Zephyr
-
Posts
60 -
Joined
-
Last visited
Posts posted by Zephyr
-
-
Well, the answer is simple. You are out of space on the pineapple. I am guessing you have a few too many infusions installed to your local storage.
You will need to free up some space for the device to operate properly - make use of your USB storage for infusions.
There are plenty of USB modems that work out of the box (see 3G.sh for example). There are many more that people have gotten to work here and have posted guides or solutions for their issues.
The rule is generally that if it works with linux, it will work on the pineapple.
I have 3 minor modules installed, but that does indeed seem to be the issue.
As a quick aside, I'm learning the Pineapple and Linux concurrently, and have about 8-10 hours a week alloted to do so. Linux wasn't/isn't my area of specialty so the learning curve is still steep. Hence the reason for some occasional "dumb questions" from time to time. For want of more time, I give myself 24 hours to search for the answer/remedy the problem. If I haven't found the answer at the end of that time, I post the question to the forum.
Another question about 3G modems since we're on the subject. When I plug in my unlocked E173 directly to my box (XP/W7), using its proprietary software, there is a default APN of some given name. However when I launch the modem's GUI, I am never prompted to enter a username or pasword to access the network (T-mobile in this case), and notwithstanding that, it does still access the network. Given this, the APN entry in the 3G script I think is fairly obvious, but what should be entered as the username and password in the 3G boot script ... if not merely left blank?
-
If I go to WiFi Jammer and select Wlan1 then click start the radios light comes on that is attached to usb and if I do an ifconfig from SSH I see that its up. I then start the monitor interface mon0 and light stays on and I can see its up with ifconfig. I start the jammer and it kicks off a few laptops around the room and then reboots the Pineapple!
Any ideas?
Mine does the same thing. It reboots after about a half minute of running jammer. And I'm running my ALFA card on hub powered by a 12 volt 3 Amp brick, so it is not a power problem. The only thing you can do is selectively deauth only certain macs. Usually one. If you only use jammer to deauth only one mac, it probably won't reboot
-
I'm on my second USB modem, trying to get it to connect with the pineapple. My second one is a Huawei E173. That's the one I've been working with lately. Needless to say, it would not connect ... like the ZTE MF61 I tried to use before it. In the midst of trying to actually get one USB modem to work with the pineapple, I now receive this error when trying to update the 3G script:
Warning: fopen(/pineapple/3g/3g.sh) [function.fopen]: failed to open stream: No space left on device in /pineapple/pages/3g.php on line 51 Could not open file!
Don't know what that means. My swap file is intact and working. Is there a USB modem that actually works with the pineapple?
Mark IV
2.7.7
-
Hey guys, I've been fiddling around trying to get a connection to a ZTE MF61 modem. There are no direct scripts for it on the pineapple wiki page so I've been trying to adapt a different ZTE script. However I do suck at scripting. So if anyone has a working script for this I would greatly appreciate the share. Thanks.
-
Pineapple and friend
-
I have to say I really don't really get what the OP is driving at either. A client connect via Android, XP, W7 when deauthed from the AP, will connect to the Pineapple transparently. If a client in a non associated state is booted up or their WiFi switched on in the vicinity of a Pineapple running Karma, it will connect to Pineapple via the first saved public open auth SSID in its PNL provided the signal strength of the Pineapple is sufficient.
-
Thank you for the info, telot. I was checking the specs and the The Digi Connect Wan and it looks like a sincerely awesome piece of DWC hardware. The Diversity, Dual Sim and multi mode operations are nice to name but a few great features. If I find one on ebay for < $100 I'll jump on it in a flash.
Meanwhile I'm still going to try to find a decent plain-vanilla Huawei just to get some immediate connectivity. WhistleMaster was mentioning a Huawei which he said worked well for him ... trying to find the post and model # now.
Most definitely I snatch up one of those Digi's if I see it for cheap.
-
Kinda like running an open access point, the feds are knocking down your door for what someone else does with your internet address.
Don't know where you're located and don't want to know, but consider TOR compromised by the US government (Echelon and its data-munching offshoots). Not only are exit nodes compromised, so are entry nodes. Whatever you're doing, if they want you, an ETE timing attack is trivial. This may not be the case with other governments. At the very least TOR should be stepped up to an optional 4 hop circuit with a user set variable for latency, if so desired, and a good amount of trash traffic. Understandably there probably aren't enough users to make this effective.
