Captain

So your using the y cable and have one end plugged into your phone and one end into the computer? This may be confusing the nano. Also, at what step in the setup are you? Have you updated the firmware yet?

Let's starts from the beginning. Is the nano plugged into your phone, or a computer? Or both?

What OS is the device running? Also, can you try pastng the hashed password into the password input? I've seen some really poorly embedded device actually accept the hash :eyeroll:

Maybe I can make a more detailed write up for it sometime soon. There was a bit of coding I had to change You are right in that the current version won't actually move you past the login screen. It simply asks you to re-enter your info. I can also only get it to work while also using DNSspoof. In fact, I don't even activate the captive portal option in evil portal. I simply activate the portal profile to allow it to move the files into www, and use DNSSPOOF to redirect the traffic. If I wanted to spend more time on the project I'd bet you could get it to redirect The only issue with this is if the client has already previously bypassed and had an active internet connection on that SSID, then you won't hit the captive portal at first association. This means only http traffic will be redirected. So if a client connects, goes to an https address, gets the connection error, it would be sort of armed flag to them At any rate, I have yet to test it in the wild, and likely won't. I have only tested it with my personal lab and with friends.

Awesome. Thanks for the info.

I think I have this right but want to confirm. If you have the NANO with the status LED oriented towards you, WAN0 is the radio on the right (closest to the female USB) and WAN1 is the radio on the left (closest to the male USB) correct? WAN0 is the AR9331 and WAN1 is the 9271 if my info is correct. Which radio is used for the MON mode in PineAP? It appears to be WAN1MON, but I wasnt sure if that translated to the 9271 or not? I just want to verify as I am experimenting with different antennas Thanks

I'll a couple scenarios through my lab and let you know what I find out.

I fired up a few devices along with my NANO to test it out. Very curious. My iPad (4th generation) shows as an unassociated client and is showing the "correct" MAC address (IE: the unassociated MAC matches the MAC found in settings) My iPhone 6 plus however shows a different MAC address than what is listed in the settings. I am guessing there was a change to the chip that allows for MAC rolling, or maybe even some type of virtualized MAC system. At first glance it would appear that you likely cant pull the MAC just from scanning on these newer devices.

On your phone try going to: settings -> general -> about I believe your MACs will be listed there. These may roll randomly, but it's a start.

Ok . . . .last post on the topic for me: I decided to jump down the rabbit hole with this project lastnight and get it working with the post code from GitHub. The issue is that the write up is a bit dated if you are using a NANO or even the newer versions of evilportal. As best as I can tell, the only way I could get it to work was to modify the landing page (index.html) to be a index.php page (not totally necessary, but it seems that captive portal is very specific as to where it shoots traffic and it has to be index.php) . I also had to modify all of the various pointers within the file to point to ./ instead of ./index_files and ./auth (in the .php action file). EvilPortal does its job well as long as you are working with flat file structures. Finally, I had to change the header coding as the webserver on the NANO didn't want to display it despite the fact that XAMPP displayed it perfectly. You will still have two issues to work around: 1. If you are going to use the captiveportal option in EvilPortal, it appears that one could bypass the portal pretty easily 2. You may want to use DNSspoof as well. However, if your attached client bypassses the captiveportal and attempts a connection to a secure site (facebook.com) then they will get an error page instead of your portal page. Perhaps I am over complicating things . . . I am by no means an expert!. But I don't think just dumping the attached code into your evilportal directory and then activating it will work. You could workaround it by just dumping into /www but then you have to manually remove the files to "take the page down" Anyways, that's all for me.

Another thing I just thought of (don't ask me why I was thinking about this . . . ) Is your phone broadcasting on the 5Ghz range? The NANO only has 2.4GHz radios. I ran into this one late at night thinking I was crazy . . . .I'm only half crazy. Switch over to tetra if you want the full PineAP experience on the 5Ghz range.

I think he is referring to his username being base64 encoded :)

Alot of different variables could be in play here, but lets start with the basics. Are you connecting over wifi, or using the onboard Ethernet adapter (via USB)? Are you connecting to the NANOs Open SSID, or to an SSID being served up by PineAP?

Awesome!

