Jump to content

johnjdoe

Active Members
 View Profile  See their activity

  • Posts

    39

  • Joined

  • Last visited

  • Days Won

    2

 Content Type 

Posts posted by johnjdoe

    SSLSTRIP[?] Question

    in WiFi Pineapple Mark V

    Posted

    I can confirm that MITMf works fine against some SSL targets. When HSTS is used it depends on the browser too, but I can confirm that with an older version of Chrome an SSLStrip attack against mail.google.com accomplished his objectives.

    I hope that Seb will include a working MITM proxy in the Pineapple as promised ...

    Help - First Time User

    in WiFi Pineapple Mark V

    Posted

    Yes. Either one of those options is fine. My recommendation is to use the USB device (wlan2) so your Pineapple isn't relying on your Macbook.

    I thought this too but as I told/asked in https://forums.hak5.org/index.php?/topic/33488-got-pineapnot-pineapple-questions-let-me-answer-them/page-5#entry256968 , it seems that there's a problem or even a bug: When I connect an external USB WIFI (what I bought at Hak5 with my Pineapple) it appears in the GUI as WLAN2. I enable WLAN0, WLAN1 and WLAN2 and put WLAN2 in client mode. After connecting it, WLAN1 and WLAN2 are disabled and the client connection is established with WLAN0!

    Do you have perhaps other (more promising) experiences with an external wlan2?

    Internet Connection Sharing not working

    in WiFi Pineapple Mark V

    Posted

    Thank you Crazy52! This worked fine. Here is the result:

    root@Pineapple:~# route add default gw 172.16.42.42 br-lan
root@Pineapple:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.16.42.42    0.0.0.0         UG    0      0        0 br-lan
172.16.42.0     *               255.255.255.0   U     0      0        0 br-lan
root@Pineapple:~# ping www.google.de
PING www.google.de (194.78.99.158): 56 data bytes
64 bytes from 194.78.99.158: seq=0 ttl=57 time=26.155 ms
64 bytes from 194.78.99.158: seq=1 ttl=57 time=25.901 ms

    And the clients have internet access too now. :-)

    But now the question: Should this not work automaticly? It's nowhere documented ...

    In view of the problems that I have (see my post from yesterday) with the network and after reading some other posts, I ask myself if there are possibly bugs in the firmware 2.2?

    Internet Connection Sharing not working

    in WiFi Pineapple Mark V

    Posted

    Hi all,

    I followed the instructions from here: http://wiki.wifipineapple.com/#!ics.md

    The result is the following:

    Pineapple Netmask [255.255.255.0]:
Pineapple Network [172.16.42.0/24]:
Interface between PC and Pineapple [eth0]:
Interface between PC and Internet [wlan0]:
Internet Gateway [192.168.1.1]:
IP Address of Host PC [172.16.42.42]:
IP Address of Pineapple [172.16.42.1]:

     _ .           ___          \||/   Internet: 192.168.1.1 - wlan0
   (  _ )_  <-->  [___]  <-->  ,<><>,  Computer: 172.16.42.42
 (_  _(_ ,)       \___\        '<><>' Pineapple: 172.16.42.0/24 - eth0

    On the Pineapple, the internet connection is not working:

    root@Pineapple:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.42.0     *               255.255.255.0   U     0      0        0 br-lan
root@Pineapple:~# ping www.google.de
ping: bad address 'www.google.de'

    On the Linux machine it is:

    root@Eniac:# route
Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
172.16.42.0     *               255.255.255.0   U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 wlan0
root@Eniac:# ping www.google.De
PING www.google.De (173.194.66.94) 56(84) bytes of data.
64 bytes from we-in-f94.1e100.net (173.194.66.94): icmp_seq=1 ttl=46 time=39.9 ms
64 bytes from we-in-f94.1e100.net (173.194.66.94): icmp_seq=2 ttl=46 time=43.2 ms
64 bytes from we-in-f94.1e100.net (173.194.66.94): icmp_seq=3 ttl=46 time=43.5 ms

    I always tried different methods to give clients access to internet (see my posting from yesterday): client mode WLAN1, client mode WLAN2 and now over sharing it from a computer via eth0. Nothing! :-(

    Do you have perhaps an explanation for this behavior or some more tips? Thank you in advance!

