Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by commdogg

  1. I was having some similar issues with windows ICS. Windows 10 kept assigning another subnet to the Tetra Facing adaptor when ICS was enabled (looks like it acts as a full software router now with DHCP services, etc enabled on the adaptor). I had to go in and change it back to the static pineapple subnet. Also McAfee on the windows host was screwing with ICS hard. I had to disable it. I still haven't figure out how to make it play with the firewall on. SUMMARY: changing the network setting back to what they are supposed to be after enabling ICS and disabling the host firewall got me working.
  2. Hello all, I happened to notice after upgrading to "logasaurus" that PineAP client logs are no longer displaying. I typically use my pineapple as a travel router/access point and I enjoyed the handiness of having a list of client devices and IP's in one spot. Have they moved? Under PineAP Client Reports all it says is "no clients found" Has anyone else encountered this? Thanks :) Comm
  3. Seb, Thank you. Removing that infusion did the trick. Meanwhile, I use the pineapple as a traditional AP (travel router, etc) most of the time. It seems if I drop the hidden open access point, the wpa2 AP falls off as well. Do you have any more voodoo available regarding just having a secure AP running on the pineapple? Thanks again Comm
  4. Hello guys, After the last update for some reason the external atheros card no longer plays. It appears under the device list, and the wifimanager infusion sees the hardware, but for some reason I can't get the device to pull a logical interface. I normally used this radio in client mode as it had much better throughput than the on board radio. Are there any ideas? I'm pulling out my hair in openwrt documentation trying to figure it out.... Thank you Comm root@Pineapple:/# ifconfig br-lan Link encap:Ethernet HWaddr 00:13:37:A5:09:C5 inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:692 errors:0 dropped:130 overruns:0 frame:0 TX packets:415 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:66372 (64.8 KiB) TX bytes:48997 (47.8 KiB) eth0 Link encap:Ethernet HWaddr 00:13:37:A5:09:C5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1142 errors:0 dropped:218 overruns:0 frame:0 TX packets:415 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:236206 (230.6 KiB) TX bytes:48997 (47.8 KiB) Interrupt:4 lo Link encap:Local Loopback inet addr: Mask: UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:149 errors:0 dropped:0 overruns:0 frame:0 TX packets:149 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:11352 (11.0 KiB) TX bytes:11352 (11.0 KiB) wlan0 Link encap:Ethernet HWaddr 00:13:37:A5:09:C5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:196 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:35273 (34.4 KiB) wlan0-1 Link encap:Ethernet HWaddr 02:13:37:A5:09:C5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:193 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:34979 (34.1 KiB) root@Pineapple:/# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 058f:6254 Alcor Micro Corp. USB Hub Bus 001 Device 003: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter Bus 001 Device 004: ID 058f:6366 Alcor Micro Corp. Multi Flash Reader Bus 001 Device 006: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
  5. I've been trying to find a way to get a "rouge CA" cert to install on a "victim" trust center. However, it looks like unless you are on a domain and you have admin access to the DC to push a cert via GPO, clever trickery with social engineering is the best I can come up with. I've been researching (when I have time) if there any cool client side attack payloads I can use to do that. But so far, Nada. You can't falsify a valid cert, but certain proxies will do an SSL MITM and re sign their own cert to make it appear to the client browser it came from the site and not the proxy. However, the CA for the proxy needs to be trusted by the client, hence my problem above. The Squid3-dev package does this pretty smoothly. I just don't have several thousand dollars and a good reason to give verisign as to why I need an intermediate CA certificate from them. Its pretty pointless from the academic standpoint anyway. It would only be useful if I was actually going to use it, which I won't because jail sucks. Me thinks this infusion will be ultra cool for phone apps. I'll betcha many of them don't actually check the SSL cert presented to it.
  6. Yep there should be an -L and you can use any port you want, as long as you point it to 1471, and as long as you aren't already using it for something.
  7. Stick that listen port rule into putty and see if you can connect. Almost there...
  8. Sorry my mind slips back and forth into VPN lingo sometimes... Connection profile... the first tab in putty has save and load buttons... should have an entry in there for your pineapple connection. You have to tell putty to forward a port so you can access the web GUI. Go to SSH, tunnels and put "9090" for example in the source port, and localhost:1471 in the destination. And it looks like your server has a listen port for the pineapple. SSH into that at ssh user@serverip -p 9999 and see if you get the pineapple. if so exit the connection and add this argument ssh 9090:localhost:1471 user@serverip -p 9999 <<for Linux, if using putty see the paragraph above. if it connects put local host 9090 in your browser and you should hit the web GUI
  9. change listen port to 22 on the pineapple. SSH into the server after the pineapple says it connects and run netstat -na and see if 9999 showed up as a listening port. If it did, under the connection pofile set up the port forwarding rule under ssh, tunnels with local port (9090 or something and remote port localhost 1471) linux or plink should look like ssh -L 9090:localhost:1471 root@serverip -p 9999 putty config you need to go to SSH tunnels and put in 9090 for the source port and localhost:1471 for destination Then you should be able to connect to localhost:9090 in your web browser and hit the web GUI
  10. The port you specified in the Autossh config page of the pineapple. Open a port forwarding rule for that port to the ip of the server.
