[ZOMG we've been slashdotted]

Based on the hoard of people in front of the Hak5 table at DefCon I was not surprised to see this. Of course they could also have been there to stare at Shannon.

[ZOMG we've been slashdotted]

http://mobile.slashdot.org/story/13/08/06/0042256/wi-fi-pineapple-hacking-device-sells-out-at-def-con

[Connectivity Tip with SSH forwarding]

SKG, great tip and I've done it a few times myself. Lately I've been running into sites that place a cookie and this technique doesn't work. Already having the RPi in my kit lead me to do the ssh forwarding trick. If I didn't have that available I'd flip back to yours.

[Connectivity Tip with SSH forwarding]

I'm sure this has been covered somewhere before but after helping out several folks at DefCon (soooooo many people buying pineapples) I thought I'd post it here in case someone else finds it useful.

There are lots of ways to get internet connectivity to the pineapple so that you can get your MitM juices flowing, but every now and then your best option is to use an access point (AP) that isn't so simple. Many locations will now offer free wifi but you need to visit a page and accept the terms and conditions (and/or pay). This presents an obvious issue for the pineapple and can force you into hauling out your laptop, connecting to the AP, accepting the terms, and then tethering to your pineapple via eth0. This obviously makes the rig less portable as you're now hardwired and not able to stow your kit away in that sweet concealable kit you've worked so hard on. (at some point I will build a teddy-borg) If you have a small form factor computer such as a Raspberry Pi available you do have other options. In my case I will attach my external antenna (alfa) to the RPi and then use eth0 to connect the RPi to the pineapple. I have my interfaces files setup to automagically bring up eth0 as 172.16.42.42 so I can then connect to the pineapple with my laptop over it's wireless interface and ssh into the RPi. I use command line to bring up wlan0 and attach to the target access point. I then use ssh forwarding to open the browser on the RPi, visit the terms and conditions page, accept, and get my connectivity. You can then run the wp4.sh script to setup the internet pass-through to your pineapple. For those that have never used it before doing ssh forwarding allows you to access applications on a remote computer in a secure manner. As an example, "ssh -X root@172.16.42.42 iceweasel" in this example causes the iceweasel browser to launch on the RPi but it is then tunneled across the network where it appears on my laptop screen. Every action I take in the browser actually takes place on the remote system including visiting pages, download files, etc. Another option is to kick open a full vnc session but that eats up a lot of resources to do the same thing. Anyway, hope this is useful and gives someone a new tool in their toolbox.

Soooooo..... forum readers will get a discount at DefCon, right? Need to have cash in hand and the secret pass-phrase? "Bob's your uncle" work for everyone?

[Connecting Mark IV disrupts laptop wifi connect]

Yeah, I'm sure this isn't new. It's just fresh on my mind because I ran into earlier this week with a fresh kali install. Took me 10 minutes of swearing and editing the interfaces file before I remembered to turn that off.

[Connecting Mark IV disrupts laptop wifi connect]

Stupid/simple trick to try. In the network manager edit the eth0 connection and uncheck the box that says use that interface by default. Otherwise you will connect to your target WAP with wlan0 and have connectivity, but when you plug in or ifup eth0 the network manager will flip you over to that interface thereby breaking your wlan connection.

Right click on the network manager icon, select wired tab, select wired 1, click edit, uncheck "connect automagically".

[Pineapple Gallery]

Link to amazon is in the post. Skooba cable stable. I have a couple of them for various uses. Keep part of my travel incident response kit in them.

[Pineapple Gallery]

I've updated my kit to what I will officially term the "Because Defcon is around the corner so why the f*** not?" edition. I had already decided to add a Kali linux Raspberry Pi build to my kit, but due to a snafu with Amazon I ended up with two RPi's. Rather than being a normal human being and returning one of them, I decided to to throw it into the mix because Defcon is around the corner so why the F not? (See how this all flows together?) Anyway, pics below. Running a stress test on it now to see how long one battery pack will keep it all alive. (http://www.amazon.com/gp/product/B005NGKR54/) Master plan is to use the pineapple for karma, evil java, etc. Dnsspoof to a couple of basic harvest pages on the pineapple, but redirecting to one of the RPi's with SET handling some others. Use the other RPi for metasploit and other shenanigans. That or I'll let someone join the fun and run the other RPi while we're setup in the line at Defcon. I'll add another alfa to the kit to do airdrop.