    Got PineAP(not pineapple) questions? Let me answer them!

    in WiFi Pineapple Mark V

    Posted

    I have some questions / problems with my Mark V (latest release):

    1. Question: Is it normal that the blue and red LED are not (always) on even when WLAN0 and WLAN1 are enabled in the GUI?

    2. Questions: Is it right that I have to enable WLAN0 for sending SSIDs that I have collected or entered manualy in PineAP? Is it right that I have to enable Dogma and MK5 Karma too for distributing these SSIDs?

    3. Problem: On a Win7 target I can see temporarily the manualy entered SSID but it disappears after a second or two. Then appears again and disappears etc. Do you have an explanation for this effect?

    4. Problem: An other time I saw on a Win7 target these SSID constantly but when I tried to connect to it, it didn't work.

    In the Syslog I saw just:

    Jan 28 14:21:11 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:11 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:10 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:10 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:09 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:09 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:08 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:08 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:06 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:06 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:05 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:05 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:04 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:04 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:03 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:03 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:02 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:02 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated

    5. Problem: Sometimes when I try to enable PineAP in the GUI it disables itself some seconds after. No way to enable it again except if I reset the wireless interfaces or reboot the MK V. Do you have an explanation for that? How could I verify / restart it on the CLI?

    6. Problem (Bug?): When I connect an external USB WIFI (what I bought at Hak5 with my Pineapple) it appears in the GUI as WLAN2. I enable WLAN0, WLAN1 and WLAN2 and put WLAN2 in client mode. After connecting it, WLAN1 and WLAN2 are disabled and the client connection is established with WLAN0!

    Here are some entries from Syslog:

