sud0nick

I'm still on the fence about buying the nano. The interface looks great and I love the smaller form factor but I can't help agree with crazyclown. I would like to hear a response from the developers about the questions posed here. It would be awesome if the new interface could be pushed as part of a firmware update to the MKV. I understand the RTL8187 was discontinued and that is not the fault of Hak5 but it also isn't the fault of Pineapple users. If the main differences between the MKV and the Nano are the software and form factor then I don't want to spend another $100 - $150 for a device I already own.

According to an article on Forbes the information loaded into the FAA drone registry database will be searchable by the public. Yet another reason to not register your multirotor with the FAA. As many have pointed out, even Darren on Threatwire, if anyone has your registration number they can simply affix it to their multirotor and perform nefarious acts leading the authorities straight to you. It's becoming more obvious by the day just how little thought was put into this program.

Good stuff, guys. I'm probably gonna wait until the testing is done to get one but I really like the form factor. It will fit perfectly on my EDC. I also like the placement of the ports. I can tell a lot of thought was put into it. I'm super excited to see the new interface and work on porting my infusions over to the nano.

That's a good idea. I'll have to get some and see how it goes. Edit: So I got some nylock nuts and they work great. I feel like it's more difficult to put them on and take them off because I have to use a wrench but they definitely keep the props on. The quad is flying well and I'm currently looking for a large open field to fly in so I can really test this thing. My next build will be a small quad for acro but I'm not sure what parts I will use yet. I want to keep it under 250g for obvious reasons .

I took the Alien out to fly a little today. Still flying ultra-conservative and really low to get a good feel for everything and it flew better than ever before. It was like a dream. The only problem I'm having now is the props are coming loose every now and then because the adapters aren't self tightening. For this reason I bought self-tightening adapters for my motors before I even built the quad but they don't fit even though they were advertised to fit. I won't feel comfortable flying any higher or faster until I find some self tightening prop adapters.

I got all my new parts a couple of weeks ago and finally got around to getting everything put back together. Here is how it looks with the new props.

I'm certain you have to cross-compile it for the Pineapple but maybe someone else could chime in to verify.

At least yours didn't start tumbling in the air. Mine did and I have the FC and GPS mounted on top. It hit the ground upside down and I was worried I would have to shell out another $300 for a new set. Hopefully I'll get my new parts in the next couple of days and have her flying again soon. What kind of quad were you flying in that video? Were you using a gimbal with your camera?

It does suck. Mine was about 50ft in the air when it happened. I'm just glad there wasn't more damage.

After my last post this morning I took my Alien 560 out for another test flight/hover to see if I could solve the yaw problem and miraculously it didn't spin. It still turned slightly to the right every now and then so I used the "Save Trim" feature and that seemed to fix it. Still not convinced it was completely fixed I decided to go out to an open field near my house and take this thing on a real test flight. Much to my surprise it flew exceptionally well. It was very smooth and had more power than I thought. A couple of people were driving by and decided to stop to watch me fly. I changed out the battery and put her back up in the air for a few minutes until a prop broke mid-flight! My new quad came tumbling down and hit the ground hard enough to split one of the motor mounts in half! Not only that but the lipo battery was damaged and swollen rendering it useless. So, I brought her home, cleaned her up, and tested all of the components. Luckily, everything still works perfectly. Since HK doesn't sell spare parts for the frame I had to order a whole new Alien 560 frame. At least now I will have spare parts for the future. I also ordered two new sets of props that are 12x4.7 CF so my quad won't be so susceptible to wobbling. Finally I ordered a 4S 5000mah battery to replace my destroyed 3S 5000mah one. This will be my first time flying 4S so hopefully all goes well. Anyway, here are some pictures post-crash.

Wow it's been almost 6 months since I posted in here last. I did end up finishing my Alien 560 build and here are some pics. I ended up going with a few different parts than I listed in the first post. Instead of the APM 2.6 flight controller I went with a Pixhawk since it will continue to be supported in the future. I also went with some Turnigy 3508-700kV motors instead of the 2814's. I have flown it a little bit and I have to say I love the Pixhawk, however I am still having a bit of a yaw issue. Most of the time when I fly it wants to spin to the right which throws off all other maneuvers. I haven't been able to figure out the problem yet but the reason I say that I love the Pixhawk is because of it's logging features and the ability to customize it. Every bit of information you could possibly want from the quad is logged every time you fly. You can even project your flight information over a Google Map and see the path your quad took. The most useful logs I've found so far are the desired yaw vs the actual yaw. This helped me determine if my transmitter was too heavily trimmed thus causing the spinning problem. Here is the final list of parts I used for this build: 3DR Pixhawk 3DR uBlox GPS with Compass RX701 7CH Receiver HK Alien 560 Carbon Fiber Folding Frame Afro ESC 30A x4 Turnigy Multistar 3508-700kV motors Graupner 10x5 e-props LOGO 500 Landing Gear The landing gear is actually off of a LOGO 500 helicopter but happens to fit this frame perfectly. It makes for a great set of low profile landing legs that are much stronger than the tall and cheap legs that come with the frame. As much as I love the look of the frame, and its ability to fold, I probably wouldn't buy it again. The main problem I have with it is there are too many screws of different sizes that I could probably never find at a hardware store. The screws that were made to secure the arms to their joint weren't big enough to eliminate some play in the arms (initially what I thought was causing the yaw problem). Luckily, the screws I bought for the landing gear happened to be the perfect size for the arms and made them fit tightly in the joint. Every time you need to open the frame to fix something inside you have to remove every single screw from the top of the frame. It wouldn't be a big deal, besides being annoying, except that the screws strip pretty easily. Since I can't find the same size screws to replace them I have a handful of stripped screws holding my frame together. It would be nice if HK would provide sets of replacement parts and screws for this frame. Overall I'm pretty happy with this build. Once I figure out the yaw issue I'll post the fix here. I think my next, and possibly final build, will be a QAV250 so I can have a nice acro quad to play with and crash.

