bored369

Correct, soon to be 4 :)

I figured it's the same setup as the pineapple nano, just with 5ghz and dualband on each wlan. So wlan0 is the broadcasting, wlan0-1 is the management ap virtual adapter, and wlan1 is the injector/sniffer. That's about all I know, would be nice to know which side is which though.

I had mine running off the y-cable to the pineapple 15000 2.1a, the other port on a anker powercore+ 10050, then a standard micro-usb cable plugged into a anker powercore+ 13400 with pine ap and getting clients for over 10 hours. Still some juice left in the batteries. On did it on two separate days for the same length of time each. Running the whole time in the edc front pocket. I just got the anker powercore 20100 (note it's not the +) but I haven't hooked it up yet to run with yet. All of the ankers claim 4.8a output, Going to see how long it will go when I replace add the 20100 to the mix and replace the 10050 with a second pineapple 15000. Thinking I might be able to squeeze 24 hours out of it.

I haven't experienced this, I've had it running consecutively with PineAP running for over 10 hours inside of the EDC bag on two separate occasions. Not sure what would cause it in your situation or how to further diagnose, just wanted to point out I have had it working for prolonged periods of time. Possibly may suggest having it powered via both methods at once, so have one y-cable connected to two of your usb ports and the other y-cable connected to your two pineapple 15000 and see if you get the same results.

You don't. The nano nor the tetra are wifi devices you are attaching to a system. They are full systems themselves you can connect to and you can run the tools on the devices themselves. As I mentioned on another thread to you, everything you are looking to do is explained in this 3 part tutorial https://forums.hak5.org/index.php?/topic/37108-using-the-pineapple-without-modules-or-infusions-part-one-ssh Wifite isn't on the pineapple but you don't need that as all the tools you need are loaded on the pineapple by default and usage of those tools is described in that very well done tutorial series if you read through all 3 parts. If you are not willing to learn and research more about the tools and options available to you then you probably have wasted your money. If you thought you would be able to turn these devices on and crack your neighbor's wifi passwords with the click of a button then you probably have wasted your money. If you wanted to learn more about or professionally do penetration testing and auditing wireless security then you have spent your money well and this generation of wifi pineapples will give you the means to quickly accomplish those goals.

You can use a program airserv-ng to share your wlans on the nano over ethernet, but i don't think that is going to work with wifite (i'm not sure about that though, you might be able to configure it to do so). You have to ssh into your nano to start that program though. You should really read over that 3 part tutorial series I linked to in my previous post. That will explain everything you need to do to capture a wpa handshake using the nano, if you read all three parts.

There is none (that I can tell), other than it's just nice to have it in the Pineapple interface and not having to deal with the actual site itself. You can do 1 with the deauth module already available, you can do 2 via ssh into the pineapple and run the tool (there's actually a nice tutorial series about this process on the forum here), you can then do 3 by copying the from the ssh session to the pineapple interface with that module. It has to be reviewed by Hak.5 team first then they will make it available in the modules interface in due time. You had mentioned before that learning to make your own module was too complicated for you at this time. Take that into consideration when your asking for more complex modules, while keeping in mind that the people doing this "complicated" work are doing this for fun, themselves, or the benefit of the community. Hak.5 is offering an amazing piece of hardware that is only really limited by what you put into it. Educating yourself about the tools and options you have at your disposal is going to get you a lot more than any module is ever going to be able to provide you in the long run. This includes but is not limited some of the topics you would cover and learn when making a module yourself.

You can use an amplifier like in the hak shop i believe https://hakshop.myshopify.com/collections/wireless-gear/products/long-range-wifi-kit

I did three batteries because I wanted to make sure I had more than enough power to run it all day. (If I had the second y cable working I would have done four batteries) I'll do a test but I'm pretty sure you can get at least 8 hours out of the two pineapple 15000 batteries. I just figured if I have extra batteries why not use them.

