Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Zephyr

  1. Hey Foxtrot, I've been checking that. Thanks for the heads up.
  2. I have 3 minor modules installed, but that does indeed seem to be the issue. As a quick aside, I'm learning the Pineapple and Linux concurrently, and have about 8-10 hours a week alloted to do so. Linux wasn't/isn't my area of specialty so the learning curve is still steep. Hence the reason for some occasional "dumb questions" from time to time. For want of more time, I give myself 24 hours to search for the answer/remedy the problem. If I haven't found the answer at the end of that time, I post the question to the forum. Another question about 3G modems since we're on the subject. When I plug in my unlocked E173 directly to my box (XP/W7), using its proprietary software, there is a default APN of some given name. However when I launch the modem's GUI, I am never prompted to enter a username or pasword to access the network (T-mobile in this case), and notwithstanding that, it does still access the network. Given this, the APN entry in the 3G script I think is fairly obvious, but what should be entered as the username and password in the 3G boot script ... if not merely left blank?
  3. Mine does the same thing. It reboots after about a half minute of running jammer. And I'm running my ALFA card on hub powered by a 12 volt 3 Amp brick, so it is not a power problem. The only thing you can do is selectively deauth only certain macs. Usually one. If you only use jammer to deauth only one mac, it probably won't reboot
  4. I'm on my second USB modem, trying to get it to connect with the pineapple. My second one is a Huawei E173. That's the one I've been working with lately. Needless to say, it would not connect ... like the ZTE MF61 I tried to use before it. In the midst of trying to actually get one USB modem to work with the pineapple, I now receive this error when trying to update the 3G script: Warning: fopen(/pineapple/3g/3g.sh) [function.fopen]: failed to open stream: No space left on device in /pineapple/pages/3g.php on line 51 Could not open file! Don't know what that means. My swap file is intact and working. Is there a USB modem that actually works with the pineapple? Mark IV 2.7.7
  5. Hey guys, I've been fiddling around trying to get a connection to a ZTE MF61 modem. There are no direct scripts for it on the pineapple wiki page so I've been trying to adapt a different ZTE script. However I do suck at scripting. So if anyone has a working script for this I would greatly appreciate the share. Thanks.
  6. I have to say I really don't really get what the OP is driving at either. A client connect via Android, XP, W7 when deauthed from the AP, will connect to the Pineapple transparently. If a client in a non associated state is booted up or their WiFi switched on in the vicinity of a Pineapple running Karma, it will connect to Pineapple via the first saved public open auth SSID in its PNL provided the signal strength of the Pineapple is sufficient.
  7. Thank you for the info, telot. I was checking the specs and the The Digi Connect Wan and it looks like a sincerely awesome piece of DWC hardware. The Diversity, Dual Sim and multi mode operations are nice to name but a few great features. If I find one on ebay for < $100 I'll jump on it in a flash. Meanwhile I'm still going to try to find a decent plain-vanilla Huawei just to get some immediate connectivity. WhistleMaster was mentioning a Huawei which he said worked well for him ... trying to find the post and model # now. Most definitely I snatch up one of those Digi's if I see it for cheap.
  8. Don't know where you're located and don't want to know, but consider TOR compromised by the US government (Echelon and its data-munching offshoots). Not only are exit nodes compromised, so are entry nodes. Whatever you're doing, if they want you, an ETE timing attack is trivial. This may not be the case with other governments. At the very least TOR should be stepped up to an optional 4 hop circuit with a user set variable for latency, if so desired, and a good amount of trash traffic. Understandably there probably aren't enough users to make this effective.