    Jan 28 14:57:42 Pineapple daemon.info dnsmasq[1951]: using local addresses only for domain lan
Jan 28 14:57:42 Pineapple daemon.info dnsmasq[1951]: using nameserver 8.8.8.8#53
Jan 28 14:57:42 Pineapple daemon.info dnsmasq[1951]: using nameserver 192.168.1.1#53
Jan 28 14:57:42 Pineapple daemon.info dnsmasq[1951]: reading /tmp/resolv.conf.auto
Jan 28 14:57:35 Pineapple user.notice firewall: Reloading firewall due to ifup of wan (wlan0)
Jan 28 14:57:35 Pineapple daemon.notice netifd: Interface 'wan' is now up
Jan 28 14:57:35 Pineapple daemon.notice netifd: wan (1231): Lease of 192.168.1.15 obtained, lease time 10800
Jan 28 14:57:34 Pineapple daemon.notice netifd: wan (1231): Sending select for 192.168.1.15...
Jan 28 14:57:32 Pineapple daemon.notice netifd: wan (1231): Sending discover...
Jan 28 14:57:31 Pineapple kern.info kernel: [ 3113.620000] br-lan: port 2(wlan0-1) entered forwarding state
Jan 28 14:57:29 Pineapple kern.info kernel: [ 3111.620000] br-lan: port 2(wlan0-1) entered forwarding state
Jan 28 14:57:29 Pineapple kern.info kernel: [ 3111.610000] br-lan: port 2(wlan0-1) entered forwarding state
Jan 28 14:57:29 Pineapple daemon.notice netifd: wan (1231): Sending discover...
Jan 28 14:57:26 Pineapple daemon.notice netifd: wan (1231): Sending discover...
Jan 28 14:57:26 Pineapple daemon.notice netifd: wan (1231): udhcpc (v1.19.4) started
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.690000] wlan0: associated
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.680000] wlan0: RX AssocResp from 00:14:c1:26:fd:58 (capab=0x411 status=0 aid=1)
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.680000] wlan0: associate with 00:14:c1:26:fd:58 (try 1/3)
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.660000] ath9k ar933x_wmac: wlan0: disabling VHT as WMM/QoS is not supported by the AP
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.650000] ath9k ar933x_wmac: wlan0: disabling HT as WMM/QoS is not supported by the AP
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.640000] wlan0: authenticated
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.640000] wlan0: send auth to 00:14:c1:26:fd:58 (try 1/3)
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.630000] wlan0: authenticate with 00:14:c1:26:fd:58
Jan 28 14:57:20 Pineapple kern.info kernel: [ 3102.090000] device wlan0-1 entered promiscuous mode
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.330000] br-lan: port 2(wlan0) entered disabled state
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.330000] device wlan0 left promiscuous mode
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.260000] br-lan: port 2(wlan0) entered disabled state
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.210000] br-lan: port 3(wlan0-1) entered disabled state
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.200000] device wlan0-1 left promiscuous mode
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.200000] br-lan: port 3(wlan0-1) entered disabled state
Jan 28 14:56:47 Pineapple daemon.info dnsmasq-dhcp[1951]: DHCPACK(br-lan) 172.16.42.170 a0:f4:50:53:30:6d android-e92e933ef362b0fd
Jan 28 14:56:47 Pineapple daemon.info dnsmasq-dhcp[1951]: DHCPREQUEST(br-lan) 172.16.42.170 a0:f4:50:53:30:6d
Jan 28 14:56:46 Pineapple daemon.info hostapd: wlan0: STA a0:f4:50:53:30:6d IEEE 802.11: associated (aid 1)
Jan 28 14:56:46 Pineapple daemon.info hostapd: wlan0: STA a0:f4:50:53:30:6d IEEE 802.11: authenticated
Jan 28 14:56:03 Pineapple kern.info kernel: [ 3025.470000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29
Jan 28 14:56:03 Pineapple kern.info kernel: [ 3025.340000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin'
Jan 28 14:55:30 Pineapple user.notice usb-modeswitch: 1-1.2:1.0: Manufacturer=Ralink Product=802.11_n_WLAN Serial=1.0
Jan 28 14:55:30 Pineapple kern.debug kernel: [ 2992.820000] Registered led device: rt2800usb-phy2::quality
Jan 28 14:55:30 Pineapple kern.debug kernel: [ 2992.820000] Registered led device: rt2800usb-phy2::assoc
Jan 28 14:55:30 Pineapple kern.debug kernel: [ 2992.820000] Registered led device: rt2800usb-phy2::radio
Jan 28 14:55:30 Pineapple kern.debug kernel: [ 2992.820000] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
Jan 28 14:55:30 Pineapple kern.info kernel: [ 2992.810000] ieee80211 phy2: rt2x00_set_rf: Info - RF chipset 0005 detected
Jan 28 14:55:30 Pineapple kern.info kernel: [ 2992.780000] ieee80211 phy2: rt2x00_set_rt: Info - RT chipset 3070, rev 0201 detected
Jan 28 14:55:30 Pineapple kern.info kernel: [ 2992.640000] usb 1-1.2: reset high-speed USB device number 5 using ehci-platform
Jan 28 14:55:30 Pineapple kern.info kernel: [ 2992.400000] usb 1-1.2: new high-speed USB device number 5 using ehci-platform

    And DMESG:

