Got PineAP(not pineapple) questions? Let me answer them!

[SixKids]

OK, I have successfully DeAuthed myself from a WPA2 access point, but only by switching access points.

Can a Deauth signal deauth everyone from a WPA2 AP?

[cheeto]

I can deauth all clients from an AP using the Deauth infustion.

Simply Blacklist your target, use MK3 and I highly recommend selecting a specific channel rather than the full range.

I'm unable to deauth from PineAP. (but that doesn't mean that you can't do it.) If you figure it out, please let me know. :)

Cheers,

[evertvaningen]

Why can't my Ipad 4 connect to PineAP?

Jan 21 14:50:33 Pineapple daemon.info hostapd: wlan0: STA 34:c0:59:49:0c:a9 IEEE 802.11: Station tried to associate with unknown SSID 'Guest'

Jan 21 14:50:33 Pineapple daemon.info hostapd: wlan0: STA 34:c0:59:49:0c:a9 IEEE 802.11: authenticated

[BeNe]

What can i do with "setsource" and "settarget" ? What is it for ?

PineAP command line utility
Usage: infusion pineap <option> [arguments]

Options:
   start                         - starts PineAP
   stop                          - stops PineAP

   dogma [start|stop]            - starts / stops Dogma
   responder [start|stop]        - starts / stops Beacon Response
   harvester [start|stop]        - starts / stops Auto Harvester

   setsource [mac]               - set PineAP's source. eg: aa:bb:cc:dd:ee:ff
   settarget [mac]               - set PineAP's target. eg: aa:bb:cc:dd:ee:ff

   beaconinterval   [low, normal, fast]          - Change Beacon interval
   responseinterval [low, normal, fast]          - Change Response interval

   addssid [ssid]               - Adds SSID to PineAP.
   delssid [ssid]               - Deletes SSID from PineAP.
   clear_ssids                  - Clears all SSIDs

   deauth [client] [AP] [channel] - Deauthenticates client from an AP.
                                    Client / AP eg: aa:bb:cc:dd:ee:ff
                                    Channel: 1-14

[ElectricLegend]

Hi all,

Hoping someone can help me understand whats happening with my Mark V..... I started the firmware upgrade this morning to PineAP around 11:30AM, and its now 12:51PM and still updating.... On the device the Blue indicator led is flashing, the console says updating with pineapple spinning.....

How long should the update take? What's the size of the firmware image? My internet connection is decent, 25MB down, 15MB up....pineapple is setup to communicate over wifi connected to my router no problem,internet access again not a problem when i started firmware update.....

Also if it is hung, should I bounce the device, or leave it be? If the latter, how long until I should take action, and what action would you recommend?

Thanks in advance for your help,

E:L

[cheeto]

Hey guys,

I'm having an issue with Deauthing Clients in PineAp.

This is what I'm doing:

1) starting PineAp.

2) Go to recon mode

3) scan settings: AP & Client

4) I see the list of AP's with their respective clients. I select a client & select "deauth"

Result: The client remains connected to the AP. Am i missing something?

Thanks!

[cheeto]

Sort of answering my question, but i still see a problem.

Solution to the question above.

To deauth in PinAP i had to turn on the whole suite. Turing on PineAP only didn't do it for me.

Where i see a little problem however is that once the client is booted from the AP. The Client could reconnect after a minute or so.

Is there a possibility of sending a continuous deauth?

Thanks

[johnjdoe]

I have some questions / problems with my Mark V (latest release):

1. Question: Is it normal that the blue and red LED are not (always) on even when WLAN0 and WLAN1 are enabled in the GUI?

2. Questions: Is it right that I have to enable WLAN0 for sending SSIDs that I have collected or entered manualy in PineAP? Is it right that I have to enable Dogma and MK5 Karma too for distributing these SSIDs?

3. Problem: On a Win7 target I can see temporarily the manualy entered SSID but it disappears after a second or two. Then appears again and disappears etc. Do you have an explanation for this effect?

4. Problem: An other time I saw on a Win7 target these SSID constantly but when I tried to connect to it, it didn't work.

