Jump to content

Mk3 Firmware V2.1.2


Recommended Posts

Hi, To Everyone and thanks for your hard work on the new firmware 2.0.1.Can't wait for 3.0 firmware.

The unit is flashed with 2.0.1 and normal configuration.

The issue that I am having in the GUI after turning off Karma is that it just hangs their and does not refresh the page so then I unplug the MK3 unit and then plug it back in, long story short. I can't access the MK3 unit after that.So the only way to access the MK3 unit again is to reflash the unit with fon-flash-gui for linux and then the unit works again. I am also pinging the unit at the same time to see if there is a connection, but there is no connection before or after unplug the unit.

Also, I can't remember how to upload/download files with the MK3 unit in a Linux OS. I know that using WinSCP for windows will work, but as of right know I don't have a windows box handy.

Thanks,

Ha, I think 3.0 is still far along ;)

Could you do me a favor and test this:

1. SSH into the pineapple when karma is turned on

2. Execute this command: "hostapd_cli -p /var/run/hostapd-phy0 karma_disable"

3. Does the pineapple still run?

4. If yes, check the interface again. Refresh may be needed. It should say karma disabled.

If that is the case, let me know, I have a feeling I know what is doing that.

Best,

Sebkinne

Link to comment
Share on other sites

  • Replies 112
  • Created
  • Last Reply

Top Posters In This Topic

Ha, I think 3.0 is still far along ;)

Could you do me a favor and test this:

1. SSH into the pineapple when karma is turned on

2. Execute this command: "hostapd_cli -p /var/run/hostapd-phy0 karma_disable"

3. Does the pineapple still run?

4. If yes, check the interface again. Refresh may be needed. It should say karma disabled.

If that is the case, let me know, I have a feeling I know what is doing that.

Best,

Sebkinne

Hi,Seb

Now some more errors with 2.0.1.

Fist I had to reflash the unit so it would work again. After reflashing it the interface would said disabled and then I would go to advanced page and click on refresh ip tables and then restore to factor for the status page to say interface enabled.

Ok second, I tried what you said but it just froze on me and I could not ping or ssh into it or refresh the web page.

I did get this for the fist time on the config page.

Warning: fopen(/etc/config/wireless) [function.fopen]: failed to open stream: No such file or directory in /www/pineapple/config.php on line 73

Could not open file!

Here is the ping request that I would get and it looks like its taking awhile to boot up.

@ ~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
From 172.16.42.42 icmp_seq=1 Destination Host Unreachable
From 172.16.42.42 icmp_seq=2 Destination Host Unreachable
From 172.16.42.42 icmp_seq=3 Destination Host Unreachable
From 172.16.42.42 icmp_seq=4 Destination Host Unreachable
From 172.16.42.42 icmp_seq=5 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4006ms
pipe 3
@ ~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
From 172.16.42.42 icmp_seq=1 Destination Host Unreachable
From 172.16.42.42 icmp_seq=2 Destination Host Unreachable
From 172.16.42.42 icmp_seq=3 Destination Host Unreachable
From 172.16.42.42 icmp_seq=4 Destination Host Unreachable
From 172.16.42.42 icmp_seq=5 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4007ms
pipe 3
@~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
From 172.16.42.42 icmp_seq=3 Destination Host Unreachable
From 172.16.42.42 icmp_seq=4 Destination Host Unreachable
From 172.16.42.42 icmp_seq=5 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4016ms
pipe 2
@~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
From 172.16.42.42 icmp_seq=1 Destination Host Unreachable
From 172.16.42.42 icmp_seq=4 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 0 received, +2 errors, 100% packet loss, time 4007ms

@ ~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
From 172.16.42.42 icmp_seq=1 Destination Host Unreachable
From 172.16.42.42 icmp_seq=2 Destination Host Unreachable
From 172.16.42.42 icmp_seq=3 Destination Host Unreachable
From 172.16.42.42 icmp_seq=4 Destination Host Unreachable
64 bytes from 172.16.42.1: icmp_req=5 ttl=64 time=1011 ms

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 1 received, +4 errors, 80% packet loss, time 4008ms
rtt min/avg/max/mdev = 1011.247/1011.247/1011.247/0.000 ms, pipe 3
@ ~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
64 bytes from 172.16.42.1: icmp_req=1 ttl=64 time=1.55 ms
64 bytes from 172.16.42.1: icmp_req=2 ttl=64 time=0.959 ms
64 bytes from 172.16.42.1: icmp_req=3 ttl=64 time=0.945 ms
64 bytes from 172.16.42.1: icmp_req=5 ttl=64 time=0.985 ms

