Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won



Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Huntsville, AL

Recent Profile Visitors

2,606 profile views

Skinny's Achievements

  1. Yeah, I'm not sure about that one. Never used it myself.
  2. If they are out of bunnies, then get this. https://www.pjrc.com/store/teensy40.html It will put you in a position to learn a lot more about HID emulation and will give you a very flexible, powerful platform. Downside is that the learning curve is steeper.
  3. The antennas that are on it are pretty decent quality, however if you are looking for something different, be sure to buy antennas that have an RP-SMA Male connector. I'm not sure but the current antennas look like the have anywhere from a 3 to 5dBi gain. If you want something more, you could go with something like this: https://www.digikey.com/en/products/detail/rf-solutions/ANT-2WHIP9-SMARP/9555705 For more gain than that, you would probably want to have some sort of active antenna setup, or go with a directional antenna.
  4. I'm with @Darren Kitchen on this one. Things work. I got what I paid for. It's hard to buy 3 good wifi dongles for the price of this 3 radio device. I sell hardware from time to time and I honestly don't know how they turn of profit. As far as modules, if I want a module, I'll either write it or pay someone to do it. The platform is good agnostic hardware. My use cases are highly niche and change from week to week. The Pineapple has not forced me into a corner by being over bent towards a particular type of pentest. For the price, I cannot match the capability.
  5. @Murderfalcon I'm not sure if this is your specific problem, but it might be related. Each client has a PNL (Preferred Network List). This list is built when a client connects to an access point. It's how your phone knows to connect to a network automatically. If that access point was WPA2 encrypted when the client originally connected to it, then the client will expect that WPA2 encryption to still be in place. WPA2 is a mutual authentication. The AP expects the client to have the correct credentials, but the client also expects the AP to have the same. If the client tries to authenticate to the AP and the AP does not respond correctly (ie it's authentication has been changed to Open), then the client will see that AP as not being the AP it originally connected to. The Pineapple is not able to attract clients using an SSID of an AP that uses WPA2 for this reason. It's not really a problem with the Pineapple, it's just because of the way WiFi works. To remediate the issue, clear the PNL list from the client device then reconnect to that AP when it is open. Also, know that attracting mobile devices to the Pineapple has it's own set of hurdles depending on the manufacturer. Make sure the mobile client device doesn't go into sleep mode as many devices disconnect from APs in order to save power.
  6. It's good to be back messing with the Pineapple again after being away from it for so long. I'm just starting to kick the tires on the Mark VII and was curious if there is a way to pull the PineAP activity log? In the Tetra and Nano, if I recall correctly, there was a download button or you could pull the info from /tmp/pineap.log. Speaking of downloading logs, I like the json format you can pull down in the recon portion. To the devs, thanks for putting that in. Also, really like the new, slick GUI overall. Thanks for any help you guys can provide.
  7. My solution was posted on October 8, just above. It's not clean, but all my Screen Crabs are now far more reliable at connecting. It's a bit of a bear.
  8. Could you specify how often you have it capturing an image? I would like to do some testing as well to see the effect you are talking about.
  9. IT'S FIXED!!! This took a stupid amount of time to figure out for such a simple work around. Before heading down the path outlined below, be absolutely certain there is not some other issue keeping the Crab from connecting to C2. Problem: After initially connecting to C2 and running perfectly over WiFi, subsequent attempts to connect to the same AP using the same Screen Crab prove fruitless and do not work. This is due to wlan0 on the Screencrab not being up when C2 is invoked at boot. Solution: Take the case off of the screen crab. Connect to the screen crab's headers (see above) using a TTL-232R-3V3 USB to TTL serial cable. You will need two male to female extension wires to make this possible with the cable specified. (I'm using Windows) Use Putty to connect to the crab. Baud rate is 115200. With a microSD card fully configured and inserted into the Crab, power on the crab. If you setup everything correctly, you will see the boot sequence scrolling past in the putty window. After about 22 seconds, the boot sequence will cease. Press Enter to get a prompt: root@kylin32:/ # Remount the system folder to allow editing of the crab framework file. mount -o remount,rw '/system' Edit the crab file using vi. busybox vi /system/bin/crab If you are unfamiliar with vi, like I was, press "i" to edit the file. Curser down to the enable_wifi function and edit it to appear as follows: enable_wifi () { blink 2 1 cyan led_off sync wpa_supplicant -iwlan0 -Dnl80211 -c/data/misc/wifi/wpa_supplicant.conf svc wifi enable sleep 2 if ifconfig wlan0 | grep inet; then echo WiFi connected else ifconfig wlan0 down sleep 4 fi } The "ifconfig wlan0 down" part will, strangely enough, turn