guys Pineapple that I helped set up was on 2.6.4 or something from Hakshop so MOST likly yours might be that way as well. So try :1471 and just to make sure try /pineapple. If you are still having trouble then add my Skype "stealthkit" and I will try my best to get you working. -Stealthkit

Congrats

Have you issued more transmition power to your wifi usb adapter? If not.... I have typed out the linux commands iw reg set BO iwconfig wlan0 txpower 30 If you have onboard wireless as well your usb wifi adapter could show up as wlan1 Hope this helps ;) -Stealthkit

I would say don't waste your time with freeware if this is a enterprise network. You need a content filter... example Cisco's Ironport. You have the WSA for web sites and ESA for email. Ya I know it is a little expensive but you have to look at it as an investment because really it is (employees goofing off = $$$ lost) If you really wanted to see what employees are doing real time then a packet shaper is the way to go. I believe the company is BlueCoat *Changed names a couple of times* has an excellent packet shaper and every user can be seen along with what site, IP, type of traffic, ext. This also gives you the power to throttle them up and or down to how ever you feel necessary. Example would be you set www.facebook.com to have 5kps all together. Thus making it unusable and thus you employees will not be goofing off on your computer. That doesn't mean they just won't whip out their cell-phones and tether. Regards -Stealthkit

I know what you are talking about... Go to resources in the Pineapple GUI and see if you see /dev/sda2 mounted as /usb. I ran into the problem of it just mounting at a different drive than the one that the mkswap and or USB partition were looking for. See if your USB partition mounted as /dev/sdb1. When this has happened it has been because I either had to much power into to USB hub and or the USB drive is busy when I killed it. Thus I think causing some bad sectors on the USB drive. Try to just plug your USB stick into the USB port on the Pineapple nothing more. I have done this and it seems that everything works perfectly. When I add a powered hub / Non powered it gets real picky. Without it the USB hub it is smooth sailing but then I am missing the other items *Wifi, 3G*. It is a tricky thing to get perfect because all it takes is power skipping for a second and then your USB drive will remount most likly under /dev/sdb1 and not /dev/sda1. Give just your USB stick a try and see what happens. -Stealthkit

Did you set up the "swap-space" on your Pineapple?

Then disregard everything I typed up in the center of my post. ;) There was a topic recently about setting up using a mac. I imagine it will be in the first couple of pages of the forums. -Stealthkit

Well man you really need to understand how a technology works in order to exploit it. You getting this pineapple will be good for this because it will make you look up and research something you don't understand how to do. Slowly, you will start to understand what is really going on behind those nice graphical interfaces that most users are accustom to seeing. I will list what you need to do below and you can most likly find any answer to a question in these forums. If you can't, then there is always Google. If you are pen testing at your house then I would recommend hooking the Pineapple via the WAN ethernet port to your ISP/home router. This way you don't have to do Internet Connection Sharing. If you are going to be mobile and don't have a Alfa USB adapter then you will need to bridge your wifi on your laptop/computer to your ethernet port of your computer. This is all in the Pineapple Book. Since you basically have no idea what you are doing, I will assume that you are running Windows. Open up the control panel of your network connections. Right click on your internal wifi's interface and click on properties. Next click the tab to internet sharing and share your internal wifi connection to you LAN/Ethernet Network. After you apply that, then right click on you LAN/Ethernet adapter and go to properties click on IPv4 and click the properties button on that window. Enter IP as: 172.16.42.42 Subnet: 255.255.255.0 No default gateway and use 8.8.8.8 and 4.2.2.2 for dns. Click on Apply. I could be wrong on the order but it should be right. Refer to the Pineapple book... Install Network Manager from the pineapple bar in the Pineapple GUI. Click ICS tab and check the boot option. Select Source as "Eth0" to "br-lan" click save. Now you will be giving out wireless via your wireless on your Pineapple. Get USB pen drive..... Create 2 "Ext4" partitions with one being 80% of the drive space and the other 20% of the drive space. The 20% will be your swap space. "Ext4" is not recognized by Windows so you will have to either boot up linux to do this or find a freeware program that can format drives in "Ext4" Again refer to the Pineapple Book for the rest. I can't type it all man "Kiato" said it right look at the Pineapple book. FYI: You should really download BackTrack 5 R3 iso and either run it as a live disk or install VMplayer and create a Virtual Machine. Good Luck Man -Stealthkit

should be man... I have a galaxy nexus that is rooted and it works just fine. It really should not matter if your phone is rooted or not. Just plug in the your cell phone into your pineapples powered USB hub. Then, enable USB tethering in the settings on your droid. Next, go to the Network Manager module on the pineapple and click the ICS tab. Finally, select USB under source as it should now appear as an option. Hope this helps :)