Jump to content

Pineapple Interfaces


condor

Recommended Posts

Can someone please explain just how this thing is using it's antenna? I'm a bit confused on the mon.wlan0 deal. I want to understand this so I can do a site survey w/ airodump-ng. I would use WhistleMasters module but I'm unsure exactly what's going on, and I am usually not connected via wifi. I am trying to learn to manage it all through ssh/3G, but I'm a noob at this stuff.

Any advice/knowledge is greatly appreciated...

Link to comment
Share on other sites

ok, so mon.wlan0 is used by the system. Would I still use airmon-ng to slip wlan0 into monitor mode? or iwconfig wlan0 mode monitor? (same thing?) I don't mind that affecting karma, but I am interested in whether or not it does (putting the interface into monitor mode). I have an awus 036h, but am unable to get that to work with the pineapple as of yet.

Funny thing, I am outside in my backyard where I have my pineapple set-up in a shed. I am using it atm with 3g and when I clicked on your aircrack link I got this crap:

Web Guard is enabled on your line and has restricted your access to this content.

The person on your Wireless account who is designated as the Primary Account Holder can disable or adjust this restriction through the account management website.

I wonder if I'll be able to call them and get that lifted. Wow

Edited by condor
Link to comment
Share on other sites

ok, so mon.wlan0 is used by the system. Would I still use airmon-ng to slip wlan0 into monitor mode? or iwconfig wlan0 mode monitor? (same thing?) I don't mind that affecting karma, but I am interested in whether or not it does (putting the interface into monitor mode). I have an awus 036h, but am unable to get that to work with the pineapple as of yet.

messing with the internal wifi will mess with karma/network.

but what you can do is ifconfig mon.wlan0 down; ifconfig wlan0 down; ifconfig wlan0 up; airmon-ng start wlan0

Link to comment
Share on other sites

I tried your advice petertfm, thank you. However, I am still unable to get any data back from airodump. Here's a bit from my session:


root@Pineapple:~# ifconfig mon.wlan0 down
root@Pineapple:~# ifconfig wlan0 down
root@Pineapple:~# ifconfig wlan0 up
root@Pineapple:~# airmon-ng start wlan0

Interface Chipset Driver
wlan0 Atheros ath9k - [phy0]
(monitor mode enabled on mon0)
mon.wlan0 Atheros ath9k - [phy0]
IEEE Unknown Unknown (MONITOR MODE NOT SUPPORTED)
802.11bgn Unknown Unknown (MONITOR MODE NOT SUPPORTED)
Mode:Monitor Unknown Unknown (MONITOR MODE NOT SUPPORTED)
Frequency:2.462 Unknown Unknown (MONITOR MODE NOT SUPPORTED)
GHz Unknown Unknown (MONITOR MODE NOT SUPPORTED)
Tx-Power=18 Unknown Unknown (MONITOR MODE NOT SUPPORTED)
dBm Unknown Unknown (MONITOR MODE NOT SUPPORTED)
root@Pineapple:~# ifconfig
3g-wan2 Link encap:Point-to-Point Protocol
inet addr:100.217.32.85 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1836 errors:0 dropped:0 overruns:0 frame:0
TX packets:1897 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:202034 (197.2 KiB) TX bytes:221448 (216.2 KiB)
br-lan Link encap:Ethernet HWaddr 00:C0:CA:60:EE:16
inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2264 errors:0 dropped:0 overruns:0 frame:0
TX packets:2284 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:325565 (317.9 KiB) TX bytes:638279 (623.3 KiB)
eth0 Link encap:Ethernet HWaddr 00:C0:CA:60:EE:15
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:5
eth1 Link encap:Ethernet HWaddr 00:C0:CA:60:EE:14
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4445 errors:0 dropped:0 overruns:0 frame:0
TX packets:4445 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:562576 (549.3 KiB) TX bytes:562576 (549.3 KiB)
mon0 Link encap:UNSPEC HWaddr 00-C0-CA-60-EE-16-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
usb0 Link encap:Ethernet HWaddr 02:F6:4A:78:B3:47
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:17 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 00:C0:CA:60:EE:16
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2260 errors:0 dropped:0 overruns:0 frame:0
TX packets:2504 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:357181 (348.8 KiB) TX bytes:718531 (701.6 KiB)
root@Pineapple:~# iwconfig wn0 mode monitor
Error for wireless request "Set Mode" (8B06) :
SET failed on device wn0 ; No such device.
root@Pineapple:~# iwconfig wlan0 mode monitor
Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Device or resource busy.
root@Pineapple:~# airmon-ng start wlan0

