[Internet Connection Sharing on Access Point not working]

I would double check your connections. I've had this happen before where I connected the Pineapple as a client to an AP but it would get kicked off a few seconds later. I wouldn't realize it until I connected a client to the Pineapple and it couldn't get out to the internet. I know you said it had an internet connection but the best thing to do in these situations is start from the beginning and take your time. You will most likely figure out the problem along the way.

[Open Access Point vs. Secure Access Point]

the actual WPA2 wifi network is secure. however, the issue is that eth0, wifi0(open wireless network) and wifi0-1(secure wireless network) are all part of in the bridge group br-lan. they all have layer 2 connectivity, they all receive ip addresses in the 172.16.42.0/24 subnet when they connect, and clients in all three networks can freely communicate with each other, since packet filtering and firewalling happen at layer 3.

so, if you have allow communication freely between clients connected via the secure wireless network, the open wireless network and through the ethernet adapter via the bridge br-lan, then you are at still at risk of attacks, port scans, connection attempts and whatever nasty malware on clients connected through your secure wlan and ethernet interface by clients in your open wireless network. the security risk is worse than normal, since you might want to entice people to connect at times, and then there's the always on by default open network with full access to your machines via the bridge and the only security on it is a hidden ssid with a predictable range of the default SSID (Pineapple5_$VAR). oh, the open wifi also get to communicate through client mode connestions, too.

try it yourself, connect to the open network with one machine, connect to the secure network with another, then try communicating to the secure network. ping/portscan/remote desktop/whatever.

I think you are missing the point of the secure AP. It is for configuration. Not to browse the internet through your Pineapple while conducting attacks. Obviously, since the interfaces are bridged other machines can ping/port scan/etc across them. By configuring your Pineapple through the secure AP your data is encrypted so if anyone in the area is using Wireshark and capturing your packets they won't be able to see the username and password, or any other data, that is intended for your Pineapple.

[Bricked my Wifi Pineapple]

Are you sure you bricked it? The LED sequence you mentioned sounds normal. Try connecting through Ethernet and see if you can get back in.

[[Release] 2.1.1 - Codename: Pineosauria Mobilus]

Not sure if anyone else has experienced this but when I enable the secure AP the web interface seems to run a lot slower. It does this whether I access it through the AP or through my home network of which the Pineapple is a client. Sometimes the GUI will only load half way. Once I disable the secure AP everything runs fine.

Browser = Chrome

OS = Win 8.1 Pro

Here is my resources print out in case it helps.

             total         used         free       shared      buffers
Mem:         61804        54844         6960            0         7520
-/+ buffers:              47324        14480
Swap:      2002904            4      2002900

Also, I would like to be able to enable/disable the secure AP without having to enter a password every time. Would it be possible to just keep the current password if no value is entered in the field?

[SSH Hacking question...]

If the version is vulnerable you can use compromised keys to authenticate. You can use Metasploit to scan for the SSH version. I think it only works with version 2 or 3 so most SSH instances in the wild have been updated from that. You should be able to find the list of compromised keys on exploit-db. I don't think you can use the keys you grabbed with nmap but don't quote me on that...I'm a little rusty on this stuff. Good luck!

[Wordpress Offline and importing an online database backup]

I've never used Wordpress before but is it not possible to simply download the files through FTP? As long as you have all the supporting CSS files your layout should stay the same regardless of where your site resides. I don't know if Wordpress uses any dynamic trickery where they load styles from a database but even then you could just view source and copy everything.

[Pineapple Juice 6800]

Also, good luck removing that thing. I tried and it won.

[Cheap, low power Linux fileserver]

This seems really cool. Unfortunately I can't see any of the pictures. Maybe it's just my work computer. I will have to take another look when I get home.

[Why don't we have a Drone/Quadcopter section?]

I know the peeps of Hak5 are into Drones and I'm sure some of the people on the forums are as well (me being one of them) so could we possibly take a vote to add a drone section to the forums? I think it would be a nice addition where people can ask questions and share their experience about the hobby.

What do you all think?

[HotSpot ?]

Depending upon what you're asking, you can use another device, your phone or tablet, for instance, to become a client of the MK5 and then log in to McDonalds to register the MK5 on the network. After that, clients who associate with the MK5 will not have to go through that process. They can just surf the internet (with you watching).

That may not be what you're asking, but it's one answer to that question. Doubtful anyone would notice the lack of a splash page. But if you're looking for their login credentials for that network then yes, you gotta go with Evil Portal.

That's what I got from his question. I typically do the same thing by first logging in with a regular client, copying that MAC, changing the client MAC to something random, and adding the copied MAC to the Pineapple (in that order). That way clients of the Pineapple won't see two splash pages and they can get out to the Internet after I haz their creds.

