commdogg

I was having some similar issues with windows ICS. Windows 10 kept assigning another subnet to the Tetra Facing adaptor when ICS was enabled (looks like it acts as a full software router now with DHCP services, etc enabled on the adaptor). I had to go in and change it back to the static pineapple subnet. Also McAfee on the windows host was screwing with ICS hard. I had to disable it. I still haven't figure out how to make it play with the firewall on. SUMMARY: changing the network setting back to what they are supposed to be after enabling ICS and disabling the host firewall got me working.

Hello all, I happened to notice after upgrading to "logasaurus" that PineAP client logs are no longer displaying. I typically use my pineapple as a travel router/access point and I enjoyed the handiness of having a list of client devices and IP's in one spot. Have they moved? Under PineAP Client Reports all it says is "no clients found" Has anyone else encountered this? Thanks :) Comm

Seb, Thank you. Removing that infusion did the trick. Meanwhile, I use the pineapple as a traditional AP (travel router, etc) most of the time. It seems if I drop the hidden open access point, the wpa2 AP falls off as well. Do you have any more voodoo available regarding just having a secure AP running on the pineapple? Thanks again Comm

Hello guys, After the last update for some reason the external atheros card no longer plays. It appears under the device list, and the wifimanager infusion sees the hardware, but for some reason I can't get the device to pull a logical interface. I normally used this radio in client mode as it had much better throughput than the on board radio. Are there any ideas? I'm pulling out my hair in openwrt documentation trying to figure it out.... Thank you Comm root@Pineapple:/# ifconfig br-lan Link encap:Ethernet HWaddr 00:13:37:A5:09:C5 inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:692 errors:0 dropped:130 overruns:0 frame:0 TX packets:415 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:66372 (64.8 KiB) TX bytes:48997 (47.8 KiB) eth0 Link encap:Ethernet HWaddr 00:13:37:A5:09:C5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1142 errors:0 dropped:218 overruns:0 frame:0 TX packets:415 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:236206 (230.6 KiB) TX bytes:48997 (47.8 KiB) Interrupt:4 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:149 errors:0 dropped:0 overruns:0 frame:0 TX packets:149 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:11352 (11.0 KiB) TX bytes:11352 (11.0 KiB) wlan0 Link encap:Ethernet HWaddr 00:13:37:A5:09:C5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:196 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:35273 (34.4 KiB) wlan0-1 Link encap:Ethernet HWaddr 02:13:37:A5:09:C5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:193 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:34979 (34.1 KiB) root@Pineapple:/# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 058f:6254 Alcor Micro Corp. USB Hub Bus 001 Device 003: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter Bus 001 Device 004: ID 058f:6366 Alcor Micro Corp. Multi Flash Reader Bus 001 Device 006: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n

I've been trying to find a way to get a "rouge CA" cert to install on a "victim" trust center. However, it looks like unless you are on a domain and you have admin access to the DC to push a cert via GPO, clever trickery with social engineering is the best I can come up with. I've been researching (when I have time) if there any cool client side attack payloads I can use to do that. But so far, Nada. You can't falsify a valid cert, but certain proxies will do an SSL MITM and re sign their own cert to make it appear to the client browser it came from the site and not the proxy. However, the CA for the proxy needs to be trusted by the client, hence my problem above. The Squid3-dev package does this pretty smoothly. I just don't have several thousand dollars and a good reason to give verisign as to why I need an intermediate CA certificate from them. Its pretty pointless from the academic standpoint anyway. It would only be useful if I was actually going to use it, which I won't because jail sucks. Me thinks this infusion will be ultra cool for phone apps. I'll betcha many of them don't actually check the SSL cert presented to it.

Have fun with it buddy.

Yep there should be an -L and you can use any port you want, as long as you point it to 1471, and as long as you aren't already using it for something.

Stick that listen port rule into putty and see if you can connect. Almost there...