-
Not to mention anything they find can and will be used against you in a court of law, whether its "hacking paraphernalia" or not, if you have anything on there regardless, once they take it, they can pin anything they want on you, with or without reason. As much as I love my country I truly HATE with a capital FUCKING hate, the police state mentality that we have become in the USA. From the formation of Homeland Security to the Patriot Act, to the secret FISA courts, drone hits on Americans being assassinated without trial or due process, we live in a time and place that is sad for our children to grow up in, and if things don't change, it will not only get worst, our children will become conditioned to it to the point that they think this is normal behavior. FISA and its original intentions, are now domestic spying at its finest, because we the people, are now the enemies of the state.
I couldn't have said this better myself. What surprises and appalls me almost more than police state itself is the fact that, despite the OVERWHELMING evidence of its impending and growing emergence, the majority of the the masses still seem to be stone-cold, deaf dumb and blind to it. And no matter how hard you try to wake them up, they prefer to stay in their comfortable dumbed-down slumber. That's even more horrifying. How many videos, bits of news and blogs do they need to see before they wake the hell up? Certainly it must be a rationalization thing ..... "it won't happen here." "It won't happen to me." "It's not as bad as they make it sound" ........ while one of their loved ones it being either detained or sent down the river for some ridiculous "offense" against the state. What's more, I've been harping on this kind of stuff since the 90s. Somewhat more obscurely but still harping, when everyone thought it was sheer lunacy to do so. NOW, even mainstream personalites are coming out and opening admitting to as much ... and guess what .... most of the sheep STILL refuse to believe it. Must be some sort of "stupidity" survival mechnism. Save your sanity at the cost of your life.
-
Then that 100 posts would currently make it private to even you with 48 posts. I don't feel we should do a post limit due to people who may have never signed up with the forums and have professional intentions.
I certainly can't speak for others, but I'd be willing to wait until 100 posts, even 200 posts, as long as it means I can more freely share information with the members of that forum. My goal is the same as yours; preserve the integrity of the WiFi Pineapple. And being relegated to the "outside" forum isn't a death sentence. If they're a professional, they'll understand that, as well as the need for the precautions.
-
I don't really see putting anything private as helping. It's free to make an account and rather simple. It's not a matter of "hiding" anything about the project. It is about not letting it be perceived as a criminal tool.
Hence the Disclaimer which is posted everywhere.
This is similar to how BackTrack/Kali forums work. If a user is asking for help which is perceived as a criminal act, the user is given the appropriate actions.
I understand exactly what you are saying, Mr-P. Moreover I, still, agree with your premise. My suggestion is not to hide the forum for the sake of hiding it, but rather to abscure it to the malicious .... those who would readily use the Pineapple as a criminal tool ... precisely what you ... what we want to avoid. Think of how you might deal with a firearm. If you have one, you don't throw it away if you have a child, or if the potentiality or malicious people breaking in exists, but you do put child safety locks on it, even perhaps put it in a safe to keep it out of the hands of your child or malicious intruders should they come around. By taking these steps to reduce the aforementioned scenario, you drastically reduce the possibilty of the firearm being used as a criminal tool, or being misused by a curious but mischievous child who may not know any better. I would argue nothing more or less is the goal here.
My main concern is this: as knowledge of the WiFi Pineapple becomes more freely disseminated, you will, by simple necessity and cause and effect, have to tighten down and become more and more restrictive regarding the features/abilities of the Pineapple. I've seen it before, on large and small scale. And the primarly loss is not to those who were malicious to begin with. The primary loss is to you ... to us, the people who were resposible to begin with. Just as thugs and criminals give firearms a bad name, malicious hakers will give the Pineapple a bad name.
And for the moment, the Disclaimer notwithstanding, it would be nice if the malicious or criminal minded were always courteous enough to telegraph their neferious intent. But most of them don't. Once enough of these types have committed enough acts and enough obdurate complaints received, it may well be bye-bye forum. I don't want to see that happen and am sure I'm not alone in that regard.
As I made clear from the beginning, the suggestions I set forth are genuinely and only my humble opinion, backed by some direct experience. Consider them or dismiss them as you see fit.
-
But can make some post private, only for memebers that reach a number of posts.
Yes exactly, Boba Fett. This is but one of the proposed ideas. I had used this in my past fourm to great effect. Forum members could not reach a restricted, inner forum until they accumulated 100 posts, which presumed they weren't foolish enough or irresponsible enough to get booted along the way. 999 out of 1000 malicious people of any variety will never stick around long enought to make 100 coherent, cordial posts if they're just looking for something to cause some quick mayhem. I hate to use cliche, but where the malicious leechers are concerned, those 100 posts literally are like garlic to a vampire.
-
Correct, Foxtrot. People wouldn't be able to see the WiFi Pineapple forum unless they're logged in, although they will readily be able to search and see the rest of the forums. And there is nothing that will prevent them from registering, unless things are arranged such that only confirmed purchasers of the Pineapple are allowed to register. I wouldn't presume to second guess the Owners/Administrators of the forum on that note, as that decision is completely up to them.