  9. I couldn't have said this better myself. What surprises and appalls me almost more than police state itself is the fact that, despite the OVERWHELMING evidence of its impending and growing emergence, the majority of the the masses still seem to be stone-cold, deaf dumb and blind to it. And no matter how hard you try to wake them up, they prefer to stay in their comfortable dumbed-down slumber. That's even more horrifying. How many videos, bits of news and blogs do they need to see before they wake the hell up? Certainly it must be a rationalization thing ..... "it won't happen here." "It won't happen to me." "It's not as bad as they make it sound" ........ while one of their loved ones it being either detained or sent down the river for some ridiculous "offense" against the state. What's more, I've been harping on this kind of stuff since the 90s. Somewhat more obscurely but still harping, when everyone thought it was sheer lunacy to do so. NOW, even mainstream personalites are coming out and opening admitting to as much ... and guess what .... most of the sheep STILL refuse to believe it. Must be some sort of "stupidity" survival mechnism. Save your sanity at the cost of your life.
  10. I certainly can't speak for others, but I'd be willing to wait until 100 posts, even 200 posts, as long as it means I can more freely share information with the members of that forum. My goal is the same as yours; preserve the integrity of the WiFi Pineapple. And being relegated to the "outside" forum isn't a death sentence. If they're a professional, they'll understand that, as well as the need for the precautions.
  11. I understand exactly what you are saying, Mr-P. Moreover I, still, agree with your premise. My suggestion is not to hide the forum for the sake of hiding it, but rather to abscure it to the malicious .... those who would readily use the Pineapple as a criminal tool ... precisely what you ... what we want to avoid. Think of how you might deal with a firearm. If you have one, you don't throw it away if you have a child, or if the potentiality or malicious people breaking in exists, but you do put child safety locks on it, even perhaps put it in a safe to keep it out of the hands of your child or malicious intruders should they come around. By taking these steps to reduce the aforementioned scenario, you drastically reduce the possibilty of the firearm being used as a criminal tool, or being misused by a curious but mischievous child who may not know any better. I would argue nothing more or less is the goal here. My main concern is this: as knowledge of the WiFi Pineapple becomes more freely disseminated, you will, by simple necessity and cause and effect, have to tighten down and become more and more restrictive regarding the features/abilities of the Pineapple. I've seen it before, on large and small scale. And the primarly loss is not to those who were malicious to begin with. The primary loss is to you ... to us, the people who were resposible to begin with. Just as thugs and criminals give firearms a bad name, malicious hakers will give the Pineapple a bad name. And for the moment, the Disclaimer notwithstanding, it would be nice if the malicious or criminal minded were always courteous enough to telegraph their neferious intent. But most of them don't. Once enough of these types have committed enough acts and enough obdurate complaints received, it may well be bye-bye forum. I don't want to see that happen and am sure I'm not alone in that regard. As I made clear from the beginning, the suggestions I set forth are genuinely and only my humble opinion, backed by some direct experience. Consider them or dismiss them as you see fit.
  12. Yes exactly, Boba Fett. This is but one of the proposed ideas. I had used this in my past fourm to great effect. Forum members could not reach a restricted, inner forum until they accumulated 100 posts, which presumed they weren't foolish enough or irresponsible enough to get booted along the way. 999 out of 1000 malicious people of any variety will never stick around long enought to make 100 coherent, cordial posts if they're just looking for something to cause some quick mayhem. I hate to use cliche, but where the malicious leechers are concerned, those 100 posts literally are like garlic to a vampire.
  13. Correct, Foxtrot. People wouldn't be able to see the WiFi Pineapple forum unless they're logged in, although they will readily be able to search and see the rest of the forums. And there is nothing that will prevent them from registering, unless things are arranged such that only confirmed purchasers of the Pineapple are allowed to register. I wouldn't presume to second guess the Owners/Administrators of the forum on that note, as that decision is completely up to them. I'm not talking about a total blackout. I respect your opinion, and know first exactly what your opinion is on before coming to the conclusion that it's "stupid." The point of this idea is to prevent script kiddies and malicious hackers from abusing the information contained in this forum. Just as important, the corollary to this is that we, the (hopefully) responsible owners and users of the Pineapple will be able to more freely talk about and share our ideas. An "invisible" forum is also non-crawlable by G, which will prevent the kiddies and the malicious from being led here when they're looking for an easy score to do some harm, not to mention over-cluttering the forum with incessant, nonsensical requests and over-burdening the Administrators/Moderators with headaches, and then by necessity, them having to impose more and more restrictions. Hak5 will retain it's presence, ranking and standing on G and other search engines as much as it does now. Only the number of script kiddies and malicious people seeking to abuse the Pineapple (even non-related things) will be drastically reduced. IMO, I say that's very good for Hak5 as a whole, for the Pineapple forum, for the Administrators and moderators or the forums, and for us.