Sorry my mind slips back and forth into VPN lingo sometimes... Connection profile... the first tab in putty has save and load buttons... should have an entry in there for your pineapple connection. You have to tell putty to forward a port so you can access the web GUI. Go to SSH, tunnels and put "9090" for example in the source port, and localhost:1471 in the destination. And it looks like your server has a listen port for the pineapple. SSH into that at ssh user@serverip -p 9999 and see if you get the pineapple. if so exit the connection and add this argument ssh 9090:localhost:1471 user@serverip -p 9999 <<for Linux, if using putty see the paragraph above. if it connects put local host 9090 in your browser and you should hit the web GUI

change listen port to 22 on the pineapple. SSH into the server after the pineapple says it connects and run netstat -na and see if 9999 showed up as a listening port. If it did, under the connection pofile set up the port forwarding rule under ssh, tunnels with local port (9090 or something and remote port localhost 1471) linux or plink should look like ssh -L 9090:localhost:1471 root@serverip -p 9999 putty config you need to go to SSH tunnels and put in 9090 for the source port and localhost:1471 for destination Then you should be able to connect to localhost:9090 in your web browser and hit the web GUI

The port you specified in the Autossh config page of the pineapple. Open a port forwarding rule for that port to the ip of the server.

If it works on your LAN then its probably port forwarding rules or firewall issues. Can you connect to the relay with another device other than the pineapple from outside your network? Remember you need a rule allowing a port to port 22 on your server, and another rule to the forwarded interface port for the pineapple on your server's IP.

Okay your new port forwarding rule points the server IP with the "port" value. And it looks like it isn't connecting. Does it connect if you move the pineapple into your LAN?

When I say "external" I mean the public IP on your router. Anything you have in the way thats performing NAT (like a virtualbox, again it depends if the interface of the VM is bridged or NAT) so to hit your server at port 22, you have to open a port on the router and send it to the server IP address at port 22. Most routers have a tab in the management interface for port forwarding. If your server listens on your LAN at 192.168.1.20:22 (for example) and your public IP address on your routers WAN port is 22.23.24.25, if you want your server to listen on port 7000 on your public interface, you set up a port forwarding rule from the router to send everything on port 7000 to port 22 at 192.168.1.20 on your LAN. To connect to your server you put ssh user@22.23.24.25 -p 7000 in your client. The port/listen port block on the pineapple web GUI sets a listen interface up AFTER the pineapple connects to the server, ON the server. So once the pineapple connects, you SSH to the server on that port to talk to the pineapple. Remember the pineapple is a client and a server, it connects to the relay as a client and then you connect back through the tunnel to its server interface (port 22). Whatever port you are forwarding to the SSH relay server for the pineapple to listen on you need an additional port forwarding rule on your router for that port. I am assuming here the relay server is on your local LAN. But its the same process. If you are forwarding port 2222 then you need a rule on the router at like port 7001 forwarded to the server at 2222. So when your pineapple is connected to the server you can ssh into the pineapple at ssh root@192.168.1.20 -p 2222 The command to hit the web GUI port is in addition to the above. When you open putty to connect to the relay-connected pineapple, you put a command in SSH tunnels to forward anything sent to a local port IE 9999 to 1471 over the tunnel. So in your web browser you just browse to localhost:9999 and it automatically connects to the pineapple 1471 over the tunnel. Clear as mud? What part is hanging up? Lets start there. It looks like your logs are saying its not connecting to your relay server. Probably because we need to set up the port forwarding rules.

Hmm, I think if you put the -p 7000 argument in your autossh config page it should go, but may not save? If you look at the auto ssh config file on the pineapple it will tell you. I set mine up that way and it connects just fine. If your server is listening on 22 with its external port forwarded to 7000, leave the -p 7000 argument in the top line with user@whatever. The Port field is the remote port the pineapple will listen from when connected to the relay server. It is the port you have to hit from the other direction with your SSH client, through the relay server. Its the -R argument you had to do for the MK4. To sent information back to the GUI port you have to forward ANOTHER port with the SSH client (putty) to 1471. on linux its something like "-L 9999:localhost:1471" Where 9999 is the port on the local machine you are using the client on, and localhost:1471 is the pineapple web management port. In putty, you would go to SSH, Tunnels, and set that. Also, I don't know if you can SSH into the relay server as the root user. I set up another user and that's what the pineapple uses to connect. You can to the pineapple though.