.exe Posted October 6, 2008 Share Posted October 6, 2008 I think its time we discussed how the network configuration of how this device works as I still cant get this setup in a way that is easy for me to use and this im sure is annoying others just as much quietly. There are two interfaces: 1. WIFI (actually the LAN) 2. LAN (actually the link to the INTERNET, your LAN or WAN etc) I cant seem to control the DHCP addresses assigned by the WIFI interface to connecting clients. How do I configure DNS and GATEWAY options for this interface to distribute to wireless clients? None of these settins are available on the OpenWRT config page. The LAN interface appears to exist on the same subnet as the WIFI interface which I think is really bad as it allows clients to access the config page. Are these interfaces bridged and they need to exist on the same subnet in order to exchange information (this is what im assuming)? How to I stop wireless clients (and only wireless clients) accessing the Jasager config page (http://192.168.1.1) as I have been told this can be done with IPTables? Is it possible to change the address this is accessed from or this interfaces IP? Finally what are the names of these interfaces within the OpenWRT OS (I think one is eth0 but i dont think the LAN interface is called this and its called br-lan). Just a general overview of how this all works together would be really appreciated and some links would at least provide me with a starting point. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 7, 2008 Share Posted October 7, 2008 OK, I've just got a new Fon flashed so it is completely clean. I'll go through and set it up and then let you know the process of getting it completely online. Got to fit a new hdd to my desktop tonight so give me a day or so and I'll get what I can up. Quote Link to comment Share on other sites More sharing options...
.exe Posted October 8, 2008 Author Share Posted October 8, 2008 OK, I've just got a new Fon flashed so it is completely clean. I'll go through and set it up and then let you know the process of getting it completely online. Got to fit a new hdd to my desktop tonight so give me a day or so and I'll get what I can up. The device is working fine :) Its just set up really weirdly from a networking prespective. For example both interfaces share the same subnet therefore both get issued DHCP leases (wtf.....). Ideally you want both interfaces communicating but using different subnets which should be possible if this is using OpenWRT. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 8, 2008 Share Posted October 8, 2008 You can probably do this quickly with webif. Just go through the interface and see what you can set. I've just got my new hdd installed so that is one job out of the way, this is moving up the list! Quote Link to comment Share on other sites More sharing options...
.exe Posted October 9, 2008 Author Share Posted October 9, 2008 The way this is setup is very unusual......and unlike Darren suggested this is not lethal if users can simply connect to the jasager admin page and turn Karma off xD Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted October 9, 2008 Share Posted October 9, 2008 IIRC the Karma page is password protected. Quote Link to comment Share on other sites More sharing options...
iyeman Posted October 9, 2008 Share Posted October 9, 2008 IIRC the Karma page is password protected. only the webif page was password protected when i checked earlier. I already packed mine up since works almost over but will check again when i get home. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 9, 2008 Share Posted October 9, 2008 Both Jasager and webif are password protected. The username is root and the password is whatever your root password is. Quote Link to comment Share on other sites More sharing options...
Bitstream Posted October 10, 2008 Share Posted October 10, 2008 Both Jasager and webif are password protected. The username is root and the password is whatever your root password is. Hmmm, for me, the Jasager page is protected if you go to it on port 1471 but not if you connect straight to port 80...then it will just happily forward you with no authentication required. The webif.html is protected on port 80 though. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 10, 2008 Share Posted October 10, 2008 Hmmm, for me, the Jasager page is protected if you go to it on port 1471 but not if you connect straight to port 80...then it will just happily forward you with no authentication required. The webif.html is protected on port 80 though. Sounds like the .htaccess maybe ended up in the wrong place. I'll have a look. Quote Link to comment Share on other sites More sharing options...
colforbin Posted October 10, 2008 Share Posted October 10, 2008 Same results here. Jasager page is accessible without authentication. /webif.html asks for a username/password. Quote Link to comment Share on other sites More sharing options...
RchGrav Posted October 10, 2008 Share Posted October 10, 2008 Same results here. Jasager page is accessible without authentication. /webif.html asks for a username/password. Hi Everyone... The step where Darren told you to copy over all of the karma\www stuff wasn't necessary as far as I can tell... Digininja has it running on the 1471 port PW protected right where it sits under karma/www. At this point, your best bet is to do some command line cleanup of the main www folder. You can figure out what to delete by looking at what copied over.. luckily all of the webif stuff is still there and wasn't overwritten. Thats what I did to clean up mine, and I was wondering why Darren had that extra step in there. Maybe the instructions should be edited a bit. Mine is working great with both sites PW protected. Quote Link to comment Share on other sites More sharing options...
