Jump to content

Pineapple Pi Setup


ahbvrh
 Share

Recommended Posts

Hi All ,

As other before me already mentioned here on this boards , the Pineapple is a great product and it’s doing exactly what it suppose to do (MITM via Karma).

However, after quite a bit of testing I found that for the sake of performance and stability I need to offload some of the more demanding tasks the an external machine.

I wanted to have fully automated setup and still keep it highly portable (no laptop require) and at the same time to overcome the current limitation by having a full Linux box at my disposal.

After ~month of testing I have what I believe a very stable POC .

Components:

1.MK IV

2. Rasberry Pi (Raspbian -HardFP , over clocked to 930 MHz)

3.Alfa awus0036h (for MDK3)

4.Brookstone battery pack

5.Belkin F4u040

6.Tmobile Rocket 4G

7.Pny 8G

Setup:

MK IV with PNY 8G connected to the Pi via Rj45.

PI is connected to the Belkin hub.

Belkin Hub has the Alfa , the 4G modem and is back feeding power to the PI.

Brookstone battery pack is feeding the hub via 5v 2.1A USB and the MK IV

Automation:

· I created several scripts to automate all the tasks I usally use , and then I used SSH remote exec (find it on the market) to send the command from my SGS3 by creating preset buttons

· Modified wp4.sh script running on startup in order set the IP and IP tables.

Set up the following scripts to be run as buttons from my phone as needed:

* Script to connect/disconnect the 4G Modem.

* Script to enable SSLstrip (0.9 and tcpdump on the PI)

* Script to disable SSLStrip and resore IPtable

* MDK3 script to deauthenticate everyone except mi Pineapple MAC

This works really great as the Pineapple is only doing Karma(and aircrack if needed) and the PI (over clocked) has enough horse power to do everything else (SSLStrip , Set ,Metasploit,tcpdump, etc...)

My next project to port it to the Odroid-x board which should have enough USB power to allow me to ditch the USB hub and therefore make it even more portable (and the fact the Odroid-x board has 4 time the horse power and 6 full USB ports).

post-40549-0-95585400-1346966359_thumb.p

post-40549-0-95929300-1346966360_thumb.j

post-40549-0-93149900-1346966361_thumb.j

post-40549-0-63361200-1346966362_thumb.j

post-40549-0-74751600-1346966363_thumb.j

post-40549-0-45006100-1346966364_thumb.j

post-40549-0-20423000-1346966365_thumb.j

Link to comment
Share on other sites

Nice. If all your using the pineapple for is the karma hotspot you could replace it with an atheros chipset and then compile digininjas hostapd on the pie. here is the script I am using for it


#/bin/sh
# bootup Module setup script
#leave this echo
echo "## Apt-getting ##"
apt-get install libnl-dev -y
#leave this echo
echo "## Compiling ##"
if ! which /usr/local/bin/hostapd > /dev/null; then
echo "### Installing hostapd-karma ###" >>
cd /tmp
wget http://www.digininja.org/files/hostapd-1.0-karma.tar.bz2
tar -jvxf hostapd-1.0-karma.tar.bz2
cd hostapd-1.0-karma/hostapd
make && make install
cd ~
hostapd -vv
echo "### Installed hostapd-karma ###"
fi
#leave this echo
echo "## Final Commands ##"
# Enjoy - Leave me at Bottom - EOF
[/CODE]

you might also need libpcap but its prolly already install if you have mdk3 running.

Also the power from the odroid will be nice but remember that the ethernet and usb all share one bus.

Edited by leapole
Link to comment
Share on other sites

Hi Leapole ,

I was actually thinking about combining them into one device but I want sure how to get the karma working on the PI .

I then saw you post about the Pieweb.... I'm definitely going to check it out.

can you share you experience in running everything on the Pi (including Karma).