  14. Yep. I had the same sentiments upon discovering this fact. In fact the NHA is only capable of about 640mW max output, despite often being touted by some vendors as 2000mW which is ludicrous. Although it's not 'N' capable, I've been using my AWUS036H. Oddly enough still the best of the Alfa line. If I have a specific need for 'N' capabiltiy I throw a 2W power amp on the NHA and then tweak it down a bit.
  15. I just saw yet another post that was made referring to phishing, which was redirected here. With all due respect to you, Seb, Mr-P and DigiNinja, in my very humble opinion, this forum needs to be made private. Specifically, that is, non G searchable ... non viewable unless a registrant is signed-in. I fully understand the need for foresight and discretion on matters such as this thread intends to address, and I largely agree with it. And simultaneously, it is a bit disheartening to know that this subject cannot be discussed in any measure when it is, very frankly, a large portion of what the Pineaple is about. It's not my intetiontion in any way to stir trouble, only provoke thought. I hope you gentleman will graciously consider my idea as set forth earlier, as well as what is being suggested in this post. As a past Administrator of my own forum, albeit smaller than this one, I've not only seen it work but work with very effective results. I realize there's a business element involved here and there may be a marketing aspect to keep balanced which may make these remedies unlikely to be enacted. But if you want to maximize having your pineapple cake while the community can eat of it too, I hazard to say it would be the most reasonable counteragent to what you're trying to avoid.
  16. Good find. Thanks for sharing, Aranadin. I've been thinking about the possibility of doing a ginormous yet concise write-up concerning pen testing and power, amplification, signal restricting and directing, propagation as it relates to pen testing with the WiFi Pineapple. There's a lot of mystery and misperception that surrounds the subject. Basically 3 phases of the topic: 1. Up Close and Personal. Generally using the Pineapple on foot, in close quarters or within crowds, i.e. coffee shops, crowded social venues. Associated and probing clients. 2. Mobile. Like WarDriving only Pineappling, from a mobile platform. 3. Long Range. Getting clients/roaming clients to associate with your Pineapple from miles away. A little different from your stroll down the airport concourse or through the cafe, but many effective and virtually undetectable attacks (blackhat) are carried out this way, so it's good for a pen tester to be aware of the mechanics and equipment involved. Still cogitating whether or not it would be totally apropos to the forum.
  17. There are many to choose from on Amazon. Just type in "USB barrel jack." You're looking for one that's 5.5mm.
  18. Hey all, Ok FIRST, I know this topic has been discussed elsewhere in other threads, but I'd like to get some very direct opinions based on first-hand experience if I could. For those of you who are hooked up well with a USB modem and your Pineapple, what is the "best" one you've discovered to use with the Pineapple? If I were to word this another way, I might ask, which USB modem has given you the most reliable performance with the least amount of trouble? Using existing WiFi hotspots and tethering just doesn't always cut it. And while we're on the topic of modems, I realize broadband service can vary greatly from region to region, but I might also ask what carrier/service you've found to be most cost effective for your general area. In other words, data rate + bandwidth + coverage / $ I'm currently checking out the Huawei E173 and a couple of the other Huaweis. Opinions please?
  19. Great find! I wasn't sure how long it was going to take using CRDA to stumble through every bit and byte to solve this problem. This addition info should help shorten the process greatly while still being a valuable learning process. And yes, for those of us living in the US, let's be careful that we keep out EIRP restricted at 500mW or below which is the legal limit (likewise for whatever country you may live in).