RchGrav Posted October 10, 2008 Share Posted October 10, 2008 I think its time we discussed how the network configuration of how this device works as I still cant get this setup in a way that is easy for me to use and this im sure is annoying others just as much quietly. There are two interfaces: 1. WIFI (actually the LAN) 2. LAN (actually the link to the INTERNET, your LAN or WAN etc) I cant seem to control the DHCP addresses assigned by the WIFI interface to connecting clients. How do I configure DNS and GATEWAY options for this interface to distribute to wireless clients? None of these settins are available on the OpenWRT config page. The LAN interface appears to exist on the same subnet as the WIFI interface which I think is really bad as it allows clients to access the config page. Are these interfaces bridged and they need to exist on the same subnet in order to exchange information (this is what im assuming)? How to I stop wireless clients (and only wireless clients) accessing the Jasager config page (http://192.168.1.1) as I have been told this can be done with IPTables? Is it possible to change the address this is accessed from or this interfaces IP? Finally what are the names of these interfaces within the OpenWRT OS (I think one is eth0 but i dont think the LAN interface is called this and its called br-lan). Just a general overview of how this all works together would be really appreciated and some links would at least provide me with a starting point. I also found this to be true, webif is a little (lot) wacked as it sits. I was going to tweak a few things but was concerned if I made the wrong move I may brick my jasager (lock myself out networking wise.) If changes are made, can they be safely set back to default using the reset switch? I also have the same questions .exe has. Quote Link to comment Share on other sites More sharing options...
iyeman Posted October 10, 2008 Share Posted October 10, 2008 I also found this to be true, webif is a little (lot) wacked as it sits. I was going to tweak a few things but was concerned if I made the wrong move I may brick my jasager (lock myself out networking wise.) I did lock myself earlier today and was afraid i was gonna be out 40 bucks but discovered that if you go back to "Step 11: Flash FON's firmware." you can reflash and start over again. If changes are made, can they be safely set back to default using the reset switch? As far as my testing the reset switch appears to be useless. Quote Link to comment Share on other sites More sharing options...
.exe Posted October 10, 2008 Author Share Posted October 10, 2008 Im just glad people are beginning to talk about this...... This needs password protection and should only be accessed via something exotic like the webif page. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 10, 2008 Share Posted October 10, 2008 Im just glad people are beginning to talk about this...... This needs password protection and should only be accessed via something exotic like the webif page. In my standard install anything on port 1471 is protected by the equivalent of htaccess. The setting for that is in /karma/etc/httpd.conf. Darren adding the step to rename index.html and replace it with mine is to stop the need for adding port 1471 onto the url. The problem may be the redirect that this is doing. Try closing browser down completely (all windows) and then hitting <fon>:1471/ directly, see what happens. Quote Link to comment Share on other sites More sharing options...
iyeman Posted October 10, 2008 Share Posted October 10, 2008 In my standard install anything on port 1471 is protected by the equivalent of htaccess. The setting for that is in /karma/etc/httpd.conf. Darren adding the step to rename index.html and replace it with mine is to stop the need for adding port 1471 onto the url. The problem may be the redirect that this is doing. Try closing browser down completely (all windows) and then hitting <fon>:1471/ directly, see what happens. If you copy the httpd.conf from the karma/etc folder to the root/etc folder and overwrite the existing one it will prompt with UN/PWD for both jasager and webif. Quote Link to comment Share on other sites More sharing options...
.exe Posted October 12, 2008 Author Share Posted October 12, 2008 Thats cool :) Thats much more secure now and worth adding to the guide. However I would advise everyone to take into account this doesnt used cookie based authentication. So to logout in firefox you will have to clear your private data so it forgets the httpd credentials. It would be nice if you could stop clients connecting to that IP altogether though. Any news on how to do this with IPTables Darren? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted October 13, 2008 Share Posted October 13, 2008 I've started moving some stuff to the Jasager wiki, feel free to create/edit the tutorials http://wiki.hak5.org/wiki/Fon_Jasager_Install http://wiki.hak5.org/wiki/Jasager Quote Link to comment Share on other sites More sharing options...
Bitstream Posted October 13, 2008 Share Posted October 13, 2008 Anyone got Jasager to work on Linux using an EVDO card to route the traffic in/out to the internet? Quote Link to comment Share on other sites More sharing options...
.exe Posted October 16, 2008 Author Share Posted October 16, 2008 The next step is connecting the jasager to the internet. Anything free or low cost available to do this in europe? Ideally it needs to be a mobile device so any recommendations? UPDATE: Heres the best I could come up with http://threestore.three.co.uk/dealsummary....code=18MB1GD017 but it would require running XP which is not good if you wanna run BT3 over Madwifi. A second pc is not practical either. I have also noticed this post: http://hak5.org/forums/index.php?showtopic=10215&st=20 Its interesting that he has used ICS to leaverage his internet but this overcomplicates the setup and anchors you to XP (again). Quote Link to comment Share on other sites More sharing options...
semperfive Posted October 18, 2008 Share Posted October 18, 2008 I agree. While I understand the benefits of Karmetasploit already running on BT3, I'm interested in attempting to bridge or share an internet connection coming in over eth0 into my eee PC and the internet coming in and out of ath0/wifi0. I think that ultimately the modular nature of the jasager combined with the pre installed environment of BT3 will be the ultimate in pentesting. I am very interested in any sage advice someone would have in performing this bridge in linux (specifically BT3). I can't get it to work. But, regardless of the frustration with the internet connection sharing, this has been a very fun project! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.