I had my tetra running off batteries for 10 hours yesterday. I used a regular usb to micro usb on the Pineapple Juice 1500 2.1 slot, then I had the y-cable hooked to an Anker Powercore+ 13400 and to a Anker Powercore+ 10050 (both use Anker IQ to put out 4.8 A supposedly). When I finally shutdown the Tetra, the Pineapple 1500 had 1 bar left (<25%), the PowerCore+ 13400 had 1 dot left (<10%) and the Powercore+ 10050 had 7 dots left (<70%). I did have some really weird power issues when I first started out, but ended up finding out one of the y-cables was DOA (already emailed shop@/darren@ hoping to get a replacement in the same box as the 2nd battery they're sending). Hooking the bad one up to computer by itself no power to the tetra at all, hooking it up to the pineapple 1500 the lights flashed on but no power to the tetra still. Just mentioning that in case you may have a similar issue with one of yours.

That wifi adapter does look pretty sweet! Wonder how long until they have it in production. I remember a hak.5 episode where they did 2-factor auth for ssh, I was thinking that would be a good option to implement. Yup, correlation attacks is what I was thinking would be helped by having the separate vpns on either side of the vps. The vpns and the vps wouldn't have any traceable connection back to me as far as purchases and signup information. I would probably also make the connect to the vps at a public wifi to further distance myself from it. Understandable on the making a slip up at some point but I would hope that if I am going through all of this trouble I would be very meticulous about my actions getting to the connection and while I'm using it. Of course I would be dressed in a business suit attire with a briefcase, a bag lunch and my antenna discreetly hidden in a large bouquet of roses. If I was approached by anyone I would casually mention that I'm trying to finish up a presentation for my boss on my lunch break because it's my 10 year anniversary tonight and I want to be able to focus completely on my loving wife. :)

I have this one too and it's a great battery pack, it's the only one I have that supports passthrough charging too.

So playing around with the Tetra tonight I noticed some things: 1. I only see the two wlan interfaces (wlan0, wlan0-1, and wlan1), but I noticed when I scan for networks with wlan1 it shows my 5ghz networks. So that got me wondering how all of the 5ghz stuff is setup and how it works with regards to PineAP as well as the other modules. 2. It would be cool to know what configuration would be best if I have two Yagis and two 9dbi antennas which would i want hooked up to which antennas and would it vary for different applications? 3. When I had nano and the tetra hooked up at the same time, I quickly realized it was difficult to tell which one I was on :) It may be nice to have an indicator in the GUI (like the top left Wifi Pineapple) to indicate which hardware it is you're browsing. Especially when the mk5 is updated to the new interface and I have all 3 running :) 4. Using the WiFi Client mode and scanning for networks to connect to while I had PineAP running it offered me to connect to the management interface and all the SSIDs PineAP was broadcasting. These would be nice to filter out because it makes it difficult to pick out the actual wifi networks in the area to connect to. (This applies to the nano as well, don't think I ever noticed it on the mk5 but I'll check again). (tested and mk5 does show PineAP ssids but not the management interface) I would think they could be filtered out based on bssids though right? 5. Confirmed the issue with wifi client mode in relation to the routes and manual ip required in firmware 1.0.0. Confirmed issue was resolved by updating to 1.0.1 (nice fast work Seb!) 6. What do the indicator lights all mean? Any special patterns we need to be aware of? 7. Installing modules I only got the option "Install to internal storage" (expected), On install dependencies for modules I get the option for "Internal" or "SD Card", picking SD Card appears to install them without errors and everything works so not a big deal. Just wanted to mention it as I was confused by the option (but I still picked SD Card just to see what happened lol) Note: Evil Portal didn't give me an option it just installed so maybe its up to the module maker to give the option and tetra just has a fall back to internal no matter what? On the same note I see the get module has an option to enable "Database on SD" I'm guessing the same thing would apply where it would just fall back to internal? 8. Range is impressive! I setup the nano, tetra and mk5 on my desk (the most interference ridden spot in my house) and did recon for 1 minute each and these are the results of detecting the wifi access point furthest away from me in my house. mk5 (w/ standard antennas and with 9dbi ones) = listed it as "out of range access point" and didn't detect the currently associated client at all nano (w/ standard antennas) = listed it as 30% signal and detected the currently associated client tetra (w/ standard antennas) = listed it as 82% signal and detected the currently associated client plus it picked up 5ghz ones as well :) It is very snappy compared to mk5 and I guess I can see a difference between the nano and tetra but it would be minimal at most imo. Also very excited my anker battery is about to power it alone with it's 4.8 A output, But I've had the single Pineapple 1500 i got hooked up to it too during all of this testing and never noticed any issues at all with it in terms of responsiveness or the devices I attached to it !