In the Syslog I saw just:

Jan 28 14:21:11 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:11 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:10 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:10 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:09 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:09 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:08 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:08 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:06 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:06 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:05 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:05 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:04 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:04 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:03 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:03 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated
Jan 28 14:21:02 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: Station tried to associate with unknown SSID 'TEST'
Jan 28 14:21:02 Pineapple daemon.info hostapd: wlan0: STA e0:06:e6:9f:xx:xx IEEE 802.11: authenticated

5. Problem: Sometimes when I try to enable PineAP in the GUI it disables itself some seconds after. No way to enable it again except if I reset the wireless interfaces or reboot the MK V. Do you have an explanation for that? How could I verify / restart it on the CLI?

6. Problem (Bug?): When I connect an external USB WIFI (what I bought at Hak5 with my Pineapple) it appears in the GUI as WLAN2. I enable WLAN0, WLAN1 and WLAN2 and put WLAN2 in client mode. After connecting it, WLAN1 and WLAN2 are disabled and the client connection is established with WLAN0!

Here are some entries from Syslog:

Jan 28 14:57:42 Pineapple daemon.info dnsmasq[1951]: using local addresses only for domain lan
Jan 28 14:57:42 Pineapple daemon.info dnsmasq[1951]: using nameserver 8.8.8.8#53
Jan 28 14:57:42 Pineapple daemon.info dnsmasq[1951]: using nameserver 192.168.1.1#53
Jan 28 14:57:42 Pineapple daemon.info dnsmasq[1951]: reading /tmp/resolv.conf.auto
Jan 28 14:57:35 Pineapple user.notice firewall: Reloading firewall due to ifup of wan (wlan0)
Jan 28 14:57:35 Pineapple daemon.notice netifd: Interface 'wan' is now up
Jan 28 14:57:35 Pineapple daemon.notice netifd: wan (1231): Lease of 192.168.1.15 obtained, lease time 10800
Jan 28 14:57:34 Pineapple daemon.notice netifd: wan (1231): Sending select for 192.168.1.15...
Jan 28 14:57:32 Pineapple daemon.notice netifd: wan (1231): Sending discover...
Jan 28 14:57:31 Pineapple kern.info kernel: [ 3113.620000] br-lan: port 2(wlan0-1) entered forwarding state
Jan 28 14:57:29 Pineapple kern.info kernel: [ 3111.620000] br-lan: port 2(wlan0-1) entered forwarding state
Jan 28 14:57:29 Pineapple kern.info kernel: [ 3111.610000] br-lan: port 2(wlan0-1) entered forwarding state
Jan 28 14:57:29 Pineapple daemon.notice netifd: wan (1231): Sending discover...
Jan 28 14:57:26 Pineapple daemon.notice netifd: wan (1231): Sending discover...
Jan 28 14:57:26 Pineapple daemon.notice netifd: wan (1231): udhcpc (v1.19.4) started
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.690000] wlan0: associated
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.680000] wlan0: RX AssocResp from 00:14:c1:26:fd:58 (capab=0x411 status=0 aid=1)
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.680000] wlan0: associate with 00:14:c1:26:fd:58 (try 1/3)
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.660000] ath9k ar933x_wmac: wlan0: disabling VHT as WMM/QoS is not supported by the AP
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.650000] ath9k ar933x_wmac: wlan0: disabling HT as WMM/QoS is not supported by the AP
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.640000] wlan0: authenticated
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.640000] wlan0: send auth to 00:14:c1:26:fd:58 (try 1/3)
Jan 28 14:57:25 Pineapple kern.info kernel: [ 3107.630000] wlan0: authenticate with 00:14:c1:26:fd:58
Jan 28 14:57:20 Pineapple kern.info kernel: [ 3102.090000] device wlan0-1 entered promiscuous mode
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.330000] br-lan: port 2(wlan0) entered disabled state
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.330000] device wlan0 left promiscuous mode
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.260000] br-lan: port 2(wlan0) entered disabled state
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.210000] br-lan: port 3(wlan0-1) entered disabled state
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.200000] device wlan0-1 left promiscuous mode
Jan 28 14:57:17 Pineapple kern.info kernel: [ 3099.200000] br-lan: port 3(wlan0-1) entered disabled state
Jan 28 14:56:47 Pineapple daemon.info dnsmasq-dhcp[1951]: DHCPACK(br-lan) 172.16.42.170 a0:f4:50:53:30:6d android-e92e933ef362b0fd
Jan 28 14:56:47 Pineapple daemon.info dnsmasq-dhcp[1951]: DHCPREQUEST(br-lan) 172.16.42.170 a0:f4:50:53:30:6d
Jan 28 14:56:46 Pineapple daemon.info hostapd: wlan0: STA a0:f4:50:53:30:6d IEEE 802.11: associated (aid 1)
Jan 28 14:56:46 Pineapple daemon.info hostapd: wlan0: STA a0:f4:50:53:30:6d IEEE 802.11: authenticated
Jan 28 14:56:03 Pineapple kern.info kernel: [ 3025.470000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29
Jan 28 14:56:03 Pineapple kern.info kernel: [ 3025.340000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin'
Jan 28 14:55:30 Pineapple user.notice usb-modeswitch: 1-1.2:1.0: Manufacturer=Ralink Product=802.11_n_WLAN Serial=1.0
Jan 28 14:55:30 Pineapple kern.debug kernel: [ 2992.820000] Registered led device: rt2800usb-phy2::quality
Jan 28 14:55:30 Pineapple kern.debug kernel: [ 2992.820000] Registered led device: rt2800usb-phy2::assoc
Jan 28 14:55:30 Pineapple kern.debug kernel: [ 2992.820000] Registered led device: rt2800usb-phy2::radio
Jan 28 14:55:30 Pineapple kern.debug kernel: [ 2992.820000] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
Jan 28 14:55:30 Pineapple kern.info kernel: [ 2992.810000] ieee80211 phy2: rt2x00_set_rf: Info - RF chipset 0005 detected
Jan 28 14:55:30 Pineapple kern.info kernel: [ 2992.780000] ieee80211 phy2: rt2x00_set_rt: Info - RT chipset 3070, rev 0201 detected
Jan 28 14:55:30 Pineapple kern.info kernel: [ 2992.640000] usb 1-1.2: reset high-speed USB device number 5 using ehci-platform
Jan 28 14:55:30 Pineapple kern.info kernel: [ 2992.400000] usb 1-1.2: new high-speed USB device number 5 using ehci-platform

