whitehat Posted April 9, 2012 Share Posted April 9, 2012 (edited) I like big butts and I cannot lie... Edited May 16, 2012 by whitehat Quote Link to comment Share on other sites More sharing options...
Vulture Posted April 9, 2012 Share Posted April 9, 2012 I have a similar problem, although I do not have that modem atm. You will need a micro-sd card to add into the MC760. Then I would also wait until the next firmware to really have this functionality working as Sebkinne has alluded to some features that will really make use of the extra space on the micro-sd card. If you want to get this working right now, then I would read through the information others have posted regarding the MC760 and getting the sd card mounted and adding swap to the sd card (by Darren). One issue I and others are running into with the MC760 is the power consumption, you may need an external usb hub that is powered, the key word is powered so that the device does not randomly lose connection and need to be replugged to get the 3g working again. There are many great modules being developed and I would recommend exploring them to see if they meet your needs. You should also state what your objective is. Are you phishing, "rick rolling", cracking WEP/WPA networks? The scripts that you will need will depend greatly on your goals. I have personally found this device to be an amazing little piece of hardware and for anyone who knows the basics of BackTrack or Linux in general this device can be custom tailored for your needs. Based on your 3G/Karma/URL Snarf/Save Packets you can accomplish this fairly easy without any modifications, just need that sd card. Quote Link to comment Share on other sites More sharing options...
Vulture Posted April 9, 2012 Share Posted April 9, 2012 Correction: Out-of-the-Box will need to have the following changes made to get the MC760 working: 1) Update to the latest firmware (1.1.1 at time of writing) 2) Log in to the http://172.16.42.1/pineapple/ interface and go to USB and change to (You will want to follow the swap tutorial by Darren first): config global automount option from_fstab 1 option anon_mount 1 config global autoswap option from_fstab 1 option anon_swap 1 config mount option target /usb option device /dev/sda option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config mount option target /usb option device /dev/sda1 option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config swap option device /dev/sda2 option enabled 1 3) Goto the 3G menu and replace your "Mobile Broadband Connection" with: #!/bin/sh # --------------------------------------------------------- # 3G Connection Script for WiFi Pineapple. "Does the thing" # # Version: 2012-02-17 # Supports: # # ZTE MF591 (T-Mobile) -dkitchen # Novatel MC760 (Virgin) -dkitchen # Novatel MC760 (Ting) -dkitchen # # Updated: wifipineapple.com # --------------------------------------------------------- # ----------------------------------------------------------- # Configure /etc/ppp/options with hard-coded working settings # ----------------------------------------------------------- echo " logfile /dev/null noaccomp nopcomp nocrtscts lock maxfail 0" > /etc/ppp/options *1410:6002* | *1410:5031*) echo "Novatel MC760 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5031 -V 1410 -P 6002 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1410 product=0x6002 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; esac 4) Then go to the Jobs menu and remove "/www/pineapple/3g/3g.sh" from the "Execute on Boot:" section. 5) Reboot the device under the Advanced menu and wait 5 minutes. All this is corrected on the most recent code. Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 9, 2012 Author Share Posted April 9, 2012 (edited) · Hidden by whitehat, May 16, 2012 - security Hidden by whitehat, May 16, 2012 - security you other brothers can't deny Edited May 16, 2012 by whitehat Link to comment
JimJensen Posted April 9, 2012 Share Posted April 9, 2012 Will these same setting work for the Novatel MC760 (Ting)? I have the swap set up but haven't been able to get the modem working. Quote Link to comment Share on other sites More sharing options...
Vulture Posted April 10, 2012 Share Posted April 10, 2012 Will these same setting work for the Novatel MC760 (Ting)? I have the swap set up but haven't been able to get the modem working. All but step #3 you can skip that step. Also I want to reiterate the use of a powered USB hub I believe it is now a necessity for the mc760 modems while using the micro sd slot. Quote Link to comment Share on other sites More sharing options...
