Sebkinne Posted January 6, 2012 Author Posted January 6, 2012 Hi, To Everyone and thanks for your hard work on the new firmware 2.0.1.Can't wait for 3.0 firmware. The unit is flashed with 2.0.1 and normal configuration. The issue that I am having in the GUI after turning off Karma is that it just hangs their and does not refresh the page so then I unplug the MK3 unit and then plug it back in, long story short. I can't access the MK3 unit after that.So the only way to access the MK3 unit again is to reflash the unit with fon-flash-gui for linux and then the unit works again. I am also pinging the unit at the same time to see if there is a connection, but there is no connection before or after unplug the unit. Also, I can't remember how to upload/download files with the MK3 unit in a Linux OS. I know that using WinSCP for windows will work, but as of right know I don't have a windows box handy. Thanks, Ha, I think 3.0 is still far along ;) Could you do me a favor and test this: 1. SSH into the pineapple when karma is turned on 2. Execute this command: "hostapd_cli -p /var/run/hostapd-phy0 karma_disable" 3. Does the pineapple still run? 4. If yes, check the interface again. Refresh may be needed. It should say karma disabled. If that is the case, let me know, I have a feeling I know what is doing that. Best, Sebkinne Quote
catz Posted January 6, 2012 Posted January 6, 2012 (edited) Ha, I think 3.0 is still far along ;) Could you do me a favor and test this: 1. SSH into the pineapple when karma is turned on 2. Execute this command: "hostapd_cli -p /var/run/hostapd-phy0 karma_disable" 3. Does the pineapple still run? 4. If yes, check the interface again. Refresh may be needed. It should say karma disabled. If that is the case, let me know, I have a feeling I know what is doing that. Best, Sebkinne Hi,Seb Now some more errors with 2.0.1. Fist I had to reflash the unit so it would work again. After reflashing it the interface would said disabled and then I would go to advanced page and click on refresh ip tables and then restore to factor for the status page to say interface enabled. Ok second, I tried what you said but it just froze on me and I could not ping or ssh into it or refresh the web page. I did get this for the fist time on the config page. Warning: fopen(/etc/config/wireless) [function.fopen]: failed to open stream: No such file or directory in /www/pineapple/config.php on line 73 Could not open file! Here is the ping request that I would get and it looks like its taking awhile to boot up. @ ~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.42 icmp_seq=1 Destination Host Unreachable From 172.16.42.42 icmp_seq=2 Destination Host Unreachable From 172.16.42.42 icmp_seq=3 Destination Host Unreachable From 172.16.42.42 icmp_seq=4 Destination Host Unreachable From 172.16.42.42 icmp_seq=5 Destination Host Unreachable --- 172.16.42.1 ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4006ms pipe 3 @ ~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.42 icmp_seq=1 Destination Host Unreachable From 172.16.42.42 icmp_seq=2 Destination Host Unreachable From 172.16.42.42 icmp_seq=3 Destination Host Unreachable From 172.16.42.42 icmp_seq=4 Destination Host Unreachable From 172.16.42.42 icmp_seq=5 Destination Host Unreachable --- 172.16.42.1 ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4007ms pipe 3 @~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.42 icmp_seq=3 Destination Host Unreachable From 172.16.42.42 icmp_seq=4 Destination Host Unreachable From 172.16.42.42 icmp_seq=5 Destination Host Unreachable --- 172.16.42.1 ping statistics --- 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4016ms pipe 2 @~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.42 icmp_seq=1 Destination Host Unreachable From 172.16.42.42 icmp_seq=4 Destination Host Unreachable --- 172.16.42.1 ping statistics --- 5 packets transmitted, 0 received, +2 errors, 100% packet loss, time 4007ms @ ~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.42 icmp_seq=1 Destination Host Unreachable From 172.16.42.42 icmp_seq=2 Destination Host Unreachable From 172.16.42.42 icmp_seq=3 Destination Host Unreachable From 172.16.42.42 icmp_seq=4 Destination Host Unreachable 64 bytes from 172.16.42.1: icmp_req=5 ttl=64 time=1011 ms --- 172.16.42.1 ping statistics --- 5 packets transmitted, 1 received, +4 errors, 80% packet loss, time 4008ms rtt min/avg/max/mdev = 1011.247/1011.247/1011.247/0.000 ms, pipe 3 @ ~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. 