And DMESG:

[ 2992.400000] usb 1-1.2: new high-speed USB device number 5 using ehci-platform
[ 2992.640000] usb 1-1.2: reset high-speed USB device number 5 using ehci-platform
[ 2992.780000] ieee80211 phy2: rt2x00_set_rt: Info - RT chipset 3070, rev 0201 detected
[ 2992.810000] ieee80211 phy2: rt2x00_set_rf: Info - RF chipset 0005 detected
[ 2992.820000] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
[ 2992.820000] Registered led device: rt2800usb-phy2::radio
[ 2992.820000] Registered led device: rt2800usb-phy2::assoc
[ 2992.820000] Registered led device: rt2800usb-phy2::quality
[ 3025.340000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin'
[ 3025.470000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29
[ 3099.200000] br-lan: port 3(wlan0-1) entered disabled state
[ 3099.200000] device wlan0-1 left promiscuous mode
[ 3099.210000] br-lan: port 3(wlan0-1) entered disabled state
[ 3099.260000] br-lan: port 2(wlan0) entered disabled state
[ 3099.330000] device wlan0 left promiscuous mode
[ 3099.330000] br-lan: port 2(wlan0) entered disabled state
[ 3102.090000] device wlan0-1 entered promiscuous mode
[ 3107.630000] wlan0: authenticate with 00:14:c1:26:fd:58
[ 3107.640000] wlan0: send auth to 00:14:c1:26:fd:58 (try 1/3)
[ 3107.640000] wlan0: authenticated
[ 3107.650000] ath9k ar933x_wmac: wlan0: disabling HT as WMM/QoS is not supported by the AP
[ 3107.660000] ath9k ar933x_wmac: wlan0: disabling VHT as WMM/QoS is not supported by the AP
[ 3107.680000] wlan0: associate with 00:14:c1:26:fd:58 (try 1/3)
[ 3107.680000] wlan0: RX AssocResp from 00:14:c1:26:fd:58 (capab=0x411 status=0 aid=1)
[ 3107.690000] wlan0: associated
[ 3111.610000] br-lan: port 2(wlan0-1) entered forwarding state
[ 3111.620000] br-lan: port 2(wlan0-1) entered forwarding state
[ 3113.620000] br-lan: port 2(wlan0-1) entered forwarding state