    [ 2992.400000] usb 1-1.2: new high-speed USB device number 5 using ehci-platform
[ 2992.640000] usb 1-1.2: reset high-speed USB device number 5 using ehci-platform
[ 2992.780000] ieee80211 phy2: rt2x00_set_rt: Info - RT chipset 3070, rev 0201 detected
[ 2992.810000] ieee80211 phy2: rt2x00_set_rf: Info - RF chipset 0005 detected
[ 2992.820000] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
[ 2992.820000] Registered led device: rt2800usb-phy2::radio
[ 2992.820000] Registered led device: rt2800usb-phy2::assoc
[ 2992.820000] Registered led device: rt2800usb-phy2::quality
[ 3025.340000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin'
[ 3025.470000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29
[ 3099.200000] br-lan: port 3(wlan0-1) entered disabled state
[ 3099.200000] device wlan0-1 left promiscuous mode
[ 3099.210000] br-lan: port 3(wlan0-1) entered disabled state
[ 3099.260000] br-lan: port 2(wlan0) entered disabled state
[ 3099.330000] device wlan0 left promiscuous mode
[ 3099.330000] br-lan: port 2(wlan0) entered disabled state
[ 3102.090000] device wlan0-1 entered promiscuous mode
[ 3107.630000] wlan0: authenticate with 00:14:c1:26:fd:58
[ 3107.640000] wlan0: send auth to 00:14:c1:26:fd:58 (try 1/3)
[ 3107.640000] wlan0: authenticated
[ 3107.650000] ath9k ar933x_wmac: wlan0: disabling HT as WMM/QoS is not supported by the AP
[ 3107.660000] ath9k ar933x_wmac: wlan0: disabling VHT as WMM/QoS is not supported by the AP
[ 3107.680000] wlan0: associate with 00:14:c1:26:fd:58 (try 1/3)
[ 3107.680000] wlan0: RX AssocResp from 00:14:c1:26:fd:58 (capab=0x411 status=0 aid=1)
[ 3107.690000] wlan0: associated
[ 3111.610000] br-lan: port 2(wlan0-1) entered forwarding state
[ 3111.620000] br-lan: port 2(wlan0-1) entered forwarding state
[ 3113.620000] br-lan: port 2(wlan0-1) entered forwarding state

    7. Question: What is the simplest way to distribute a manualy encoded SSID and to let connect targets to it and to give them access to internet?

    Sorry for that long post with a lot of question/problems and thank you in advance for your precious help!

    It's really discouragingly not to see a simple result of catching one single target and giving him an internet access ... :-(

    Reverse shell not working

    in Classic USB Rubber Ducky

    Posted

    Hi all,

    I received my USB Rubber Ducky it is some month ago. Now, I have the time to test it.

    The first test I made was putting it in a Windows machine and I got the "Hello world". :-)

    I would like to demonstrate the danger from bad USB and for that I tried a reverse shell as this:

    With the payload generator from http://ducktoolkit-411.rhcloud.com/Home.jsp I generated a inject.bin with the IP and the listener port from my Kali machine and the keyboard layout from my target (Belgian keyboard). Delay 3000.

    On the Kali box I started the listener.

    On a Windows 7 Home Premium (SP1) with the Belgian keyboard on it, I putted the USB Rubber Ducky in and wait. After some seconds there were some screens (cmd, notepad with input, ...) but then nothing ... Nor on the W7 nor on the Kali.

    The W7 is not a realy quick machine but it seems to me that the response time was enough.

    Does anybody has an idea what mistake I did or what's wrong? How could I debug the situation?

    Thank you in advance for each help!

    Got PineAP(not pineapple) questions? Let me answer them!

    in WiFi Pineapple Mark V

    Posted

    Harvester = When enabled, this collects Probes from WiFi devices and lists them in the SSID management list.

    Dogma = When enabled, uses the SSID list that was created by Harvester, and assists Karma in replying to the probes? If so, how does this help Karma?

    Beacons = Similar to Dogma, helps in assisting Karma?? Maybe??

    I received this answer who could help you perhaps:

    KARMA: Karma Attacks Radioed Machines Automatically

    KARMA's job is to trick WiFi-enabled devices (i.e. computers, smartphones, etc.) into connecting to the Pineapple. Here's how it works:

    Most devices are continuously searching for networks that they've previously connected to so they can automatically reestablish a connection. To do this, the devices send out probe requests. KARMA listens for those probe requests. When KARMA sees a probe request, it clones the network that the device is searching for and responds to the device. In other words, KARMA tricks the device into believing that the Pineapple is the network that it's looking for. This causes the device to connect to the Pineapple.

    Beacon response is basically the new probe response. It's needed to exploit devices that are no longer susceptible to the traditional KARMA probe request/ response method.

    Harvester is used to harvest information from probe requests. Probe requests contain information about the access point that the device is searching for.

    Dogma gives you the ability to respond to a single probe request or respond to all probe requests. Before, KARMA would automatically respond to all probe requests. Dogma helps you to be more target-oriented.

×
×
  • Create New...