64 bytes from 172.16.42.1: icmp_req=1 ttl=64 time=1.55 ms 64 bytes from 172.16.42.1: icmp_req=2 ttl=64 time=0.959 ms 64 bytes from 172.16.42.1: icmp_req=3 ttl=64 time=0.945 ms 64 bytes from 172.16.42.1: icmp_req=5 ttl=64 time=0.985 ms --- 172.16.42.1 ping statistics --- 5 packets transmitted, 4 received, 20% packet loss, time 4008ms rtt min/avg/max/mdev = 0.945/1.111/1.555/0.256 ms @ ~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. --- 172.16.42.1 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4006ms @ ~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.42 icmp_seq=2 Destination Host Unreachable From 172.16.42.42 icmp_seq=3 Destination Host Unreachable From 172.16.42.42 icmp_seq=4 Destination Host Unreachable From 172.16.42.42 icmp_seq=5 Destination Host Unreachable --- 172.16.42.1 ping statistics --- 5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4007ms pipe 2 @ ~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.42 icmp_seq=2 Destination Host Unreachable From 172.16.42.42 icmp_seq=3 Destination Host Unreachable From 172.16.42.42 icmp_seq=4 Destination Host Unreachable From 172.16.42.42 icmp_seq=5 Destination Host Unreachable --- 172.16.42.1 ping statistics --- 5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4008ms pipe 2 @ ~ $ ping 172.16.42.1 -c 5 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.42 icmp_seq=1 Destination Host Unreachable From 172.16.42.42 icmp_seq=2 Destination Host Unreachable From 172.16.42.42 icmp_seq=3 Destination Host Unreachable From 172.16.42.42 icmp_seq=4 Destination Host Unreachable From 172.16.42.42 icmp_seq=5 Destination Host Unreachable --- 172.16.42.1 ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4016ms pipe 3 Also, I here is the ssh connection or how many time it took. ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: No route to host ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: No route to host ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: No route to host ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: No route to host ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: No route to host ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: No route to host ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: No route to host ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused r ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root ssh: connect to host 172.16.42.1 port 22: Connection refused @ ~ $ ssh 172.16.42.1 -l root root@172.16.42.1's password: BusyBox v1.19.3 (2012-01-02 16:35:40 CET) built-in shell (ash) Enter 'help' for a list of built-in commands. root@Pineapple:~# hostapd_cli -p /var/run/hostapd-phy0 karma_disable this is where is froze Now I have to reflash the unit for it to work again. Edited January 6, 2012 by catz Quote
Thetra Posted January 6, 2012 Posted January 6, 2012 I had exactly the same problem under BT5R1 Gnome, Worked as a charme on KDE. Don`t ask me why, Quote
hfam Posted January 6, 2012 Posted January 6, 2012 Just wanted to catch up and indicate that all appears to be working GREAT, thanks seb!! Just flashed 3 Alfa AP51 units with 2.0.1 and it worked like a charm. Karma is working perfectly (now that I understand the diff between 2.0 and previous versions!). BROTIP: I've found that for me it works best to make the SSID change in the Karma config and saving it to something other than "pineapple" prior to hitting your "target rich environment". Coupled with Karma autostart, this works great because the "pineapple" SSID never shows up at all, even for a moment, and your new SSID with Karma just "shows up for the party" all inconspicuous like :). This is only possible due to the new implementation of Karma, thanks seb & digininja!!!! Haven't had opportunity to use the deauth function yet. Wondering about that channel issue and the manual changing of the channel to match the target AP channel. Is it confirmed that we have to manually change the MK3 channel to match the target AP channel in order for the deauth function to work? Thanks again for all the hard work that goes into this project one and all!! Quote
nix-7 Posted January 6, 2012 Posted January 6, 2012 Well, FWIW, I've flashed my Alfa AP51 to v2.0.1 with no problems (from Fedora x86_64). Seems to be running fine and not encountered any problems (nor overheating), however I have noticed the web interface is sometimes slow to load the status page (index.php ?). Does anyone fancy sharing their karma/ngrep/urlsnarf conf/lists? nix-7 Quote
