Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Skinny

  1. One technique that might not be looked upon kindly is to wait until you are in the lead, then jam the whole 2.4GHz band bringing everything to its knees. You can get jammers from china, turn on a couple microwave ovens, or just buy several really cheap RF video transmitters that operate in the 2.4GHz band. This probably isn't helpful. I'm sorry. Sometimes I just like to watch the world burn.
  2. Nice work! I like the approach. There is a minor hitch for me with the second command but it just depends on what kind of list you're trying to build. For the ssid cat command, all the SSIDs are counted in the file regardless of how many times a single mac address may have beaconed it out. The python code above will not count an SSID as having a higher rank if that SSID has been beaconed for by the same mac address over and over. For instance, in one of my pineap.log files there is an SSID called FiOS-4Z7UY. With the above cat command this SSID ranks second overall with a count of 19, but when you manually look through the log file you only see 2 mac addresses beaconing for that SSID over and over. By repeatedly beaconing the SSID, the ranking for that SSID becomes artificially inflated. The python script on the other hand puts the SSID much further down the list with a count of 2. The count is 2 because only two unique mac addresses beaconed for it. What I need out of an SSID pool is for that list to be filled with SSIDs with a high count from multiple devices to have the highest likelihood of grabbing the attention of a random, unassociated client. That's why the script is written in this manner.
  3. Whistle Master, As far as a dream module using the script above, being able to take the produced SSID file, trim it to a specific number of top SSIDs, and then manage those produced files would be helpful. With a way to manage the files, you could load or withdraw specific, high ranking SSID pools depending on what geographic location you find yourself. A simpler module would just be a button that you click. With one click it would take a look at the pineap.log file, run it through the script above, and allow the user to download the resulting file for editing. I'm a bit of an idiot when it comes to coding and have never used the languages required to write a module. I'm stepping through the video Darren and Seb made but I think it's going to take a few iterations and time I don't have. If you decide to pursue this as a project, let me know if there is a way I can assist and I'll help where I can.
  4. Hi Guys, I've been working on a python script to help organize the pineapple's SSID pool. Most of the work I do with the pineapple has to do with attracting unassociated clients. As such it's sometimes undesirable to have an extremely large SSID pool. For instance, if I'm trying to grab a client and it's looking for an SSID that's 2250 on the list, but the pineapple rolling through SSIDs at number 5 on the list, I might miss my opportunity. To help combat this, I generally use an SSID list that is smaller in number, but the SSIDs on that list are SSIDs that many people use (Ex: attwifi, panera, CableWifi). Up until now I've just been looking at multiple lists trying to pick out ones I think clients will be broadcasting. The script makes use of pineapple's pineap.log file. You can find this file by going to the Logging system module and clicking the Download button after you've used Pineap to log some probe requests. You can also find it on the pineapple in the /tmp/ directory. This file starts anew after each restart. If you place pineap.log in the same directory as the script and run the script, the script will: - harvest of the SSIDs and the mac addresses that probed for them - eliminate all duplicate requests - assign each SSID a rank based on the number of times a unique device requested that SSID - sort the SSID with the highest rank to the top with each successive rank behind - write the results to two files. The first file, SSIDlist.log, has just SSIDs listed in their appropriate rank order. The second file, finalRanking.log, has the same but each SSID has it's rank next to it. What I then do is edit SSIDlist.log, erase all but the top 100 SSIDs, rename the file to ssid_file, and place it in the pineapple's /etc/pineapple/ directory. (More on that here: https://forums.hak5.org/index.php?/topic/38060-ssid-pool-management/?p=275753) Now my standard pool of SSIDs are the top 100 SSIDs used in my part of the world. Just to give you an example of how I'm using this on the ground. Yesterday I took my pineapple to a large target area. I needed to know what SSIDs would most likely ensnare the devices and the employees' personal devices on that campus. I spent over an hour walking the grounds and ended up with over 450 SSIDs. Using this script, I'll cut that 450 down to 100 or even 50 to increase the speed and efficiency of grabbing a client. The example files that are with the script are from me driving around Tampa yesterday with the pineapple in the back of my car. Just for the record, war driving is a terrible way to collect probe requests for an area. You're better off walking. You might be asking, why isn't this a module? First, I've never used javascript or php. I'm attempting to learn, but I'm not even close. So if anyone finds this helpful enough and wants to make it a module, be my guest. Finally, I'd like to make a suggestion. If you use this script for a particular area and you don't mind sharing, I would like to make a repository of Top 100's on regions all over the world. I have webspace at skinnyrd.com and can post them all there in an organized fashion. The more distinct the region, like neighborhoods or industrial parks in cities vs entire metro areas, the better. If you live in a small town, that's welcome to. If you'd really rather not share, no big deal. If you have any questions just let me know. Have a great day! SSIDsort.zip
  5. I'm using StraightTalk mobile service with an Asus Zenphone running Android. Tethering has been working fine with this combination. However, I've also used a Nexus 7 that just has Wifi capability and it refuses to tether with the Pineapple. It will tether with other equipment like an SDR but not the pineapple. Reading through the forums it seems that many people have had the same struggle with the Nexus.