Vulture Posted April 10, 2012 Share Posted April 10, 2012 Thank you very much, Vulture. I don't have an academic background in computing so you may find me to be a little slow.... which is my excuse for not knowing what you mean by modules? Bits of code? Where are these modules, on the github? My objective is, I guess, to capture packets. To be honest, when I bought this thing I thought it would let me watch clients' web activity in real time, or at least give me all their keystrokes. What I really want to do is gather 2 kinds of passwords: 1. the username & pw combos that are being used to access WPA2 Enterprise and 2. all other passwords being used online such as gmail passwords. Is that possible? I will look for the other 3G info. There's basically nothing on the Wiki -- it just says supported out of the box. I tried searched some keywords, but in this forums but that didn't go too well. No worries tho, if there's juicy info in here on this then I will find it; thanks for letting me know! Whitehat, what you are looking for doesn't really exist in that sort of ease for the most part. There is a modules menu once you upgrade the firmware. Click to show the modules and you can reference their threads on the forum under their names like "key logger". This project is still evolving so not all features are available yet. You can think of the pineapple as a light weight install of backtrack installation. So study up on man in the middle attacks with backtrack. With the pineapple you are the gateway aka the man. So everything you do in those attacks can be done with the pineapple. Not to sound preachy but if you are working to show clients how you did it you should know how the background functions, so you can defeat these types of attacks or at least detect them. For example when you are done using it for attacks you can turn it around to hunt for pineapple style devices and notify you. Quote Link to comment Share on other sites More sharing options...
JimJensen Posted April 10, 2012 Share Posted April 10, 2012 (edited) I made the changes but it still isn't working. The last lines in log read: Jan 1 00:06:11 Pineapple user.notice root: 3G: Connection Script here, searching for modems Jan 1 00:09:17 Pineapple kern.notice kernel: [ 557.920000] EXT4-fs (sdb1): error count: 2 Jan 1 00:09:17 Pineapple kern.notice kernel: [ 557.920000] EXT4-fs (sdb1): initial error at 3146: ext4_put_super:754 Jan 1 00:09:17 Pineapple kern.notice kernel: [ 557.920000] EXT4-fs (sdb1): last error at 3146: ext4_put_super:754 It reads it is searching for a modem yet when I go to the 3G page it shows the modem there. Can you tell me something else to try? I would really like to get this work as I bought the modem specifically for the pineapple. I do run the modem on a powered usb hub. I also see this error in the log: Jan 1 00:00:43 Pineapple user.notice usb-modeswitch: switching seemingly failed Thanks for the help. Edited April 10, 2012 by JimJensen Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 10, 2012 Author Share Posted April 10, 2012 · Hidden by whitehat, May 16, 2012 - sec Hidden by whitehat, May 16, 2012 - sec Correction: Out-of-the-Box will need to have the following changes made to get the MC760 working: 1) Update to the latest firmware (1.1.1 at time of writing) 2) Log in to the http://172.16.42.1/pineapple/ interface and go to USB and change to (You will want to follow the swap tutorial by Darren first): config global automount option from_fstab 1 option anon_mount 1 config global autoswap option from_fstab 1 option anon_swap 1 config mount option target /usb option device /dev/sda option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config mount option target /usb option device /dev/sda1 option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config swap option device /dev/sda2 option enabled 1 3) Goto the 3G menu and replace your "Mobile Broadband Connection" with: #!/bin/sh # --------------------------------------------------------- # 3G Connection Script for WiFi Pineapple. "Does the thing" # # Version: 2012-02-17 # Supports: # # ZTE MF591 (T-Mobile) -dkitchen # Novatel MC760 (Virgin) -dkitchen # Novatel MC760 (Ting) -dkitchen # # Updated: wifipineapple.com # --------------------------------------------------------- # ----------------------------------------------------------- # Configure /etc/ppp/options with hard-coded working settings # ----------------------------------------------------------- echo " logfile /dev/null noaccomp nopcomp nocrtscts lock maxfail 0" > /etc/ppp/options *1410:6002* | *1410:5031*) echo "Novatel MC760 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5031 -V 1410 -P 6002 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1410 product=0x6002 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; esac 4) Then go to the Jobs menu and remove "/www/pineapple/3g/3g.sh" from the "Execute on Boot:" section. 5) Reboot the device under the Advanced menu and wait 5 minutes. All this is corrected on the most recent code. We must have posted at the same time because I didn't see this before. I'm reveiwing it now (thanks in advance for the help). Btw I picked up a Micro SD card like 1 hour ago. Link to comment
