Sebkinne Posted August 26, 2014 Share Posted August 26, 2014 Hey everyone, If you have any PineAP questions, please leave them here in this thread. I'll do my best to answer any questions. Please do not report bugs in this thread, but rather do it here. Quote Link to comment Share on other sites More sharing options...
masler77 Posted August 26, 2014 Share Posted August 26, 2014 (edited) hey all!I have a D-Link antenna ANT24-1400 14 dB 2.4 GHz. and an adapter to SMA. wlan0 or wlan1 on the pineapple should I put it to get the most out of PinaAP? or explain what the different antennas do (collaborates together)? // Masler77 Edited August 26, 2014 by masler77 Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted August 27, 2014 Author Share Posted August 27, 2014 hey all! I have a D-Link antenna ANT24-1400 14 dB 2.4 GHz. and an adapter to SMA. wlan0 or wlan1 on the pineapple should I put it to get the most out of PinaAP? or explain what the different antennas do (collaborates together)? // Masler77 Wlan0 pulls in the clients. This is the radio that clients connect to. Wlan1 does beacon responses, beacons, deauth and the likes. The idea is that wlan1 helps wlan0 be more effective. So to answer your question, which one should you boost? probably wlan0 as if wlan0 is out of range for a client, it cannot connect. Wlan1 is already a little more powerful, so I'd go with wlan0. But it depends on your scenario. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted August 27, 2014 Share Posted August 27, 2014 Can you explain What Beacon Reponse is for and what is the purpose of it i never under stood that from your steam you guys did that day im sure when you guys get the guide and documents out it might shed better light on this feature i get that Dogema basically broadcast your set SSID's under SSID Management but im confused on Beacon Response was and its purpose. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted August 27, 2014 Author Share Posted August 27, 2014 Can you explain What Beacon Reponse is for and what is the purpose of it i never under stood that from your steam you guys did that day im sure when you guys get the guide and documents out it might shed better light on this feature i get that Dogema basically broadcast your set SSID's under SSID Management but im confused on Beacon Response was and its purpose. Sure thing! The WiFi landscape has changed, and not everything is vulnerable to just karma anymore. To fix some of this, we send targeted beacons to the devices probing for a network. Say a device is probing for it's corporate network. Karma will respond as it usually does, but this time PineAP will also respond and send a few (more than a few actually) beacons to the device. When the device checks if the AP is actually sending out active beacons, it sees these and stays connected. The beacon responder is basically something which increases the effectiveness of karma. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
koolkarnt Posted August 28, 2014 Share Posted August 28, 2014 Yes! I haz a questions. I must have missed the part where everyone discuss this new tile. Prehaps you might be able to link me to that? Or if you can summary of the new tile & features here. - I know what Karma does, but the new tab PineAP has this Source & target boxes. what goes here? and how is this tied to Karma. There is also this Dogma which only has a option to turn on/off in little tile no tab - i gather its to assist Karma connecting to devices? Last one. Whats the Auto Harvest? does this just run a script that uses dogma, pineAP & karma all at once? with no input from say me? Appreciate you edumucations. Quote Link to comment Share on other sites More sharing options...
jmelody Posted August 30, 2014 Share Posted August 30, 2014 koolkarnt, I am still playing with PineAP myself, but I think I can answer some of your questions. I have not played with the Source/Target section yet, Dogma seems to actually broadcast the AP's listed in the PineAP SSID Management section, and Auto Harvest will automatically add SSID's that devices are currently looking for to the SSID Management section. I have a simple question that I'm too lazy to search for myself. Where is the file for the SSID Management stored? My list became quite long during testing, and I would like to copy it to another file before deleting all of the collected AP's. When I enable Dogma, the list is so large that it takes several minutes for "most" of the names to be viewed by any device. I've even seen a device or two that quit trying all together after 10-20 AP's populated. Quote Link to comment Share on other sites More sharing options...