Regrading the Odroid-x , you are correct that the Ethernet and USB share the same bus but I'm hoping that the odroid-x will not suffer from the PI lack of USB power (limited to ~140) ,

so I HOPE that 2.1 A will be enough to power the Alfa (injection) ,4G modem , and maybe even the tl-wn821N for karma.

I should be getting the odroid-x in the next couple of days so I'll start my testing.

do you have any experience with the odroid-x ?

Link to comment
Share on other sites

very nice idea. I have a beagleboard (wish i could afford a o-droid) so it can happen and is pretty easy just havent gotten to testing. You will just need to recompile the kernel with the negitive one patch and frak+atk patch.

I would prolly get a alfa nha from the hak shop over the tl personally because the tl-722 i have default to canada wireless reg (which might be part of my 11m/bs problem).

I have been running the karma on a pogoplug and it ran ok.

The whitelist and blacklist did not work, and the best connection i got for a client was 11 m/bits otherwise it worked very well

I was running the 0.1 version

Yesterday I found digininja updated his site and the patches to a 1.0 and it seemed to work awsomely great for connections but I have not had much time to test it.

I semi tested my alfa 036NEH which is a rt2800 driver and that was also sending out and answering probe request (but ending with an error that is also present on normal hostapd -- still not enought time to test).

I have the module system put together now and have start to work on them for the pieweb deal. I expect to have something that will be pretty useable by next week. Now if you happen to know some javascript or how i would go about updating a text box in ruby / sinatra to have a live log that would be just fricken sweet.

Oh I got all this cramed in a pelican 1060 with a anker 10000 battery.

I am alway sitting on my leapole@gmail.com chat thing if you want to measage me

Edited by leapole
Link to comment
Share on other sites

it's good to have someone to bounce some ideas off .

I'm actually very happy with my setup , but the more I think about it he more I realize that I want one stop box that can do it all and still be portable enough .

your pieweb intrigue me , unfortunately I have no skills in javascript or Ruby , but Im curious why not get everything in Python or bash (or whatever scripting language you like) instead of trying to duplicate the pineapple module system . the way I see it the pineapple is excellent product , but if you have a full linux system at your disposal (Pi, beagleboard ,odroid-x,etc.. ) than most of the limitation of the openWRT are no longer there ,so a module system is not really needed (sslstrip , NM , ettercap , jammer ,etc..) all can be scripted and used as android / Iphone button, so the web interface is no longer needed.

I think it really depend on what is your ultimate goal , mine is to have one box that I can carry around and that is reliable enough so I don't need to manually connect to (maybe just enable disable feature using my phone) later on I plan to collect the information from the box for better analysis.

I also plan to write some script to automate S.E.T for some python payload based on some rule engine . I still need to think about that one.

assuming of course that the karma can be used reliably using ath9 based usb card.

Link to comment
Share on other sites

Its pretty reliable so far for my testing. I have been more struggling with getting the iptables and other items correct. I am glad there are a few others that have the same plans I do.

As for as the modules system that is more for installing and managing the system from afar. I really really like the webinterface on the pineapple it makes watching, changing up the attack and just keeping my general memory easier ( point and click is better than tring to think of 12 commands ).

The reason am using ruby is because you can run it like bash on steroids and the out to haml for html is pretty easy. Also ruby runs on everything. Its part of metasploit, So I am learning something that will help when I go to learn on that works. And I can compile my whole objective using only it if i wanted.

I have the install setup to an install script so i can install it on my debian laptop, desktop, vm, I bet it will do ubuntu and backtrack but i havent tested.

Now I am going to say this

The wifi pineapple is just fricken awasome but its limited by openwrt I care not to learn something that is only used on routers ( i just do not find that worth the time with how much i need to learn about linux for servers and desktops (aka i need a job) -- alltho i was very much on it during the mk2 phase and all experience is good ( I learned the most about bash scripting there prolly ).

( I feel like i am coping the pineapple but its just so damn cool, and just has it right except for openwrt I also figured that if i did it in php I would be a lot better of just porting the wifipineapples interface over and doing its own set of modules.)