7. Question: What is the simplest way to distribute a manualy encoded SSID and to let connect targets to it and to give them access to internet?

Sorry for that long post with a lot of question/problems and thank you in advance for your precious help!

It's really discouragingly not to see a simple result of catching one single target and giving him an internet access ... :-(

[daniboy92]

Sort of answering my question, but i still see a problem.

Solution to the question above.

To deauth in PinAP i had to turn on the whole suite. Turing on PineAP only didn't do it for me.

Where i see a little problem however is that once the client is booted from the AP. The Client could reconnect after a minute or so.

Is there a possibility of sending a continuous deauth?

Thanks

Even the harvester?

[cheeto]

cheeto, on 24 Jan 2015 - 12:46 AM, said:
Sort of answering my question, but i still see a problem.
 
Solution to the question above.
 
To deauth in PinAP i had to turn on the whole suite.  Turing on PineAP only didn't do it for me.
 
Where i see a little problem however is that once the client is booted from the AP.  The Client could reconnect after a minute or so.
Is there a possibility of sending a continuous deauth? 
 
Thanks
Even the harvester? 

I don't think Harvester is needed to death anyone.

Anyway I recommend trying it. You can easy deauth clients (instead of an AP's). Again, the only drawback I see is that the deauthed device can log back into the AP after a minute or so.

Another minor issue i have is that I can't deauth clients with my smartphone (Samsung S4) because the mkv's menu doesn't scroll when using the mobile version of the interface. I'm currently using the stock Android browser and Chrome. Can anyone recommend a different browser?

Cheers

[mdax]

I'm having a great time playing with PineAP, very cool watching the intelligence report fill up with clients.

What is the best way to retain client information and logs?

Do you'all have quick scripts that copy off the /tmp/karma*log file?

I had an issue when connecting to public wifi on wlan2. My Network>Access Point was set to channel 11 which conflicted with the public internet I tried to connect to as client. I changed the Access Point to channel 13, restarted the wireless and then lost admin panel/network.

At home I found that channel 13 isn't supported in the logs, are there other ranges I should not use for the Access Point?

My wife is getting sick of me targeting her devices, but it's great fun!

[bytedeez]

Not sure if this might have something to do with your channel 13 issue but in the USA we use channels 1-11, it might be an FCC regulation that channel 13 isn't supported (or a bug).

Someone more qualified than myself may be able to answer this though, i am just guessing.

[jsnyder81]

Here is my Scenario:

I've been playing with Pine AP in 2.2. I enable PineAP and Dogma. I specify an SSID in my PineAP management list.

The client can see the SSID normally.

When the client goes to connect they are unable to join.

When I do a packet capture, the Association Response from the Pineapple gives a status code 1 (Unspecified Failure).

Are others seeing this? Am i missing something to just have the pineapple advertise a SSID?

PCAP of Association:

https://www.dropbox.com/s/l90phqsjppkm0ah/PineAP-AssociationFailure.pcapng?dl=0

[jsnyder81]

So, it turns out that you need Karma turned on in order for a client to connect. Without Karma, i received the error above. With Karma, the PineAP with Dogma works normally.

[thegingerone]

Hi all

Just noticed an issue and wondering if I have hit the limit on the number of SSIDs that can be in the in the ssid_list file before Harvester cannot add new ones.

The current number of SSIDs that I have is 1017 unique network names. I started up PineAP on WLAN0 and then enabled WLAN1 and enabled Dogma, Beacon Response and Harvester.

I noticed there were no new SSIDs been added to the list even though in the Karma log there were requests for SSIDs not in the list.

I also noticed that nuking the list caused Dogma and Harvester to start working again.

