ananas
-
Posts
17 -
Joined
-
Last visited
Posts posted by ananas
-
-
Hi,
I am trying to scan networks for WPS functionality using both wlan1 and an alpha card (wlan2) in monitoring mode, wash won't show any (WPS) networks.
If I connect the same Alpha card to my Kali installed laptop, I can pick up about 20~ish WPS enabled networks.
Sequence of commands:
airmon-ng start wlan1
wash -i wlan1
I know that the Mark V worked with wash on an earlier version (I skipped the versions between 1.2.0 and 1.4.1 so I don't know when exactly this ceased working).
The monitor interfaces are working fine because if I perform an airodump-ng -i mon0 I can see a ton of networks.
Any idea what's wrong here?
Cheers,
-
Were there any changes from beta2, or is re-flashing not required?
-
And we are done.
Thank you everyone for your feedback!
Best Regards,
Sebkinne
That was a quick one! Never gotten the time to submit my report, sorry. I'll play by the rules next time =)
-
The idea is that there are usually a lot of things that don't make it to the actual release. We advise people to search through the forums to find solutions to known problems, and it *could* cause a lot of confusion with people turning up asking about why fixes to problems that aren't there aren't helping them. Tbh, I can't see why discussing it in the [bETA] thread itself is a bad idea, but I can certainly see why free reign over discussing it all over the forum would be a very bad idea indeed.
Am I making sense? I think I explained that right.
Yea sure I get that you shouldn't be opening new topics for beta issues, however as you see I don't see either why we can't discuss beta problems in the beta topic.
-
Humm okay, seems a bit pointless to not be able to discus it. Perhaps someone already ran into the issue and knows how to deal with it?
-
My MarkV just crashed on beta2 when I wanted to look at the Karma logs.
*snip*
To add to this, Karma seems to be completely broken now. I live in a densely populated area. Normally when Karma runs I get tons of probes and the occasional association. Currently the logging is entirely empty after having ran for several hours.
-
My MarkV just crashed on beta2 when I wanted to look at the Karma logs.
What information do you want me to look up when this occurs again? (I have to hard reset the device to gain access again).
Also the "get" infusion is broken. You can't retrieve the required packages through the infusion.
-
Anyone got any working documentation for this infusion?
All the links are dead or don't contain any information.
I'd like to read up on how I can reply a captured cookie, as you can do for example with "CookieCadger".
-
So, I've hooked up the Alfa antenna to a Kali install and tried things on there.
I can put it in monitoring mode, associate with an AP, and as soon as a reaverattack the Alfa antenna goes down (same as on the Pineapple).
command sequence:
airmon-ng start wlan0 1
aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test_ap
(so far so good)
reaver -i mon0 -b 98:FC:11:A8:75:F7 -v -a -S
[ 955.645814] device mon0 entered promiscuous mode
[ 985.586455] usb 1-2.1: USB disconnect, device number 8
[ 985.812141] ath: phy3: Failed to wakeup in 500us
[ 985.823394] ath: phy3: Failed to wakeup in 500us
[ 985.968616] usb 1-2.1: ath9k_htc: USB layer deinitialized
[ 986.166890] usb 1-2.1: new high-speed USB device number 9 using xhci_hcd
[ 986.184779] usb 1-2.1: New USB device found, idVendor=0cf3, idProduct=9271
[ 986.184781] usb 1-2.1: New USB device strings: Mfr=16, Product=32, SerialNumber=48
[ 986.184782] usb 1-2.1: Product: UB91C
[ 986.184783] usb 1-2.1: Manufacturer: ATHEROS
[ 986.184784] usb 1-2.1: SerialNumber: 12345Would this suggest I have a faulty antenna?
-
To add to the incredible randomness of this device, it was doing the WPS attack, then it started to timeout (kept failing), then I stopped the attack, rebooted the device, and now with airmon I can't even see any AP's anymore with wash (there are some 30 AP's up here).
-
This should help you with the reaver attack: http://forums.hak5.org/index.php?/topic/29610-launch-reaver-from-wps-button/
(The script does not need to be run from the button. You can use it like a normal script)
There are issues with reaver and the internal network card. You have to enable and disable pieces in the correct order or it errors out.
This device is so incredible random....
I got the WPS attack working on my internal wlan0 interface. If I use the same method now on the wlan1 interface then I can't get it to associate with the network I want to attack.
command sequence:
airmon-ng start wlan0
aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test-ap --ignore-negative-one
reaver -i mon0 -b 98:FC:11:A8:75:F7 -a -S -v
That works.
command sequence:
airmon-ng start wlan1
aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test-ap --ignore-negative-one (fails to associate)
10:02:01 Waiting for beacon frame (BSSID: 98:FC:11:A8:75:F7) on channel -1
10:02:11 No such BSSID available.
when I try this:
airmon-ng start wlan1 11
aireplay-ng still reports channel "-1", but my understanding is that the above command forces it to channel 11.