So I am offering images for the r-pi and then prolly the mk802 that is in the hakshop ( when i find cash to get one ). To install it on debian you just need to patch your own wifi drivers/kernel (depends on the setup) then i will have a script to run. But to have a device as a dev target will allow for better testing.

So really I do have an apt-get and compile script that will build all the tools you need. ( its pretty close to what pwnpie v2.0 is at but no gui ) If you just want to ssh in to the pi and run it.

Edited by leapole
Link to comment
Share on other sites

I cant comment on the MK802 but if I were you I would go for the Odroid-x (if you can have the cash) .

the odroid-x is a powerhouse and probably the best SoC available today . it should allow you to do pretty much everything you can do with pineapple ,PI ,MK802 , beagelboard with room to spare.

the fact that it can run ubuntu should make porting existing source code pretty easy.

I think Ruby is a great choice since metasploit is using it . however I can tell you from experince that I had greate success using python for creating custom payload that can easily bypass any IDS .

one advice I can offer you regrading the Pieweb image:

I notice that your images are taken from 8G SDcard which is probably only 20 % full , however the image size is full 8Gig, which seems like waste of space .

also since not all SD are the same size (even "8Gig" cards) it means that to use your image safly someone will probably need 16Gig card.

good solution that was raised over the Raspberry forums was to use partclone to backup only the used space.

here (http://www.raspberry...hp?f=29&t=10543 is a script that someone over Pi boards wrote ,

it will allow you to do just that ,it will give you much smaller image files(you will actually have one per partition and one for the MBR).

and BTW, I don't think you are coping the pineapple with you pieweb , I see it as different implantation of the same concept .

the way I see it what make the Pineapple so great is the active community they have here at hak5 not necessarily the H/W they sell , so porting it to other SoC is a great progress in my mind.

Link to comment
Share on other sites

In ruby you can load in python and run it i think may its slow and bad but am pretty sure you can do it. Also I am using debian because from what i have seen scripts that work in debian work in ubuntu but ubuntu scripts does not alway work in debain ( newer packages and stuff in ubuntu ). And debain changes less and I really like the wiki they have for help.

I have a script that resizes the partition bigger automatically(after i wrote this I figured out what you mean also sometimes its like 8.01 and 8.05 on sizes and shit). I have left in the swap because i got scripts for xmbc and other stuff that needs the swap for compile and i have seen people make those small images but have figure thats something i will figure out haha - this started on a 4 gig but the damn kernel need more space to compile and I have not figure out how to shrink partitions yet. I also am semi working on finding a good version of omxplayer - if i have to compile i want to do it natively because i am weird. the MP3 module will get made today or tomorrow but i just didn't know where to make the folder for music.

The thing about the mk802 is that the allwinner A10 is in tablets, small sticks like that, larger set top boxes, and a few other things so it would 1 kernel / image for many devices, also the amount of dev that goes in to them. the R-pi is weak and costly now but it will have such a large dev base that the trade of power will be worth it for right now. In fact i got debian on my acer iconia tablet a few days ago and can port pieweb to it supper easy. Just not sure about patch the wifi drivers for the packet injection yet.

I am going to upload a new image tonight - I made out some modules and stuff they are rough but like I said it will be sometime next week for something useable.

I also figured out I have been using the karma blacklisting wrong so well see how that comes out. If you install reaver before aircrack it will take a while and the webpage will time out but it still installs just watch htop thru ssh. ( all that will be solved when i figure out how javascript/ajax to live update textboxes { got to figure out how to flash my mk3 again so i can check how they did it on the mk3 } works ).

Something I have just though about is that seb is a great programmer, and should also be mentioned when ever people chat about the mk4.

Link to comment
Share on other sites

Leapole ,

I checked the Odroid-x schamtics again , and it seems that 2 USB ports indeed share the bus with the ethernet (as you already mentioned ). however the good news are that there are 4 (2x2) extra ports that seems to have seperate access to the CPU http://www.flickr.com/photos/86799748@N07/7949071966/.

