Just_a_User

it was only a matter of time :) nice one

Nice work, I like it a lot.

As long as you own the drones and take extra care as obviously this could easily end up causing harm or damage. Take a look at this research; - https://samy.pl/skyjack/

I looked at fail2ban a while ago and I think it uses /var/log/auth.log to monitor failed ssh login attempts. I’m sure there must be a way to change how/where it looks for logs. It also runs on python and can be heavy on resources. I instead had a look around and found something which seems a more light weight solution. But I haven't tested it so cant confirm if it can run on the pineapple yet. There are quite some differences between the pineapple and standard OpenWRT build. if you (or anyone else) has time it might benefit us all to have some protection both from WAN but also maybe br-lan clients. https://github.com/robzr/bearDropper https://forum.openwrt.org/viewtopic.php?id=62084 Of course the best solution would be to not leave your pineapple exposed to the internet without a firewall, use alternative ssh port, disable user/pass login and use certs.

Yeah we dont have w or who on Pineapple AFAIK. On the pineapple we use openSSH and it seems to log to syslogd. There isnt a traditional /var/log/auth.log. You can view ssh server logins by using logread | grep sshd or dump it to a file with logread | grep sshd > /var/log/auth.log As an example. hope this helps.

I'd recommend using iftop as its nice to see connection activity live. Also are you leaving the tetra on and connected to the internet for long periods of time? What have you installed onto it and from what sources? I would check iftop then do a firmware recovery and check again with iftop to check the connections are gone. I dont have much more than local connections on mine, apart from google dns and some small occasional exceptions. Be aware if your allowing client connections they can try brute forcing your ssh unless you turn user/pass off and go to certificates using the papers module or so. To install iftop: - opkg update opkg install iftop Iftop usage: - root@TETRA:~# iftop -h iftop: display bandwidth usage on an interface by host Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code] [-F net/mask] [-G net6/mask6] -h display this message -n don't do hostname lookups -N don't convert port numbers to services -p run in promiscuous mode (show traffic between other hosts on the same network segment) -b don't display a bar graph of traffic -B Display bandwidth in bytes -i interface listen on named interface -f filter code use filter code to select packets to count (default: none, but only IP packets are counted) -F net/mask show traffic flows in/out of IPv4 network -G net6/mask6 show traffic flows in/out of IPv6 network -l display and count link-local IPv6 traffic (default: off) -P show ports as well as hosts -m limit sets the upper limit for the bandwidth scale -c config file specifies an alternative configuration file iftop, version 1.0pre2 copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors Hope this helps.

if your just after a live spectrum output from the YSO there was some info in these 2 episodes of Hak5 - specificly part 2 IIRC. If you really need gnuradio with YSO this wont help. part 2

This interested me too so had a look around I didn’t see anything to specify them on the pineapple "/pineapple/modules/PineAP/executable/executable" was the closest I came to finding deauth instructions. - but was able to read them doing the below: - Found a python script that can do it and it only needed small modification to work. Install scapy onto pineapple: - opkg update opkg upgrade tar wget opkg install python tcpdump unzip wget https://github.com/secdev/scapy/archive/v2.4.3rc1.tar.gz tar -xvf v2.4.3rc1.tar.gz cd scapy* python setup.py install cd .. rm -rf scapy* make the authwatch.py - i just used nano and pasted the following into it: - #!/usr/bin/env python ###################################################### # authWatch.py v. 0.1 (Quick, Dirty and Loud) - by TinMan # Place card in monitor mode and set the channel. # If you want channel hopping, run airodump-ng in # another terminal. Will add channel hopping # in the next version. ###################################################### # # Usage: python authWatch.py # import sys from scapy.all import * interface = sys.argv[1] def sniffReq(p): if p.haslayer(Dot11Deauth): # Look for a deauth packet and print the AP BSSID, Client BSSID and the reason for the deauth. print p.sprintf("Deauth Found from AP [%Dot11.addr2%] Client [%Dot11.addr1%], Reason [%Dot11Deauth.reason%]") # Look for an association request packet and print the Station BSSID, Client BSSID, AP info. if p.haslayer(Dot11AssoReq): print p.sprintf("Association request from Station [%Dot11.addr1%], Client [%Dot11.addr2%], AP [%Dot11Elt.info%]") # Look for an authentication packet and print the Client and AP BSSID if p.haslayer(Dot11Auth): print p.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]") print p.sprintf("------------------------------------------------------------------------------------------") sniff(iface=interface,prn=sniffReq) Then to use drop an interface into monitor mode on the channel you wish to watch - example below uses wlan1 and channel 1. airmon-ng start wlan1 1 ***optionally you can run airodump-ng if you want to channel hop, But you will likely miss some packets. To run the authwatch script python authwatch.py wlan1mon I tested this on my Pineapple TETRA and saw when the pineapple deauths clients I get "Reason [unspec]" when I turn off my wifi on my phone I get "Reason [deauth-ST-leaving]". Seems to work. Hope this helps. authwatcher.py scappyinstall.sh