  6. The short answer is that is depends on the phone and the settings of that device. For a longer answer read on. With some devices they will always ask you about an unsecure connection if the settings are configured to ask. The fact that a device is not automatically connecting to a pineapple could be for a myriad of reasons. For instance, if the phone has never seen any of the access points the pineapple is offering, then the phone will likely not connect automatically. One advantage with using the Nano is that PineAP can persuade wireless devices to give up the SSIDs that device is searching for but there are times when even this can be problematic. In the case of an iOS device, many will not connect if they go into sleep mode even if they are broadcasting wireless packets. Once someone wakes the phone, it will then connect but only if it's seen the broadcasted SSID before and only if the device's settings are configured to allow the automatic connection. If a device is already connected to an AP, then you have to fight the other AP for the device's attention. Sometimes you lose that battle. Because there are so many different wireless devices all with different settings, its hard to say the what your particular issue is. Only by reviewing your devices settings and knowing how it operates when associated and unassociated to an access point will you gain full understanding into the matter. This may sound elementary and you may have already tried this but, I would suggest this course of action: 1. Associate your devices to your company's AP 2. Ensure that your company's AP is in PineAP's SSID list 3. Get far away from your place of employment (and preferably anyone else) bringing your devices and the pineapple. 4. Turn on the pineapple running PineAP fully weaponized and power on all your devices to see if they connect automatically or if they ask for user input. It might even be a good idea to turn on all your devices first, allow the screens to go idle (dark), and then power on the pineapple. This way you will know if you can get them to connect even if they are "sleeping". I have hooked devices that usually beat me 90% of the time and have struggled to connect instruments that should have been trivial. Your mileage may very.
  7. Sweet! Excited about the next update. Thanks again.
  8. Seb, You might already know about this, but after some further experiments, it seems there is a more nuanced issue. When the recon scan is set to 'AP & Client', it will only show results if an AP is nearby. If an AP is not detected, then any results of unassociated clients are not reported. Since I am in an stark WiFi environment, I powered up two client devices and just allowed them to probe. When a recon scan was executed looking for AP & Clients over a 5 minute window, no results were returned. Next, I plugged in an AP an re-ran the scan over a 5 minute period. The scan reported the AP and the two unassociated clients. I've repeated this experiment several times and get the same results each time. Firmware 1.0.5 does not have the same issue. Just wanted to make you aware if it wasn't something already being examined. Thanks again for all your hard work!
  9. Range and power has a bit to do with it. I don't know if this is your problem, but make sure your phone is seeing the Pineapple as the stronger of the two APs. If it is not, phone will go right back to the original access point. Given two APs with the same SSID, most devices will go for the stronger of the two.
  10. Cool case! Have you noticed any heat issues and how long have you run it continuously in that case?
  11. Thanks Seb! I wanted to make sure I wasn't screwing something up and getting crazy results.
  12. Hi Guys, I was just playing around with two different Nanos and noticed something odd. Recon mode has two separate responses if it cannot find WiFi in an area. With both units I separately attached each with a Y-adapter cable to a laptop running Ubuntu. The only difference is that one had the 1.0.5 firmware and the second had 1.0.6 firmware. When the 1.0.5 firmware unit completes a recon scan, it operates as one would expect. After the progress bar has reached 100% or is finished, the screen returns "No scan results" and the Scan Settings return to normal. When the 1.0.6 firmware unit's recon scan runs and there is nothing in the area to find, it tends to hang at 100% indefinitely. If there is a WiFi signal in the area it operates just as the 1.0.5 firmware does. As a matter of setup, both Nanos were given a reset so that modules and other screw-ups I might have caused would not manipulate the results. So I'm curious if anyone else out there can reproduce my results. I know for a few of you finding a place with no WiFi might be difficult but I'm curious if this is a thing or if something else is causing the difference between both of these units. Thanks! Skinny
  13. Miracle of miracles, something fixed itself. Recon is working again. From the time of my last post, here is everything I did. I don't know what fixed it. 1. After a factory reset, I restarted the nano and recon was still not working. It would hang at 100%. I tried directly connected with a laptop and through wireless management. 2. I took the Nano apart to smell and see if any component had fried. Everything looked good. (As a side note the board says "MKV nono Rev8") 3. I booted the board without the case and without the memory card. Recon still did not work through the wireless management. Shut the Nano down and left it for several hours. 4. Replaced the memory card and rebooted this time with my android phone tethered to the Nano. 5. Checked for a firmware upgrade (there wasn't one). 6. Noticed that when I selected Modules from the menu, none of my modules were present. I clicked manage modules. They were all listed. Went to the dashboard. Looked at the menu again and then all my modules appeared under the Modules heading. 7. Ran Recon and everything worked. I have tried to think about the last action I took before Recon stopped working. I think I had just tried to install the dependencies for the tcpdump module. After I installed them, I got an error when I tried to turn tcpdump on. It was late so I left it alone. I have no idea if this would affect Recon. If anyone else is still having this problem, I'd love to hear how you got it in that state and if you found a solution. Good luck!