This gives me hope that It will have enough juice for 2 alfa cards :NHA(karma) , H (mdk3) and a 3g Modem ....... or is it too much.

also , I'm about to get one extra Pi and I'll be willing to open reverse ssh port to someones else machine if you or someone else that doesn't have Pi want to test their development project on it.

So any chance in getting smaller image for the new Pieweb ? I really want to play with it but I dont want to use my 32G card for it and my 2 8G SD dont fit.

I can always just partclone the partition manually , but it would be nice if you could simply create smaller image (I'm sure other will benefit from it as well.)

Link to comment
Share on other sites

I will work (smaller images) on that tonight and finish up the server so i can get most of the stuff off github, I will still be using github for the code but images and modules can come from my server.

OO thats nice for the o-droid, it could work ok as a nas system since you got a bit of seperation. I am pretty sure you will have no issues with the power. My thing was basically on the r-pi when it runs as an acces point bus speed will be limited do to the ethernet and wifi/usb both on the same bus. I have a pogo plug with 3 usb drives in raid 0 -- the speed is horrid but was the best way for me to get 200 gb cheap with no moving parts for my torrent box.

we should prolly move this out of the pineapple forum as we have kinda jumped ship with this. ( going about derailing threads again )

Oh also i would be careful about giving away access to your network ( run a vpn and have the pie all by itself with no access to your internal if you do open it up ).

I am up to two of them from newark and have received nothing but issues from allied ( my two from them are about 2 week late now ).

Edited by leapole
Link to comment
Share on other sites

Hmm.... This is interesting. I like your setup and am very interested in the Odroid-x. In regards to the Pi, are you using pwnpi or something else?

I've personally been having speed issues with pwnpi.

Since I got robbed a few weeks back, I've been just waiting for my new Pi to come in the mail. Now I'm having regrets that I didn't look into the Odroid-x.

Link to comment
Share on other sites

the odroid is 160 bucks or so.

I am using raspbian with some apt-gets.

The pwnpi distro is ok but he just did a large scale apt-get and compiled a lot of the programs himself and then set up the GUI ( which i dont plan on doing for a while ) It still runs on debian squeeze armel version so no hardfp goodness on it. Also if you are looking to run a gui the pi is not the device you want there is just not enough ram/disk io on it. I am working on the setup scripts for this right now so it can be installed on any debian system. you will just need to patch you own wifi drivers if needed.

If you are looking for a distro with a lots of pentesting tools for the pi already installed I would check out the script for the raspberry pwn. They have been doing dropboxes and pentesting setups for a long time.

Link to comment
Share on other sites

It tried the Pwnpi , but I had a lot of stability issues with it. as leapole mentioned it is based on armel, and I found that I couldn't run 4g and deauthentication at the same time (even using powered hub).

So I started with a fresh Rasbian hardfp , and updated the firmware (since a lot of the usb issues were solved in the newer firmware) and compiled most of things myself.

I totally agree with leapols that the Pi is not the device for a gui , I wrote different scripts for the task that I wanted (4G connection/disconnecioned , tcpdump ,sslsniff etc..) and then I used my android phone to run them as button . very simple and it works perfect (no more usb issues).

I hope that with the odroid I can do everything without the need for a power hub or the pineapple.

now I also hope to run Karma on the odroid so really to have one device that can do it all (Karma , deauth , SSLstrip , Set and metasploit ) and do it headless , with only my phone to run tasks as a simple buttons while the Odroid is packed in Pelican 1040.

Link to comment
Share on other sites

Im trying to get the tp-wn821n (ath9k) to do karma , hostapd is saying "karma is enabled" but I cant seem to get my machines to auto connect to the pi.

the only way it's auto-connecting is if I set my hostapd ssid to be a know save ssid (instead of the karma to answer all probes).

beside downloading and compiling the hostapd version from http://www.digininja.org/karma/ do I need to do anything else with ath9K driver (patch them??).

