r3g3x

I see questions from people who do not understand how open authentication works for WiFi. Hopefully the steps below can help address some of the questions and serve as a small tutorial. There are 3 parts of the process for a client to connect and transmit data on a wireless network. They are the probe stage, Authentication stage and Association stage. In documentation the client is the station or STA for short. The access point is AP. PROBE STAGE STA --- Probe Request --> AP STA <-- Probe Reponse --- AP AUTHENTICATION STAGE STA --- Authentication Request --> AP STA <-- Authentication Process --> AP STA <-- Authentication Response --- AP ASSOCIATION STAGE STA --- Association Request --> AP STA <-- Association Response --- AP Probe 1.1 STA sends a probe on all channels to find the AP (ff:ff:ff:ff:ff:ff) 1.2 APs in range answer the probe request Authentication 2.1 STA authenticates to the AP - the strongest signal wins 2.2 Authentication process takes place 2.3 AP sends a response to the authentication (success or failure) Association 3.1 STA sends association request 3.2 AP sends association response 3.3 STA now has communication ability with network Data exchanges do not happen until this entire process completes I hope this can help some people

I am no sure of your depth of understanding of wireless, but there are also a series of free WiFi videos available online at: http://www.securitytube.net/groups?operation=view&groupId=9. The videos are good and will help you to understand WiFi workings, security and tools. Without a solid understanding of wireless using a pineapple can be frustrating. Once yo understand tools available and wireless, reading the description and purpose of the modules is easier to understand, implement and troubleshoot. Good luck. Jim

You don't use PineAP - PineAP is for use with open networks, not WPA/WEP/WPA2 networks. If PineAP impersonates a network you have in your PNL that is WPA, it will advertise it as an open network. As the other guy said use aircrack-ng. It would be easier to use a Kali instance with an Alpha card using the aircrack-ng suite. Jim

The other day I was doing a technical demo at a large gathering in a large dense packed city and was using a Tetra for part of it. On setup day the Tetra worked great, I had people connecting into the pineapple and it worked great. On the demonstration day, there were a couple of hundred people in the room, the Tetra could not keep up and stopped collecting SSID's. The scan function worked well, but PineAP did not work. Anyone else try to use a pineapple in a large densely attended area? Jim

Can you post output from ifconfig or the text displayed after you run the Tetra setup scripts?

Hi Jsync: In my case I have both and use both, but I am becoming vey fond of the Tetra. I like the tactical option because it gives you all the extra gear plus the backpack which I really like. The book is helpful if you are new. That said, if you research the forums and have a good Wi-Fi base you can get by without it. You will need an Internet connection to provide connectivity to clients and you need a source to connect and configure. I use both Linux and Windows without any issues, never used a phone. The Tetra is very powerful and does both 2.4 and 5 frequencies. The Nano is smaller and only does 2.4 One last word of caution to set your expectations. You will need Wi-Fi understanding to use the Pineapple, it is not as easy as plug it in and own everything. It seems there are people who buy a pineapple and have unrealistic expectations. Good luck, Jim

I have both the Tetra and Nano and have been using them for quite a while. I am now running current firmware and modules on both. I am finding that the modules and results are much better on the Tetra than the Nano. Anyone else have this experience?

I just looked in the shop and do not see the book. Is it in there yet?

I do not have any additional modules running, nor do I have PineAP running. This is pure AP & client scan. So, I think the TETRA thinks it is seeing a weird SSID out there. I will run again and grab logs for you.

Is there an easy way to differentiate which radio is wlan0 and wlan1 when looking at the NANO? Thanks, Jim

Using my TETRA last night, it was impressive on the amount of AP's found compared to my NANO. There was one AP it found that was a string of random characters. It was almost: }{|;$#@!#$. But it was like 40 characters long. Bug or clever SSID? Jim

No wp6.sh does not run on windows. I set that up manually. I use wp6.sh when I am using my NANO on KALI, and manual setup when using the NANO on windows. Sorry for the confusion. The NANO works great on either a Windows or KALI platform. I am not talking about wp6.sh. Jim

Albert: How are you connecting to the Pineapple? If you are using Windows make sure the IP of the ethernet to the pineapple is "172.16.42.42 and 255.255.255.0". Your Internet device on your laptop must be set to sharing. If you are using LINUX download and run the wp6.sh script - it works great. I had success with both LINUX (Kali) and Windows. Jim

Hi thanks for the replies - let me clarify. I see and AP with associated clients and it does not have the "dauth" option for it. If I run this at home it sees my home network that my PC connects through, but all the others in the vicinity do not have the "deauth" option. If you notice (and based on Darren's video), when there is an AP with associated client you can "deauth" the AP and all it's clients from the option on the AP. In my list I do not have that option for anything but my home network.