[Testing Mysterious USB]

This interesting. I would like to receive on myself so I can play around with it and see what its purpose is. It will most likely attempt to connect to a server over the internet to send information and I would love to poke around that box.

[Best Books]

I'd steer clear of MySQL. When I was in school MySQL wasn't created yet so I was tought Oracle mostly, later Sybase, Informix and MS SQL.

When it comes to free databases, I'm deeply in love with PostgreSQL. MySQL's rather poor track record with SQL92 compliance, in particular at least initially the outright lack of understanding for the concept of transactions made it a useless tool to me.

The thing about databases, much like with programming, is that you need logical structure which in classic database design means the Boyce Codd Normal Form (BCNF). The first resource I found that delves a little into the concept of relational database design is this wikibooks link: http://en.wikibooks.org/wiki/Relational_Database_Design

Since I feel I have a thorough understanding of databases, I've never bothered with actually reading any more books on it so I can't recommend anything on that.

The Kernighan and Ritchie book though is indeed highly recommended.

Maybe it has been awhile since you last touched MySQL but it supports transactions nowadays. I like PostgreSQL as well. Knowledge in MS SQL is useful but I found a lot of my knowledge from using MySQL helped me my first time on an MS SQL server. And when would I ever require a full instance of MS SQL at home anyway? I use MySQL for a lot of things and prefer it.

[HotSpot ?]

If you connect the Pineapple as a client to a public hotspot that uses a captive portal and then someone connects to your Pineapple they will not see the public APs splash page. If you want to copy the page and use it to steal credentials you need to look at Evil Portal II.

[Battery pack problem]

Did you have the battery pack turned on while charging? It needs to be turned on in order to charge. When it's done, unplug it and press the power test button on top to see how full the charge is. All of the LEDs on top should light up.

[Best Books]

The C Programming Lanauge by Brian W. Kernighan and Dennis M. Ritchie (creator of the C language)

-- This book was my introduction to programming and I must say what I have learned from it has helped me immensely even in other languages. It will teach C but more importantly it will teach you how to write code appropriately. Your code, in every language, will come out cleaner and more efficient if you start with this book, IMHO.

Learning PHP, MySQL, and JavaScript

-- This book was great for learning about PHP and creating dynamic web pages. The book will give you an introduction to MySQL but don't expect it to go too deep. The same goes for JavaScript but it will teach you a good deal of PHP and if you already know C you will find the transition to PHP very simple.

I've read many other books but these too have impacted my work the most. If you want a good resource for downloading PDF versions of books you can look at it-ebooks.info. That's where I get a lot of my books and just put them on my Kindle.

[The Lantern, Access to the Outernet - Free Data forever]

here are instructions to do it with the Pi https://github.com/Outernet-Project/orx-install/blob/master/raspbian/README.mkd

You've got me looking at parabolic dishes now for the RPi, lol. I found a post where a guy made a basic radio telescope and I wonder how difficult it would be to get the signal to go into a Raspberry Pi to view it with a spectrum analyzer.

http://www.instructables.com/id/Poor-Man-s-Radio-Telescope/

[The Lantern, Access to the Outernet - Free Data forever]

This seems like a fantastic idea but my concerns are aligned with Cooper's. On the indiegogo page you referenced they say that the towers are fed information from outernet but my question is who feeds outernet? They seem to have goals that are currently very far away from them as they have reached just under $300k and eventually want to reach $10M. When organizations have goals like this they tend to associate with very rich backers who have their own agenda. It may not have happened yet but I would always be leary of information that is hosted from a single organization without public input. What if you found a file on the Outernet that stated the Earth is flat? How would you go about remedying this issue? Again, I really like the idea of publicly broadcasting files that aren't censored by a government but I think Outernet has quite a bit of work to do before I'll jump in (or out?).

Edit: When I asked the question of who feeds Outernet information it was rhetorical. On their page it says they pull directly from the internet, the very place they say is too governed and censored. So how does Outernet become anything more than a copy of what is currently online?

['Database not connected' error]

I've had this happen to me before too. Once I ran apt-get update and apt-get upgrade it installed a new version of Metasploit and it worked automatically.

[Running Raspberry Pi like Pineapple]

Have you looked at this yet? http://www.offensive-security.com/kali-linux/kali-linux-evil-wireless-access-point/

I've set up it but found it to only work sometimes. I wasn't as reliable of a setup as the Pineapple but it may work out for you.