I am not too sure if its a limit or an issue with my ssid_list file that is causing this.

Any ideas, thoughts?

[Bodd]

Hmm when i add my computer mac in the karma blacklist i cant acess the pineap markV , but if i use another wireless card (not blacklisted) i can acess .

Tried to take my computer off the blacklist mac filter and i could acess markv again . (Even with karma off)

It this a bug , or normal .? Want to manage by wifiacess on the markV ..

I have MK2 firmware 2.2.0

/Bodd

[Sebkinne]

Hmm when i add my computer mac in the karma blacklist i cant acess the pineap markV , but if i use another wireless card (not blacklisted) i can acess .

Tried to take my computer off the blacklist mac filter and i could acess markv again . (Even with karma off)

It this a bug , or normal .? Want to manage by wifiacess on the markV ..

I have MK2 firmware 2.2.0

/Bodd

Currently this is how it works.

We just finished a complete re-write of the old karma and have changed this behavior.

Best Regards,

Sebkinne

[ZaraByte]

I'm just curious as to which setting im using would be causing an issue with trying to connect to the pineapple i have all the features enabled for PineAP

Dogma and all the other ones problem i noticed is i try to connect to a SSID it has in the SSID management area but its unable to connect to the pineapple trys to connect over and over again is their a setting with all of them checked causing this issue?

[Jason Groth]

Quick question,

Similar to Darren's birdhouse idea, I am only looking to harvest SSIDs, MACs, etc. and not broadcast any of the honeypot names. I have the PineAp and Harvester box checked, and the source as my pineapples MAC and the target is obviously ff:ff:ff:ff:ff:ff.

Basically to allow me to know who was in the area of my house at certain times.

Anyway, is there something obvious that I am missing? Keep in mind, I don't want anyone actually connecting to my device, just passive monitoring. The SSID list doesn't pick anything up with just the harvester and PineAP boxes checked.

-Jason

[pininn]

hello,i read somewhere that using this infusion i can get the password of the access point that have been connected to by any device around me.

if i well understand,enabling all the infusion options,i mimic any router know by a device.

for me it works in this way

1)i have an iphone an android and a laptop

2)all the devices search for hotspots they have been connected to

3)i go to pineapple panel and i see that some devices are in range(this 3)

4) i see that they are connected to a specific hotspot(even if i know that this hotspots are very far from me)

5)i go to the wifi settings of any of the devices,and i see that they are connected to hotspots not close to me

6)where do i find the passwords that the devices used to authenticate to the hotspots they belive are true?

thank you

[dustbyter]

Last I checked, this is not possible. We can't get the passcode used to connect to the access point.

[pininn]

Thank you.so once i get to the point I see the devices connected,what can I do?

[m40295]

I would suggest learning a bit more

The pineapple university is super helpful. https://forums.hak5.org/index.php?/forum/80-wifi-pineapple-university/

[pininn]

ok,i start from there.anyway,is it confirmed that even if i see the devices associated,i have no way to save the passwords used to associate?

thank you

[Ronix]

Ok so, I'm a helluva noob, but what the pineapple is actually doing is taking in the SSID's and just rebroadcasting those SSID's out UNLOCKED. The device that is connecting to the, unlocked, spoofed SSID doesn't have to give up a passcode to connect because it's not asked for one.

Open up your AP list on your device, phone, laptop whatever, and you'll see 2 of each SSID (if the Pineapple has polled all the available AP's) you'll see one that's locked, that's the "real" one and one that's unlocked. The trick is that the Pineapple is supposed to over power the real AP. So when you de-authenticate the client on the real AP, it will reattempt to connect to the spoofed one, theoretically, because it's a stronger signal.

No password has been transferred.

Also,....

https://forums.hak5.org/index.php?/topic/34698-how-many-devices-are-vulnerable-to-pineapple/

It won't answer your question per se, but what this points out is that this type of stuff, this tech is ever changing. It doesn't stay stagnant. I thought this was a really good, albeit short, post. If you want to learn this discipline, you gotta be on top of it. History is set in stone, this changes like the tide.

Edited February 16, 2015 by Ronix