I just can't wrap my head around why the internal and external antenna behave so differently (and why the device can hard crash in some cases when some commands are used that apparently shouldn't be used in that specific way - rather than throwing an error)
-
This should help you with the reaver attack: http://forums.hak5.org/index.php?/topic/29610-launch-reaver-from-wps-button/
(The script does not need to be run from the button. You can use it like a normal script)
There are issues with reaver and the internal network card. You have to enable and disable pieces in the correct order or it errors out.
Thanks, i'll give that a try and will report back how it went!
-
All infusions are listed in the Pinapple Bar tab. Your pineapple will need to have an internet connection though. I can understand if you don't want to use the Network Manager on a regular basis but if it works and accomplishes what you cannot manually, you could at least look at the PHP code it is using to find out what commands are working. Also, how are you trying to use Reaver if you havn't installed it? Or did you did you "apt-get install reaver"?
Sort of yea, using OpenWRT's package manager, opkg.
I have installed a couple of infusions through the webpage already, just to explore the device. However, I don't see any reaver alike infusions nor any reaver options in the network manager. Most infusions seem to be about when you already have clients connected to your network. I am first attempting to attack networks, not too interested (yet) in the MITM attacks.
What I try to attempt is running wash to scan for WDS enabled devices, and use reaver to try and bruteforce the key.
-
Have you tried any of this using the Network Manager infusion and the reaver infusion? What I find interesting is that you are issuing commands regarding wlan0 yet your log states device wlan1 is entering promiscuous mode...
I tend to try and avoid using GUI's. Haven't seen a reaver infusion listed either.
The logs are regarding the second issue with the Alfa antenna.
I can't seem to capture any logging on the hard crash from problem 1.
-
Can anyone confim the above is also happening on their devices?
Trying to determen if my device is faulty or not.
Cheers,
-
Hi,
I am experiencing a ton of crashes with my newly bought Mark 4. I am wondering wether I am doing something really wrong, or if something is up with my device.
I have bought the pro edition, so it comes with the extra antenna (someone on IRC referred to it as the "alpha antenna", not sure if thats what it's called).
I have updated my device to the latest available release, 2.8.1.
I have disabled all running services such as the Karma service.
Crashes I experience:
on this command sequence, at the very moment I bring the interface back up, the entire device crashes and goes into a reboot:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
*crash*
I can use airmon-ng -i wlan0, then this interface works, it creates a mon0 interface, however, it can then just scan on whatever channel I have previousely put it on.
A second issue I experience is with the external antenna. Here I can do the above sequence just fine. I can also use airodump to scan for channels, but as soon as I try to run "wash" or "reaver" on that antenna, the antenna crashes and I observe the following log in "dmesg":
[ 1699.820000] device wlan1 entered promiscuous mode
[ 1738.810000] usb 1-1: USB disconnect, device number 4
[ 1738.880000] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1739.380000] usb 1-1: new high-speed USB device number 5 using ehci-platform
[ 1744.560000] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[ 1744.950000] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51272
[ 1745.190000] ath9k_htc 1-1:1.0: ath9k_htc: HTC initialized with 33 credits
[ 1745.390000] ath9k_htc 1-1:1.0: ath9k_htc: FW Version: 1.3
[ 1745.390000] ath: EEPROM regdomain: 0x833a
[ 1745.390000] ath: EEPROM indicates we should expect a country code
[ 1745.390000] ath: doing EEPROM country->regdmn map search
[ 1745.390000] ath: country maps to regdmn code: 0x37
[ 1745.390000] ath: Country alpha2 being used: GB
[ 1745.390000] ath: Regpair used: 0x37
[ 1745.390000] ieee80211 phy4: Atheros AR9271 Rev:1
[ 1745.570000] Registered led device: ath9k_htc-phy4Am I doing something wrong, using unsupported methods or tools? I am kind of in the dark here to what the issue might be. I've already tried to replace the cables and made sure its powersource is externally fed (as I thought it might have been a powerconsumption issue).
Cheers,
Saint K.
eth0 only works on 10Mbit/FD
in WiFi Pineapple Mark V
Posted · Edited by ananas
Hi,
As far as I can remember I think my Mark V has always worked on 100Mbit/FD on its LAN port.
Recently I started having troubles with the device, couldn't reach it anymore through the LAN. As I wasn't actively using it at that moment I left it for what it was.
Now a few months later I wanted to get working on the device again and had to troubleshoot why I couldn't reach it anymore.
After a lot of testing and trying settings it seems I can only get layer 2 and higher connectivity when the device operates at a fixed linerate of 10Mbit/FD.
Things I have tested:
- Different (verified to correctly work) cables
- Different network devices
- Set speed/duplex on auto mode (this negociates the line to 100Mbit/FD on the Mark V side, the other side can't really get a connection, the line flaps really fast. If checked with ethtool 90% of the time it reports up and 10% of the time it reports down)
- Set speed/duplex fixed on 100Mbit/FD
- Upgraded firmware to latest version
- Tried different power adapter
I also wanted to try a full reset using the recovery firmware, however when I set the dip's to their correct positions I am unable to get a connection to the device. I did do a factory reset which didn't help.
Another thing I find mildly weird is that the device reports it can run on 1Gbit, however the Mark V specs say 100Mbit.
Below is the current output of ethtool with the speed/dup set to fixed.