Jump to content

Skinny

Active Members
  • Posts

    150
  • Joined

  • Last visited

  • Days Won

    17

Everything posted by Skinny

  1. I have my own small business (shameless plug www.skinnyrd.com). A lot of my classes are tailored for specific clients. In one of the latest there was a day of ubertooth and WiFi Pineapple. It was more of an introductory level module but each student got to keep both pieces of equipment. I love being able to give students relevant, useful hardware.
  2. I have both the Tetra and the Nano. I teach the Nano and also use it in my 9 to 5 on a daily basis. The Nano is highly reliable, easily hidden, and good with power. I stick with it because of it's small size and because normally I am walking around with a full kit of gear with very little room for anything else. The Tetra is also a good option. I use the Tetra when I really need to reach out and gather as many SSIDs as I can in a given area. The Tetra is larger with it's larger and antennas. Also, to run it in portably, you need a substantial battery or set of batteries. This makes for an even larger footprint. I use the SSIDs gathered from the Tetra to feed the Nano, so each have a specific purpose for me. With the new firmware update that just dropped, I'm looking forward to seeing the 5GHz support. Hope this helps you choose.
  3. Sweet! Thanks for all the hard Seb. I've already uploaded the firmware and have some work lined up for it today. Looking forward to playing with the 5GHz support.
  4. How are you powering the Tetra?
  5. The AP you spoof with the pineapple must be an open AP in order to get a device to connect. Spoofing an AP that is encrypted will not work because during the 4-way handshake authentication process, the client will find out that you are not the AP you say that you are. I am not aware of a way to circumvent this limitation.
  6. For a stubby it depends on how it's built but for 2.4GHz stubby antennas, it's most likely just a shorter wire under the plastic. A normal, omni-directional WiFi antenna would be about 60mm long. That means it's cut for 1/2 wavelength reception. A stubby is around 30mm. It's cut for 1/4 wavelength. All things being equal, you're better off with the 60mm length. As far as transmit/reception pattern, it would be the same as shown above.
  7. Just to clarify, do you have a Pineapple Nano or a Pineapple Mark V? The Nano doesn't have a proper RJ-45 Ethernet port.
  8. A basic omnidirectional antenna has the radiation pattern of a donut. At the tip and bottom of the antenna you lose reception/power, so never point the top or bottom of the antenna at the target. The best orientation for the antennas is the orientation that positions your target's radiated signal to hit the broad side of the antenna directly. The more the target signal hits at an angle, the weaker the reception. Likewise when transmitting information, the target should be directly 90 degrees off the side of the antenna for maximum transfer. So if you are trying to attack a target across the coffee shop and you've got the Tetra on the table, positioning the antennas at 90 degrees vertically is fine. If the target is a floor below or above, push them down to be parallel with the Tetra.
  9. You should be getting somewhere around 37.5 hours of runtime with a 15000mAh battery (15000mAh / 400mA = 37.5h). Likewise with a 4000mAh battery it should come out to 10 hours. The nano does fairly well with power but as you've seen, the accessories can really start to drain things. This is very much the case if you decided to tether a phone to the Nano. Be careful with pulling too much current from the pineapple juice battery. It's a decent little battery, but the nano operates right at its capability. It's trivial to accidentally pull the voltage down to less than 5V.
  10. So there are a few things that are different in a modern Apple device when associating. Most new Apple devices will not probe using the name of the SSIDs in the PNL. It instead will send out a probe request that will demand the APs in the area to send a response. Once the APs respond, the device then knows if there are any available networks that match its PNL. Apple is not the only company doing this. Because of this behavior it is often a good idea to have a list of regional based APs already in your Pineapple that have a high likelihood of attracting a devices. Now let's assume the Pineapple already has an SSID in its list that matches the devices PNL. Although I don't think you're having any of these issues, look out for these. Some phones have a setting that requires the user to manually accept any association even to a known AP. Also, some apple devices will not associate with an AP when it is idle (the screen is blacked out & locked). I have an iPod that will not associate with any AP when its idle even though it will continue to push out probe requests. As soon as the screen is unlocked, then it will auto connect. I've noticed some Samsung phone with similar functionality. One other piece that could be a problem is APs that have WPA2 activated. If there is an SSID in both the device's PNL and the Pineapple SSID broadcast list and the device has it marked in the PNL as a WPA2 encrypted AP, then the Pineapple will likely fail at attracting that device. WPA2 requires a 4-way handshake where both participants (AP and device) must prove their legitimacy to each other. The phone will realize that the AP is not legitimate and the association will likely fail. You mentioned that "even if it does not connect as it sees the same AP in PNL then it will use its own MAC." I don't doubt this is the case although I've never tested it as you have. I think the problem is that the Pineapple is setup to show you the MAC addresses of things that are genuinely connected to itself or probing for something else. If the device does not connect to the Pineapple but uses it's real MAC address in the attempt, there might not be a good way to pick up on that attempt via the GUI. The logging module just shows probe requests and successful associations. An attempted association is neither of those. There might be a way to see it in Recon mode, but I doubt it. I suspect, but am not sure, that recon mode is just using probe requests to enumerate the clients in an area and other packet types.
  11. I didn't do anything but download the updated app and follow the instructions. I've heard before that some mobile service providers can limit tethering, but I don't know the veracity of such claims because I just use the tablet for it's WiFi capability. It's never been connected to a cell network.