Sooooo....what is it?

If it's a MK6 I hope there are vast improvements. Faster throughput, built-in support for 5GHz networks, possibly built-in support for SDR, some cool new tools, etc. I like my MKV but I haven't used it in a little while. Whatever this new thing is, if it has the right features, I wouldn't mind dropping some money on it.

What tells you your drive space is full? There is nothing in what you posted from the command line that states that. If your drive space is full you'll need to clear it out.

If your primary issue is the PineAP log you can tell it to write to the sd card. This shouldn't be a problem, just don't put your whole /tmp directory on the sd card.

I think you're being a little harsh here. While there are methods out there to oust some of the functionality of the Pineapple not every network implements them. I have used PineAP successfully (recently, too) so I think to say it's "an over-hyped piece of junk" is a little far. If there is some functionality you want to see from it then by all means write your own infusion and amaze us with you can do with the Pineapple. If you truly believe it's a piece of junk then why bother coming on the forums in the first place? Just to tell everyone how much you hate the Pineapple? I can honestly say nobody cares how you feel about this device. Your opinion will not change how we use it.

I think the only way they would be able to get the password at that point is by sniffing it out on the network. I think you're right, though, it does seem redundant. lol. It's working just fine. I've run tests to ensure connections would be rejected under proper circumstances so I feel comfortable with it. Thanks for the help everyone.

Alright I've got it working! Please let me know if there are any holes in the way I've implemented TLS. I used OpenSSL to create two sets of certificates, one for the client and one for the server. I was able to embed the .pfx into the payload executable so when it starts it is loaded from within itself and opened with its password. It then begins listening for clients. My python script has a copy of the payload cert plus its own private and public keys. I use the following method in my script to connect to the target and grab the cert. tlsck = wrap_socket(sck, ssl_version=PROTOCOL_TLSv1_2, keyfile="attacker.pem", certfile="attacker.cer", cert_reqs=CERT_REQUIRED, ca_certs="payload.cer") try: tlsck.connect((rhost,rport)) # Fetch the target's certificate to verify their identity cert = tlsck.getpeercert() if not cert['serialNumber'] == "payload_cert_serial_number": print "[!] Serial number of payload certificate does not match" print "[!] Exiting..." sys.exit() except error as sockerr: print sockerr sys.exit() This should execute Python's built in certificate verification method then check the serial number of the peer certificate which I have hard-coded here. From my understanding the serial number should never change and therefore if someone were to recreate a certificate with the exact same information the connection would still fail. On the payload side I've modified the certificate validation method that was implemented in a link I posted previously. var sslStream = new SslStream(client.GetStream(), false, atkCertValidation); sslStream.AuthenticateAsServer(payloadcert, true, SslProtocols.Tls12, false); ... private static bool atkCertValidation(Object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (BitConverter.ToString(cert.GetSerialNumber()) != "hex_format_serial_number" || cert.GetCertHashString() != "thumbprint") { return false; } if (sslPolicyErrors == SslPolicyErrors.None) { return true; } if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors) { return true; } return false; } The initial version of this method did not include the serial number and thumbprint checks. Going off of my last note if someone were to regenerate my attacker certificates they still would not be able to connect to the target. At this point the connection is established. I've reviewed it in Wireshark and only saw the initial certificate pass was unencrypted (as expected) and after that everything was random garbage. Next I plan to implement a password upon connection. This way a certificate is required to connect but an additional password is required to execute commands.

This is what I'm doing in C#. On the Python side I'm using wrap_socket() but still trying to work out some issues. I'm trying to force TLS 1.2 and ran into some trouble testing last night with a Win7 VM as the target. Apparently Win7 by default doesn't support TLS 1.2 but Win8 does. I may just have to create a separate payload for Win7 systems to use TLS 1.0. The weird thing about my setup is the client and server swap after initial communication. The target calls back to the Pineapple with system information then sets up a listener on itself. I'm thinking it's not so important to provide a certificate from the client for this part. It could even ignore the cert because it just connects back to a listener on the Pineapple to tell it which port it's going to listen on. As long as the server provides a cert the connection should still be encrypted, right? This would be awesome. I hope I can do this in C#. Edit: I found this question on Stack Overflow that may help in embedding the certificate as a resource in the executable. I think I will add a password for additional security. Is it even possible for someone to capture a certificate over the network then use it to connect to my target? I'm trying to provide as much security as possible to ensure I'm the only one connecting to my target and all communication is encrypted. Is it overboard to add a password?

