Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Profile Information

  • Gender
  • Location
    The Evil HQ

Recent Profile Visitors

718 profile views

Captain's Achievements


Newbie (1/14)

  1. Yes, I believe you want to see: br-lan eth0 lo wlan0 wlan0-1 wlan1 wlan2 (if using USB dongle interface) also note: you can see ifconfig output from the Network tab on the web gui.
  2. I haven't done anything as elaborate as what you are doing. I have however built a portal that required a username and password that then dumped to a text document. I did this for a demo at work to show why people should turn off their wifi while at work ... For my purposes I used the EvilPortal module. Since the NANO would be routing to the internet via the next hop, you should be able to load dynamic items in the landing page. You also need to use DNS spoof to force the traffic to the portal. You MAY have better luck with an AP thats made for the captive portal setup. I know CISCO made a captive portal device that worked pretty well. Also, another suggestion, if you were to try to deploy this on a large scale, then you may want to investigate the NANO. It's got a bit more horsepower, and would possibly get more clients connected as it support 5GHz as well. Anyays! Try EvilPortal. Let us know how it goes!
  3. So, one thing I'd try is to connect via Wifi. Once you are connected that way, try to SSH to the nano. Once you are in via SSH, see what ifconfig reads. Also once you are connected via wifi, you should be able to browse to the web GUI. Repeat your steps and see if the wifi interface shuts down. I am sort of suspecting you have an issue with Kali ...
  4. Out of curiosity, are you running with an SD card installed? It sounds weird ... but when you do your reset, keep the SD card out of it. Also, try reformatting the SD card as if it were the first time you were going to use it with the pineapple. The only time I've had real issues with my Nano is with SD cards ... Shot in the dark ... but worth a shot.
  5. I would reset the pineapple, and make sure you are resetting to the most recent firmware. Also, I know this sounds obvious, but one thing to remember is the NANO is 2.4 GHz only. I don't know how its possible, but I have seen MAC addresses coming in to the NANO, when the client is actually connected via 5GHz. I think this is in the way some cards negotiate the N protocol. So I blast deauth to it, and it just ignore its because its not actually accepting 2.4GHz transmissions or something - it's odd. I'm not an expert on it ... This is from the aircrack-ng documentation: 1. Wireless cards work in particular modes such b, g, n and so on. If your card is in a different mode then the client card there is good chance that the client will not be able to correctly receive your transmission. See the previous item for confirming the client received the packet. 2. Some clients ignore broadcast deauthentications. If this is the case, you will need to send a deauthentication directed at the particular client. 3. Clients may reconnect too fast for you to see that they had been disconnected. If you do a full packet capture, you will be able to look for the reassociation packets in the capture to confirm deauthentication worked.
  6. I just wanted to make sure I am understanding. you are connected to the pineapple via Y cable? And once you connect to it, and are browsing the web GUI, the interface you are connected through will shut down? First, I would try connecting to the pineapple via wifi, then SSH to it, run an ifconfig to see if the interface is actually shutting down. It could be your Kali box killing the interface. (I believe ifconfig will show that interface ... maybe not) It seems like maybe one of your modules is whacked. When you did a reset, did you reset it to the newest firmware? I would blow it away again, and also make sure you are updating to the most recent firmware. Once you have a fresh new pineapple, then trying running a few functions that dont require modules. Something like PineAP. Let it run for a bit to see if the interface shuts down on you. Finally, one other possibility is: Are you using the y cable, or just a single USB input? It's POSSIBLE that with the extra modules you're drawing too much power for one USB port to power it.
  7. Gotcha Yeah, this should work as far as getting the traffic intercepting. However, I am not sure if you will actually get message traffic as I THINK Facebook now encrypts it between Facebook server and clients. Additionally, you can turn on secret conversations which (supposedly) does end to end, device to device encryption. In fact, I'm not even sure you can SSL Strip Facebook anymore at the login page. I dont think you can come into a Facebook server without HTTPs. Perhaps some back end API's and such ... Best way to capture Facebook messages would be a client side attack ...
  8. I may be misunderstanding what your trying to do. You are basically wanting to capture the traffic from a victim as it flows from the victim, to the pineapple, and then to the internet? There are are a couple ways to achieve this. 1. (the quicker and dirtier way) - Just ARP spoof the victim. You would want to arpspoof between the victim, and the inside interface of the Pineapple. Assuming the "PC" you referenced is actually something like a Kali box ... you will also want to setup IP forwarding. This will basically make you MiTM and assuming the traffic isn't leaving your victim as encrypted, your good to go. 2. Move the Pineapple "behind" your attack box, and share the internet connection through your attach box. This will allow you to monitor all traffic are you attack box acts as next hop upstream from the pineapple. In either situation, you will need to setup Burp to listening on ports 80, 443, and maybe 8080 depending on your situation. https://www.pentestgeek.com/penetration-testing/credential-harvesting-via-mitm-burp-suite-tutorial
