Urieal Posted September 10, 2014 Share Posted September 10, 2014 So I just want to bring to the attention of the experts.. We're currently on assignment and our Mark V is really dropping the ball for us. Scenario 1.)Pine AP - enabled Karma MK5 - enabled Beacon Responder - enabled Harvester - Enabled using the TILE FOR ETTERCAP ettercap on br-lan, hit start. using the TILE FOR SSLSTRIP hit start. -- So long and short, we activate this. Ettercap turns off / stops working after about 30 seconds. -- In otherwords it STOPS WORKING. SSL Strip looks like its working Pine AP, Karma, Beacon, Harvester all reset back to 'disabled' after about 5 minutes. What am I doing wrong? Scenario 2.) To actually get ETTERCAP to work we've gone ahead and ssh'd into it Via Putty cd /sd ettercap -Tq -i br-lan -w filename.pcap This scenario works, but prevents us from enabling pineap or any of those options in the web browser. sure enough after about 30 minutes It stops working too. Can someone please tell me why this isn't working. We bought hte pineapple with intention of using it for our pen testings. but so far its been headache after headache We are having far more benefi from kali linux and simple etter capping the network that way Ultimately we want to use the Mark V though Please someone - anyone... :\ Sadly, not impresssed or happy at the moment. I even followed the advice of Whistleblower in another thread, but still no dice -- it simply stops working. Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted September 10, 2014 Share Posted September 10, 2014 You're not trying to run both PineAP suit and ettercap on the same interface right? Quote Link to comment Share on other sites More sharing options...
m40295 Posted September 11, 2014 Share Posted September 11, 2014 Free space, internal. Could it be full of logs I was having issues till I cleaned. Now mine seems to be responding well Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted September 14, 2014 Share Posted September 14, 2014 http://indonetworksecurity.com/linux/fix-ettercap-ssl-dissection-needs-a-valid-redir_command_on.htm Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted September 14, 2014 Share Posted September 14, 2014 (edited) When i run ettercap the victim lose his connection, i get this error from ettercap: SSL dissection needs a valid ‘redir_command_on’Privileges dropped to UID 65534 GID 65534 Tried this: http://indonetworksecurity.com/linux/fix-ettercap-ssl-dissection-needs-a-valid-redir_command_on.htm But when i change it, ettercap still with the message: SSL dissection needs a valid ‘redir_command_on’Privileges dropped to UID 0 GID 0 I think it's a firmware issue because i test it with a reseting pineapple. I still losing my connection and without sniff nothing. Edited September 14, 2014 by daniboy92 Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 14, 2014 Share Posted September 14, 2014 http://indonetworksecurity.com/linux/fix-ettercap-ssl-dissection-needs-a-valid-redir_command_on.htm Nice find. Quote Link to comment Share on other sites More sharing options...
