itsm0ld Posted October 15, 2011 Posted October 15, 2011 Ok guys this is my first post on the board! I have a Fon2100 with Jasager and Karma working, my issue is browsing from a victim machine. OK here is my setup: Pineapple IP:10.110.0.2 Laptop with internet connection: Running VM workstation and BT 5 r2 eth0: 10.110.0.1 eth1: 192.168.7.20 GW 192.168.7.1 connection to internet is functional I get everything setup and happy the following is true: BT 5 can ping and browse the internet via eth1 BT 5 can ping the fon at 10.110.0.2, also can open jasager interface and turn on karma I then issue the following commands to setup ICS: iptables -A FORWARD -i eth1 -o eth0 -s 10.110.0.0/24 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE route del default route add default gw 192.168.7.1 OK, now I fire up my Win7 home laptop and connect to the Jasager AP, I can see the victim in the Jasager interface! I check my IP on the victim laptop and it is 10.110.0.110 GW 10.110.0.2 OK from a cmd prompt on the victim I can ping 10.110.0.1 and 10.110.0.2 successfully OK I then see if I can ping something on the internet like 4.2.2.2 and it is successful OK Next I type nslookup, then try www.google.com and I get a response, sweet everything should be fine right? I can ping the internet, I resolve DNS, but as soon as I try and browse with a web browser I get the following: Firefox: The connection was reset IE: Internet Explorer cannot display the webpage So my question is what am I missing? Seems to be something simple but im missing it... Hope I have given all the information required for you guys to help me out. Thanks in advance for any help. Quote
itsm0ld Posted October 15, 2011 Author Posted October 15, 2011 Sorry I forgot to add that I also issue the below command before the iptables stuff: echo 1 > /proc/sys/net/ipv4/ip_forward Just cant get it to browse.... Quote
itsm0ld Posted October 16, 2011 Author Posted October 16, 2011 OK I have been banging my head against the wall all day... I have shortened my ICS commands to just: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE (eth1 is connected to the internet) After the above commands I can SSH to the fon and then from the fon itself ping 4.2.2.2, then google.com From the victim laptop I can still ping the fon at 10.110.0.2, I can ping the gateway 10.110.0.1, I can ping google.com I'm totally lost, I can ping the internet, I can resolve host names...I can even tracert to external IP addresses from the victim Anyone before I go totally mad? Quote
bobbyb1980 Posted October 16, 2011 Posted October 16, 2011 You should not be able to ping www.google.com from the router if it's setup correctly, the router (pineapple or fon or whatever) should not be receiving DNS info. However you should be able to ping the internet from the router, and the victim machine should be using the attacking machine for DNS, not the router. Maybe you should go check your DNS settings on the router (for the client side) and make sure the DHCP is giving out the correct DNS info (on the server side). and also try to connect with another machine just to make sure it's not a goofy windows problem. Quote
itsm0ld Posted October 17, 2011 Author Posted October 17, 2011 bobbyb1980 - Thank you for the response! After reading your response I started to doubt my actual fon setup. I had ordered a second fon via ebay for a killer deal and decided to start over. So this time I followed Darrens guide until step 10. After step 10 I used netshrouds guide for Jasager firmware install and this time everything worked fine. As an interesting side note I can still ping google.com from the fon that works not sure what is up with that. So thanks for the nudge in the right direction to have a look at the fon rather than my ICS code for BT 5 r1. The good news about this is I got a ton of good reading in on iptables,open wrt... all good stuff ! Quote
bobbyb1980 Posted October 17, 2011 Posted October 17, 2011 The setup can be a little iffy but if you're on good terms with the tcp/ip gods they usually let the traffic flow : P I've read in several other tutorials that the router shouldn't be using any DNS. If it works for you, don't fix it if it isn't broken. I also completed several tutorials on ICS before I got it right. Now, all I do is start the router, enabling IP forwarding and set wlan0 to masquerade on the attacking machine, and that's really it, takes about 1 min. This project also taught me a lot also about networking and how traffic flows, etc. The cool part about the pineapple is that there are endless possibilities with what can be done. Right now I am flashing a tplink wireless ap and going to try to get ICS running on it. Get ICS working on any other routers besides the fon or open mesh? Quote
Xcellerator Posted October 18, 2011 Posted October 18, 2011 I believe you can get Jasager working with ICS on some Alfa models. (Maybe the Alfa AP51)? Quote
itsm0ld Posted October 24, 2011 Author Posted October 24, 2011 Right now I am flashing a tplink wireless ap and going to try to get ICS running on it. Get ICS working on any other routers besides the fon or open mesh? Right on I hope the TPlink works out, I would be interested to hear more about it. I really decided to go with the fon becasue I have been working on the same type of thing using airbase-ng with BT5 r1 and for whatever reason I was having throughput issues. Regardless of hardware / software configuration I was getting .7 MB down and 3.5 MB up speed on the victim machines. With the same setup just using Jasager rather than my Alfa card running rtl8187 I can get upwards of 15MB both ways. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.