  11. If it works on your LAN then its probably port forwarding rules or firewall issues. Can you connect to the relay with another device other than the pineapple from outside your network? Remember you need a rule allowing a port to port 22 on your server, and another rule to the forwarded interface port for the pineapple on your server's IP.
  12. Okay your new port forwarding rule points the server IP with the "port" value. And it looks like it isn't connecting. Does it connect if you move the pineapple into your LAN?
  13. When I say "external" I mean the public IP on your router. Anything you have in the way thats performing NAT (like a virtualbox, again it depends if the interface of the VM is bridged or NAT) so to hit your server at port 22, you have to open a port on the router and send it to the server IP address at port 22. Most routers have a tab in the management interface for port forwarding. If your server listens on your LAN at (for example) and your public IP address on your routers WAN port is, if you want your server to listen on port 7000 on your public interface, you set up a port forwarding rule from the router to send everything on port 7000 to port 22 at on your LAN. To connect to your server you put ssh user@ -p 7000 in your client. The port/listen port block on the pineapple web GUI sets a listen interface up AFTER the pineapple connects to the server, ON the server. So once the pineapple connects, you SSH to the server on that port to talk to the pineapple. Remember the pineapple is a client and a server, it connects to the relay as a client and then you connect back through the tunnel to its server interface (port 22). Whatever port you are forwarding to the SSH relay server for the pineapple to listen on you need an additional port forwarding rule on your router for that port. I am assuming here the relay server is on your local LAN. But its the same process. If you are forwarding port 2222 then you need a rule on the router at like port 7001 forwarded to the server at 2222. So when your pineapple is connected to the server you can ssh into the pineapple at ssh root@ -p 2222 The command to hit the web GUI port is in addition to the above. When you open putty to connect to the relay-connected pineapple, you put a command in SSH tunnels to forward anything sent to a local port IE 9999 to 1471 over the tunnel. So in your web browser you just browse to localhost:9999 and it automatically connects to the pineapple 1471 over the tunnel. Clear as mud? What part is hanging up? Lets start there. It looks like your logs are saying its not connecting to your relay server. Probably because we need to set up the port forwarding rules.
  14. Hmm, I think if you put the -p 7000 argument in your autossh config page it should go, but may not save? If you look at the auto ssh config file on the pineapple it will tell you. I set mine up that way and it connects just fine. If your server is listening on 22 with its external port forwarded to 7000, leave the -p 7000 argument in the top line with user@whatever. The Port field is the remote port the pineapple will listen from when connected to the relay server. It is the port you have to hit from the other direction with your SSH client, through the relay server. Its the -R argument you had to do for the MK4. To sent information back to the GUI port you have to forward ANOTHER port with the SSH client (putty) to 1471. on linux its something like "-L 9999:localhost:1471" Where 9999 is the port on the local machine you are using the client on, and localhost:1471 is the pineapple web management port. In putty, you would go to SSH, Tunnels, and set that. Also, I don't know if you can SSH into the relay server as the root user. I set up another user and that's what the pineapple uses to connect. You can to the pineapple though.
  15. Hey, I'm a little confused on your config here. Are you saying you can hit the relay server on your LAN and manage it, just not from an external IP? As far as the config, I think, if I'm following you correctly, you are trying to forward the web interface port to the SSH listen port. I don't think that will work. You want that to be something the SSH client (the PC you are using) pushes through the tunnel created by Auto SSH. For the auto SSH config push some other port like 2222 (thats what mine is I think its defualt) the Config will look something like username@publicip -p #### Where #### is the listen port for the External interface (the router doing your NAT) pointing back to the port 22 on the server. For Port mine says 2222 and listen port is 22. This sets up a forwarding rule for the SSH relay server to pass anything it gets on port 2222 back to the pineapple over the tunnel on port 22. You'll need another port forwarding rule on the router the SSH relay server is behind pointing to 2222. If you set your VM server up with NAT and not a bridged interface, you'll need a port forwarding rule on your VM as well. Mine looks something like this: Pineapple: ssh user@mydynamicdns.com -p 4299 -R 2222:localhost:22 -i ./etc/dropbear/id_rsa (thats from memory of the config file I'm sure I'm missing a couple of flags) on the pineapple web interface it looks something like : user@mydynamicdns.com -p 4299 port 2222 listenport 22 My router forwards port 4299 to my host PC where I have another port forwarding rule in virtualbox forwarding 4299 to port 22 on my VM ubuntu server. (mine is set up NAT, if yours is bridged then forward your external port directly to 22 on the IP used by your guest server, not the host) When it connects successfully a listen interface appears on the ubuntu server at 2222. Thats the pineapple. I have another rule on virtualbox forwarding another random port like 42555 to 2222. And a rule on my external router to pass anything from 42555 to 42555 on my host. Again, if yours is bridged don't worry about the VM port forwarding rule, just get a port on your external router to forward to 2222. On the client, your ssh session will be something like ssh -L 9999:localhost:1471 root@mydynamicdns.com -p 42555 for linux clients On putty, to forward a port, drill down the menu to SSH, Tunnels and put 9999 in source port and localhost:1471 in destination. This connects to the listen port on the server your pineapple forwarded, and establishes a local port 9999 that forwards through the SSH tunnel to the pineapple at 1471. So if it connects, and you can authenticate and see the pineapple shell, open up a web browser and point it to localhost:9999. Bam-a-lam. You can change the listen port by editing the sshd_config file on either the relay or pineapple, but you can in effect change that with port forwarding rules at the router as well, without actually mucking with the config files. Hopefully I was able to help a little bit. Let me know if I was off the mark. comm
  16. I set a relay up as a VM sitting on my home server. Of course I'm not doing anything where I would mind it pointing back to my own IP. That said, virtual box and Ubuntu are free. I like free way better than cheap :). The only thing I pay for is a Dynamic DNS service, which I already had for other reasons. After I bought it, I noticed my IP hadn't changed in over a year anyway, but I needed a hostname for why I originally grabbed it, so I guess it works out.
