sbb
-
Posts
17 -
Joined
-
Last visited
Posts posted by sbb
-
-
3 minutes ago, mda1125 said:
Seems like you connected Wlan2 to a phony SSID your Pineapple is broadcasting. That IP looks super similar to what the Pineapple gives out. Look in the client list and see if your device is connected to itself.
That caught my eye too when I was testing but when I clicked "Scan" to find all of the SSID's around, there was only one instance of that open AP in the list for me to choose from. I am not at the location to re-test this but I will have to give it another shot in the future. Just wanted to make sure I didn't have anything set up incorrectly.
For future reference, should I have just thrown the public access point into the deny list for PineAP in order to omit it from being re-broadcast or is there another way to blacklist it?
-
I hooked up my ALFA USB adapter to my nano today and took it along with my battery to a local site.
The nano detected it without issue as wlan2. In the networking section, I selected the open access point that was being broadcast as this location using wlan2 as the adapter and it seemed to get its IP / connection.
However, when I connected to the management AP for the nano and tried to get the updates to see if there was a connection, it kept saying it failed.
This makes me think that the few clients that did connect would have had no internet access.
Should I have been able see these pineapple bulletin updates with this setup? There didn't appear to be any captive portal options I needed to click when I did this from my iPhone so I assumed the WiFi usb adapter shouldn't have had any issue connecting to the AP.
Thoughts?
-
For the nano, which antenna would be best replace with a yagi antenna? I understand that one is used for sending and the other receiving but I am not sure which one actually does what in order to replace it.
Could anyone tell me which side of the nano a single yagi antenna would work best in?
-
I am kinda in the same boat on this one. I bought a cheap android phone (prepaid) and doesn't have service, only use it for WiFi. I don't know if its the phones limitation or what but there is no option to create a hot spot / tether on there, even though its running a new Android OS.
The only way I was able to do it without using a laptop was to connect to the management wifi on it. It is a rooted android phone, I will have to see if there is an app in the marketplace that might enable such feature.
-
21 minutes ago, drowZ said:
I had a similar problem when first setting up mine, until I realised that the network that Darren used in his starter video was open. I went to a shopping center the other day, and at one point I managed to get around 15 clients connected to me, through 5 different networks. Obviously, the only reason this had worked, was because all of the networks the devices were connecting to were open, but beside that, it worked like a charm...
Awesome, I assumed that a public location or a de-auth would be the best way to do it.
-
12 minutes ago, mda1125 said:
Scenario 1:
You can hook it up to your belt or put it on a table tethered. Who's to say it's not a Mobile Hotspot? You can also just connect to the Management AP, have it hidden in a pack or under a jacket, in a pocket, whatever.. and view your Recon from the phone. See the SSIDs..
Get Site Survey and capture the WPA handshake. You can easily download and crack that offline.. there's a lot you can do in Recon mode.
If you scan for Open Wifi. you might be able to get that 3rd radio you can plug into the extra USB on the Pineapple so people who connect, would go thru that Open Wifi. If not, stay in Recon mode.
If nothing else, it's a real eye-opener to see just how many phones are searching all the time for anything open. Crazy.
Scenario 2:
If you have an Internet connection (open or your own hotspot) you can grab clients. Use that for a TCP dump to an SD card or use Evil Portal with a very customized portal for that location. Maybe a business cafeteria.. create a portal that makes sense if a person is in that place of business and sees that portal. I mean if I am at Joe's Tax Help and I see a Free Wifi for SouthWest or Facebook.. that's suspicious. But if you target a specific location, you could use Evil Portal to grab unsuspecting clients that would use Wifi that immediately makes sense to them in that location.
Your custom portal could always use some type of BEEF framework to hook that browser. You'd need a laptop at that point with some actual IP I would think. But again, not unusual to see a person with a laptop, cell phone and some funky mobile hotspot.
People are more curious about a box and what's in it than seeing something with small antennas that they assuming is some tech gadget for your cell phone. I've been asked "what's in the box" more times than anybody cares about a Wifi Pineapple.
Unhide the Access Point and if they ask, tell them it's a mobile hotspot and let them connect! If they do, you got a client! If you have internet, you have a hooked client for a while. If you don't, tell them yeah.. I am getting the same. I can connect but this thing says "No Internet." Freaking ATT.
Awesome, thanks for the detailed response. I assumed as much with what I had mentioned but was curious of peoples implementations that went outside the scope of the Pineapple Wifi UI using the actual hardware / antennas for other things.
I didn't think about the 3rd antenna to essentially route traffic to an AP that I was currently connected to, I will have to look up some hardware for that.