Similar to prior shots. On right, bottom to top, battery, pineapple, hub w/ usb drive. Left has the alfa, Kali RPi #1 (blue), Kali RPi #2 (green).

Just showing ops. Main control via ipad either web or issh. Screen shows ssh into both RPi's, both ARM edition kali, both with msf up and running. Note, there are some steps you need to go through to get metasploit running correctly with the backend database and such.

[Can anyone recommend a case?]

If you check the pineapple gallery thread you might see some other options. I used one of the skooba binders to make a fairly decent kit. Pics coming soon of my latest update including my kali rasberry pi.

[Pineapple Gallery]

I took a bit of a different twist on mine for a variety of reasons. I have the weatherproof pelican kit but I've yet to face a need to stash my kit on a roof, and to be honest I hate the torque it put on the cables and connectors. It always felt like something was about to snap off. With that in mind my requirements were:

- I do a lot of penetration testing in corporate environments so I needed something that would blend in while still letting me have easy access to it.

- It would also let me conceal and leave it behind in a pinch.

- While having the operational nifty kit was great, I also wanted to be able to bring the entire load of extras with it. (cables, power supplies, etc)

With that in mind, I used one of my skooba binders (http://www.amazon.com/Skooba-R750-300-Cable-Stable-Black/dp/B003D0ID8U) and came up with the following:

Pineapple in full ops mode. Cable management allows it to be closed and opened easily with no pressure on cables or connectors. Web management via ipad.

Just showing closed but still operational. Switched control to ipad and issh.

Just showing a profile. About the same height and width of the ipad but about three times as thick. Easily fits in a backpack or messenger bag, and it could be stashed on a bookshelf or such without drawing notice.

Travel mode. All the pineapple gear including charges and random cables. I think I'm ready for my Blackhat/DefCon trip.

[DNSSpoof trouble with wlan1]

I'm a special kind of stupid. I was about to reply that I had tried wlan0 to br-lan previously and it didn't work. Then I realized that I had the direction flipped and needed to have it as wlan1 to br-lan (share internet from the adapter to the bridge w/ wlan0). Made the quick change in network manager and it seems to be up and running. I'll put it through the paces and see if anything else comes up. Thanks for the speedy reply.

[DNSSpoof trouble with wlan1]

I know this has been mentioned in prior threads (quote/link below) but it never seems to have been resolved.

EDIT: I just noticed that when using network manger it does something that stops DNSspoof working.

My setup up is a pineapple connected to a powered hub with a alfa card and usb plugged into it. The alfa is getting internet access from my home AP an sharing it with WLAN0.

Any idea on a quick fix for this?

i think its because the dns code is

'dnsspoof -i br-lan -f /pineapple/config/spoofhost > /dev/null 2>/pineapple/logs/dnsspoof.log'

am thinking that maybe br-lan should be WLAN0 or WLAN1. If that is correct would an if statement work (one were the pineapple checks were victems are connecting?http://forums.hak5.org/index.php?/topic/27113-network-manager/page-6?hl=dnsspoof

To make a long story short my Mark IV works fine with dnsspoof when being run through a tether to my BT5 machine but does not work when I use my alfa in client mode hooked to an access point. (Mark IV is latest firmware, latest build of dnsspoof, adapter is NHA) ICS works fine for anything connecting to the pineapple's wlan0/access point interface, but they just get passed through to the standard internet page. Poking around in the code shown that dnsspoof is hooked to br-lan, and br-lan consists of eth0 and wlan0. I don't think the solution is as simple as adding wlan1 to br-lan as that just gets me an "operation not supported" error. Anyone have a simple solution that I've overlooked or will this require some iw magic?