darkside40 Posted January 6, 2012 Posted January 6, 2012 Maybe a simple question, which IP i have to use to ping my host PC from the Pineapple. I maybe have a solution for my Ram problem but need to access the Host Laptop Quote
Mr-Protocol Posted January 6, 2012 Posted January 6, 2012 Maybe a simple question, which IP i have to use to ping my host PC from the Pineapple. I maybe have a solution for my Ram problem but need to access the Host Laptop Your setup should be something like this. Internet ====== MITM Laptop ===== PINEAPPLE ==WIFI connection=== Victims/Clients x.x.x.x ====== x.x.x.x - 172.16.42.42 ===== 172.16.42.1 ==== x.x.x.x If you want to ping your MITM laptop from the pineapple. ping 172.16.42.42 Quote
darkside40 Posted January 8, 2012 Posted January 8, 2012 Okay i did some test's with my old fon to hunt down why Urlsnarf is not working. The problem for me is that i cannot enable swap because neither theq nfs client nor kmod-mmc-over-gpio is working because of the Kernel config and mounting a cifs share make the fon crash. So no swap for me at this point. What i did is i free'd up some Ram by dropping the cahces so that i have 3meg of free Ram. That didnt do it the fon still crashes. Then i overvlocked the CPU to 200 and then to 220 Mhz. Unfortunately no change. Could anybody post a cat /proc/cpuinfo of the Alfa AP51? @Sebkinne: could you please compile configfs ( for swap on mmc/sd), swap support (maybe this is already in) and nfs client support into the Pineapple Kernel? Configfs aand the nfs client is already working in theq latest OpenWrt trunk but that one is missing Swap support and of course all the Pineapple magic ;) Also what i have seen is that the Fonera work with faster response on the trunk Kernel. Quote
Mr-Protocol Posted January 9, 2012 Posted January 9, 2012 This is from my AP51 on 1.9 firmware. root@Pineapple:~# cat /proc/cpuinfo system type : Atheros AR2315 processor : 0 cpu model : MIPS 4KEc V6.4 BogoMIPS : 183.50 wait instruction : yes microsecond timers : yes tlb_entries : 16 extra interrupt vector : yes hardware watchpoint : no ASEs implemented : shadow register sets : 1 core : 0 VCED exceptions : not available VCEI exceptions : not available I'm pretty sure on the old openWRT there was gpio problems. Quote
darkside40 Posted January 9, 2012 Posted January 9, 2012 Maybe i will try to compile an new Kernel for my FON based on the current OpenWRT trunk, where things like Swap, NFS etc. Problem is that i first have to learn it, because i have never done that before, but i think the Openwrt Wiki will be really helpfull. I just cant figure out why URLsnarf crashes my Fon, the CPU is as fast (or in my slower) then in the fon. I just dont know if it is a Ram issue, when ich free up Ram in my fon up to 3,5MB it also crashes. @Mr-Protocol: Could you please post the output of the free command from your AP51, before and after you started URLSnarf? Quote
Sebkinne Posted January 9, 2012 Author Posted January 9, 2012 Darkside, I will compile you one, I am just not in at the moment. Should get it by tonight. Best, Sebkinne Quote
darkside40 Posted January 10, 2012 Posted January 10, 2012 That would be absolutely great. Very important is to have Swap support and NFS working and ConfigFS compiled into the Kernel. Quote
Marlboro Filter Posted January 11, 2012 Posted January 11, 2012 Association log confirmed not working. Everything else Karma related seems to be working great. I fired up my 'victim' test box and it got karma'd immediately upon bootup. Testing some deauth goodness now :) EDIT#2: Entire access point deauth'ing successful. telot Telot : can you help me with this ? because i cant't find any configuration for "entire access point deauthing" :( :( i just tested deauth 1 AP and it work how can i deauth entire access point, someone ? Quote
0xPHK Posted January 12, 2012 Posted January 12, 2012 (edited) Not sure but i think he means deauthing all clients on that specific AP. Maybe leaving the ClientMAC form empty and only using the BSSID of the attacked AP? Someone here using a 2202 with this firmware? Edited January 12, 2012 by 0xPHK Quote