Interface Chipset Driver
mon0 Atheros ath9k - [phy0]
wlan0 Atheros ath9k - [phy0]
(monitor mode enabled on mon1)
mon.wlan0 Atheros ath9k - [phy0]
IEEE Unknown Unknown (MONITOR MODE NOT SUPPORTED)
802.11bgn Unknown Unknown (MONITOR MODE NOT SUPPORTED)
Mode:Monitor Unknown Unknown (MONITOR MODE NOT SUPPORTED)
Frequency:2.462 Unknown Unknown (MONITOR MODE NOT SUPPORTED)
GHz Unknown Unknown (MONITOR MODE NOT SUPPORTED)
Tx-Power=18 Unknown Unknown (MONITOR MODE NOT SUPPORTED)
dBm Unknown Unknown (MONITOR MODE NOT SUPPORTED)
root@Pineapple:~# airodump-ng mon0

CH 3 ][ Elapsed: 8 s ][ 2012-07-24 23:53
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

BSSID STATION PWR Rate Lost Packets Probes

root@Pineapple:~# airodump-ng wlan0
ioctl(SIOCSIWMODE) failed: Device or resource busy
ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either.
root@Pineapple:~#
[/CODE]

As you can see, mon0 did not become active after the first attempt at airmon. However it did show up in the list from ifconfig. After the second airmon-ng start wlan0, I got a mon0 interface, but it still does not 'see' [i]anything[/i]

I don't have any issues using the aircrack-ng suite from my netbook, using bt r5. But it's interfaces aren't as complicated, lol.

How do [u]you[/u] get this working? I would love to see this.

Link to comment
Share on other sites

mon0 is your wlan0 in monitor mode. So when mon0 showed up in your first ifconfig up there, that was your wifi going into monitor mode via airmon-ng. Theres no need to put wlan0 into monitor mode as you've done here.

If you want to read up on how ifconfig downing mon.wlan0 and wlan0 effects your pineapple, heres a good post to read:

For your convenience, heres the awesome part:

I've been playing around with site survey this morning - and of course I love it. Does exactly what I need it to do, bring down APs. One issue I'm curious about is why are we given the ability to turn off/on the monitor interface? For instance:

In this scenario there are three ssid's I'll reference: 'netgear' (the legit AP), 'free_wifi' (my default pineapple ssid) and 'FAKEAP' for my stored open auth ssid on my victim. I connect my victim (evo4g android phone) to my legit AP, 'netgear'. I fire up my pineapple, connected to a BT5 laptop, turn on karma and goto 172.16.42.1/pineapple/site_survey.php and theres nothing listed as expected. If I turn off mon.wlan0 first and turn it back on, I lose all ability to karma victims. I still have my free_wifi ssid (my default ssid, as opposed to "pineapple") but no FAKEAP is ever responded to my victim. Manually instigating a probe request by turning off/on my wifi on the victim does nothing, as the pineapple is not "listening" for AP's on wlan0, its using mon.wlan0 to listen for probe requests (it HAS to be! its the only way this makes sense). So by turning off mon.wlan0 you destroy the pineapples ability to say "YES" anymore, even if you bring it back up as mon0 (standard airmon-ng fare).

Power cycle the pineapple fixes it all of course. Now if instead of bringing down mon.wlan0 and bringing it back up as mon0 - if I just turn off WLAN0 and bring it back up, I see my list of nearby APs and it deauths the netgear AP just fine and karma's my victim right to the pineapple, like a champ. So my question is why do we even give the option to turn off/on mon.wlan0? There doesn't seem to be a need to, and in fact it hurts what we're trying to accomplish.

telot

Link to comment
Share on other sites

This, my dear friend, is exactly the post I was looking for. Don't judge me, but I'm pretty stoked that you three have responded to me. I can always make sense of what you guys post. There are others, but you guys are very active, and very knowledgeable. Thank you. I have learned SOOO much in the last few months, I go about my day just smiling at ppl. MUAHAHAHA.....

and yeah, I turned on my other pineapple that's in my bedroom, instead of out in the backyard, and am able to follow your instructions, petertfm, with good results. Obviously, there aren't any AP's in range way back at my shed (or wireless clients to karma, for that matter). It was fun setting up the pineapple on the roof, though. I had a magnetic 11dbi omni stuck to the dish of an old directTV antenna, with the pineapple stuffed into an old cookie dough container, 4g rocket and all.... :ph34r:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...