Like the idea, these are worth a read. http://dare.uva.nl/cgi/arno/show.cgi?fid=495678 https://revuln.com/files/Ferrante_Auriemma_SmartTV_Insecurity.pdf

Out of interest I ran stress-ng on my bunny and it was drawing 0.48A under peak load 0.14A idle. But was monitoring with one of those cheap USB power monitors from bangood so not sure how accurate it is. root@bunny:~# stress-ng -a 4 -l 100 stress-ng: info: [8680] dispatching hogs: 4 I/O-Sync, 4 CPU, 4 VM-mmap, 4 HDD-Write, 4 Fork, 4 Context-switch, 4 Pipe, 4 Cache, 4 Socket, 4 Yield, 4 Fallocate, 4 Flock, 4 Affinity, 4 Timer, 4 Dentry, 4 Urandom, 4 Float, 4 Int, 4 Semaphore, 4 Open, 4 SigQueue, 4 Poll stress-ng: info: [8680] successful run completed in 61.48s It did get quite warm tho so I didnt want to do it for much more than a min. I can however wiggle it in the USB port and get a disconnect to occur. So tend to keep it still on desk when working.

Good idea. Even just OS/Target would be great. OS/Target = Windows, OSX, Linux, Android, iOS, Other(Printers/TV/Routers/devices?) & Multi. Type/function? (maybe not) = Recon, Exploit, Access, Prank, Other & Multi.

Another idea would be evilgrade - although Im not sure if this would be too obvious to the user if you plugged this in and update messages started to appear. But would perhaps be more effective once the bashbunny is combined to the wifi pineapple. https://github.com/infobyte/evilgrade

For inspiration. https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---Wallpaper-prank https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---ugly-rolled-prank https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---rickroll https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Change-the-background-to-MyLittlePoney-(win10) https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---Windows-10-:-Download-&-Change-Wallpaper https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---Hotdog-Wallpaper https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---You-got-quacked! https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload-DiskTray-Prank

I thin best to first update the payloads if you have not done so already. the download link is behind the green button on the page. But you can click here and download a zip https://github.com/hak5/bashbunny-payloads/archive/master.zip unzip. copy payloads to the bunny payloads storage folder overwriting all (unless you have something specific you wish to backup/keep). From there you can delete (or backup) the payload already sitting in one of the switch folders and paste into it the payload of choice - read the readme files for each poayload info.

you are correct, you need to have only one copy of the tools payload in the payloads folder.

It's the tools installer. https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/tools_installer

thats the /root/ directory.... use "cd .." then run "ls" to see if pentest exists.

connect over ssh, or serial. log into bunny and you should be in /root/ as default - use "cd .." to go back a directory. you can use "ls" to see contents. cd .. ls If you see pentest dir rm -rf /pentest

just to be sure, my pentest directory was found in the device root not the /root/ directory. everything else sounds like what i did. moving the tools_installer contents not copy etc. im not sure 100% what you mean with the above. i didn’t need to run anything in the bunny’s terminal other than removing the pentest folder.

did you remove the pentest folder in device root?

I had something not exactly as you describe but similar, however I reset and things were back to normal. I had it connected with lan cable and plugged into laptop. I also disables my other laptops interfaces just to remove confusion. ssh'd in to turtle to Reset firstboot && reboot after it reset and initial config I select module manager from turtle menu, configure, Directory, confirm yes to see the list of available modules. maybe it helps you with your issue.

there’s a general spec but some manufacturers can and do go out of spec and provide more. Grabbed this from Wikipedia.

I would be interested to know the power requirements of the bunny under full load. I was wandering if it the nano can provide enough juice on the USB port. From memory - and correct me if wrong - but is it limited to about 500mA? I guess dual supply could be used if required tho.