Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Captain

  1. Yes, I believe you want to see: br-lan eth0 lo wlan0 wlan0-1 wlan1 wlan2 (if using USB dongle interface) also note: you can see ifconfig output from the Network tab on the web gui.
  2. I haven't done anything as elaborate as what you are doing. I have however built a portal that required a username and password that then dumped to a text document. I did this for a demo at work to show why people should turn off their wifi while at work ... For my purposes I used the EvilPortal module. Since the NANO would be routing to the internet via the next hop, you should be able to load dynamic items in the landing page. You also need to use DNS spoof to force the traffic to the portal. You MAY have better luck with an AP thats made for the captive portal setup. I know CISCO made a captive portal device that worked pretty well. Also, another suggestion, if you were to try to deploy this on a large scale, then you may want to investigate the NANO. It's got a bit more horsepower, and would possibly get more clients connected as it support 5GHz as well. Anyays! Try EvilPortal. Let us know how it goes!
  3. So, one thing I'd try is to connect via Wifi. Once you are connected that way, try to SSH to the nano. Once you are in via SSH, see what ifconfig reads. Also once you are connected via wifi, you should be able to browse to the web GUI. Repeat your steps and see if the wifi interface shuts down. I am sort of suspecting you have an issue with Kali ...
  4. Out of curiosity, are you running with an SD card installed? It sounds weird ... but when you do your reset, keep the SD card out of it. Also, try reformatting the SD card as if it were the first time you were going to use it with the pineapple. The only time I've had real issues with my Nano is with SD cards ... Shot in the dark ... but worth a shot.
  5. I would reset the pineapple, and make sure you are resetting to the most recent firmware. Also, I know this sounds obvious, but one thing to remember is the NANO is 2.4 GHz only. I don't know how its possible, but I have seen MAC addresses coming in to the NANO, when the client is actually connected via 5GHz. I think this is in the way some cards negotiate the N protocol. So I blast deauth to it, and it just ignore its because its not actually accepting 2.4GHz transmissions or something - it's odd. I'm not an expert on it ... This is from the aircrack-ng documentation: 1. Wireless cards work in particular modes such b, g, n and so on. If your card is in a different mode then the client card there is good chance that the client will not be able to correctly receive your transmission. See the previous item for confirming the client received the packet. 2. Some clients ignore broadcast deauthentications. If this is the case, you will need to send a deauthentication directed at the particular client. 3. Clients may reconnect too fast for you to see that they had been disconnected. If you do a full packet capture, you will be able to look for the reassociation packets in the capture to confirm deauthentication worked.
  6. I just wanted to make sure I am understanding. you are connected to the pineapple via Y cable? And once you connect to it, and are browsing the web GUI, the interface you are connected through will shut down? First, I would try connecting to the pineapple via wifi, then SSH to it, run an ifconfig to see if the interface is actually shutting down. It could be your Kali box killing the interface. (I believe ifconfig will show that interface ... maybe not) It seems like maybe one of your modules is whacked. When you did a reset, did you reset it to the newest firmware? I would blow it away again, and also make sure you are updating to the most recent firmware. Once you have a fresh new pineapple, then trying running a few functions that dont require modules. Something like PineAP. Let it run for a bit to see if the interface shuts down on you. Finally, one other possibility is: Are you using the y cable, or just a single USB input? It's POSSIBLE that with the extra modules you're drawing too much power for one USB port to power it.
  7. Gotcha Yeah, this should work as far as getting the traffic intercepting. However, I am not sure if you will actually get message traffic as I THINK Facebook now encrypts it between Facebook server and clients. Additionally, you can turn on secret conversations which (supposedly) does end to end, device to device encryption. In fact, I'm not even sure you can SSL Strip Facebook anymore at the login page. I dont think you can come into a Facebook server without HTTPs. Perhaps some back end API's and such ... Best way to capture Facebook messages would be a client side attack ...