Urieal Posted September 15, 2014 Author Share Posted September 15, 2014 (edited) http://indonetworksecurity.com/linux/fix-ettercap-ssl-dissection-needs-a-valid-redir_command_on.htm Want to give an update as to where we're at. We can't seem to locate the etter.conf file anywhere on the sd card (Where the infusion was installed to) We're now looking for it on the pineapple itself... We recently reset the pineapple to default settings (as if we unboxed for the first time.) I went to the infusion pineapple bar, installed ettercap. The Live Tile was 'red' and said Install dependancies. We hit install and after a few moments the tile refreshed on its own and was green (normal). We hit start and were greeted with the log Listening on eth0... (Ethernet) eth0 -> 00:13:37:A5:2D:8A invalid invalid SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to UID 65534 GID 65534... 28 plugins 39 protocol dissectors 53 ports monitored 7587 mac vendor fingerprint 1698 tcp OS fingerprint 2183 known services Starting Unified sniffing... According to the link supplied by Whistleblower the goal is to edit the etter.conf file. Our issue: We can't find it ANYWHERE on the Pineapple? Perhaps its in a certain folder? We're happy to edit it, but still at this point can't seem to locate it... Is this happening to everyone who installs ettercap? Did we screw something up? -- Update 4:37 Changed the UID's to 0 -- Still getting the error SSL dissection needs a valid 'redir_command_on' script in the etter.conf file So what we did was went to line 168 and 169 and removed the # on the ip_tables line. I cant help but feel like we've done something wrong here in general. There is no way everyone is experiencing the same problem as us.. Any and all assistance would be greatly appreciated on resolving this issue.... -- Update 4:57pm. 1.) Reinstalled Pineapple factory settings. 2.) Installed Ettercap infusion 3.) Large Tile was 'red' with INSTALL link on it. 4.) Clicked install 5.) Waited a few moments, the tile refreshed on its own 6.) Hit 'start' on the br-lan interface 7.) Received error SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to UID 65534 GID 65534... 8.) Used Whistleblowers link and putty'd our way onto the pineapple nano /etc/etter.conf 9.) changed ec_uid and ec_gid to 0 and SAVED the file. 10.) Attempted to run ettercap, and was given the same SSL error, however it now says SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges droped to UID 0 GID 0... 11.) SSH'd back into the pineapple and opened /etc/etter.conf once again 12.) Modified Line 168 and 169 and unhashed the iptables for SSL Forwarding. 13.) Saved the file, rebooted the pineapple and now it appears that it may be working.. Tested it with internet explorer. We also took the time to ssh in and run cat /proc/sys/net/ipv4/ip_forward Which displayed 0. I guess in the end, it looks like its working, albeit slower than molasses on a cold winter day. This is a lot of work from the simple 'select the interface and hit start' we originally recieved. Personally, I'd love to know did we do something wrong? When I hit install on the large tile when it was in red, should I have waited, should something else have happened? Did we edit the right file. Overall, Whistleblower, can you please give us an update on how we're doing, if we messed up in the process. and perhaps would it be best to reinstall 'again' but perhaps wait longer on the 'install' click in the large tile? Forever greatful, (You should PM me your paypal if you ahve one, happy to donate.) Edited September 15, 2014 by Urieal Quote Link to comment Share on other sites More sharing options...
Urieal Posted September 15, 2014 Author Share Posted September 15, 2014 1.) I'm navigating to the pineapple bar and selecting ettercap. I'm installing it to SD Storage. 2.) The main tile page refreshes and I'm greeted with a red tile (Ettercap)I've let it sit for almost 20 minutes, - nothing - I decided to hit Install at the bottom and WAIT. 3.) Eventually the tab is refreshed and I get this as a popup. 4.) I select br-lan and hit start and am greeted with the following:ANyone connect to the device loses internet.. At this stage of the game we've been advised to change the ged and uid to 0 in etter.conf (This file is located in /etc/etter.conf -- not to be confused with the /usr/ path linked in the guide from WhistleBlower earlier). Quote Link to comment Share on other sites More sharing options...
Urieal Posted September 15, 2014 Author Share Posted September 15, 2014 Stage 5.) We have edited the etter.conf file located /etc/etter.conf via nano We have edited the uid and ged values to 0. We rebooted the pineapple and restarted ettercap. - All devices connected - lose internet at this point again. - Quote Link to comment Share on other sites More sharing options...
Urieal Posted September 15, 2014 Author Share Posted September 15, 2014 Step 6.) We went back into the etter.conf file, have changed the uid / gid in step 5 AND proceeded to remove the #'s surrounding ip forwarding. We then rebooted the pineapple and restarted ettercap.Clients connected to the Pineapple still have internet at this point and redir_command_on is no longer showing. It 'appears' to be fixed... Quote Link to comment Share on other sites More sharing options...