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4008ms
rtt min/avg/max/mdev = 0.945/1.111/1.555/0.256 ms
@ ~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4006ms

@ ~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
From 172.16.42.42 icmp_seq=2 Destination Host Unreachable
From 172.16.42.42 icmp_seq=3 Destination Host Unreachable
From 172.16.42.42 icmp_seq=4 Destination Host Unreachable
From 172.16.42.42 icmp_seq=5 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4007ms
pipe 2
@ ~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
From 172.16.42.42 icmp_seq=2 Destination Host Unreachable
From 172.16.42.42 icmp_seq=3 Destination Host Unreachable
From 172.16.42.42 icmp_seq=4 Destination Host Unreachable
From 172.16.42.42 icmp_seq=5 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4008ms
pipe 2
@ ~ $ ping 172.16.42.1 -c 5
PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.
From 172.16.42.42 icmp_seq=1 Destination Host Unreachable
From 172.16.42.42 icmp_seq=2 Destination Host Unreachable
From 172.16.42.42 icmp_seq=3 Destination Host Unreachable
From 172.16.42.42 icmp_seq=4 Destination Host Unreachable
From 172.16.42.42 icmp_seq=5 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4016ms
pipe 3

Also, I here is the ssh connection or how many time it took.

~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: No route to host
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: No route to host
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: No route to host
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: No route to host
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: No route to host
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: No route to host
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: No route to host
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
r ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
 ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
ssh: connect to host 172.16.42.1 port 22: Connection refused
@ ~ $ ssh 172.16.42.1 -l root
root@172.16.42.1's password: 

BusyBox v1.19.3 (2012-01-02 16:35:40 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

root@Pineapple:~# hostapd_cli -p /var/run/hostapd-phy0 karma_disable

this is where is froze

Now I have to reflash the unit for it to work again.

Edited by catz
Link to comment
Share on other sites

Just wanted to catch up and indicate that all appears to be working GREAT, thanks seb!!

Just flashed 3 Alfa AP51 units with 2.0.1 and it worked like a charm.

Karma is working perfectly (now that I understand the diff between 2.0 and previous versions!).

BROTIP: I've found that for me it works best to make the SSID change in the Karma config and saving it to something other than "pineapple" prior to hitting your "target rich environment". Coupled with Karma autostart, this works great because the "pineapple" SSID never shows up at all, even for a moment, and your new SSID with Karma just "shows up for the party" all inconspicuous like :). This is only possible due to the new implementation of Karma, thanks seb & digininja!!!!

Haven't had opportunity to use the deauth function yet. Wondering about that channel issue and the manual changing of the channel to match the target AP channel.

Is it confirmed that we have to manually change the MK3 channel to match the target AP channel in order for the deauth function to work?

Thanks again for all the hard work that goes into this project one and all!!

Link to comment
Share on other sites

Well, FWIW, I've flashed my Alfa AP51 to v2.0.1 with no problems (from Fedora x86_64).

Seems to be running fine and not encountered any problems (nor overheating), however I have noticed the web interface is sometimes slow to load the status page (index.php ?).

Does anyone fancy sharing their karma/ngrep/urlsnarf conf/lists?

nix-7

Link to comment
Share on other sites

Maybe a simple question, which IP i have to use to ping my host PC from the Pineapple.

I maybe have a solution for my Ram problem but need to access the Host Laptop

Your setup should be something like this.

Internet ======      MITM Laptop       ===== PINEAPPLE   ==WIFI connection=== Victims/Clients
x.x.x.x  ====== x.x.x.x - 172.16.42.42 ===== 172.16.42.1         ====          x.x.x.x

If you want to ping your MITM laptop from the pineapple. ping 172.16.42.42

Link to comment
Share on other sites

Okay i did some test's with my old fon to hunt down why Urlsnarf is not working.

The problem for me is that i cannot enable swap because neither theq nfs client nor kmod-mmc-over-gpio is working because of the Kernel config and mounting a cifs share make the fon crash. So no swap for me at this point.

What i did is i free'd up some Ram by dropping the cahces so that i have 3meg of free Ram. That didnt do it the fon still crashes.

Then i overvlocked the CPU to 200 and then to 220 Mhz. Unfortunately no change.

Could anybody post a cat /proc/cpuinfo of the Alfa AP51?

@Sebkinne: could you please compile configfs ( for swap on mmc/sd), swap support (maybe this is already in) and nfs client support into the Pineapple Kernel? Configfs aand the nfs client is already working in theq latest OpenWrt trunk but that one is missing Swap support and of course all the Pineapple magic ;)

Also what i have seen is that the Fonera work with faster response on the trunk Kernel.