I thought all atheros based device will work out-of the box.

what am I missing ?

Link to comment
Share on other sites

Im trying to get the tp-wn821n (ath9k) to do karma , hostapd is saying "karma is enabled" but I cant seem to get my machines to auto connect to the pi.

the only way it's auto-connecting is if I set my hostapd ssid to be a know save ssid (instead of the karma to answer all probes).

beside downloading and compiling the hostapd version from http://www.digininja.org/karma/ do I need to do anything else with ath9K driver (patch them??).

I thought all atheros based device will work out-of the box.

what am I missing ?

what does your .conf file look like? the one you run with hostapd

could need configuring

Link to comment
Share on other sites

my config look like this:

interface=wlan7
driver=nl80211
ssid=FreeInternet
channel=1

# Both open and shared auth
auth_algs=1

# no SSID cloaking
ignore_broadcast_ssid=0

# -1 = log all messages
logger_syslog=-1
logger_stdout=-1

# 2 = informational messages
logger_syslog_level=2
logger_stdout_level=2

# Dump file for state information (on SIGUSR1)
# example: kill -USR1
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd-phy0
ctrl_interface_group=0

# 0 = accept unless in deny list
macaddr_acl=0

# only used if you want to do filter by MAC address
accept_mac_file=/etc/hostapd/hostapd.accept
deny_mac_file=/etc/hostapd/hostapd.deny

# Finally, enable Karma
enable_karma=1

# Black and white listing
# 0 = while
# 1 = black
karma_black_white=1

I am seeing "KARMA CTRL_IFACE Karam is enabled for handling probe request" but no device is actually auto connecting.

I enabled Karma is blacklist mode (with empty list) and my understanding is that it will answer all probe request.

I also tried with the pineapple config file without success.

one note , as I mentioned earlier if I set my hostapd ssid to be the known SSID my client connect (so I know my dhcp is working).

Link to comment
Share on other sites

try to make up an ssid and connect to it with you computer -- sometime things dont auto connect the first time. It sounds like you have set up the dhcp server, and wlan0 in you network config already and started with hostapd -dd someconfigfile. I will be out and about today again and will be setting up a better image here tomarrow and the next day and then we can step thru it. Damn weddings and baby showers, They always want you to drink at them.

Link to comment
Share on other sites

ok, I think I got it.

it appear that my clients are not connecting to network unless the ESSID is being broadcast (even if set to automatic mode) , meaning they will not send probes.

if I set the option "connect even if this network is not broadcasting" in the wireless connection than hostapd is responding to their probes.

can someone test it and confim that is working as designed ?

post-40549-0-05488000-1347219426_thumb.j

Link to comment
Share on other sites

well i was playing today and had it almost setup like the pineapple. the kernel didnt have enough stuff for the iptables thing so i started messing with that today and its compiling natively ( because i am weird ). I have beat the gui of github for mac into a submission because it will not let me up load a 2 gig file without timing out on my internet. going to vpn out and see if that helps my upload like Mr. P.

Partclone kinda sucks because it does not work off my debian vm atm So i spent some time looking at smaller images and didnt come up with something that I liked so going to let that shit for min. And I am looking to rebuild my laptop for grrcon so its clean. I bottled the beer I was making today and a few other things ... I also started messing with getting just a quick pineapple like deal going and ran into the iptables and a really slow ting modem but then again cell phones suck at my house with the trees. Also when you bottle beer you drink it and uumm yea so uumm yea be a few days prolly but I got some stupid shit out the way .. Only thing now is finding a job in computers since i got my 2 degrees

Link to comment
Share on other sites

Oh I also have a question of how to go foward.

I need textbox that update so we can watch a live log.

My research for my setup says javascript/ajaxs.

I have no idea what ajaxs is about and I also do not know how to program javascript but that at least sounds good.

can you send me a mk4 www folder so i can check out how they did it because flash my mk3 didnt work and I wasted to much time on it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...