  14. It looks as though my Nano just lapsed into the very same condition. Just today recon will start, register 100%, and then freeze indefinitely. I've reset the Nano to factory default to no avail. When I get home I will try to reload the firmware. Also, I took some current measurements in different states before it started behaving in this manner. I'll check those numbers vs what it draws now to see if it's potentially a hardware issue. Judging from past posts this seems to be a reoccurring problem. If I see a solution or a cause, I'll report back.
  15. The reason I was asking so many power related questions is because if the Tetra doesn't get enough power it will freeze or reboot under certain conditions. I was thinking the Nano might exhibit the same behavior. With the USB charger you are using, you have over 10W to work with. When I have my Android phone tethered to the Nano while running PineAP and Recon mode, I'm only starting to approach 5W. In order for power to be your problem, that USB range extender would have to have a usb hub at the end with multiple devices attached. It also looks like a lot of your power is coming from wall plugs. That's all I could think of but it looks like that's not your problem. Good luck!
  16. RenderMan, I was curious about your Aruba system. When does the system step in to disassociate the client? Does it only perform this action when the pineapple is trying to be part of the Aruba network or will it try to disassociate any cleint/AP relationship within range of the sensor? Thanks!
  17. Couple of follow up questions. How are you powering the 2.3 watt amplifier and what do you mean by usb range extender? I'm asking all this to see if there is a way I can reproduce the problem with stuff I have here.
  18. How are you powering the Nano and what all do you have connected to it?
  19. I keep different versions of the file depending on the use case. Many times I'm looking to grab unassociated clients in a particular area. For that purpose I have a file of just the top 100, public, free wifi points in the area. Throughout a week of capturing clients, the Nano will pick up more SSIDs during the course of doing business. At the end of the week the top 100 file gets reloaded to the /etc/pineapple/. I've found that once you reach a ridiculous number of SSIDs, it takes a longer time to capture a device if you get it to associate at all. Having a targeted list along with watching for SSIDs being beaconed by the client seems to work pretty well. Within the /etc/pineapple/ directory make yourself some copies of ssid_file. In my case it may look like this: cp ssid_file myTop100ssids cp ssid_file topssidsinKentucky cp ssid_file topssidsinCleveland Next, edit each one of these copies to your specifications. I use nano. nano myTop100ssids After editing press [Ctrl o] to save and [Ctrl x] to exit. To load up a file type for use. cp myTop100ssids ssid_file This will copy myTop100ssids and rename it ssid_file for use by the pineapple. Forgive me if this is something you were already aware of how to do but I thought it might help based on the question. Have a great day!
  20. So am I safe to assume the wlan1mon goes active when whenever recon and PineAP is activated and then remains on after either module is finished or deactivated?
  21. I just tried what you suggested using an Apple iPod as the client. As a matter of setup, I was tethered to the Nano using an android phone and powering it all with an external battery back providing a max of 2.1Amps. The client associated with the Nano. There was no hostname, but it was assigned an IP. After running Recon mode for 30 seconds with PineAP continuing to run as well, the client was still connected with it's original IP address. Just to be thorough, I re-scanned for 1 minute. Everything is still working as expected.
  22. Seb, Just so you are aware, the red LED comes on whenever you start recon mode or activate PineAP, but once Recon has finished or if you deactivate PineAP, the light continues to blink until the power in completely killed. I'm not sure what the intent was but that's the behavior I've noticed. Just thought I'd let you know in since you were looking into it anyway.
  23. I just bought this beast: https://www.amazon.com/gp/product/B016DA61V2/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1 It's a little pricey but it has a max output of over 4.8A. It amounts to a 24W output. Great thing is it maintains Tetra stability by itself with no additional batteries needed. Also, if your Tetra didn't come with an ac adapter, there is a good one here: https://www.amazon.com/gp/product/B00DKSI0S8/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1 It has a 3A output at 12V, so it's good for 36W and it's cheap ($9). I'm also looking at another alternative that I think will be more helpful, but I'm still hashing it out.
  • Create New...