Jump to content

Recommended Posts

Posted (edited)

I don't know bout the rest of you, but I wasn't able for the life of me setup ICS. I read every form on hak5 for jassager and I have sucessfully flashed the fon but wasn't able to route my victims. This how to will go from flashing all the way to ICS fully operational. I tried many different methods and came close to fully working but with limited results. This method I can replicate time after time so "in theory" should work for most folk that can't get ISC working with Jassager.

So i am going to share my results on how I setup my fon 2100 with hidden ssid and time/date updates on boot. Yes thats right correct time/date on boot and it rembers the timezone on powercycles and auto syncs every 10m! This should work for the open mesh routers as well and with some modification the fon+ too. Many posts use ICS with dhcp server on the computer...digininja time after time suggests to run the dhcp on the fon so this method will include this because its easier to find out the ip address of your victim. I used Ubuntu to do the flash and this how to should work on any linux distro.

Okay some reasoning behind my setup format:

I don't use firestarter due to the fact that I wasn't able to get it to properaly route the connected victims and there is a super sweet script I found on the forms that does what firestarter does and impliments sslstrip all at the same time. I wasn't able to get ICS working with just the script alone. I didn't choose to use wpa on the fon's wifi due to encryption slows down traffic but i did manage to hide its broadcasted ssid. I didn't install webif nor haserl to save space and that allowed me to install ntpclient and allow future addons like um wpa if u chose or airpawn. The method Darren showed us left me with not enuf free room to add the auto time/date feature. I also chose to use my onboard ent for the connection to the fon *best bandwith* and the wirless for the connection to the internet. Didgininja's firmware pack *not the package or tarball*, is what used due to its one flash and everything is installed easy cheesy and it saves alot of space on the fon for goodies unlike the other install methods i found on the forms. You don't really need webif with my guide. I highly recomending just reflashing your current fon and starting over to clear out as much space as possible and make shure your routes are set correctly.

I feel this method is the best solution for me after reading ALL the forms on hack5 on this matter so I would love to share and please make any suggestions for improvments/correct mistakes since I am not a linux guru. Some of this info came off hak5 others from searching and a TON of trial and error...hope it helps!

* rember to do all of this with root access...not sudo su or sudo but root, a full su root for best results. This is especially true when you do the iptable masquerade as it turns out doesn't work properly any other way. *

1. download the gargoyle router flash utility

<a href="http://www.gargoyle-router.com/download.php" target="_blank">http://www.gargoyle-router.com/download.php</a>

2. Now its time to flash the fon so download the jassager firmware from didgininja and un tar it.

<a href="http://www.digininja.org/jasager/download.php" target="_blank">http://www.digininja.org/jasager/download.php</a>

Open the fon flash utility from gargoyle, put your user account pw in and then browse to the extracted folder select openwrt-atheros-root.squashfs for the rootfsf section, openwrt-atheros-vmlinux.lzma for the kernel section. Now click on flash router now and plug in the fon and wait for it to do all the work for you. This took me bout 10-15m tops doing this method.

3. after flashed telnet to the fon and set pw

# ifconfig eth0 192.168.1.254

# telnet 192.168.1.1

# passwd

4. now we need to setup the wireless...

# uci set wireless.wifi0.disabled=0

# uci commit wireless && wifi

5. Now we need to setup proper routing on the fon...for now I'm going to use the 192.168.1.0/24 subnet for the fon and my home's subnet is 192.168.2.0/24 subnet.I manually set the network lan's dns to a dns server on the internet to avoid routing issues when connected to other ip subnets like in airports. This will give me more flexibility on connections so I don't have to manually edit routing tables on the fon every time I change locations. 192.168.1.1 will be the fon's ip and the ip of the fon connected nic will be 192.168.1.254.

# uci set network.lan.gateway=192.168.1.254

# uci set network.lan.dns=166.102.165.13

# uci commit network

if you want to use another subnet for the fon then....

# uci set network.lan.ipaddr=*ip you want the fon*

# uci set network.lan.gateway=*ip you want the fons static route to the pc*

# uci set network.lan.dns=*ip of any internet dns not lan provided*

# uci commit network

6. now we need to setup dhcp/dnsmasq on the fon...

Edit this file...

In /etc/config/dhcp, under the section config dhcp lan, add:

list 'dhcp_option' '3,192.168.1.254'

list 'dhcp_option' '6,166.102.165.13'

rember to channge the '3,192.168.1.254' with the ip of the computer's static route from the fon if you chose a diff subnet. Also change the '6,166.102.165.13' *dns* if you changed that in the previous step. I used vi to edit the file since its built in and all...if you don't know how to use vi i will suggest google to learn the basic commands of editing and saving the file. Again using vi to save space by not installing another editor.