telot Posted January 12, 2012 Posted January 12, 2012 Telot : can you help me with this ? because i cant't find any configuration for "entire access point deauthing" :( :( i just tested deauth 1 AP and it work how can i deauth entire access point, someone ? 0xphk is correct. By leaving the Client Mac field blank, and just filling in the access points BSSID, I was able to kick every client off the access point with one click. So the pineapple just ran a simple command of: aireplay-ng -0 30 -a XX:XX:XX:XX:XX:XX mon0 where -0 means deauth, 30 is the number of deauths to send (I like to just hammer my AP's lol) -a is the access point, which if left without a -c for client mac address, will deauth the entire access point. I'm sorry if I wasn't very specific in the comment, currently I cannot get airdrop-ng to work, that would deauth every accesspoint and every client on every access point, which I think you might be eluding to here. I'll keep working on it, but as I'm back to work now, I've got a lot less time to play with my pineapple :( Has anyone else gotten airdrop-ng to work on the mark3? telot Quote
Marlboro Filter Posted January 13, 2012 Posted January 13, 2012 0xphk is correct. By leaving the Client Mac field blank, and just filling in the access points BSSID, I was able to kick every client off the access point with one click. So the pineapple just ran a simple command of: aireplay-ng -0 30 -a XX:XX:XX:XX:XX:XX mon0 where -0 means deauth, 30 is the number of deauths to send (I like to just hammer my AP's lol) -a is the access point, which if left without a -c for client mac address, will deauth the entire access point. I'm sorry if I wasn't very specific in the comment, currently I cannot get airdrop-ng to work, that would deauth every accesspoint and every client on every access point, which I think you might be eluding to here. I'll keep working on it, but as I'm back to work now, I've got a lot less time to play with my pineapple :( Has anyone else gotten airdrop-ng to work on the mark3? telot Oh. Ok I understand now :) :) Thanks telot to make all things clear i thought you can deauth entire access point and kick all clients connected to that AP :) :) it would be great and powerful...if MK3 has ability to do such a thing :) :) :) without another wifi adapter for sure. i'm not quite sure if MK3 have space to install the lib to make airdrop-ng work. (CMIIW) Quote
macs777 Posted January 19, 2012 Posted January 19, 2012 I just updated to 2.0.1 and works great with Browser but I can't ssh in !!! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is xx:xx:ee:0d:xx:20:dd:be:16:9c:96:xx:bc:xx:14:xx. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:1 RSA host key for 172.16.42.1 has changed and you have requested strict checking. Host key verification failed. Do i just put the Key sent by remote in somewhere ? Thank's your doing a good job ! Quote
Mr-Protocol Posted January 19, 2012 Posted January 19, 2012 You have to accept the new key. You will have to do this every re-flash. Quote
macs777 Posted January 19, 2012 Posted January 19, 2012 You have to accept the new key. You will have to do this every re-flash. it took a while before it allowed me to accept new key ! I may have sed and removed the old key line 1 dont't no but finally let me accept new key . Now I know wy I ssh in ( Got My Mixer Going ) Thank's working good ! Quote
Josh Armour Posted January 21, 2012 Posted January 21, 2012 I can't seem to change the SSID while running. It stays as pineapple even after a reboot- even with autostart turned on. Quote
Mr-Protocol Posted January 21, 2012 Posted January 21, 2012 It's currently a little bugged, and is known about. If you want to change the SSID it broadcasts, turn off Karma, edit the Wireless Config on Advanced tab, update, start karma. Quote
darkside40 Posted January 25, 2012 Posted January 25, 2012 Darkside, I will compile you one, I am just not in at the moment. Should get it by tonight. Best, Sebkinne Hi Sebkinne, do you think you might find some time to build a Kernel with working Swap and / nor NFS? Quote
Sebkinne Posted January 25, 2012 Author Posted January 25, 2012 I am releasing a new version today - It will support NFS and should support Swap. Sorry for the delay! Best, Sebkinne Quote
Marlboro Filter Posted January 25, 2012 Posted January 25, 2012 I am releasing a new version today - It will support NFS and should support Swap. Sorry for the delay! Best, Sebkinne is it 2.0.2 seb ? Quote
Sebkinne Posted January 25, 2012 Author Posted January 25, 2012 It will be 2.1 actually. It will have nfs support, client blacklisting, properly working ssid changer and a few other changes.. Stay tuned. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.