Urieal Posted September 15, 2014 Author Share Posted September 15, 2014 We've got it working now, -we think-, internet is still active for users whom are connected and in partnership with sslstrip all seems to be operational. Thus, the question. - Earlier on it was advised that if installed correctly, you simply select your interface and hit start..... clearly in our attempts this did not work. Is this a known problem, did we skip a step, is there something we're not seeing here? We'll be on deployment this Tuesday for about a week.... and want to bring the pineapple along for the assessment -- however, until I know for sure its certain I right now have a fewhundred dollar paperweight. Anyone able to chime in? Quote Link to comment Share on other sites More sharing options...
fringes Posted September 16, 2014 Share Posted September 16, 2014 Forever greatful, (You should PM me your paypal if you ahve one, happy to donate.) You should be able to just click the link in his signature block. Quote Link to comment Share on other sites More sharing options...
Urieal Posted September 16, 2014 Author Share Posted September 16, 2014 I'd recommend you take a look at this thread:https://forums.hak5.org/index.php?/topic/33629-on-assignment-disappointed-with-mark-v/ Towards the bottom is how we got it to work (AND) keep the internet sharing alive. Still waiting on an official word, but the above worked well for us... Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted September 16, 2014 Share Posted September 16, 2014 (edited) I'd recommend you take a look at this thread: https://forums.hak5.org/index.php?/topic/33629-on-assignment-disappointed-with-mark-v/ Towards the bottom is how we got it to work (AND) keep the internet sharing alive. Still waiting on an official word, but the above worked well for us... Thank you Urieal, I was reading and making all your steps and now my ettercap doesn't show 'SSL dissection needs a valid ‘redir_command_on', but still losing internet connection. I run ettercap with sslstrip, i will try only sslstrip and ettercap alone, and see if there is a problem running both. EDIT: There is a strange issue with ettercap definitely... I run sslstrip alone, and works perfect, with 80% speed loading webs. Then run ettercap alone and doesn't work. Running both, obviously not. After that, change UID and GID again to 65534 and reboot it. Try sslstrip alone, perfect. Try ettercap, works with a slow connection. Running both, loads more slowly and then, lose internet again... I think if there is a problem with ettercap alone or also with sslstrip's compatibilities. EDIT2: I forgot to set echo 1 > /proc/sys/net/ipv4/ip_forward, setting this now i have working ettercap+sslstrip perfectly. Also change again UID and GID to 0. Edited September 16, 2014 by daniboy92 Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted September 16, 2014 Share Posted September 16, 2014 (edited) You aren't the only. I have this issue and can't get a working ettercap with sslstrip and even without it.I just get eliminate the error message from SSL dissection and was making all your tips, with a simple installation I was getting that error and losing Internet. EDIT: Ok, i forget to set echo 1 > /proc/sys/net/ipv4/ip_forward , everytime ettercap it's ON this value change. It's necessary to set this value each time. Edited September 16, 2014 by daniboy92 Quote Link to comment Share on other sites More sharing options...
barry99705 Posted September 16, 2014 Share Posted September 16, 2014 That's me on the cornerThat's me by the stop lightLosing my connectionTrying to etter kap youAnd I don't know if I can do it Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted September 16, 2014 Share Posted September 16, 2014 (edited) Don't forget that infusion are most of the time interface to existing tools, such as ettercap, and normal linux principles are still valid on the pineapple (e.g. conf files in /etc/), so you were correct to put etter.conf in /etc/. That's said, I could integrate the configuration changes (UID to 0 and redir_command_on) at the first install of the infusion. Maybe for next version ;) Edited September 16, 2014 by Whistle Master Quote Link to comment Share on other sites More sharing options...
hfam Posted September 16, 2014 Share Posted September 16, 2014 (edited) That's me on the corner That's me by the stop light Losing my connection Trying to etter kap you And I don't know if I can do it Oh no, I've cap'd too muchSd's not large enough.... Edited September 16, 2014 by hfam Quote Link to comment Share on other sites More sharing options...