No worries at all, I actually have a second one that came with the field kit i got previously so I'm all good on waiting and knowing it's on the way. The more battery packs the better I always say! I've gotten at least one of most everything in the shop, since a friend gave me the mk5 and introduced me to what y'all have been doing with the show and other tools you have, back just this past august. Happy to be able to support y'all and can't wait to see what the you do in the future. I also know and have seen if there are ever any issues you handle it quickly and appropriately. From products to these forums to the show, it's all amazing work, keep it up!

Side note: on the site it says "Tactical Edition includes all the basics, plus the EDC Backpack, two Pineapple Juice 15000 batteries, & morale patches" I only got one battery pack though. Do I need to contact support about that?

Wave of relief I got it!!!!! Awesome work Hak.5 Team!! I'm not sure why you send me Rubber Ducky cards (got one with the nano as well) but it's appreciated :)

This is the link from the wiki for easy instructions on windows: https://forums.hak5.org/index.php?/topic/28254-tutorial-re-flashingupgrading-the-ducky-winxp-32bit/ From this page: http://usbrubberducky.com/#!resources.md#Flashing_and_Upgrading I haven't setup my ducky yet so I can't confirm or tell you more steps at this point.

This is true, but I was hoping to be able to use it in some fashion as secure option that just fit in the 5th pocket of a pair of jeans. I guess that's not really what it's designed for in usage. I'm not really sure I understand the whole concept with the Trusted zone stuff honestly. Excellent point I wasn't considering the logger or the system being monitored in real time while I use the device in that scenario. Assuming they also have remote connection to the system they could just log in while I'm on I suppose. Is there possibly ways to limit the connection of the device to only a single instance? For ssh is really my question. I believe you can do that for VNC style connections, but even so I guess the OS/apps in use would need to be hardened and verified to prevent attacks while it's connected. The window I was thinking would be limited to just the time it was plugged into that specific machine, between the time I unplug it and connect it again somewhere I know to be secure wouldn't count. But realistically I wouldn't think it has to be necessarily 0 for the time frame window, it does take time to recon and perform attacks (maybe I'm wrong in this?) Traffic log from the VPS would be coming through a Tor address the connection to Tor would be going to the VPN. I was leaning on the fact that you want to make it difficult to track back to yourself as the source so the more jumps between and subpoenas (possibly in multiple countries) that would have to be filled would deter it if the VPS was discovered which again would have it's own VPN connection also going out through Tor. So from the end point where true activity source may want to be determined it would be about 10 hops (assuming Tor is routing through 3 different systems) on it's connection back to me. Very true, maybe a slightly larger town would be worth the extra trouble avoiding outside surveillance (thinking like traffic, atm, store cameras and such that could identify you being in the area). Being targeted on the network I wouldn't think would be that big of an issue if you are at a location that is a good distance from the actual wifi point in use. I suppose using another venue like starbucks/mcD's or something of the like would be an option as well as possibly there are still open wifi points in apartment complexes at times still too. My key point on that one was being far enough away from the access point by using a directional antenna that you wouldn't be suspected as being the one in question of those activities. I've remember reading that one back when I first joined this forum. You probably noted that "prepaid CC several months in advance" was something you mentioned in that topic.:) You have great responses and very well thought out points. That's partly why I'm interested in hearing your responses on these topics and especially about any other uses for the usb armory you may be able to recommend trying.