I'm not talking about a total blackout. I respect your opinion, and know first exactly what your opinion is on before coming to the conclusion that it's "stupid." The point of this idea is to prevent script kiddies and malicious hackers from abusing the information contained in this forum. Just as important, the corollary to this is that we, the (hopefully) responsible owners and users of the Pineapple will be able to more freely talk about and share our ideas. An "invisible" forum is also non-crawlable by G, which will prevent the kiddies and the malicious from being led here when they're looking for an easy score to do some harm, not to mention over-cluttering the forum with incessant, nonsensical requests and over-burdening the Administrators/Moderators with headaches, and then by necessity, them having to impose more and more restrictions.
Hak5 will retain it's presence, ranking and standing on G and other search engines as much as it does now. Only the number of script kiddies and malicious people seeking to abuse the Pineapple (even non-related things) will be drastically reduced. IMO, I say that's very good for Hak5 as a whole, for the Pineapple forum, for the Administrators and moderators or the forums, and for us.
-
Yep. I had the same sentiments upon discovering this fact. In fact the NHA is only capable of about 640mW max output, despite often being touted by some vendors as 2000mW which is ludicrous. Although it's not 'N' capable, I've been using my AWUS036H. Oddly enough still the best of the Alfa line. If I have a specific need for 'N' capabiltiy I throw a 2W power amp on the NHA and then tweak it down a bit.
-
I just saw yet another post that was made referring to phishing, which was redirected here.
With all due respect to you, Seb, Mr-P and DigiNinja, in my very humble opinion, this forum needs to be made private. Specifically, that is, non G searchable ... non viewable unless a registrant is signed-in. I fully understand the need for foresight and discretion on matters such as this thread intends to address, and I largely agree with it. And simultaneously, it is a bit disheartening to know that this subject cannot be discussed in any measure when it is, very frankly, a large portion of what the Pineaple is about. It's not my intetiontion in any way to stir trouble, only provoke thought.
I hope you gentleman will graciously consider my idea as set forth earlier, as well as what is being suggested in this post. As a past Administrator of my own forum, albeit smaller than this one, I've not only seen it work but work with very effective results. I realize there's a business element involved here and there may be a marketing aspect to keep balanced which may make these remedies unlikely to be enacted. But if you want to maximize having your pineapple cake while the community can eat of it too, I hazard to say it would be the most reasonable counteragent to what you're trying to avoid.
-
Good find. Thanks for sharing, Aranadin.
I've been thinking about the possibility of doing a ginormous yet concise write-up concerning pen testing and power, amplification, signal restricting and directing, propagation as it relates to pen testing with the WiFi Pineapple. There's a lot of mystery and misperception that surrounds the subject. Basically 3 phases of the topic: 1. Up Close and Personal. Generally using the Pineapple on foot, in close quarters or within crowds, i.e. coffee shops, crowded social venues. Associated and probing clients. 2. Mobile. Like WarDriving only Pineappling, from a mobile platform. 3. Long Range. Getting clients/roaming clients to associate with your Pineapple from miles away. A little different from your stroll down the airport concourse or through the cafe, but many effective and virtually undetectable attacks (blackhat) are carried out this way, so it's good for a pen tester to be aware of the mechanics and equipment involved.
Still cogitating whether or not it would be totally apropos to the forum.
-
There are many to choose from on Amazon. Just type in "USB barrel jack." You're looking for one that's 5.5mm.
-
Hey all,
Ok FIRST, I know this topic has been discussed elsewhere in other threads, but I'd like to get some very direct opinions based on first-hand experience if I could.
For those of you who are hooked up well with a USB modem and your Pineapple, what is the "best" one you've discovered to use with the Pineapple? If I were to word this another way, I might ask, which USB modem has given you the most reliable performance with the least amount of trouble?
Using existing WiFi hotspots and tethering just doesn't always cut it.
And while we're on the topic of modems, I realize broadband service can vary greatly from region to region, but I might also ask what carrier/service you've found to be most cost effective for your general area. In other words, data rate + bandwidth + coverage / $
I'm currently checking out the Huawei E173 and a couple of the other Huaweis.
Opinions please?
-
Great find! I wasn't sure how long it was going to take using CRDA to stumble through every bit and byte to solve this problem. This addition info should help shorten the process greatly while still being a valuable learning process. And yes, for those of us living in the US, let's be careful that we keep out EIRP restricted at 500mW or below which is the legal limit (likewise for whatever country you may live in).
-
With the proliferation of this 'pineapple' item, these forums will begin to get more and more of these requests. I propose that we tread lightly on this subject. While I agree that some information needs to be obtained through personal experience, censorship can be a nasty beast.