  12. When it comes to seeing the real MAC address of an unassociated, modern Apple device, it's really difficult. Every now and then I come across an Apple device that will beacon out it's true MAC for one rare beacon, then it will return to rolling its address. In those rare cases it often beacons out a few SSIDs at the same time. I suspect this might be an attempted associated with the pineapple. The problem is that is you're in a rich WiFi environment, it's hard to ferret out the MAC you are looking for from all of the other beacons in the environment. You might be wondering how to determine when a true MAC displays itself. If the MAC address is AA:BB:CC:12:34:56, AA:BB:CC denotes the manufacturer of the device. When the apple is rolling, I've never seen it roll in such a way to randomly display an Apple MAC address. It always resolves to nothing or to another manufacturer. When the true MAC appears, it always resolves to Apple. You can check those first 6 MAC digits here to check: http://aruljohn.com/mac.pl The only way I've found to collect the true MAC is to have the device associate with the Pineapple. Once the device is associated, it always uses it's true MAC. You can get that MAC from the client list or from the Logging module. Never forget the logging module. If you setup PineAP to log probes and associations, Logging will keep track of all the MAC addresses that are probing and the SSIDs they are probing for. As for why you might not being seeing the SSID list; sometimes when you do a great deal of adjustments to the Pineapple in a single session, things can get muddled. You will tell it to beacon out SSIDs, but it won't. If you find the Pineapple performing this way, simply give it a reboot. It happened to me not 15 minutes ago. After a quick restart, my phone was once again overloaded with APs to choose from.
  13. Sounds like a fun idea. I'd be interested to see how it turns out if anyone follows up.
  14. Allow association does allow phones to automatically connect to the Pineapple but there are many things at play. In order to see your phone beaconing for an SSID, it is not neccesary to have Allow Associations activated. Your phone will send out beacons as long as WiFi is enabled. A phone will generally send out a beacon every 30 seconds to 4 minutes. When running Recon mode to find a phone, make sure to use a time interval that will guarantee a capture of the beacon. Secondly, if you have an iPhone, the MAC address that is beaconed out may not be the MAC address of the device. Newer Apple products randomly roll their MAC addresses for security purposes. If this type of phone is unassociated, then you will rarely see the true MAC. Also, if just using Recon mode to find devices in an area, filtering doesn't really matter. Filtering only matters when targeting a specific MAC or SSID to allow or disallow a device. If you are just sniffing for unassociated clients, don't worry about it. Just a note about Allow Association; Allow Association allows a device to connect to your Pineapple's open AP. In the networking module, that AP is named something. As soon as you Allow Association, any device can connect using that APs real name. When you fully enable PineAP, you then have the ability to push out SSIDs (multiple AP names) that are apart of the pool you collected or manually inputted. When trying to get a device to latch onto the Pineapple, you'll want to be beaconing out some attractive SSIDs as well as having Allow Associations on. When everything is turned on in the PineAP module, then things can get interesting. Your phone could beacon out it's MAC address and the SSIDs it is looking for. The Pineapple will collect those SSIDs or trick the phone into giving them up. The Pineapple will then store those SSIDs in the pool. The next time your phone beacons, the Pineapple will replay those SSIDs in the pool order to tempt your phone in automatically connecting. At that point the phone is no longer unassociated.
  15. If you are powering the device from the AC adapter, plug one end (the small end) of the Y-adapter cable into the ETH port of the Tetra. Plug only 1 other end of the cable into the USB port on your computer. You want to plug in the USB connector where the two separate cables connect. It's the fatter of the two. That should do the trick. This configuration caused my Windows PC to see the Realtek adapter. Trying to power the Tetra from a computer will result in negative consequences. The Tetra is a power hog compared to the Nano. It requires either an AC adapter or both Y-adapters plugged into the Tetra with the 4 remaining ends connected to a substantial USB battery pack.
  16. No, but you still have the option of administering the Pineapple via the management AP using WiFi.
  17. Double check to make sure the cable you are using to attach the phone to the nano is a data cable. I have several cables that can only be used for charging. They will not pass data.
  18. If your 5dBi antennas are cut for the 2.4GHz range, then going with 3dBi antennas would be a definite step down for you. Your current 5dBi antennas are 1.6 times more powerful than 3dBi antennas would be. You do bring up a very valid point regarding the existing antennas. The antenna gain of the current nano antennas are not given (or I just haven't found it), so there is no way to quantify the actual gain you would be getting by going from the nano stock antennas to the 3dBi antennas. For example, if the current antennas have a gain of 1dBi, then $10 to purchase the 3dBi anennas would get you 1.6x more power. However, if the current antennas provide something like -3dBi, then you would get benefit from 4x power. Guess this is a question best left for the guys in charge.
  19. The easiest way to pull this off is to buy a cheap USB wifi adapter off of amazon and plug it into your nano. This will give you a wlan2. Use wlan2 in the client mode setup box. This dedicates a radio to exclusively connecting you to the internet. Just to make sure this works, I tested it out myself after your last post. The bulletins load for the pineapple, and my controlling device connected to the wireless management port was granted internet access through the pineapple. If you try to use the existing radios on the pineapple, you will lose some functionality with PineAP. PineAP controls the open SSIDs that are beaconed out, so you wouldn't be able to use those to connect. I'm sure there is a way to do it if you still want, but it is outside of my knowledge level.
  20. Try not to install the modules locally. There's not a lot of storage and the nano needs a certain amount of space just to operate. You could have messed it up by filling the drive. Another factory reset should erase everything.
  21. Yes, look under Logging. You'll need to have PineAP enabled and have the Log Probe Requests option activated. Be sure to save your settings in PineAP. The log should show the clients and the SSIDs for which they are searching.
  22. Exactly how do you have your Nano connected to your home router? What did you do to obtain this connection?
  23. Tonight I had the opportunity to deploy the Tetra during a fun event. I'll be making a video about it this weekend. In a very nerdy way, it was absurdly fun because of this: Turns out to be 18.5 SSIDs per minute. Just kinda made me giggle.
×
×
  • Create New...