7. now type reboot in the telnet prompt and let the fon reboot.

8. Now at this stage so well have to enable "ICS". This is done in linux with iptables masqurade...either use a script or you can manually set it by a few commands...rember replace wlan0 with your internet connected adapter...

# echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

1

# iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

If you like the script to do ICS and ssl srtip for you...

mad props to echoblack for this one

NEW PINEAPPLE-0.9.1 Support for BackTrack4 included in the installer!

<a href="http://rapidshare.com/files/393232951/pineapple-0.9.1.tar.gz" target="_blank">http

://rapidshare.com/files/393232951/pine...e-0.9.1.tar.gz

</a>

referenced to <a href="http://www.hak5.org/forums/index.php?showtopic=15200" target="_blank">http://www.hak5.org/forums/index.php?showtopic=15200</a>

* again just that script alone and his guide didn't get me operational *

9. Now in theory you should be able to ping a web site and run these commands to install the package for the correct date/time.

# opkg update

# opkg install ntpclient

10. now we need to setup a script on boot that will sync

the fon to the time servers....

# vi /etc/init.d/S55ntpclient

in the new doc place...

#!/bin/sh

/usr/sbin/ntpclient -c 1 -s -h 0.openwrt.pool.ntp.org &

then afterwords in terminal: chmod a+x /etc/init.d/S55ntpclient

11. now if u want to keep the ntp clent to sync automatically every 10m...

# vi /etc/crontabs/root

and then in there....

# to timesync every 10 minutes

*/10 * * * * /etc/init.d/S55ntpclient

save it and chmod a+x /etc/crontabs/root

12. now we want to set the time zone to boot...I am in Central United States time zone so youll have to modify as need.

vi /etc/config/system

put in CST6CDT,M3.2.0,M11.1.0 for the time zone instead of utc

more time zones coding check out:

<a href="http://wiki.openwrt.org/doc/uci/system" target="_blank">http://wiki.openwrt.org/doc/uci/system</a>

13. Almost done! now we setup the wirelss configuration changes like changing the ssid and hiding it.

# vi /etc/config/wireless

change ssid 'your wanted ssid'

add this under ssid line...

option 'hidden' '1'

14. Last thing you have to do is reboot the fon and either re-run the script or manully re setup your internet fowarding by just re-setting up your enet by a ifconfig eth0 192.168.1.254 up and start karma and should be good to go. Now connect over HTTP using your browser of choice to the Fon on port 1471

yumm packets!

Trust your Technolust!!!

Edited by NoobGuru
Posted (edited)

It's always good to have a few HowTo's. I'm glad to see another one for ICS on Linux. Before I wrote one I could not find any thing specifically for setting up the pineapple.

Just to clarify, both the iptables rules and the value set in /proc/net/ipv4 will be back to defaults after a reboot of the Linux system. The iptables would be persistent if you save them like so...

sudo /etc/init.d/iptables save

The /proc directory is dynamically built on boot up, so any modifications in there are not persistent. If you would like to make IP_Forwarding persistent you should add this line to... /etc/sysctl.conf

net.ipv4.ip_forward=1

------------

To remove the iptables rule in this HowTo you run this...

iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE

Ya, to disable the ip forwarding in the /proc you just do this...

echo 0 | sudo tee /proc/sys/net/ipv4/ip_forward

-------------

Owe, and Pineapple.sh is updated to PINEAPPLE-0.9 now.

http://www.hak5.org/forums/index.php?showtopic=15200

Edited by echoblack
  • 2 weeks later...
Posted

I found this tutorial VERY comprehensive and easy to follow.

I've had a lot of progress so far with it, but I've got a problem when clients are associating, they are getting a 192.168.0.100 range IP address. or sometimes none at all. I've followed the tutorial and *thought* i set it up for 192.168.2.* range.

I know that the fon is 192.168.2.1

and my wired eth0 is 192.168.2.254.

Home Router is 192.168.1.2.

But when clients associate, they are given the wrong range and thus no connectivity.