chriswhat Posted August 30, 2014 Share Posted August 30, 2014 Yes! I haz a questions. I must have missed the part where everyone discuss this new tile. Prehaps you might be able to link me to that? Or if you can summary of the new tile & features here. - I know what Karma does, but the new tab PineAP has this Source & target boxes. what goes here? and how is this tied to Karma. There is also this Dogma which only has a option to turn on/off in little tile no tab - i gather its to assist Karma connecting to devices? Last one. Whats the Auto Harvest? does this just run a script that uses dogma, pineAP & karma all at once? with no input from say me? Appreciate you edumucations. I'll elaborate on what jmelody said to help answer your question. The source and target fields are part of Dogma. What does Dogma do? Dogma allows you to focus your KARMA attack towards a specific device. It also allows you to specify a list of access points to broadcast. Source field - This is where you specify your access point's MAC address. You can enter your Pineapple's MAC address (default) or a spoofed MAC address. Target field - This is where you specify the MAC address of your target. You can leave it blank (default) to target all devices or you can enter a specific device's MAC address to only target that device. SSID Management - This is where you can specify a list of access points that you'd like to broadcast. These access points will be broadcasted to your target(s) when Dogma is enabled. You can manually add access points to the list or you can add them from the Reconnoissance scan results (by clicking the access point name). Here's an example scenario: Let's say that there are 10 devices sending out probe requests in search of familiar access points but you only want to target one of those devices. After enabling PineAP and Dogma, you can enter the MAC address of the device that you want to target in the "Target" field. When the target device is searching for a wireless access point, it will see the list of access points stored in the SSID Management area. The access points from the SSID Management area will not be broadcasted to the remaining 9 devices or any other devices that come within range. If you don't specify a target, the access points from the SSID Management area will be broadcasted to everyone within range. NOTE: You can use Reconnaissance to discover the MAC addresses of devices. Quote Link to comment Share on other sites More sharing options...
Urieal Posted August 30, 2014 Share Posted August 30, 2014 I'll elaborate on what jmelody said to help answer your question. The source and target fields are part of Dogma. What does Dogma do? Dogma allows you to focus your KARMA attack towards a specific device. It also allows you to specify a list of access points to broadcast. Source field - This is where you specify your access point's MAC address. You can enter your Pineapple's MAC address (default) or a spoofed MAC address. Target field - This is where you specify the MAC address of your target. You can leave it blank (default) to target all devices or you can enter a specific device's MAC address to only target that device. SSID Management - This is where you can specify a list of access points that you'd like to broadcast. These access points will be broadcasted to your target(s) when Dogma is enabled. You can manually add access points to the list or you can add them from the Reconnoissance scan results (by clicking the access point name). Here's an example scenario: Let's say that there are 10 devices sending out probe requests in search of familiar access points but you only want to target one of those devices. After enabling PineAP and Dogma, you can enter the MAC address of the device that you want to target in the "Target" field. When the target device is searching for a wireless access point, it will see the list of access points stored in the SSID Management area. The access points from the SSID Management area will not be broadcasted to the remaining 9 devices or any other devices that come within range. If you don't specify a target, the access points from the SSID Management area will be broadcasted to everyone within range. NOTE: You can use Reconnaissance to discover the MAC addresses of devices. Life is like a giant puzzle and everyday you work to add another piece to the inevitable masterpiece. For what it's worth - everytime I read a post from you or watch a video of yours, I feel like another piece of this massive puzzle has been placed. Thanks your writeups, your examples, your scenarios, and your simplified breakdown on how, where, when, what, and why things do what they do. Forever Greatful, Urieal. Quote Link to comment Share on other sites More sharing options...