on the wlan0 interface if it hasn't come one yet. This is the primary problem with my screen crabs not connecting. After you are finished editing, press Escape, then type :w and press Enter. This will save the file. Type :q! and press Enter. This will exit you out of vi. Press the button on the side of the Crab to disengage the microSD card and then shut the Crab. Restart the Crab. If your network setup isn't too complicated, you can expect the Crab to reconnect about 10 to 15 seconds after the crab LED lights Blue. -------------------- Remaining Problems: The crab seems to have an issue when changing from one wireless AP to another. The first time you connect to a new AP (and have taken care to put new settings in the config.txt file and have downloaded a new device.config), the crab will remain connected to the old AP if it is still within range. After rolling power a once or twice, it will finally connect to its intended AP. I think this could be fixed by playing around with the crab framework a little more. -------------------- Upgrade Thoughts: Once I find the C2 mechanism, I would like for the screen crab to reinvoke C2 if it ever looses connection. Right now if the crab looses connection to the AP (for instance the AP gets powered down for a minute or two), it will not reacquire the AP and re-invoke C2.
  10. I changed some things today and it seemed to be working for awhile. Jumping back into this project a few days ago, I screwed up the c2 setup. When I started c2, for hostname I put the hostname of the computer and not the IP address of the computer. If you look at the last post: POST: C2 POST ERROR: java.net.UnknownHostException: Unable to resolve host Chippunk: No address associated with hostname| This got me thinking as to why it would give me that error. After correcting the mistake, it worked great on two different networks. After putting the case back together and restarting the crab, I was back to square one. It is once again refusing to connect even with the correct c2 setup. I did learn a few additional things today. There is a way to edit files. You can not natively just type vi, vim, or nano and edit things, but you can invoke busybox. If you type the following, you'll get an editor. busybox vi Also, at boot, there are some lines that are killing bluetooth. I suspect it's part of the radio chip because many wifi chips come with bluetooth already embedded. Lastly, the crab is booting using an android system. There is an init program that loads a ton of init files in the main directory. With the ability to edit, you could probably play with the boot sequence and move over your own scripts on the SD card.
  11. For anyone interested, once connected to the serial port, there is a bash file in /system/bin called crab. It has loads of function in there you can play around with like changing LED colors, wifi functions, and other helpful things. To run the function type: source crab After that just type the name of the function you want to run. To find out the functions just cat out the file. cat /system/bin/crab Looking through logs a little more today, I see the problem that is occurring: C2Run: C2 Thread starting| C2Device: C2 STARTUP SYNC| Util: exec [cat /proc/uptime | busybox awk {print ;} 2>/dev/null]| Util: C2DeviceUpdateexit value: 0| Util: C2DeviceUpdateshell output : 40.80| Util: exec [cat /sys/class/net/wlan0/statistics/rx_bytes]| Util: C2DeviceUpdateexit value: 0| Util: C2DeviceUpdateshell output : 0| Util: exec [cat /sys/class/net/wlan0/statistics/tx_bytes]| Util: C2DeviceUpdateexit value: 0| Util: C2DeviceUpdateshell output : 0| Util: exec [ifconfig wlan0 | grep inet addr | cut -d: -f2 | busybox awk {print ;}]| Util: C2DeviceUpdateexit value: 0| Util: C2DeviceUpdateshell output : | C2Run: C2 error error getting updated ip| C2Device: SEND C2 UPTIME| C2Device: SEND C2 MINIMAL| C2Device: SEND C2 NOTIFICATIONS| POST: C2 POST ERROR: java.net.UnknownHostException: Unable to resolve host Chippunk: No address associated with hostname| C2Run: C2 error startup sync post failed| C2Run: C2 RETRYING STARTUP SYNC| The "error getting updated ip" towards the bottom is a result of the Screen Crab not connecting to the AP that is available. Once the C2 instance in invoked, it doesn't seem to try again. After the boot sequence, I can force a connection to the AP by typing "ip link set wlan0 down" but by then, the C2 steps have already past. I know it's legitimately connect to the AP because I can ping the c2 server from the crab. At the moment I'm looking for a way to invoke the c2 instance after I manually get the crab to connect to the AP.
  12. @trunner It doesn't seem to make a difference whether it's plugged into battery or into a wall outlet through a transformer, the result is the same. @phrogg After it booted, I just pressed Enter and the prompt popped up. I'm using Windows with Putty. The prompt I get is pasted below after the last few lines of the boot sequence. [ 22.793488] init: avc: denied { set } for property=tmp.exec_ubus scontext=u:r:system_app:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service [ 22.930341] init: avc: denied { set } for property=tmp.exec_ubus scontext=u:r:realtek:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service root@kylin32:/ # root@kylin32:/ #
  13. No. I was just wondering why you have no other network interfaces showing up. Besides the plunder bug, do you have any other network interface available on the machine?
  • Create New...