I *can* ping domain names from Fon.

maybe seeing these will help diagnose:

/etc/config/dhcp is as follows:

config dnsmasq
    option domainneeded    1
    option boguspriv    1
    option filterwin2k    '0'  #enable for dial on demand
    option localise_queries    1
    option local    '/lan/'
    option domain    'lan'
    option expandhosts    1
    option nonegcache    0
    option authoritative    1
    option readethers    1
    option leasefile    '/tmp/dhcp.leases'
    option resolvfile    '/tmp/resolv.conf.auto'

config dhcp lan
    option interface    lan
    option start     100
    option limit    150
    option leasetime    12h
    list 'dhcp_option' '3,192.168.2.254'
    list 'dhcp_option' '6,8.8.8.8'
    
config dhcp wan
    option interface    wan
    option ignore    1

uci show network.lan

network.lan=interface
network.lan.ifname=eth0
network.lan.type=bridge
network.lan.proto=static
network.lan.netmask=255.255.255.0
network.lan.gateway=192.168.2.254
network.lan.dns=8.8.8.8
network.lan.ipaddr=192.168.2.1

Am I missing something?

  • 2 weeks later...
Posted

Seems like your config files look fine, have u started fresh and re flashed the fon and not installed the webmin package? Digininja's firmware package is the way to go due to it has alot of tweeks added to it rather than the method Darren did. Maybe if you arn't using his firmware package your missing some tweeks he made to the fon *shruggs*?

Also doesn't matter what ip range your pc is connecting to since ur using ip masquerade aka ICS will handle the routing. How are you running the ICS? Maybe something in the ICS is casuing your out of subnet issue. The ip ranges on the computer tring to connect to the fon doesn't line up with your config files so either something else is overiding the iprange or if ur using echoblack's script did you edit it to match the ip ranges ur using? Maybe if you have firestarter on the pc might want to remove it. Regardless something is giving dhcp to the clients that isn't matching to your config files. Personally I am not an expert at dnsmasq but for me it seems like the fon isn't giving out the dhcp and this might be computer related *shruggs* ? You can clear your routing on the pc by folowing echoblacks previous post. For trouble shooting purposes use a ubuntu live cd and connect with the wireless card to your home ESSID and do an ifconfig eth0 192.168.2.254 up, then

# echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

1

# iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Then plug in the fon and bring up karma and see if that helps.

When I was tring to get mine working I followed exactly to the guides so you might want to re flash and use the ips I did and then after you have one working trial you can expermient and change ip ranges. Its part of the learny process and with out experimentation I woudln't have got hidden SSID and proper time stamps on boot to work. It took me many months of trial and error to perfect my method so keep at it and youll get urs working perfect ! I kept the 192.168.1.1 range on the fon so it looks more like home router setups that the "clients" are used to seeing. Also don't foget to do the part for the ntp time client and get your proper settings, dhcp releases depend on proper time or the dhcp client on the pc might just drop connection due to the lease has expired according to the fon. I dont think thats going on in your case but could attribute to it. :unsure:

Hopefully this helps trouble shoot also rember to ping ping ping, from all sides. ping from the fon, the pc and the clients. See if anything doesn't ping, again this might not be related to your issue but might help in the long run tring to trouble shoot the honeypot. Let me know if this helps and if you get up and running. Rember it took me dozens uppon dozens of flashes to get the fon working properly and where I wanted it.

good luck and keep us posted. :lol:

  • 2 months later...
Posted (edited)

<snip>

9. Now in theory you should be able to ping a web site and run these commands to install the package for the correct date/time.

# opkg update

# opkg isntall ntpclient

10. now we need to setup a script on boot that will sync

the fon to the time servers....

# vi /etc/init.d/S55ntpclient

in the new doc place...

#!/bin/sh

/usr/sbin/ntpclient -c 1 -s -h 0.openwrt.pool.ntp.org &

then afterwords in terminal: chmod a+x /etc/init.d/S55ntpclient

11. now if u want to keep the ntp clent to sync automatically every 10m...

# vi /etc/crontabs/root

and then in there....

# to timesync every 10 minutes

*/10 * * * * /etc/init.d/S55ntpclient

save it and chmod a+x /etc/crontabs/root

12. now we want to set the time zone to boot...I am in Central United States time zone so youll have to modify as need.

vi /etc/config/system

put in CST6CDT,M3.2.0,M11.1.0 for the time zone instead of utc

more time zones coding check out:

http://wiki.openwrt.org/doc/uci/system

<snip>

Nice one thanks. I quite like the ntp section...

Edited by rosbif
Posted (edited)

hehe tkx :)

took me alot of time and effort to come with the method i use, the ntp clock is sweet, very slick to not worry bout it esp when you use ssl strip. Makes a great setup esp with echoblacks's sweet scripts. Hope my post helped you.

ps...

glad there are other linux users out there, i am forced to use windows for true gaming and work, but love to play linux hehe. I tried to do ics with winblows but never got it working but linux finally came though. Hit me up if yall come up with some sweet mods i should add to the OP ;)

Edited by TreBlaNoJ

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...