  17. I had the same issue with wlan1 in client mode and wlan0 in AP. Horrible throughput. something like 0.5 meg down and 2 megs up. Dorking around with the channel didn't seem to help. I pulled out the Alfa card I use with the MKIV and set that one up as an AP (wlan2), and used wlan0 in client mode. So far that is running groovy, as fast as I would expect. SSL strip and ettercap seem to crash it but I'm sure thats just an ID10T error on my end. My router is using WPA2 AES as well. I'm seeing if I can get wlan1 to do anything useful. Now if I can just get my autossh keep alive script running correctly I'll be able to play with this thing.
  18. Just AutoSSH so far. wlan1 connects to my AP with the setting in the wifi manager infusion. Incidentally, My first attempt to fix autossh was putting a script together to just start the tunnel and throw it in a cronjob. However after SCPing the file in and changing permissions, the terminal returns a file not found error. Needless to say cron wont run it either. So i shifted to try and figure out WTF with the script. LOL this is exactly why we buy these though. I haven't touched Battlefield 4 all weekend :)
  19. I have about the same thing going on with AutoSSH. Did you ever work out a fix? I'm also having really slow throughput. My browsers either drag ass or crash.
  20. The USB cable is fine. I have actually had the card for a few months and it works fine directly into my laptop. As far as troubleshooting, I think perhaps playing with different power configurations is pertinent because, I have gotten the card and pineapple to play nice and the ONLY difference between the card not working and the card working I have seen is where the card pulls its power draw. The powered hub got it up and running on different firmware versions, and also with different power sources for the pineapple, be it wall, battery, or USB. No matter what firmware/power config I put the pineapple in, if the power draw for the card comes off of it, the card fails. I even dropped the TXPower down incrementally, and no change. Maybe I have a slightly different board or chipset in mine.
  21. I'm still having the original issue with 2.8.1 firmware. The "fix" still seems to put that powered hub in the way. Since enabled on boot has been checked the card wakes up if the pineapple is reset, the light blinks blinks, then dies. If booted with the hub providing power it wakes up and associates. I don't see any difference with wall power or USB power as far as the pineapple is concerned. The card dorked regardless of the power source.
  22. Cool, I'm going to reflash it anyway so I'll try out the 2.8.1 firmware. I tried installing another infusion and it kept erroring and freezing.
  23. Hello guys, I seem to have gotten my AWUS036NHA card working properly with the pineapple. Please validate this if you can. I was having the same symptoms as blueAlien. The Alfa card would power on and the pineapple would see it in Wifi Manager, but anytime I attempted to change a config setting or associate it to an AP it would frag. Eventually I grabbed a cheapo Belkin powered USB hub I had laying around and placed it inline between the Alfa card and the USB port for the pineapple. The card seems to work fine as long as the power draw for the card comes off the hub. One of the USB to power plugs in the dinky little apater kit that came with the pineapple (i think included to charge the pineapple battery) actually fit the power plug for the hub and it powers fine off one of the other USB ports on my laptop. The battery for the pineapple actually works on the hub too, but I only have one of them. Maybe the solution here would be to include a powered hub with a battery to power the card as well. It seems to hang on to its DHCP lease fine. I was also able to authenticate to my WPA2 PSK AP with the card powering off the hub. The only issue I'm having now is when I SSH in and change the MAC for the alfa card, if I start it back up in wifi manager it reverts back to its real hardware ID. So right now I'd be unable to deploy it against any AP's doing MAC filtering. Anyone know a way around this?
  • Create New...