NovaSam Posted August 31, 2014 Share Posted August 31, 2014 Just think of the Wireless DDoS to a device, from a consultant, that has been traveling and using hundreds of APs a year stumbles upon a PineAP that suddenly lights it up with Beacons and management frames for every AP it has ever connected to. I was demonstrating the Pineapple with just Karma a few months ago, before our auditors conducted a wireless pentest. Should have seen their faces when their laptops and phones connected within seconds, let just say they will never look at hotel wireless the same again. Dogma looks like it might also conserve your pineapple and the airwaves a bit, as it will focus on just the target device or device type. koolkarnt, I am still playing with PineAP myself, but I think I can answer some of your questions. I have not played with the Source/Target section yet, Dogma seems to actually broadcast the AP's listed in the PineAP SSID Management section, and Auto Harvest will automatically add SSID's that devices are currently looking for to the SSID Management section. I have a simple question that I'm too lazy to search for myself. Where is the file for the SSID Management stored? My list became quite long during testing, and I would like to copy it to another file before deleting all of the collected AP's. When I enable Dogma, the list is so large that it takes several minutes for "most" of the names to be viewed by any device. I've even seen a device or two that quit trying all together after 10-20 AP's populated. Quote Link to comment Share on other sites More sharing options...
chriswhat Posted August 31, 2014 Share Posted August 31, 2014 Life is like a giant puzzle and everyday you work to add another piece to the inevitable masterpiece. For what it's worth - everytime I read a post from you or watch a video of yours, I feel like another piece of this massive puzzle has been placed. Thanks your writeups, your examples, your scenarios, and your simplified breakdown on how, where, when, what, and why things do what they do. Forever Greatful, Urieal. I'm glad that I was able to help you out. The puzzle will never be complete. Each piece of the puzzle is a puzzle in itself... and the puzzle as a whole never stops expanding and evolving. Not to sound too philosophical. This is just one of the many reasons I enjoy security. There are too many challenges to face alone and, therefore, it never gets old or boring. Quote Link to comment Share on other sites More sharing options...
bytedeez Posted September 1, 2014 Share Posted September 1, 2014 Target field - This is where you specify the MAC address of your target. You can leave it blank (default) to target all devices or you can enter a specific device's MAC address to only target that device. I could be wrong but I believe you have to have ff:ff:ff:ff:ff:ff in the target field to target all devices. Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted September 1, 2014 Share Posted September 1, 2014 FF:FF:FF:FF:FF:FF is default Quote Link to comment Share on other sites More sharing options...
chriswhat Posted September 1, 2014 Share Posted September 1, 2014 I could be wrong but I believe you have to have ff:ff:ff:ff:ff:ff in the target field to target all devices. Yes, ff:ff:ff:ff:ff:ff is used to target all devices. If you leave the target field blank, it will automatically populate with ff:ff:ff:ff:ff:ff. Here's some bogus math: Default = Blank Blank = ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff = Target all devices Target all devices = Default Therefore, Blank = Target all devices Quote Link to comment Share on other sites More sharing options...
pla12 Posted September 5, 2014 Share Posted September 5, 2014 A few quick questions... Does Karna need to be started/running before running PinAp, dogma, etc? is there a startup order for all of these modules? Do both WLAN 0 and 1 need to be manually enabled before running karma, PinAP, etc? What state should both radios be in before starting the Karna/PinAP modules? Quote Link to comment Share on other sites More sharing options...
staticbunny Posted September 7, 2014 Share Posted September 7, 2014 What are the command line arguments for PineAP? Quote Link to comment Share on other sites More sharing options...