The issues and trouble I have had trying to even get a client seem like they are coming from iOS and MacOS. I run this thing in my own home and guests connect to it just fine. However, when trying to use things like SSL Strip, Safari freaks out because of the HSTS protocols and wont even load stuff which makes 95% of all the sites and apps unusable. I saw a topic for MANA and I am installing it now to see if I can get that working.
One big thing that I have learned so far that may help onlookers is that if you are using this at home, chances are your neighbors connections will be stronger and more trusted than that of your PineAP so they will probably not connect. Unless you are able to Deauth them enough to fall back on a public once they have associated with before that you are re-broadcasting, however I have been unsuccessful at that. Best use case I could think of would be out in a public place where no one is at their home/trusted wifi so the chances of them connecting to your AP is much greater, especially when it is throwing up SSID's for the probes their devices are sending out.
Of course, I may be doing something wrong but in my first week of playing with it, thats the conclusion I have came up with so far. Would be great at a grocery store, Hotel, Airport, coffee shop etc. Keep in mind all the legal blah implications that could come with such thing but probably will have better results than trying to get nearby neighbors.
-
I have some questions about taking this out in the field. I have a battery for my nano and an android phone. This phone however doesn't have service or a plan etc, I just use it for some specific Android Apps and Wifi.
I am just looking for some ideas or uses for the nano that I might not be thinking of so I can see its potential and what others are doing.
Here are the two basic ones I can think of:
Scenario 1:
Lets say I was asked to audit a network on a property where I couldn't draw any attention or look like I was up to no good. The only equipment I could have in my hand without looking shady would be a cellphone. I would hook up the Nano to my battery pack, put it in my backpack and then I assume connect to it via the management wifi AP?
Since I can't tether (phone doesn't have a plan) I couldn't use PineAP because then those users that connect wouldn't have internet access and would just disconnect to look elsewhere.
I'm guessing I could run things like Recon or Site Survey to get an idea of devices that may be around and connecting to things they shouldn't be etc.
I could also SSH into the pineapple from my phone and run airodump to try and capture a handshake of the network as well to take offsite and crack if that was the intent.
Scenario 2:
The more traditional route would be going somewhere public, hooking up the pineapple and running PineAP in order to see the beacons being sent out and then re-broadcast to try and get some clients. Once getting clients, what are some things people like to do? Whether its MITM with malicious intent or just having fun and screwing with people, what are some things to do with a connected client?
What types of apps do people use on their laptop or mobile phone in combination with their pineapple to make things easier for them? I have SSH on my phone with Wiggle for finding AP's but I am sure there is so much more.
I guess in short I am just looking for what others have pulled off using their Nano's to see their potential.
I haven't checked to see if there is a pre-sale forum or topic but understanding what people have done would be a good selling point.
-
Thanks both, I didn't mean to sound hostile, was just trying to question the response for my own sanity :)
I left the SD card intact and just reset the nano back to factory. It appears to be working now without issue. Seems like the golden fix with these things is just to factory reset when any issues arise.
Issue resolved.
-
Wouldn't the power be the same regardless of the OS? I have both male USB ends plugged into two USB slots on the laptop on the Y adapter. The other female end is connected to the nano itself.
This setup worked fine when running it in Windows but it sounds like you are saying that a laptop in general cant put out enough power even when having both cables hooked up?
-
The reason I noticed this was because I had PineAP running for about 2 hours before I tried to actually connect to one of the rebroadcast SSID's and it wouldn't let me connect to any of them which leads me to think there is an interface issue somewhere.
-
When I first got my nano, I was using windows and everything worked great. I was able to use recon mode along with all the modules I was trying.
Last night, I installed Kali on my machine and hooked up the nano to that. I have an ethernet cable plugged into the laptop and wifi turned off.
When I run the wp6 shell script, it runs me through the the steps and it connects without issues. I can get to the Internet, the pineapple, and load bulletins just fine.
The issue I am running into now is when I try and run "Recon Scan". I just keep getting "There was an error starting Recon. Please try again."
Am I doing something wrong or have I forgot to do something in linux that is different than windows?