barry99705 Posted September 16, 2014 Share Posted September 16, 2014 (edited) Oh no, I've cap'd too much Sd's not large enough.... Awesome! Couldn't come up with the next lines! The crappy part is I've had that song stuck in my head all day now... Having freshman year of high school flashbacks too. Edited September 16, 2014 by barry99705 Quote Link to comment Share on other sites More sharing options...
mw3demo Posted September 16, 2014 Share Posted September 16, 2014 (edited) This reminds me, any chance getting ettercap/other packages updated? Updates to the pineapple firmware are great, Sebs done a fanstastic job. The MKV has no problem getting a bunch of clients, recon/scanning is pretty much covered, we now need more tools for exploit and maintaining access. The current version is 7 years old. I posted this ticket a couple months back: https://wifipineapple.com/?portal&bugs&action=view&id=141 , understand packaging isn't straight forward from link in the ticket, and most of the packages are based on the OpenWrt repository, so it may take some time. Here is is the changelog from the current OpenWrtw package, 0.7.3, to 0.8.0: 0.8.0-Lacassagne 20130921 !! Fixed some problems in fork and execve usage in case of command failure (sslstrip) !! Fixed dropping privileges for remote_browser plugin ran as root !! Fixed infinite loop when a http GET was issued on the attacker browser, while remote_browser was active !! Fixed some "atexit" bad references !! Fixed plugin load on text interface, if no number were entered !! Fixed problem spotted when ethtool wasn't installed on the machine !! Fixed old "ethereal" references !! Fixed missing newlines in printf !! Switching to ps2pdf as default (from ps2pdf13), it should point to ps2pdf14 on all distros !! Fix cmake file, dropped MACPORTS_BASE_DIRECTORY !! Fix problem in "stopping attacks" window not properly shown in gtk !! Fix problem in wrong pcap file saving !! Fix issue in send_udp function !! Fix problem in libnet rc detection !! Fix restore ip_forward by retrying up to 5 times !! Fix socket issues !! Fix for hex format display !! New send_tcp function, taking payload and length !! Fixed memory leak in remote browser plugin !! Fixed comparison bug in ec_decode !! Fixed UI input for GTK !! Fixed some memory leaks !! Fixed man pages and AUTHORS file !! Fixes in sslstrip plugin !! Many etter.dns fixes !! Many documentation fixes !! A ton of refactors/fixes in Cmake scripts !! Fix GTK crash when scanning hosts !! Fix build failure on Mac OS X 10.6 !! Crash fix in target selection !! Disabled UID change for remote browser plugin !! Fixed remote browser plugin !! A ton of fixes in protocols and dissectors (dhcp, http, ppp, mpls) + New ettercap logo + Renamed help menu to "?", to avoid double "H" shortcut + New WARN_MSG warning message + Added message in DHCP spoofing when no mitm has started + New horizontal scrollbar for messages in gtk view + Disabled offload warning messages (only in Release mode) + New ettercap-pkexec, policy and ettercap.desktop files for launching ettercap -G as a normal user with sudo privileges + Automatic host list refresh in GTK GUI after scanning + New fraggle plugin attack + New fields in etter.fields file + Cherry picked debian patches (svg icon) + Added content print on http dissector + Added support for negative dns replies + Creation of (experimental) unit tests + Creation of (experimental) libettercap + Now you can build just the ettercap library (libettercap) without any GUIs + Added travis-ci support + DNS spoofing for IPv6 addresses + PDF Docs generation is not optional + Added SRV query handling to DNS spoof + New mDNS spoof plugin + New low level decoders + New decoder for ip over pppoe + Added PPP DLT to interfaces + Add experimental Lua support to Ettercap + New Bundle libnet and curl + Full support for wifi decrypting (wep and wpa) - Disabled update feature (not working anymore and not secure) - Deprecated napster dissector 0.7.6-Locard 20130327 !! Fixed some parsing errors !! Fixes to TN3270 dissector and SSL