Let me preface this by saying 1. the usb armory is just a fun toy to play around, learn with, and eventually store my bitcoin wallet securely on 2. i have no real need for the type privacy or security which we're talking about here, so I'm really only trying to learn and have discussions about these topics because they are a hobbyist level interests of mine I know I'm just theorizing interesting uses I can come up with for the usb armory, if I was concerned about concealment of my identify I'd be fine with going slower. I haven't heard of libreswan before, it looks interesting and could be nice for such a case though so thanks for pointing it out. For this one my intention was mainly being able to get around possible key loggers on suspect computers I may use the armory with. With a keylogger getting keystrokes, screenshots and the clipboard this was the only route I could think to avoid those items while still being able to access the accounts and information I would need. The connection from the armory out to the internet would be using encryption (possibly a vpn from the armory as well as ssl on the sites themselves). The only information the keylogger could get would be the password to get into the armory, my user names and any information I viewed at during those times. I'd change the password on the armory after using it in such a situation. My usernames would have strong passwords which I wouldn't have to type in because they would be synced. The information i viewed would be kept limited as possible to accomplish the task at hand keeping in mind that any information visible has the possibility of being leaked. Is that not a possibly good use for the usb armory? Are there weaknesses to having the passwords synced via google if the database files are not accessible to the host computer and encrypted in transit over the shared internet connection? Or is pushing an x window from the armory not like what I'm thinking where it would be kinda like a specific vnc style single window connection? I haven't done any of it yet so I'm really not sure how that works out, I just saw it was an option for the bitcoin wallet suggested on the armory page. Since we've also hijacked this thread for security/privacy discussion as well, do you mind giving your opinion on any holes that may be in these two methods of trying to be anonymous? I feel that they would both be possible and provide a high level of anonymity and security. 1. Using one VPN service with a tor enabled ssh tunnel into my VPS then using a second VPN service from the VPS to go out through Tor and then using my, purely created on that last out connection, imaginary persona which has no types, references, similar colloquialism or even language to my actual persona. All having been paid for with bitcoin wallets created by other other imaginary personas on a different but similar out connection which are funded by mining done through a 3rd VPN service which my actual persona paid for but the location of which has been researched and verified that laws are in place so that my identify won't be revealed to the countries which are of consequence to me if the mining activities are traced back to that IP (all research for that having been done under a separate out and imaginary persona) 2. Driving a few hours away to park a fair distance away from a random library and then using a yagi directional antenna to connect to the public wifi with a tails non-persistent boot session. Again using an identity that is imaginary and no ties to your actual identity. Also keeping in mind you don't have your cell phone (or any other electronic tracking item) on you or only having a burner that was purchased through a trusted third party or with prepaid CC several months in advance in a location where you are sure there is as little security surveillance as possible. Don't use gps to get there or use a disposable one like the on the burner phone. Using an older model vehicle that has been swept for tracking devices. And being sure to pick a library in a small town where security surveillance would be at a minimal at best. Again I have no actual need for this nor can I imagine having to need to go to such lengths. I'm just interested in the topic and discussion/learning from it.

Gotcha that makes more sense now, unfortunately far out of my current knowledge base to be of any help though.

I think the confusion maybe coming in as to what you mean by "you have an SDR", at least for me it's confusing. Do you have a RTL-SDR, HackRF, BladeRF, USPR (the most common ones), or have you built your own custom SDR hardware? If it's the custom built option, can you provide some more details about what you built, like chipsets it's using or what not?

It also has built in power amplifiers, so I expect we'll see pretty good range on them.

I'm not sure about the kismet side of it yet, but I do use my ubertooth with my raspi2. I've gotten to the point of the spec analyzer, and everything compiles and works great. I'd be interested to find out what your tests find about trying the logging of both simultaneously with kismet and gps though.

It just takes practice, dedication and imagination to maintain privacy. It's by no means a simple task but it can be done and you normally only want to stay private for specific scenarios. The nice thing about pushing your stuff through tor in general is it gives you a encrypted tunnel to use, but you can always layer that to increase your anonymity. That's one of the reasons I was going to setup the usb armory with the tor routing option because i could get an encrypted line of traffic going out from my system over a public wifi or something of the like. I was also hoping on getting the x window push to be able to open a chrome window with everything already synced/stored so I don't have to enter passwords if I'm using a non-maintained computer host. I'm not sure how well that will work out but I'm thinking it will be cool. My biggest concern with it will be the administration permissions I think i'll need to do the ICS, but we'll see how testing goes with it once i get to that point. I also like their encrypted vault accessed over http which wouldn't need the ICS but i'm not sure about the functions i would use that for yet. Sure i'll be able to come up with something if nothing else learning more about linux encrypted partion setup will be fun :)