Before I run the wp6 command:
root@kali:~# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.65 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::12e7:8a31:87f0:f5c9 prefixlen 64 scopeid 0x20<link> ether 78:45:c4:bc:6f:eb txqueuelen 1000 (Ethernet) RX packets 726 bytes 57522 (56.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 47 bytes 3680 (3.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 00:c0:ca:91:53:64 txqueuelen 1000 (Ethernet) RX packets 33 bytes 1608 (1.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 57 bytes 10218 (9.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 18 bytes 1058 (1.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18 bytes 1058 (1.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 root@kali:~#
After I run the wp6 command:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.65 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::12e7:8a31:87f0:f5c9 prefixlen 64 scopeid 0x20<link> ether 78:45:c4:bc:6f:eb txqueuelen 1000 (Ethernet) RX packets 1546 bytes 162801 (158.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 266 bytes 24704 (24.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.42.42 netmask 255.255.255.0 broadcast 172.16.42.255 inet6 fe80::5ede:e6bd:c566:e226 prefixlen 64 scopeid 0x20<link> ether 00:c0:ca:91:53:64 txqueuelen 1000 (Ethernet) RX packets 848 bytes 584236 (570.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 778 bytes 163026 (159.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 20 bytes 1156 (1.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20 bytes 1156 (1.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 root@kali:~#
The networking section of the pineapple that is connected to the internet:
br-lan Link encap:Ethernet HWaddr 00:C0:CA:91:3E:3B inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:713 errors:0 dropped:7 overruns:0 frame:0 TX packets:789 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:135862 (132.6 KiB) TX bytes:580516 (566.9 KiB) eth0 Link encap:Ethernet HWaddr 00:C0:CA:91:3E:3B UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:713 errors:0 dropped:0 overruns:0 frame:0 TX packets:793 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:145844 (142.4 KiB) TX bytes:580700 (567.0 KiB) Interrupt:4 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:42 errors:0 dropped:0 overruns:0 frame:0 TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3555 (3.4 KiB) TX bytes:3555 (3.4 KiB) wlan0 Link encap:Ethernet HWaddr 00:C0:CA:91:0E:92 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:29 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:3014 (2.9 KiB) wlan0-1 Link encap:Ethernet HWaddr 02:C0:CA:91:0E:92 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:25 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:2154 (2.1 KiB) wlan1mon Link encap:UNSPEC HWaddr 00-C0-CA-91-26-B2-00-44-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3894 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:940047 (918.0 KiB) TX bytes:0 (0.0 B)I went through the same steps when setting it up and can access the webui just fine. It seems though like an interface is being used or hasn't been started like it should have which is why recon mode isn't starting?
-
I am trying to figure out how to get my nano into monitor mode so I can capture a simple handshake.
I booted up the Nano and SSH'd into it.
From here, I ran:
airmon-ng start wlan1The result I got back was:
login as: root root@172.16.42.1's password: root@Pineapple:~# airmon-ng PHY Interface Driver Chipset phy0 wlan0 ath9k Not pci, usb, or sdio phy0 wlan0-1 ath9k Not pci, usb, or sdio phy1 wlan1 ath9k_htc Atheros Communications, Inc. AR9271 802. 11n root@Pineapple:~# airmon-ng start wlan1 Found 1 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! 2084 root 1376 S grep wpa_action\|wpa_supplicant\|wpa_cli\|dhclient\| PHY Interface Driver Chipset phy0 wlan0 ath9k Not pci, usb, or sdio phy0 wlan0-1 ath9k Not pci, usb, or sdio phy1 wlan1 ath9k_htc Atheros Communications, Inc. AR9271 802. 11n (mac80211 monitor mode vif enabled for [phy1]wlan1 on [phy1]wlan 1mon) (mac80211 station mode vif disabled for [phy1]wlan1) root@Pineapple:~#From everything I have seen and read with these tutorials, I expected to see something about mon0 as the interface being setup and running in monitor mode.
As a test, I tried to run wash -i wlan1mon and didn't see any activity. I tried to run this same command on all of the above returned devices.
What am I doing wrong?
-
I received my Nano a few days ago and watched several videos on the site to make sure I was up to speed when it arrived.
I got it all set up and installed a few modules.
From here, I ran recon and saw all of the results in my area.
Many of them were my own but there were a couple in range from neighbors, one of which agreed to let me "audit" him.
After adding all of the MAC addresses associated with his SSID to the "Allow Mode" client filtering, I waited...
I have about 20 MAC addresses in my filter, a dozen SSID's in the Pine AP Pool (including his) as well as all of the options checked in the Pine AP section.
When I view the near by wireless networks on my own phone, I see all of these Access Points being sent out as "Open" with the same names as the ones in the pool which is expected.
With an up time of 29 hours, I have yet to have a single client connect to any of the AP's (other than myself as a test).
I have restarted it several times as well as re-flashing the firmware today.
Many of the SSID's in recon are Mixed WPA, WPA, and WPA2. From what I have read, this would only work with WPA due to the handshake?
To make sure it wasn't just an issue with my friends SSID, I added several of the nearby ones to the pool (the clients connected to them).
I have tried running Deauth through the scan results as well as the Deauth module.
Am I doing something wrong here? I feel like the only way this will end up working is if some one in the area connects to one of the SSID's that are being emulated vs getting any existing connections to my AP.
Just trying to see where I have went wrong here.
Thanks for any info you can provide!
Issue using nano with additional wifi adapter?
in WiFi Pineapple NANO
Posted
Thanks, I do have PineAP set up to start automatically so that's gotta be it. I will give this another try at home with the same setup and see if it works.