telot Posted April 10, 2012 Share Posted April 10, 2012 If the 3G dongle is plaguing you - do what I did and just avoid it. http://www.digi.com/products/wireless-routers-gateways/routing-gateways/digiconnectwanfamily#overview I use one of these with my pineapple when I want to drop it off somewhere on a pentest. It works like a charm acting as the computer in the most important aspects (serves up solid internet to the pineapple) and it allows me to ssh/http in to perform any administrative functions. The digi can even power the pineapple with its usb port. This setup also allows for easy use of a huge usb stick, as opposed to being limited to a slow 32gb ($max$) microsd that fits in your 3g dongle. The biggest drawback is that digis are expensive. If works paying, great - if not, you can try and find a used one on ebay. Good luck! As for your other requests, particularly the WPA enterprise - thats not currently possible with the pineapple. The pineapples all are limited to serving up and accepting open auth only. Theres another thread where digininja eludes to some other possibilities, but they appear to be very limited. Best thing about the pineapple (and all open source everything), if it doesn't exist, then make it! telot Quote Link to comment Share on other sites More sharing options...
Vulture Posted April 10, 2012 Share Posted April 10, 2012 I made the changes but it still isn't working. The last lines in log read: Jan 1 00:06:11 Pineapple user.notice root: 3G: Connection Script here, searching for modems Jan 1 00:09:17 Pineapple kern.notice kernel: [ 557.920000] EXT4-fs (sdb1): error count: 2 Jan 1 00:09:17 Pineapple kern.notice kernel: [ 557.920000] EXT4-fs (sdb1): initial error at 3146: ext4_put_super:754 Jan 1 00:09:17 Pineapple kern.notice kernel: [ 557.920000] EXT4-fs (sdb1): last error at 3146: ext4_put_super:754 It reads it is searching for a modem yet when I go to the 3G page it shows the modem there. Can you tell me something else to try? I would really like to get this work as I bought the modem specifically for the pineapple. I do run the modem on a powered usb hub. I also see this error in the log: Jan 1 00:00:43 Pineapple user.notice usb-modeswitch: switching seemingly failed Thanks for the help. SSH into the device and go to /www/pineapples/3g/ and ./3g.sh and let me know the output. Also provide the output of the "lsusb" command. Quote Link to comment Share on other sites More sharing options...
JimJensen Posted April 10, 2012 Share Posted April 10, 2012 SSH into the device and go to /www/pineapples/3g/ and ./3g.sh and let me know the output. Also provide the output of the "lsusb" command. root@Pineapple:~# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 050d:0234 Belkin Components F5U234 USB 2.0 4-Port Hub Bus 001 Device 003: ID 1410:6000 Novatel Wireless root@Pineapple:/www/pineapple/3g# ./3g.sh Searching for attached 3G Modems 1d6b:0002 050d:0234 1410:6000 Quote Link to comment Share on other sites More sharing options...
Vulture Posted April 10, 2012 Share Posted April 10, 2012 root@Pineapple:~# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 050d:0234 Belkin Components F5U234 USB 2.0 4-Port Hub Bus 001 Device 003: ID 1410:6000 Novatel Wireless root@Pineapple:/www/pineapple/3g# ./3g.sh Searching for attached 3G Modems 1d6b:0002 050d:0234 1410:6000 On step 3 change the line *1410:5031* to *1410:6000* and the modem should work. Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 10, 2012 Author Share Posted April 10, 2012 (edited) · Hidden by whitehat, May 16, 2012 - sec Hidden by whitehat, May 16, 2012 - sec who is your favorite booty girl? Edited May 16, 2012 by whitehat Link to comment
JimJensen Posted April 11, 2012 Share Posted April 11, 2012 On step 3 change the line *1410:5031* to *1410:6000* and the modem should work. I made the change but it isn't working. Here is the result of ./3g.sh root@Pineapple:/www/pineapple/3g# ./3g.sh Searching for attached 3G Modems 1d6b:0002 1410:6000 Novatel MC760 (Ting) detected. Attempting mode switch Looking for target devices ... Found devices in target mode or class (1) Looking for default devices ... No devices in default mode found. Nothing to do. Bye. rmmod: can't unload 'usbserial': Resource temporarily unavailable insmod: can't insert 'usbserial': File exists ./3g.sh: line 113: /etc/init.d/firewall: not found ./3g.sh: line 113: /etc/init.d/firewall: not found root@Pineapple:/www/pineapple/3g# Quote Link to comment Share on other sites More sharing options...