MoonWolf Posted September 7, 2014 Share Posted September 7, 2014 I'm not sure if I have got this right? Karma: Sends out probe responses to everyone ? (and works like an AP to this?) PineAP: Works like an AP. It sends beacons out of an SSID list. Dogma: does targeted beacon response or broadcast responses depending on settigs? (which is the pineap tab in the pineap infusion?) Harvester: Collects all probed SSID's and puts it in a list for PineAP to broadcast. Wlan0 is used for clients to connect to. (is both karma and pineap using this interface at the same time?)Wlan1 is used by dogma and other tools. Tools like urlsnarf and ssl_strip and such should run on wlan0? Please correct me if I am wrong. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted September 7, 2014 Author Share Posted September 7, 2014 A few quick questions... Does Karna need to be started/running before running PinAp, dogma, etc? is there a startup order for all of these modules? Do both WLAN 0 and 1 need to be manually enabled before running karma, PinAP, etc? What state should both radios be in before starting the Karna/PinAP modules? To use any features of PineAP, you must first start that. PineAP is independent of karma running or not. Dogma can also be run without karma being turned on. Beacon responder and Harvester however do require karma to be turned on. What are the command line arguments for PineAP? Currently, there isn't an easy way to manage PineAP over the command line for the end user. That is going to change in the next feature firmware release. I'm not sure if I have got this right? Karma: Sends out probe responses to everyone ? (and works like an AP to this?) PineAP: Works like an AP. It sends beacons out of an SSID list. Dogma: does targeted beacon response or broadcast responses depending on settigs? (which is the pineap tab in the pineap infusion?) Harvester: Collects all probed SSID's and puts it in a list for PineAP to broadcast. Wlan0 is used for clients to connect to. (is both karma and pineap using this interface at the same time?)Wlan1 is used by dogma and other tools. Tools like urlsnarf and ssl_strip and such should run on wlan0? Please correct me if I am wrong. You are mostly correct. PineAP however does not work like an AP. It is a suite of tools. Dogma is responsible for sending out the beacons in your SSID list (targeted or to broadcast). Beacon Response will follow up any probe request with a number of beacons. Harvester collects all SSIDs which can then be used for Dogma. Tools like urlsnarf or ssl_strip should be run on the bridge interface ("br-lan") and not wlan0. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
MoonWolf Posted September 7, 2014 Share Posted September 7, 2014 You are mostly correct. PineAP however does not work like an AP. It is a suite of tools. Dogma is responsible for sending out the beacons in your SSID list (targeted or to broadcast). Beacon Response will follow up any probe request with a number of beacons. Harvester collects all SSIDs which can then be used for Dogma. Tools like urlsnarf or ssl_strip should be run on the bridge interface ("br-lan") and not wlan0. Best Regards, Sebkinne Thank you for the response. However i am still a bit confused. You can turn on and off the PineAP which you say is a suite off tools. What tools is that and how does it affect the other ones like dogma and beacon response? Can you not run urlsnarf and sslstrip on a wlan interface? I mean if i use wlan1 in client mode to connect to a network and wlan0 as the "AP" interface. Or should i always leave Wlan0 and Wlan1 active to the PineAP and karma tools and have a Wlan2 as client mode? Regards Quote Link to comment Share on other sites More sharing options...
jmelody Posted September 9, 2014 Share Posted September 9, 2014 (edited) So...... Anyone got that location where the AP's are stored? I've done some basic looking, but no joy. Edit: Found it! it's located at /etc/pineapple/ssid_file for anyone else interested. Edited September 9, 2014 by jmelody Quote Link to comment Share on other sites More sharing options...
Caecilius Posted September 10, 2014 Share Posted September 10, 2014 Choose Reconnaissance from the Drop down menu in top left. Enable scan of AP and Clients. ******** No clients show up. Yes, I have three APs showing up and I have clients attached to all of them. As an aside, how do we access all the additional functionality reconnaissance offers that I've read about but can't seem to find? Quote Link to comment Share on other sites More sharing options...
