ananas

Hi, As far as I can remember I think my Mark V has always worked on 100Mbit/FD on its LAN port. Recently I started having troubles with the device, couldn't reach it anymore through the LAN. As I wasn't actively using it at that moment I left it for what it was. Now a few months later I wanted to get working on the device again and had to troubleshoot why I couldn't reach it anymore. After a lot of testing and trying settings it seems I can only get layer 2 and higher connectivity when the device operates at a fixed linerate of 10Mbit/FD. Things I have tested: - Different (verified to correctly work) cables - Different network devices - Set speed/duplex on auto mode (this negociates the line to 100Mbit/FD on the Mark V side, the other side can't really get a connection, the line flaps really fast. If checked with ethtool 90% of the time it reports up and 10% of the time it reports down) - Set speed/duplex fixed on 100Mbit/FD - Upgraded firmware to latest version - Tried different power adapter I also wanted to try a full reset using the recovery firmware, however when I set the dip's to their correct positions I am unable to get a connection to the device. I did do a factory reset which didn't help. Another thing I find mildly weird is that the device reports it can run on 1Gbit, however the Mark V specs say 100Mbit. Below is the current output of ethtool with the speed/dup set to fixed. root@Pineapple:~# ethtool eth0 Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Advertised link modes: 10baseT/Full Advertised pause frame use: No Advertised auto-negotiation: No Speed: 10Mb/s Duplex: Full Port: MII PHYAD: 4 Transceiver: external Auto-negotiation: off Current message level: 0x000000ff (255) drv probe link timer ifdown ifup rx_err tx_err Link detected: yes Does anyone have any suggestions left I could try, or am I to accept that my LAN port is defective?

Hi, I am trying to scan networks for WPS functionality using both wlan1 and an alpha card (wlan2) in monitoring mode, wash won't show any (WPS) networks. If I connect the same Alpha card to my Kali installed laptop, I can pick up about 20~ish WPS enabled networks. Sequence of commands: airmon-ng start wlan1 wash -i wlan1 I know that the Mark V worked with wash on an earlier version (I skipped the versions between 1.2.0 and 1.4.1 so I don't know when exactly this ceased working). The monitor interfaces are working fine because if I perform an airodump-ng -i mon0 I can see a ton of networks. Any idea what's wrong here? Cheers,

Were there any changes from beta2, or is re-flashing not required?

That was a quick one! Never gotten the time to submit my report, sorry. I'll play by the rules next time =)

Yea sure I get that you shouldn't be opening new topics for beta issues, however as you see I don't see either why we can't discuss beta problems in the beta topic.

Humm okay, seems a bit pointless to not be able to discus it. Perhaps someone already ran into the issue and knows how to deal with it?

To add to this, Karma seems to be completely broken now. I live in a densely populated area. Normally when Karma runs I get tons of probes and the occasional association. Currently the logging is entirely empty after having ran for several hours.

My MarkV just crashed on beta2 when I wanted to look at the Karma logs. What information do you want me to look up when this occurs again? (I have to hard reset the device to gain access again). Also the "get" infusion is broken. You can't retrieve the required packages through the infusion.

Anyone got any working documentation for this infusion? All the links are dead or don't contain any information. I'd like to read up on how I can reply a captured cookie, as you can do for example with "CookieCadger".

So, I've hooked up the Alfa antenna to a Kali install and tried things on there. I can put it in monitoring mode, associate with an AP, and as soon as a reaverattack the Alfa antenna goes down (same as on the Pineapple). command sequence: airmon-ng start wlan0 1 aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test_ap (so far so good) reaver -i mon0 -b 98:FC:11:A8:75:F7 -v -a -S [ 955.645814] device mon0 entered promiscuous mode [ 985.586455] usb 1-2.1: USB disconnect, device number 8 [ 985.812141] ath: phy3: Failed to wakeup in 500us [ 985.823394] ath: phy3: Failed to wakeup in 500us [ 985.968616] usb 1-2.1: ath9k_htc: USB layer deinitialized [ 986.166890] usb 1-2.1: new high-speed USB device number 9 using xhci_hcd [ 986.184779] usb 1-2.1: New USB device found, idVendor=0cf3, idProduct=9271 [ 986.184781] usb 1-2.1: New USB device strings: Mfr=16, Product=32, SerialNumber=48 [ 986.184782] usb 1-2.1: Product: UB91C [ 986.184783] usb 1-2.1: Manufacturer: ATHEROS [ 986.184784] usb 1-2.1: SerialNumber: 12345 Would this suggest I have a faulty antenna?

To add to the incredible randomness of this device, it was doing the WPS attack, then it started to timeout (kept failing), then I stopped the attack, rebooted the device, and now with airmon I can't even see any AP's anymore with wash (there are some 30 AP's up here).

This device is so incredible random.... I got the WPS attack working on my internal wlan0 interface. If I use the same method now on the wlan1 interface then I can't get it to associate with the network I want to attack. command sequence: airmon-ng start wlan0 aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test-ap --ignore-negative-one reaver -i mon0 -b 98:FC:11:A8:75:F7 -a -S -v That works. command sequence: airmon-ng start wlan1 aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test-ap --ignore-negative-one (fails to associate) 10:02:01 Waiting for beacon frame (BSSID: 98:FC:11:A8:75:F7) on channel -1 10:02:11 No such BSSID available. when I try this: airmon-ng start wlan1 11 aireplay-ng still reports channel "-1", but my understanding is that the above command forces it to channel 11. I just can't wrap my head around why the internal and external antenna behave so differently (and why the device can hard crash in some cases when some commands are used that apparently shouldn't be used in that specific way - rather than throwing an error)

Thanks, i'll give that a try and will report back how it went!

Sort of yea, using OpenWRT's package manager, opkg. I have installed a couple of infusions through the webpage already, just to explore the device. However, I don't see any reaver alike infusions nor any reaver options in the network manager. Most infusions seem to be about when you already have clients connected to your network. I am first attempting to attack networks, not too interested (yet) in the MITM attacks. What I try to attempt is running wash to scan for WDS enabled devices, and use reaver to try and bruteforce the key.

I tend to try and avoid using GUI's. Haven't seen a reaver infusion listed either. The logs are regarding the second issue with the Alfa antenna. I can't seem to capture any logging on the hard crash from problem 1.