  8. I may be misunderstanding what your trying to do. You are basically wanting to capture the traffic from a victim as it flows from the victim, to the pineapple, and then to the internet? There are are a couple ways to achieve this. 1. (the quicker and dirtier way) - Just ARP spoof the victim. You would want to arpspoof between the victim, and the inside interface of the Pineapple. Assuming the "PC" you referenced is actually something like a Kali box ... you will also want to setup IP forwarding. This will basically make you MiTM and assuming the traffic isn't leaving your victim as encrypted, your good to go. 2. Move the Pineapple "behind" your attack box, and share the internet connection through your attach box. This will allow you to monitor all traffic are you attack box acts as next hop upstream from the pineapple. In either situation, you will need to setup Burp to listening on ports 80, 443, and maybe 8080 depending on your situation. https://www.pentestgeek.com/penetration-testing/credential-harvesting-via-mitm-burp-suite-tutorial
  9. Totally agree. It really depends on your needs. I ran an experiment in my neighborhood once. .... Nothing illegal ..... Just remember the Yagi antenna is like a sniper rifle ... its better for sending long range packets than it is at receiving them as its likely your "victim" will not have a high gain antenna strong enough to get reliable signals back to you.
  10. So just a couple ideas here ... Do you have a specific use case as to why you want to force everything to share your laptop? I assume you are wanting to capture traffic of some sort ... One option you have is to bypass the need to share the internet through your laptop all together. You could use the usb port with a cheap USB radio. This will allow you to connect the wifi to a hotspot just as any other client would connect to wifi. The pineapple will then share that internet out. Obviously, this setup wont work for every situation. Maybe there are no open hotspots for example ... However, if you are simply just trying to get it setup, then that might be an easier way to go. Another option you have in using the above setup, is the arpspoof a specific client. This would allow you to be just another client on the network rather than the "router" for all of the traffic. This wont work well when doing mass collection (say you want to eavesdrop on 7 clients at once) - but its a quick and dirty way to target a specific client Second, the VPN question Long story short This will only work if you are actually sharing the internet through your laptop. I am |assuming| the VPN you are referring to is an SSL client side VPN as opposed to an IPSEC VPN established with an edge device (your router as an example). In the case of your laptop serving as the VPN, then yes, in theory it would work. Your laptop is essentially acting as a later 2/3 next hop to all the clients downstream of the pineapple. This means the stack on the laptop should force all that traffic out the interface that then "next hops" into the VPN. In other words the encrypted traffic is between your laptop and the internet, NOT the victim to the internet. One thing to keep in mind: In windows, the traffic between the stack and the interface may be encrypted as well. This means to sniff traffic you may need to be a client on your pineapple. That may not be true as I havent tried this example through windows. I'd be curious to know what you find out. One way you could test this is with a tracert. Or, simply connecting a "victim" to your pineapple and pulling a "whatismyip" site. If you see the http call to the site on your laptop by sniffing the traffic AND if the "victim" reports an IP that is through the VPN, then it's working!
  11. What carrier are you using with your nexus 5, and does it support personal hot spotting? The wifi hotspot will be the easiest way to go. Start the hotspot on the phone, navigate to the networking settings on the nano, scan for available networks (using the third USB Radio), connect. Now you have internet, and your nano will serve at the next hop gateway to any client that connects to it. However, just keep in mind that your wifi hotspot will broadcast. If you are trying to stay totally silent ... just keep certain things in mind. If your phone's hotspot is broadcasting "So and so's Mobile Nexus 5 hotspot!" .....
  12. Are you also trying to serve internet to the pineapple network? One easy, "hacky" way I have gotten this to work is to use USB port to connect a third radio (The RT5370 as example). This allows you to connect the pineapple to a wifi network, and serve internet that way. This allows you to bypass the "need" to tether. So effectively now your pineapple has become the next hop for anything that connects to the network being served from the pineapple. Start PineAP, and get a "victim" to connect to your pineapple. Victim would also have internet provided through the wireless connection from the third USB radio. Then I'll connect my "attack" box (IE: Kali) to the network that the pineapple is serving. Using the clinet list, figure out the MAC address of the victim. From there, the quick and dirty approach is to arpspoof the traffic, allow IP forwarding on your attack box so that the traffic flows. The client likely wont be any wiser to it unless he\she is keeping a close eye on his arp tables. Now you can capture whatever traffic you wanted as your attack box is now forwarding every packet that passes between the AP (your pineapple) and the victim. From there you can shark the traffic, ettercap, etc .... Again, im not saying this is the best way to do, far from it. I'm just throwing out a quick and dirty way to get it up and running.