mel0n Posted September 12, 2014 Share Posted September 12, 2014 (edited) So I have been at least trying to test everything on my mkv. Its been bumpy so far. Anyways I tried PineAP once and had the problem where I couldn't get it to start. I would just click on enable and my web interface would freeze up for 5-8 secs and then become responsive again but PineAP would stay disabled. I found that each time i do this it makes a new mon interface on wlan1. So after a few tries i have mon0, mon1, mon2. So it seemed like it was doing something but not starting. I killed off all the mon interfaces and found a fix here. Which was basically to go into my network big tile -> advanced -> reset wireless config. And I got PineAP to work well and its great once you get it started. So after that I was messing around with ettercap and ettercap just kept refusing to start on any interface, even br-lan. many reboots later I still could not get it to start. I had the same issue with urlsnarf only it would start and run for like 3-5 sec (there was actual output in the textbox) then stop itself (This was on br-lan). So I went to change my ssid settings in the network tile and every time i saved them it would say wireless restarting, but nothing would happen. I thought this was strange so I tried to change mac addresses and that too was acting like it all went ok, but there was ultimately no change to my mac address. I tried pressing the reset wireless config and that reset it all. Then ettercap started working properly, but I had to use urlsnarf over ssh. Now I wanted to change my ssid off of the default pinapple ssid for my AP........ doesnt change. Now none of the settings would change in the network tile. I tried litterally everything I could think of, hostapd.conf ect and nothing would change my ssid for my AP. At this point I decided to flash it. Fresh Flash. I change my ssid successfully, get ettercap running successfully, and I still have to use urlsnarf over ssh, seems to be issues with that infusion. Anyways everything works great. I closed it all down and rebooted. Now when it boots back up, my mac addresses are still spoofed and my ssid is still the same I set it to. I try to start PineAP up again, but I am having the same issue as mentioned above and it just wont start. So I went to change my mac addresses back..... nothing happens. Press the reset wifi config button....... asks me to restart wifi ect...... nothing happens. I try to change my ssid....... nothing happens. I can ssh in and change my mac addresses manually, but when i click reset wifi config button... it sets them back to the spoofed ones. So pretty much nothing in the network tile is working, or at least working properly. I have rebooted several times and tried pretty much everything, and changing settings manually over ssh. Nothing is doing what it is supposed to or keeping any changes. PineAP still wont start. I am about to reflash. Hopefully there is some sort of useful information here or any1 can point out something I missed or something to try. I seem to be replicating this same weirdness with the network tile somehow. anyways let me know what you guys think. P.s. forgot to mention that in the log tile, I cant see anything. When i click between syslog and dmesg and custom tabs, they flash for a slit second then dissapear again behind what looks like the main web interface with a nav bar at the top but no tiles. its just black. but its contained under the tabs and in the big tile like a jframe or canvas Edited September 12, 2014 by mel0n Quote Link to comment Share on other sites More sharing options...
altjx Posted September 17, 2014 Share Posted September 17, 2014 (edited) Haven't read/watched too much about PineAP but decided to turn on the pineapple and upgrade its firmware. One thing I'm noticing though is that, earlier today, I was able to connect to the APs that I have in the SSID Management page. However, I can't now for some reason -- I just get a "Can't connect" error on my laptop and mobile device. I'm guessing there's something small that I'm missing. Any help with this would be greatly appreciated. Edited September 17, 2014 by altjx Quote Link to comment Share on other sites More sharing options...
jamz33 Posted September 18, 2014 Share Posted September 18, 2014 Couple Questions: How do I go about auto starting all PineAP modules or what would be the dip switch command line look like to do the same? In the previous version I was able to specify pass-code which prevented associations under karma. How can I prevent associations with this current versions. All I want to do is collect probes/beacons and re-broadcast them for demonstration purposes? Quote Link to comment Share on other sites More sharing options...
3mrgnc3 Posted September 19, 2014 Share Posted September 19, 2014 I'm curious to know if Seb has any plans to include the harvesting of both BSSID's & corresponding ESSID's in order to be able to automatically spoof both together for a given target AP/AP's I think this would be a useful counter measure against client devices that check for a matching sets of E/B SSID's before association to the AP's in its PNL. Although this isn't yet a common feature in most devices. I think this will become more of an issue in the future as more and more vendors play catch the mouse (or is that cat? Depending on your stance ?) Also, In the case of using multiple MKV's, in multiple locations on an engagement, the ability to remotely connect to a central file storage or database containing all harvested data would be very useful. Has this been thought of already anywhere else in the community? Peace ?, 3mrgnc3. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.