First, I realize I'm new here and have no seniority. That said, if I had a say in the matter, I would humbly propose that 1. Pen-testing pages be delegated to a secure area or person and will only be available to legit purchasers of the Pineapple. 2. There be a criteria met before being able to acquire pen-testing pages, such as having at least 50+ posts, to show with some reasonable determinacy that the person who would be using them is not malicious, or worse, a complete idiot. Typically speaking, malicious, irresponsible idiots are not going to hang around and make 50+ post just to get some pen-test "phising" pages. They're too damn lazy and they want everything fast and easy ... hence the term "script kiddies." I do very much agree with Mr-P in principle, although perhaps not completely in action. The WiFI Pineapple is about 50% predicated (and sold) on the concept of "phishing" pen-testing pages. I could pull up a half dozen videos with Darren suggesting this use of the Pineapple (although he is always sure to astutely invoke the "I don't condone this" discalimer). Couple that with the fact that this is, broadly speaking, a community of sharing and knowledge (as true hackers do), and the restriction can very easiy become a slippery slope. Strictly speaking, *s*s*r*p has just as much or a far greater potenial for abuse than any "phising" page. So the next step will be to expulse *s*s*r*p.
The problem here is the same problem it always is: script kiddies and stupid, irresponsible hackers. Some people are malicious. They are not out to do legitimate penetration testing or even white/grey hat hacking, but rather to hurt people or use their information in a nefarious ill conceived, self-profiting way. They are completely blackhat. And the damge they can do is increased exponentially by their stupidity. It is because of these types that all hackers get a bad name.
Having gotten that rant out, I do believe that pen-testing pages should be available to those who have reasonably met some established criteria and demonstrated at least a modicum of perceivable responsibility. And that is only my personal take on the issue. You can always learn to make your own pages. In fact in an ideal setting it would probably be a good thing to do ... but I do not think it should be a prerequisite that a person know current HTML or php in order to use a pen-testing page. it's nice for responsible people, particularly users of the Pineapple, to have them on tap in some protected repository should they need them quickly.
-
There's this tool CRDA. If the EEPROM can't be flashed maybe it can be overridden.
-
This probably won't help any but my AWUS036NHA works as advertised.
You're right, it didn't help any. ;) Just kidding ... partially. Seriously, that's interesting. Maybe you were fortunate enough to get one of the adapters that isn't regged for a low-power country. Looks like you're running Ubuntu? What version? Is this your out-of-the-box results?
-
After tinkering with my alfa AWUS036NHA I get that same problem too. Can't get it over 20dBm which is 100mW. On the other hand my AWUS036H works fine. I can get 30dBm which is 1W. I don't know if this will help but alfa has a blog post about installing the driver for the alfa AWUS036NHA here. I tried following that but I got an error when I got to the make & make install part.
Thanks for the link. I also had found this page from Here several days ago (see the bottom post). Went through the same procedure in BT5r3 as he did. Everything went well but the new driver yielded the same result as far as output goes.
Thanks for the info. So does this mean that The Alfa AWUS036NHA is hard coded at 20dBm?
Evidently so. Apparently the NHAs are coming off the shelf with their EEPROM hard-coded to reg domain GB. in which the max limit is 20dBm. In short it would have to be reflashed to get a higher power.
Well the site said +-2 dBm so 27-2=25. At this point i'm just guessing. I don't know much about EIRP. Isn't that within the range. So is alfa just using the antenna gain to get at least 25dBm?
You're right (and Mr P.) about the allotted deviation, and 25dBm would be within that range. Only notice that the NHA consistently falls on the -2 side of the variance range. No one seems to find a NHA that just happens to fall on the 29dBm side ... or even right on 27dBm. I don't much like it when companies figure high and give low. And frankly speaking, for a relative small signal amplifier an allotted 14.8% skew in dB range and a 500mW variance in power output is huge. Either they're consciously fudging figures or they have very poor QC. I'd put my money on the former. All in all it isn't a major catastrophe. Just a bit disappointing.
-
All spec amps/adapters are measured at a correctly matched and terminated output node: Pout. If we talk of the power from an isotropic radiator, we'd be talking ERP or effective radiated power. When you talk of adding the gain of a specific antenna, we then move to EIRP or Equivalent/Effective Isotropic Radiated Power.
But let's suppose they're taking the antenna gain into account (fudging the figures) and talking EIRP instead of @ Pout to get their 27dBm. 100mw into a 5dBi gain antenna would give us only ~300mW or about 25dBm. Still not quite up to spec.
Thanks for the link. Interesting reading, and it seems to confirm the findings.
Update 3G script causes space error and does not work
in WiFi Pineapple Mark IV
Posted
Hey Foxtrot, I've been checking that. Thanks for the heads up.