So, I'm not too familiar with TLS other than knowing its purpose is to keep stuff secure. Would I be correct in saying that the certificates used with TLS are only for authentication and could be replaced with a password? My problem is I don't want to include a certificate in the payload (unless if there is some way to bundle it with the .exe) and I think I should only need to verify the attacker from the target so I'm the only one allowed to connect to the target. Since I know who the target is already I shouldn't have to check their certificate. So, if I were to go the route of using a password instead of certificates would the data still be encrypted? Are there any downsides to this option with its specific purpose?

Thanks for all of the suggestions. I think I'm going to try and implement a TLS solution as I found more posts online today to support that choice over any other. @Cooper, thanks for breaking that down for me. I've been using lower level sockets instead of those higher level classes. I'm now working on replacing my socket code with the TcpClient, TcpListener, and NetworkStream classes. From there I think I can follow some of the steps from this article to implement TLS. Once I get everything working I will post my solutions here. The goal is to make this work with a Python server (the one I recently implemented with Portal Auth) so I can have secure communications between the Pineapple and my payloads.

I'm glad you figured out the issue. I have no idea what happened to your Pineapple that caused all of that strange behavior but hopefully it remains fixed.

I've created a payload in C# that appears as a legitimate application but grants an attacker admin remote shell access on a windows system. My primary focus now it to encrypt the network traffic as best as I can for obvious reasons. I haven't done this before so I would like some guidance on how it should be done. I've done some research and come across two methods, AES using RSA to encrypt the key and SSL. I'm worried that the SSL method could easily be attacked with SSL-Strip since there is no HSTS-like implementation to prevent it. I know how to start with AES in C# as the System.Security.Cryptography namespace makes that fairly simple. However, I have no idea how to use RSA to encrypt the AES key and send it over the network. A lot of my research lead me to using AES-HMAC but some of the recent posts I've seen hint toward that only being used for encryption of local information rather than network information. Can someone shed some light on these methods, which is the most secure, and how to use it?

Maybe the color on the picture is off but it looks like you've modified your web interface. Did you happen to change any class names or id tags? I'm thinking this isn't the problem because you've stated that you have re-flashed your Pineapple but it would be good to check it out anyway. That error log is probably from a previous failed install attempt. Just to be sure your dependencies are installed correctly and there isn't extra junk, check out your /sd/depends and /usr/lib/python2.7/site-packages directories. The latter is where python packages are normally installed but since the packages for Portal Auth are too large for the internal storage of the Pineapple the whole directory gets moved to /sd/depends and symlinked. Make sure the symlink exists and everything exists. Since you have stated that you have had trouble installing Portal Auth in the past from the Pineapple Bar try downloading it from my server if you want to try a clean install. If downloading from the Pineapple Bar causes issues then there are problems with your Pineapple unrelated to Portal Auth. The infusion is simply a .tar.gz that get's downloaded and extracted to your infusions directory. Run the following commands from an SSH console to download and install Portal Auth v2.9 from my server. wget http://www.puffycode.com/download/PortalAuth/portalauth_latest.tar.gz tar -xzf portalauth_latest.tar.gz -C /sd/infusions rm -rf portalauth_latest.tar.gz If the overlay still appears then try checking the browser console (normally F12 will open it) to see if any errors are logged there. If the dependencies are installed properly but that overlay is still there please don't click Install again. Although it should just remove the depends and reinstall them without error you shouldn't waste your time with that and if an install operation was already running in the background it could cause them to clash and give you more headaches. I hope this helps and if not just keep coming back with more information and we'll get it fixed. Edit: If you happened to change your web interface post your style code here and I'll put it in my Pineapple to see if I can duplicate the issue.

According to you who can't even get his Pineapple to work in general. I've seen your posts in other threads about how v2.4 of the firmware is "buggy" and PineAP, Evil Portal, and Portal Auth are terrible infusions even though they are some of the most popular. It is obvious there are other underlying problems with your Pineapple from things you've probably screwed with. I've offered to help you and you don't accept it although it appears you desperately need it. There is only one other person who has commented about the "popup" issue which you still haven't described to me. If you have read the other posts you should know that I more than willing to help solve this problem but it is obviously not a widespread issue as others (such as onion2346) have been able to install dependencies just fine. Again, I am willing to help if you're willing to work with me on it. Keep in mind that I couldn't care less if you use the infusion or not. I don't get paid to keep this infusion updated nor to provide support. When I offer my free time to fix issues just remember that's when I get home from my day job. So, either accept my help, learn how troubleshoot, or go be a keyboard commando somewhere else.