  9. Totally agree. It really depends on your needs. I ran an experiment in my neighborhood once. .... Nothing illegal ..... Just remember the Yagi antenna is like a sniper rifle ... its better for sending long range packets than it is at receiving them as its likely your "victim" will not have a high gain antenna strong enough to get reliable signals back to you.
  10. So just a couple ideas here ... Do you have a specific use case as to why you want to force everything to share your laptop? I assume you are wanting to capture traffic of some sort ... One option you have is to bypass the need to share the internet through your laptop all together. You could use the usb port with a cheap USB radio. This will allow you to connect the wifi to a hotspot just as any other client would connect to wifi. The pineapple will then share that internet out. Obviously, this setup wont work for every situation. Maybe there are no open hotspots for example ... However, if you are simply just trying to get it setup, then that might be an easier way to go. Another option you have in using the above setup, is the arpspoof a specific client. This would allow you to be just another client on the network rather than the "router" for all of the traffic. This wont work well when doing mass collection (say you want to eavesdrop on 7 clients at once) - but its a quick and dirty way to target a specific client Second, the VPN question Long story short This will only work if you are actually sharing the internet through your laptop. I am |assuming| the VPN you are referring to is an SSL client side VPN as opposed to an IPSEC VPN established with an edge device (your router as an example). In the case of your laptop serving as the VPN, then yes, in theory it would work. Your laptop is essentially acting as a later 2/3 next hop to all the clients downstream of the pineapple. This means the stack on the laptop should force all that traffic out the interface that then "next hops" into the VPN. In other words the encrypted traffic is between your laptop and the internet, NOT the victim to the internet. One thing to keep in mind: In windows, the traffic between the stack and the interface may be encrypted as well. This means to sniff traffic you may need to be a client on your pineapple. That may not be true as I havent tried this example through windows. I'd be curious to know what you find out. One way you could test this is with a tracert. Or, simply connecting a "victim" to your pineapple and pulling a "whatismyip" site. If you see the http call to the site on your laptop by sniffing the traffic AND if the "victim" reports an IP that is through the VPN, then it's working!
  11. What carrier are you using with your nexus 5, and does it support personal hot spotting? The wifi hotspot will be the easiest way to go. Start the hotspot on the phone, navigate to the networking settings on the nano, scan for available networks (using the third USB Radio), connect. Now you have internet, and your nano will serve at the next hop gateway to any client that connects to it. However, just keep in mind that your wifi hotspot will broadcast. If you are trying to stay totally silent ... just keep certain things in mind. If your phone's hotspot is broadcasting "So and so's Mobile Nexus 5 hotspot!" .....
  12. Are you also trying to serve internet to the pineapple network? One easy, "hacky" way I have gotten this to work is to use USB port to connect a third radio (The RT5370 as example). This allows you to connect the pineapple to a wifi network, and serve internet that way. This allows you to bypass the "need" to tether. So effectively now your pineapple has become the next hop for anything that connects to the network being served from the pineapple. Start PineAP, and get a "victim" to connect to your pineapple. Victim would also have internet provided through the wireless connection from the third USB radio. Then I'll connect my "attack" box (IE: Kali) to the network that the pineapple is serving. Using the clinet list, figure out the MAC address of the victim. From there, the quick and dirty approach is to arpspoof the traffic, allow IP forwarding on your attack box so that the traffic flows. The client likely wont be any wiser to it unless he\she is keeping a close eye on his arp tables. Now you can capture whatever traffic you wanted as your attack box is now forwarding every packet that passes between the AP (your pineapple) and the victim. From there you can shark the traffic, ettercap, etc .... Again, im not saying this is the best way to do, far from it. I'm just throwing out a quick and dirty way to get it up and running.
  13. Yeah, that's what I've been doing. Frankly, it may actually work better doing it this way as you can initiate carious payloads for different OS's
  14. Hopefully someone smarter than me can help me out. Which firmware should I be loaded for twin duck functionality? All I can seem to get working is the c_duck_v2_S001.hex which triggers on caps,num, or scroll lock. I have test it, and it worked great. However, rewriting scripts to account for caps lock is . . .well tiresome. In theory c_duck_v2.1.hex should be the "standard" image that deploys the inject.bin automatically. However, I cant seem to get that one to work. Am I using the wrong firmware? Thanks
  15. I'm not entirely sure I understand your question. Do you mean you want to collect SSIDs to a list for later review? You could accomplish this by starting PineAP, not allowing associations, and logging SSIDs and Probes. That would capture all the SSIDs. However, I am not sure it would capture MAC addresses.
  • Create New...