Link to comment
Share on other sites

This is from my AP51 on 1.9 firmware.

root@Pineapple:~# cat /proc/cpuinfo
system type             : Atheros AR2315
processor               : 0
cpu model               : MIPS 4KEc V6.4
BogoMIPS                : 183.50
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 16
extra interrupt vector  : yes
hardware watchpoint     : no
ASEs implemented        :
shadow register sets    : 1
core                    : 0
VCED exceptions         : not available
VCEI exceptions         : not available

I'm pretty sure on the old openWRT there was gpio problems.

Link to comment
Share on other sites

Maybe i will try to compile an new Kernel for my FON based on the current OpenWRT trunk, where things like Swap, NFS etc.

Problem is that i first have to learn it, because i have never done that before, but i think the Openwrt Wiki will be really helpfull.

I just cant figure out why URLsnarf crashes my Fon, the CPU is as fast (or in my slower) then in the fon.

I just dont know if it is a Ram issue, when ich free up Ram in my fon up to 3,5MB it also crashes.

@Mr-Protocol:

Could you please post the output of the free command from your AP51, before and after you started URLSnarf?

Link to comment
Share on other sites

Association log confirmed not working. Everything else Karma related seems to be working great. I fired up my 'victim' test box and it got karma'd immediately upon bootup. Testing some deauth goodness now :)

EDIT#2: Entire access point deauth'ing successful.

telot

Telot : can you help me with this ? because i cant't find any configuration for "entire access point deauthing" :( :(

i just tested deauth 1 AP and it work how can i deauth entire access point, someone ?

Link to comment
Share on other sites

Not sure but i think he means deauthing all clients on that specific AP.

Maybe leaving the ClientMAC form empty and only using the BSSID of the attacked AP?

Someone here using a 2202 with this firmware?

Edited by 0xPHK
Link to comment
Share on other sites

Telot : can you help me with this ? because i cant't find any configuration for "entire access point deauthing" :( :(

i just tested deauth 1 AP and it work how can i deauth entire access point, someone ?

0xphk is correct. By leaving the Client Mac field blank, and just filling in the access points BSSID, I was able to kick every client off the access point with one click. So the pineapple just ran a simple command of: aireplay-ng -0 30 -a XX:XX:XX:XX:XX:XX mon0 where -0 means deauth, 30 is the number of deauths to send (I like to just hammer my AP's lol) -a is the access point, which if left without a -c for client mac address, will deauth the entire access point. I'm sorry if I wasn't very specific in the comment, currently I cannot get airdrop-ng to work, that would deauth every accesspoint and every client on every access point, which I think you might be eluding to here. I'll keep working on it, but as I'm back to work now, I've got a lot less time to play with my pineapple :( Has anyone else gotten airdrop-ng to work on the mark3?

telot

Link to comment
Share on other sites

0xphk is correct. By leaving the Client Mac field blank, and just filling in the access points BSSID, I was able to kick every client off the access point with one click. So the pineapple just ran a simple command of: aireplay-ng -0 30 -a XX:XX:XX:XX:XX:XX mon0 where -0 means deauth, 30 is the number of deauths to send (I like to just hammer my AP's lol) -a is the access point, which if left without a -c for client mac address, will deauth the entire access point. I'm sorry if I wasn't very specific in the comment, currently I cannot get airdrop-ng to work, that would deauth every accesspoint and every client on every access point, which I think you might be eluding to here. I'll keep working on it, but as I'm back to work now, I've got a lot less time to play with my pineapple :( Has anyone else gotten airdrop-ng to work on the mark3?

telot

Oh. Ok I understand now :) :) Thanks telot to make all things clear i thought you can deauth entire access point and kick all clients connected to that AP :) :) it would be great and powerful...if MK3 has ability to do such a thing :) :) :) without another wifi adapter for sure.

i'm not quite sure if MK3 have space to install the lib to make airdrop-ng work. (CMIIW)

Link to comment
Share on other sites

I just updated to 2.0.1 and works great with Browser but I can't ssh in !!!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

xx:xx:ee:0d:xx:20:dd:be:16:9c:96:xx:bc:xx:14:xx.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending key in /root/.ssh/known_hosts:1

RSA host key for 172.16.42.1 has changed and you have requested strict checking.

Host key verification failed.

Do i just put the Key sent by remote in somewhere ?

Thank's your doing a good job !

Link to comment
Share on other sites

You have to accept the new key. You will have to do this every re-flash.

it took a while before it allowed me to accept new key !

I may have sed and removed the old key line 1 dont't no but finally let me accept new key .

Now I know wy I ssh in ( Got My Mixer Going )

Thank's working good !

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...