When I scan and select the AP or AP and Client option, how does the pineapple determine when I can send a deauth found resources? There are times when the drop down has the deauth option and times it does not. Thanks, Jim

Thanks Darren that fixed me up I went brain dead for a bit. Jim

I am having connectivity issues with my NANO using Window’s 8. Here is what I can do: I can SSH into the pineapple without issue I can browse to the pineapple without issue When I Internet connectivity it does not work (check bulletins) Here are my settings: On Windows: I have my WiFi adapter configured to share with Ethernet 3. The Pineapple adapter: Ethernet adapter Ethernet 3: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : ASIX AX88772A USB2.0 to Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-C0-CA-8B-3C-B9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.16.42.239(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, January 7, 2016 5:11:30 AM Lease Expires . . . . . . . . . . : Thursday, January 7, 2016 5:12:17 PM Default Gateway . . . . . . . . . : 172.16.42.1 DHCP Server . . . . . . . . . . . : 172.16.42.1 DNS Servers . . . . . . . . . . . : 8.8.8.8 NetBIOS over Tcpip. . . . . . . . : Enabled My shared adapter: Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : foo.bar.com Description . . . . . . . . . . . : company Y 802.11ac Network Adapter Physical Address. . . . . . . . . : XX-YY-ZZ-CB-D9-7F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.115(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, January 6, 2016 8:48:09 PM Lease Expires . . . . . . . . . . : Friday, January 8, 2016 5:24:36 AM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled On my NANO: root@Pineapple-Nano:~# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 172.16.42.42 0.0.0.0 UG 0 0 0 br-lan 172.16.42.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan root@Pineapple-Nano:~# ifconfig -a br-lan Link encap:Ethernet HWaddr 00:C0:CA:80:7C:2D inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7454 errors:0 dropped:0 overruns:0 frame:0 TX packets:2723 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:731305 (714.1 KiB) TX bytes:334477 (326.6 KiB) eth0 Link encap:Ethernet HWaddr 00:C0:CA:80:7C:2D UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10220 errors:0 dropped:7 overruns:0 frame:0 TX packets:2737 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1849024 (1.7 MiB) TX bytes:335129 (327.2 KiB) Interrupt:4 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:1114 errors:0 dropped:0 overruns:0 frame:0 TX packets:1114 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:95991 (93.7 KiB) TX bytes:95991 (93.7 KiB) wlan0 Link encap:Ethernet HWaddr 00:C0:CA:8B:3A:67 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3847 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:366636 (358.0 KiB) wlan0-1 Link encap:Ethernet HWaddr 02:C0:CA:8B:3A:67 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3846 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:366276 (357.6 KiB) wlan1mon Link encap:UNSPEC HWaddr 00-C0-CA-8B-3B-F0-00-44-00-00-00-00-00-00-00-00 UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1 RX packets:36929 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8385061 (7.9 MiB) TX bytes:0 (0.0 B) Is there a command I can run from the command line that checks the bulletins, etc? I tried pings and nslookup – no luck. I am missing something simple here – any ideas? Thanks, Jim

Thanks Darrin - I sent an e-mail to shop@hak5.org, hopefully there is one available I can purchase. Thanks, Jim

When we receive these this week, will there be infusions ready or will we need to wait like the NANO? Jim

I need a replacement for my NANO Y USB cable. On the Y side the longer cable, the ends bent back a bit. Can you point me to a replacement cable I can use? Thanks, Jim

I just got mine and flashed it. Until there are modules and further documentation ready, any plans for videos on what we can do with the non-moduled pineapple? It was simple to get going. Thanks, Jim

If we are not developers but want to help vet code and hang with the cool kids on the bleeding edge, we really loose nothing by buying now. Or put another way, we don't gain anything but waiting to but until its certified. Thanks - I'll stop pestering with questions. I am really excited about playing with the NANO. Jim

Darrin: The Mark V will no longer be sold, is that correct. The future direction is the NANO and will become the pineapple current standard? Based on the previous posts still will work with windows and buying the development version should be no different than the version that will be certified at some time in the future. Do I have the above correct? Jim

Thanks I did that - I have a patience problem because I want the Mark V. :)

I am waiting for more Pineapples to be available for sale? Any idea on the ETA for them? Thanks, Jim