Jump to content

Clever Name

Active Members
  • Posts

    9
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Clever Name's Achievements

Newbie

Newbie (1/14)

  1. This was the case for me when I first turned it on. I went through setup and selected hide open AP, then when it was up and running, I could see the open AP. I changed it to not hide, applied, then changed it to hide and applied and that fixed it. The setting has persisted through restarts ever since. Hopefully this helps.
  2. I think the problem would be in that you can browse through their installed modules. Let's say someone makes a simple module that will opkg install htop and basically display htop output in the web browser. There are so few modules available right now that a lot of people would probably install it just to install it, and it seems somewhat useful. But unbeknownst to the user that the person that made the module made a symlink called 'escape' to the default loot directory in their module directory. Or, better yet, just a symlink to /. So let's say you're sitting in a bar somewhere and see open wifi and you connect to it with your laptop and get 172.16.42.42 and you're like hmmm I wonder if this person installed that htop module? So, over open wireless, unauthenticated, you go to http://172.16.42.1:1471/modules/htop/escape and you land in /. You browse your way to /etc and view the shadow file (which I have verified you can do) and you copy root's hashed password. Now you throw that in john the ripper and let it crack the root password. Then you ssh to the pineapple and, for fun, rm -rf / and watch for the most confused face in the place and now you know whose device it was. Completely possible. Aside from that, though, it's more of information disclosure, as you can browse through /pineapple/ui/modules and explore which modules are installed and access all of the files. I don't know if modules will use their own directories for temporary files or something. WiFite winds up as a module, will cracked.txt be in modules/wifite? As it stands right now, you are correct- as I mentioned when I used that json file as just an example, it's nothing useful... right now. But as described in my example, it's feasible that it could be a big problem depending on the nature of future modules.
  3. You should be able to restart the device. Most now (try to) autodetect the channel that has the least interference and the lowest utilization upon startup, but then they stop paying attention to the wireless environment. Interference and utilization of a channel changes very frequently. If you do change the channel manually, be a good internet citizen and make sure it's only to either channel 1, 6 or 11.
  4. You should be able to ask them to put their device into bridged mode. That will make it to where it's just giving your internet access directly to your new router. Using their router, and then your own router causes your connection to be double-NATed. This isn't an issue for basic internet access, but if you want to port forward things, etc., you are still behind the ISP's device's firewall, then your device's firewall.
  5. FYI, if you connect to the management, even over the open wifi management, you can get filesystem access to /pineapple/ui without being logged in. For example, you can open http://172.16.42.1:1471/modules and see all modules installed, including traverse the directories and view all file contents regardless of permissions. You can also read the files in /pineapple/ui, though there's nothing that interesting, you could do http://172.16.42.1:1471/ngsw.json to read the file. Also, permissions are ignored. A file with no read permissions at all can be displayed.
  6. I was able to do a factory reset even while it was booting, which fixed it.
  7. I just got my nano yesterday. I played with it for a bit last night and tonight. Now all of a sudden when I plug it into power, the LED does its blinking as usual, but at the point it would normally go solid (I counted 70 blinks) the light goes out and it's off. I did have an issue when I went to use it tonight that it wouldn't take the wifi password to connect to it. I know I didn't change it and I used it a lot the night before. A factory reset fixed that, though. Any ideas of what I can do with the booting issue?
×
×
  • Create New...