Strip !! PostgreSQL dissector: Update output format to reflect release syntax for John the Ripper 1.7.9-Jumbo-8. The old format is still supported, but deprecated. !! Fixed memory leak in SSL Strip plugin !! Fixed check in invalid ip header !! Fixed QoS packets handling (they aren't dropped anymore) !! Fix in o5logon Heap Corruption !! New and updated OUI file !! Some memory leaks fixed !! Fixed some bugs in return values and fstat failures handling !! Fixed a bug in some password display (didn't get null terminated) !! Many fixes in gcc warnings when building !! Better cmake module to find curl and libnet !! Fixed bug in filters load !! Fixes in HTTP and HTTPs protocols !! Fixed UI deadlock !! Fixes in tcp and http handling (infinite loop and crash) !! Better reads in BGP to avoid invalid reads + New logo + Added ascii FQDN support to DHCP ACK + Added UA parsing to http packets + Added support for IPv4 and IPv6 Tunnels + New mDNS dissector + Added PPI support (per packet information) for wireless captures + Ensure that we find required packages with cmake + New clean-all cmake target + Print a message when done reading PCAP file - Removed 'u' and 'p' fields from etter.fields 0.7.5.3-Assimilation 20130201 !! Fixed ncurses host scan crash (already fixed in 0.7.5.2) !! Fixed ppp connection crash (already fixed in 0.7.5.2) !! Fixed only MiTM mode selecting text interface + Changed to version 0.7.5.3 to help distributions. 0.7.5.2-Assimilation 20130129 !! applied patch to fix CVE-2012-0722 !! fixed username detection in TN3270 dissector + Added new private-key and certificate-file options for SSL MiTM + Fix for crash in ncurses multiple scan for host mode + Fix for crash in ppp0 connections 0.7.5.1-Assimilation 20130103 !! fixed set_blocking() method preventing SSL MiTM from working !! changed SSLStrip plugin to use PCRE !! more improvements to SSLStrip plugin + Added MySQL 5.x dissector + Added O5Logon dissector + Added iSCSI CHAP dissector + Added TN3270 dissector + Added MongoDB dissector 0.7.5-Assimilation 20121015 !! fixed more memory leaks !! improved GTK GUI !! changed build system to CMake. + Added IPv6 poisoning and capture. + Added NBNS spoof plugin. + Added SSLStrip Plugin (EXPERIMENTAL) 0.7.4-Lazarus 20111202 !! fixed resource depletion issue !! buffer access out-of-bounds issues !! fixed DNS dissector not working on 64bit systems !! multiple buffer overflows !! multiple memory leaks !! multiple files with obsolete code !! fixed SEND L3 errors experienced by some users !! fixed a compilation error under Mac OS X Lion !! updated build system (Please see bug track for issue specifics) NG-0.7.4 2005 + added the radius dissector + go into unoffensive mode if libnet initialization fails !! etterfilter now accepts empty blocks !! the log files are closed on SIGTERM !! fixed a compilation error under Mac OS X Tiger !! fixed an improper handling of wdg_dynlist callback !! fixed bound checking in some dissectors @Barry/hfam: Thanks. Now I am humming a 20+ (?) year old song. Even at points of silence, I feel like Michael is quietly whispering the song into my ear over my shoulder, really looking forward to sleeping tonight. I owe you a beer and a slap. :P Good job on the lyrics between you and hfam. :) Edit: Spelling Edited September 16, 2014 by mw3demo Quote Link to comment Share on other sites More sharing options...
shutin Posted September 18, 2014 Share Posted September 18, 2014 That's me in the corner. That's me in the spot light Trying to figure out ettercap Through a 3rd. party. interface. I know I should google. I know I should just. give up. But I paid money Now explain. how to hack. Quote Link to comment Share on other sites More sharing options...
d0n350n Posted October 11, 2014 Share Posted October 11, 2014 That's me in the corner. That's me in the spot light Trying to figure out ettercap Through a 3rd. party. interface. I know I should google. I know I should just. give up. But I paid money Now explain. how to hack. lol... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.