  13. Yeah, that's what I've been doing. Frankly, it may actually work better doing it this way as you can initiate carious payloads for different OS's
  14. Hopefully someone smarter than me can help me out. Which firmware should I be loaded for twin duck functionality? All I can seem to get working is the c_duck_v2_S001.hex which triggers on caps,num, or scroll lock. I have test it, and it worked great. However, rewriting scripts to account for caps lock is . . .well tiresome. In theory c_duck_v2.1.hex should be the "standard" image that deploys the inject.bin automatically. However, I cant seem to get that one to work. Am I using the wrong firmware? Thanks
  15. I'm not entirely sure I understand your question. Do you mean you want to collect SSIDs to a list for later review? You could accomplish this by starting PineAP, not allowing associations, and logging SSIDs and Probes. That would capture all the SSIDs. However, I am not sure it would capture MAC addresses.
  16. Totally worth it, especially if you have the tactical case, or any case really. It fits much easier for limited engagements. I have run PineAP from a pocket for a couple hours before using the "upgraded" anntenna switch success.
  17. Typically I don't hit 100% very often. If if problem persists periods flashing it entirely.
  18. It seems that newer Apple devices act in the same way as mentioned above. Its only after making a connection to an AP am I able to see the MAC. However they don't always match what is displayed in the settings.
  19. Oh for sure. I think the real answer here is how tricky do you want to be? I got this working more as an experiment and a scare tactic for some friends.
  20. I have both. the upgrade is very useful when using the tactical case as it slides in and out without having to unscrew one anntenna. So no, if you have the actual hak5 case, then they fit perfectly. As for reflection and broadcast, I noticed similar performance from both. Both sets are best used when working in a very local area (think very large room type of space). Once you get about 40-50 yards away, reception gets pretty weak with both As for heat, I've only noticed higher heats when using a case which is to be expected. I also have 9Dbi's and even a yagi setup that I just build and am experimenting with. These have pretty impressive results.
  21. Lots of things. For example the xfinity portal "hack" doesn't need Internet. Captive portals? No internet. Also, there are threads here about capturing handshakes and such that could then be handed off to a cracker. Other items could be the recon function. Capturing MACs for bypassing MAC whitelisting ... how about nmap sweeps? or you could simply use it as a wireless router for local connections etc Honestly there are a ton of things. The best thing is to just obtain a high level of understanding on how these things work from there you can get creative in your own way
  22. Hey all I've been playing around with my new USB power meter, and I wanted to run my math past you to see if I am thinking right. Attached are some pictures, but in general, my NANO seems to draw .50 amps or less. Usually its in the .40 range with a dongle plugged into WLAN2. if my math is right, .40 amp converts to 400milliamps. if we take a 15000mAh battery, we would get appx 26 hours of runtime? (15000 / 350 x 0.7* = 26.25) Does this sound about right? The pineapple juice battery is rated at 4000mAh which is good for about 7 hours. Overall I've been shocked at how little the NANO consumes. I have run PineAP, DNSspood, and evilportal with clients connected and it was consuming around .70amps (700 milliamps) I did notice it goes way up depending on the dongle your using for WLAN2 obviously. If my math is wrong let me know!
  23. Yeah if you dig into the code, you can see that it purposely directs you back. Its a never ending loop in an attempt to get as many different passwords as possible. If you were trying to be more covert, you would have to add logic that allows the user to pass. The biggest issue with this is that, in order to pass, that means you also have to serve up an uplink to the internet. Not a problem, generally speaking. However, DNSspoof doesnt seem to work if you are also serving up an active internet pipe. So, its sort of a catch 22 I am sure there are better ways toimplement it, but this is the best I've found: Serve it up using EvilPortal coupled with DNSspoof Again, I am not out trying to make it more covert or even easier to use. I have used it mostly as a demo to friends that often use xfinitywifi - I have scared them enough that they just turn wifi off when they leave the house! ha
  24. Wow . . I feel like I just traveled back to 2001
  25. Ah, your using the app? Just try this: connect to the management AP via wifi?
  • Create New...