[VPN Software]

I made the mistake of masking my privacy but not my anonimity, yes every bit sent can be tracked, now the fact that its openvpn is good but paying for a service creates a trail back to real identity. So no real anonimity.

So what is the best way to become anonymous?

Private Internet Access (https://www.privateinternetaccess.com/) will give you privacy and anonymity. They have servers all around the world and connection speeds are fast. If you are worried about being tracked on payment you can pay with PayPal or any brand gift card such as Starbucks, Target, or Macy's.

Although, as stated above once you log into Facebook or G-Mail your anonymity obviously goes out the window. But it is still important to use a VPN service to encrypt your traffic especially if you are using public WiFi.

[Air hopper]

I'm with Cooper on this one. It seems ridiculous but even if researchers have found a way to transmit information from a video card the article states they need to first infect the machine with malware to make this happen. Exactly how do they plan on doing that when the system is not connected to the internet and heavily guarded? If they can get close enough to install this malware then they might as well utilize other resources that would serve as far better attack methods.

[ADS-B is for sissies: Receiving Dead Satellites with the RTL-SDR]

I just came across this article myself and I have to agree with some of the other posts here. It is really interesting to listen to the signal but unless if you can receive data it only stays cool for a few seconds. I did find this part interesting though:

Most are not transmitting any usable telemetry or weather images but they still use the original frequencies to sent out a unmodulated carrier...

While the original article is littered with grammatical errors, and I may be reading it incorrectly, I gather from this statement that data is still being sent because that's exactly what a carrier wave does. He does state, however, that most are not transmitting any usable imagery but I wonder what he means by this. Does he mean the imagery is outdated or it merely doesn't exist? Also where would these decommissioned satellites be pulling their data from anyway? If you could determine that actual imagery can be derived from the signal you would probably need special equipment to see any of it. I think these dead satellites are really only good for a listen; some of them are even musical like Transit 5B-5. If you download the file that the author recorded there is a spot in the middle where I swore the bass was about to drop.

[Kali Linux 1.0.9 Raspberry pi help!]

I already had the correct file but it seems theres no correct way to do this unless im using a linux machine, I dont have much experience with VMs other than running Kali linux on one but not sure how to export files from one

Well this could be a great learning experience for you on virtual machines. I did my own test on Windows 8.1 with Win32DiskImager and Kali Linux 1.0.9 and it worked just fine. A couple things could be wrong with your setup such as a corrupt SD card or not enough power to your Raspberry Pi. The power issue could be related to how many USB devices you have plugged in but regardless you should have a power supply that outputs at least 5V at 2A. Do some troubleshooting and update us on what you discover.

Edit:

Also, as i8igmac, stated you will have to resize the partition, or create a separate partition, to use the rest of your SD card once you have a functioning image of Kali. If you don't have another Linux system to use gparted on you can achieve the results you want by using fdisk and resize2fs. Here is a tutorial I found that may help you: http://geekpeek.net/resize-filesystem-fdisk-resize2fs/.

[The State of WPA2 Cracking Today.]

a) While previously people went out and bought their own router which came with either absent or shitty default passwords, pretty much all modern routers include a wizard that will help the user set up their AP with a generated password sequence which is totally random and advise the user to write this down or run the wizard again if they want to change it. This makes it both sufficiently easy for the end-user to setup and sufficiently difficult for the end-user to later change it into 'mysecretpw' or whatever braindead letter combo they do manage to remember.

For the current crop of routers currently provided by ISPs that are wifi-enabled (i.e. any less than 2 years old, possibly more) the wifi passphrase will be preset to something very long and very random, and provided in or along with the documentation for the device. You might be able to change it, but it'll be tedious and made such that you have to really, REALLY want to change it before it's allowed.

Your best bet in cracking WPA2 APs is to find one that's operated by some commercial entity for the benefit of its paying customers. The passphrase here is typically something simple that includes the name of the commercial entity.

But in general, the password will be a long list of garbage which you can't work out with a wordlist (since it's not a sequence of intelligible words with some characters thrown in) and the keyspace is too large to make brute-forcing it feasible.

I've noticed companies that issue out their own Wi-Fi routers generally form the password out of two parts of information pertaining to the router. The first half is the model number of the hardware and the second half is the device identifier half of the MAC address (last half). This is information that can be easily collected over the network. I think Arris does this with their routers but don't quote me on that.

[Kali Linux 1.0.9 Raspberry pi help!]

It is compatible and I have a working instance of Kali that I use on a model B+. I've never used Win32 to copy images but if you have a linux machine available (or just create a VM) you can use dd.

dd if=kali1.0.9.img of=/dev/sdx bs=1m

Where /dev/sdx points to your sd card.