Jump to content

MK IV getting slow and rebooting (2.8)


lexieke
 Share

Recommended Posts

Hi

I received my brand new MK IV a few days ago and I was very very enthusiastic but it gets slow and reboots really often so that it becomes unusuable to me.

What I did so far:

  • upgraded to 2.8 before I started anything
  • installed a USB 8GB stick and enabled the USB swap
  • I added the firewall rule to the boot as this was an issue: /etc/init.d/firewall disable; /etc/init.d/firewall stop
  • installed infusions on the stick:
    • SSLStrip
    • URLSnarf
  • When I start I enable Karma and URLSnarf everything seems to work, I get clients and it is logging all URLs
  • When I start SSLStripper everything becomes unusable slow for the client that I'm targetting
  • After a few minutes it reboots

I'm happy to start over again, I even prefer using SSH if this is better/faster. Just don't want the clients to notice and be able to use SSLStripper. One other thing I read somewhere: I do notice that some pages in SSL are not working and others are when SSLStripper is enabled. Very strange.

Thanks for any input!

Link to comment
Share on other sites

By the way I was also trying to run SSLStrip from SSH (I did reboot in between) and used this script that I found in another topic:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
_now=$(date +"%Y%m%d-%H%M%S")
_file="/usb/sslstrip_$_now.log"
sslstrip -w $_file
Does not seem to help. It did work once, it logged my login to this forum :)
Link to comment
Share on other sites

Currently you can't/shouldn't run urlsnarf and sslstrip at the same time. They both redirect all the traffic from the bridged interface to themselves. So I'm guessing that is causing your problems. The granddad of the pineapple, Sir Digininja is working on a workaround. You can see more details on this post: http://forums.hak5.org/index.php?/topic/28666-keylogger-module-release/page-2?

Just an FYI, you can do tcpdump and sslstrip at the same time, and accomplish the same thing. I do it all day long every day and it works fine with no reboots. Try that and let us know!

telot

Edited by telot
Link to comment
Share on other sites

Hey Telot

Thanks for your very fast reply. I hope this will be the answer as well, I will try it tonight.

I don't want to ask too much here but do you run this on SSH? And do you happen to have a script or could you please outline what the exact order of steps is that you take, and what the commands are? I'm sure this would be a very helpfull guide to many newbies here and well it would save me probably some hours as well to get started :)

Another general question: is it normal that browsing gets slower by enabling SSLStripper/tcpdump or should it run quite fast? I'm just thinking if you would run it in a presentation and there are 20 people, will anyone be able to test?

Thanks!!

Edited by lexieke
Link to comment
Share on other sites

I like to run my pineapple as a "headless" sorta thing, so I do it via button press. I run an old firmware, cause I'm old school like that (don't ask, Seb will kick my ass if I encourage people to not upgrade lol) so the wps button still works for me. Maybe its fixed on 2.8? I'm not positive...

The commands I use are on the wiki, which should be the first stop for any newbie imho, but I'll link them here for ya.

tcpdump:

http://forums.hak5.org/index.php?/topic/25695-quicky-how-to-tcpdump-on-markiv/

sslstrip:

http://cloud.wifipineapple.com/wiki/doku.php?id=guidesslstrip

As for speed, the pineapple has never slowed down due to capturing packets/ssl, but I typically have 2-3 clients, not 20. At SXSW, Darren had like 40+ clients and the pineapple continued ass kicking, so it should be do-able.

Anyways, I just put the tcpdump and sslstrip commands into a small script thats tied to my wps button - as an added trick, I have the LED's turn off when the script is run so I have visual confirmation that its working. Then I have a cronjob that sends me an email every 10 minutes with status updates (a how-to is also linked on the wiki) so I can casually check my email on my phone, and no ones the wiser. This is just one way of doing things, and it works well for me. Some people run the stock UI with custom CSS and all the infusions, others run Moriarty's UWUI, which is also pretty awesome and something to check out. The worlds your hacked open oyster with the pineapple, so welcome to the community and be sure to contribute as much as you can!

telot

Link to comment
Share on other sites

I like to run my pineapple as a "headless" sorta thing, so I do it via button press. I run an old firmware, cause I'm old school like that (don't ask, Seb will kick my ass if I encourage people to not upgrade lol) so the wps button still works for me. Maybe its fixed on 2.8? I'm not positive...

The commands I use are on the wiki, which should be the first stop for any newbie imho, but I'll link them here for ya.

tcpdump:

http://forums.hak5.org/index.php?/topic/25695-quicky-how-to-tcpdump-on-markiv/

sslstrip:

http://cloud.wifipineapple.com/wiki/doku.php?id=guidesslstrip

As for speed, the pineapple has never slowed down due to capturing packets/ssl, but I typically have 2-3 clients, not 20. At SXSW, Darren had like 40+ clients and the pineapple continued ass kicking, so it should be do-able.

Anyways, I just put the tcpdump and sslstrip commands into a small script thats tied to my wps button - as an added trick, I have the LED's turn off when the script is run so I have visual confirmation that its working. Then I have a cronjob that sends me an email every 10 minutes with status updates (a how-to is also linked on the wiki) so I can casually check my email on my phone, and no ones the wiser. This is just one way of doing things, and it works well for me. Some people run the stock UI with custom CSS and all the infusions, others run Moriarty's UWUI, which is also pretty awesome and something to check out. The worlds your hacked open oyster with the pineapple, so welcome to the community and be sure to contribute as much as you can!

telot

WOW Can you teach us that scripts? Tutorial time?

Link to comment
Share on other sites

I've probably posted it already, but searching on these forums is pretty fubar, so I couldn't find it. Unfortunately I borrowed my pineapple to a colleague, so I can't just dial in and grab it. I'll send him a note and see if he can send it to me.

Really it was pretty easy if I recall...I'm sure anyone can hack it together. Give it a try and post your results! Learning time!

telot

Link to comment
Share on other sites

So I installed SSLStrip as only infusion from SSH and this gave no errors. I than created this script to start it:

iptables -t nat -A PREROUTING -p tcp -destination-port 80 -j REDIRECT -to-ports 10000
iptables -t nat -A PREROUTING -p tcp -destination-port 443 -j REDIRECT -to-ports 10000
sslstrip -w /usb/sslstrip.log &
where it will throw me these errors:
root@Pineapple:/usb# ./runSSLStrip
Bad argument `80'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `443'
Try `iptables -h' or 'iptables --help' for more information.
root@Pineapple:/usb# Traceback (most recent call last):
File "/usb/usr/bin/sslstrip", line 27, in <module>
from twisted.web import http
File "/usb/usr/lib/python2.7/site-packages/twisted/__init__.py", line 22, in <module>
raise ImportError("you need zope.interface installed "
ImportError: you need zope.interface installed (http://zope.org/Products/ZopeInterface/)
I am running this from /USB. I than installed SSLStrip (without removing it) from the Bar and it installed in 1 sec. I pressed run and everything was working as it should. Anyone care to explain so I understand what my error is?
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...