I decided to grab a copy of the portal code posted above. One thing you may run into issues with is the use of the two subfolders (auth and index_files). In my experience EvilPortal at times will get wonky with sub directories. Sometimes it will activate them correctly (IE: move the pointers in the WWW directory), but sometimes they dont. So, if you are using that setup, make sure you have all the needed files in /WWW AFTER you activate it via EvilPortal If you want to bypass evilportal all together, you could SCP the contents of one of those files straight into /WWW - This will sort of break other modules that may use that directory (Portal Auth and EvilPortal) as they wont be able to move things in and out of that directory. Again, if you want to quick test the files, load them into XAMPP and make sure they are served up correctly (I did this and can confirm they work really well . . . better than my version)

If the system your using detects the Ethernet adapter make sure your assigning an IP address in the correct range, or at least setting the subnet to a class that will communicate to the 172. Address

The firmware for NANO doesn't come in different OS flavors. There is only one firmware set located at: https://www.wifipineapple.com/downloads the "pairing" process is nothing more than getting connected to the pineapple via the USB interface (which is actually an Ethernet interface) are you getting anything when you plug it in with the y cable? The system you plug into should detect it as a network adapter.

This is a great write up. This is exactly what I have discovered with my testing. Phones sometimes beacon very slowly (part of battery conversation efforts) so you want to ensure your running recon for a long period. The allow associations may not show an SSID if PineAP daemon is off AND your open SSID is set to hidden.

Another quick note: you could use XAMPP to test things locally on your own system to make sure you get all your syntax and dependicies setup correctly. XAMPP loads up a quick webserver that supports php for quick testing.

I have experimented (for learning purposes) with the Xfinity Portal. Because I did this as a learning exercise, I created my own portal files by "hacking" together a cloned version of the Comcast page. This probably isn't as fancy as the one posted above, so I can't speak to the reliability of those In my experience the best way to get it to work is using Evil Portal AND Dnsspoof along with PineAP. Using this method has proven succesful in my at home testing. I found that bypassing the captive portal was possible without using DNSspoof. The newest versions of Evil Portal no longer use nodogsplash which means the process more simple. Here is some general tips: (These are for NANO) 1. Configure DNSspoof to point everything to 172.16.42.1 (assuming your using a pineapple) 2. Create a new portal using the EvilPortal interface. Name it xfinity. 3. SCP into pineapple and browse to /root/portals/xfinity 4. Place xfinity portal code in this directory. Note: for best results the primary index should be index.php 5. Activate portal and start EvilPortal - this will generate the "live" preview section. Alternatively browse to 172.16.42.1 using a web browser to see if the landing page appears 6. SCP / SSH to /www - you should now see link files pointing to all the files you placed in the xfinity folder. Activating and deactivating moves / removes these links. 7. Enable DNS spoof 8. For best results using PineAP only broadcasting "xfinity" wifi, and NOT capturing SSIDs will help you get clients connected. This is is my no means a detailed write up ... But these are the loose steps I've used with success.

For what it's worth, I'm a huge fan of virtualized labs. As a profession I run cloud computing platforms which lends me access to more commercial level environments. But for my home, I run a pretty beefy laptop with VMware workstation (free license as part of my VCP certifications). I run a slew of "vulnerable" systems, and can even do network segregation without ever leaving the TCP stack of the laptop itself also, another REALLY useful tool is booting from flash drives. Having a few different distro's on cheap USB keys can make a cheap laptop a Swiss army tool of sorts for at home lab work.

+2 I have the nano tactical. If I were actually conducting "covert" ops, then obviously you wouldn't carry it around in a case that looks . . . well not covert. But the case is amazing for carrying, having in the car, or basically anything NOT trying to be stealthy. Much easier carrying a self contained case than multiple items that could fall apart. The other aspect is protection. If you opted for the tactical case plus the 90 degree antennas, the unit as a whole can take quite a beating \ dropping. What about those that have both :evilgrin:

What modules do you have installed? It seems that perhaps you have a sub process that is running it out of memory. You could SSH into it and take a look at the running processes to see if there is anything that stands out. Or maybe an easier test may be to flash the thing all together. Check out Darren's post:

Hmm, this is a very interesting idea. Obviously, the NANO doesn't have a Bluetooth radio natively, but I wonder if there is a Bluetooth dongle one could get to work in the USB port. I am assuming that you want to "tether" in order to share your internet connection correct? As mentioned, if you are simply trying to access the management interface, than you could setup a third WLAN interface, and connect that way. On a side note, you could check out this post. You are basically using a secondary "Smart" device to create a PAN using bluetooth.

*WLAN2