Vulture Posted April 11, 2012 Share Posted April 11, 2012 JimJensen, That is normal, what are you seeing under the Log when that is run? Specifically anything about chat/ppp or USB. If you see anything about a device serial number, just remove it before posting for your own security. Also, please make sure that you guys have activated and confirmed these modems on windows computers prior to working with them on the pineapple. The pineapple does not support activation of the device. Quote Link to comment Share on other sites More sharing options...
telot Posted April 11, 2012 Share Posted April 11, 2012 telot: that is a VERY interesting link and perhaps i have an addiction for pen test tools but i just might buy one today. i do want to get this 3G MC760 working tho, since it's supposed to be supported, I need it, have one on hand, and sunk some money into it. you're right about the fact that i can/should just create the functionality i need, but i've never had a single class on programming of this kind. i'm a mathematical statistician. i've written some programs in VB, some macros, and billions of statistical "programs" (we call them that but they are not executable files and are totally different than computer programs) so for now i'm just a user. i was thinking of taking some classes online tho; let me know if you recommend anything. ideally i would take classes from SANS but i don't have the time/$ right now for an entire degree program. anyway, so how exactly would it work? you are using the cat 5 cable to connect the pineapple to the Digi Connect (or somehow doing it wirelessly?) and somehow you're able to connect the digi connect to the client's wireless, and your digi is assigned an IP which you are then able to SSH to? . I do have one other ace up my sleeve that this reminds me of, which is a DreamPlug (http://www.amazon.com/Globalscale-DreamPlug-036000291452-Class-Server/dp/B0053GBB5Y ), which sounds like it would do basically the same thing but perhaps a bit cheaper. However the plug computer is like $200 and your Digi Connect was like $600-ish from the manufacturer, so I probably want to stick with the 3G as I've already sunk a couple hundred into the pineapple with no results yet ($90 cost + $65 battery + $20 Micro SD card + $50 data for 3G + $80 for the 3G device, except that I did already own the MC760). I hear ya on the cost already sunk into the pineapple vs the cost of the Digi - they ARE pricey. Did you find any on ebay? I use a verizon 3g and a Wimax 4g depending on the area I want to do the pen test in. The digi connects to a cellular network via its internal cell modem. I connect the digi to the pineapple via ethernet and send power through the ethernet cable via the USB port on the digi. That way I only have to power the digi, and it daisy chains to the pineapple. I set my Digi up with a static ip or a dyndns so I just ssh root@xxx.xxx.xxx.xxx (x=ip of the digi). As for online classes, I can't really say. python is powerful and ubiquitous and I've heard it recommended as a place to start from a bunch of people. For pineapple specific stuff, I'd start with php as that is what is run all over the pineapple. Hope that helps telot Quote Link to comment Share on other sites More sharing options...
JimJensen Posted April 12, 2012 Share Posted April 12, 2012 JimJensen, That is normal, what are you seeing under the Log when that is run? Specifically anything about chat/ppp or USB. If you see anything about a device serial number, just remove it before posting for your own security. Also, please make sure that you guys have activated and confirmed these modems on windows computers prior to working with them on the pineapple. The pineapple does not support activation of the device. I don't know why it wasn't working yesterday but today it is. Jan 1 00:20:02 Pineapple user.notice root: 3G: Interface 3g-wan2 up and Internet Connection seems to be up. woot Thanks again for the help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.