  20. First, I realize I'm new here and have no seniority. That said, if I had a say in the matter, I would humbly propose that 1. Pen-testing pages be delegated to a secure area or person and will only be available to legit purchasers of the Pineapple. 2. There be a criteria met before being able to acquire pen-testing pages, such as having at least 50+ posts, to show with some reasonable determinacy that the person who would be using them is not malicious, or worse, a complete idiot. Typically speaking, malicious, irresponsible idiots are not going to hang around and make 50+ post just to get some pen-test "phising" pages. They're too damn lazy and they want everything fast and easy ... hence the term "script kiddies." I do very much agree with Mr-P in principle, although perhaps not completely in action. The WiFI Pineapple is about 50% predicated (and sold) on the concept of "phishing" pen-testing pages. I could pull up a half dozen videos with Darren suggesting this use of the Pineapple (although he is always sure to astutely invoke the "I don't condone this" discalimer). Couple that with the fact that this is, broadly speaking, a community of sharing and knowledge (as true hackers do), and the restriction can very easiy become a slippery slope. Strictly speaking, *s*s*r*p has just as much or a far greater potenial for abuse than any "phising" page. So the next step will be to expulse *s*s*r*p. The problem here is the same problem it always is: script kiddies and stupid, irresponsible hackers. Some people are malicious. They are not out to do legitimate penetration testing or even white/grey hat hacking, but rather to hurt people or use their information in a nefarious ill conceived, self-profiting way. They are completely blackhat. And the damge they can do is increased exponentially by their stupidity. It is because of these types that all hackers get a bad name. Having gotten that rant out, I do believe that pen-testing pages should be available to those who have reasonably met some established criteria and demonstrated at least a modicum of perceivable responsibility. And that is only my personal take on the issue. You can always learn to make your own pages. In fact in an ideal setting it would probably be a good thing to do ... but I do not think it should be a prerequisite that a person know current HTML or php in order to use a pen-testing page. it's nice for responsible people, particularly users of the Pineapple, to have them on tap in some protected repository should they need them quickly.
  21. There's this tool CRDA. If the EEPROM can't be flashed maybe it can be overridden.
  22. You're right, it didn't help any. ;) Just kidding ... partially. Seriously, that's interesting. Maybe you were fortunate enough to get one of the adapters that isn't regged for a low-power country. Looks like you're running Ubuntu? What version? Is this your out-of-the-box results?
  23. Thanks for the link. I also had found this page from Here several days ago (see the bottom post). Went through the same procedure in BT5r3 as he did. Everything went well but the new driver yielded the same result as far as output goes. Evidently so. Apparently the NHAs are coming off the shelf with their EEPROM hard-coded to reg domain GB. in which the max limit is 20dBm. In short it would have to be reflashed to get a higher power. You're right (and Mr P.) about the allotted deviation, and 25dBm would be within that range. Only notice that the NHA consistently falls on the -2 side of the variance range. No one seems to find a NHA that just happens to fall on the 29dBm side ... or even right on 27dBm. I don't much like it when companies figure high and give low. And frankly speaking, for a relative small signal amplifier an allotted 14.8% skew in dB range and a 500mW variance in power output is huge. Either they're consciously fudging figures or they have very poor QC. I'd put my money on the former. All in all it isn't a major catastrophe. Just a bit disappointing.
  24. All spec amps/adapters are measured at a correctly matched and terminated output node: Pout. If we talk of the power from an isotropic radiator, we'd be talking ERP or effective radiated power. When you talk of adding the gain of a specific antenna, we then move to EIRP or Equivalent/Effective Isotropic Radiated Power. But let's suppose they're taking the antenna gain into account (fudging the figures) and talking EIRP instead of @ Pout to get their 27dBm. 100mw into a 5dBi gain antenna would give us only ~300mW or about 25dBm. Still not quite up to spec. Thanks for the link. Interesting reading, and it seems to confirm the findings.
  • Create New...