Phini Posted April 23, 2015 Share Posted April 23, 2015 (edited) Hi, something odd is happening with my new Wifi Pineapple. I set it up, also WPA2 for secure connections to manage the pineapple from my tablet or phone. I used this names: WPA2 Wifi: WifiAP honeypott-wifi: Wifi Though oddly enough I only see this in Win8(sorry for the inconvenience of german language): It looks like the Pineapple is spamming SSIDs of it's own network, though I put the SSID already in the Karma-Blacklist.... and the open "Wifi" and the secured "WifiAP" are only shown as "hidden network" at the bottom. I can't connect to the hidden networks with "Wifi" or "WifiAP" as SSID, only the "Wifi 2 3" lets me connect and then I can log into the Pineapple controlpanel. Somehow I'm sure that was meant to work different? Any idea what I'm doing wrong? Edited April 23, 2015 by Phini Quote Link to comment Share on other sites More sharing options...
Phini Posted April 26, 2015 Author Share Posted April 26, 2015 Problem persists. Oddly enough, even if I set it to factory settings. Is there a config-setting (perhaps for the dip-switches) that I could try to test it to be fail-safe? Kinda looks like there's a hardware/config prob with one of the radios. I can't connect to the WPA2-interface, tested with 3 different devices. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted April 26, 2015 Share Posted April 26, 2015 Hi Phini, Please follow the "Unbricking a bricked WiFi Pineapple MKV" instructions. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
Phini Posted April 30, 2015 Author Share Posted April 30, 2015 (edited) Yeah, I did the unbrick-procedure and it starts properly, though I still have probs to connect to the WPA2 network of th Pineapple. Could it be that the problem is the Microsoft Surface Pro 3 or Windows 8.1? Windows shows only "hidden networks".... Edited April 30, 2015 by Phini Quote Link to comment Share on other sites More sharing options...
Phini Posted June 3, 2015 Author Share Posted June 3, 2015 Since I played today again with the Pineapple I encountered the same prob again: I can't login on the WPA2 wifi of the Pineapple. Sometimes I see its configured name, sometimes I only see "hidden network", not only on the Surface Pro but also on my S5. So, I assume it is a hardware-issue? Or did I config anything wrong that explains the behaviour? Another question: hows it done that with 2 Wifi-nics you get the honeypot, the WPA2 access and the packetinjectionstuff needed for everything else? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 5, 2015 Share Posted June 5, 2015 You did the initial setup over a wired connection right? Quote Link to comment Share on other sites More sharing options...
Phini Posted June 7, 2015 Author Share Posted June 7, 2015 Yes and no, I did both, did not make a difference, or should it? I feel a bit exhausted to factory-reset the Pineapple again and again just to end in the same scenario.... I also see no reason why windows tells me not the SSIDs but only the "hidden network" label while the webinterface shows that the SSID is transmitted. I doubt that Win8 would detect actually networks that don't transmit an SSID? Or is this a new feature? Quote Link to comment Share on other sites More sharing options...
funnybunny Posted June 7, 2015 Share Posted June 7, 2015 Might want to check your Network tile --> Access Point tab. There are two areas Open Access Point and Secure Management Access Point. Take note of the ? and review for their purpose. By default the Open Access Point will be hidden and the Secure Management Access Point you would have first setup during your initial flash. Quote Link to comment Share on other sites More sharing options...
Phini Posted June 8, 2015 Author Share Posted June 8, 2015 By default the Open Access Point will be hidden and the Secure Management Access Point you would have first setup during your initial flash. Yes, I really did read everything and (as far as I see) I understood for what it is used. The Open Access Point is the honeypot here, SSID is not hidden. And the Secure Management Access Point is set, too. But I can't connect over it, I enter the correct key but (even if I use something failsafe like 12345678) I don't get a connection. Can somebody make clear if both APs can run simultaneously AND that WLAN1 can be used for PineAP, too? Perhaps I miss something and WLAN1 can't be used for PineAP while the secure Management-AP is running? Please clarify this. Thanks :) Quote Link to comment Share on other sites More sharing options...
funnybunny Posted June 9, 2015 Share Posted June 9, 2015 Others correct me if I'm wrong but as I understand ref; PineAP wlan0 pulls in the clients and is the radio that clients connect to. Wlan1 is put into monitor mode, does beacon responses, beacons, deauth etc. So yes both wlan0 and wlan1 are supposed to be in use at the same time. Now as it relates to Network --> Access Points --> Open Access Point and Secure Management Access Point are running from wlan0. See /etc/config/wireless (ssh to your pineapple) radio0 you should see wifi-iface --> option ssid "Pineapple5_####" and an additional wifi-iface --> option ssid "YOUR CREATED SSID AT INSTALL CONFIG". Make sure your option key 'stupidpassword' is correct and your typing the right key. config wifi-device 'radio0' option type 'mac80211' option channel '11' option hwmode '11ng' option macaddr '00:13:37:##:##:##' option htmode 'HT20' list ht_capab 'SHORT-GI-20' list ht_capab 'SHORT-GI-40' list ht_capab 'RX-STBC1' list ht_capab 'DSSS_CCK-40' config wifi-iface option device 'radio0' option network 'lan' option mode 'ap' option ssid 'Pineapple5_####' option encryption 'none' option hidden '1' config wifi-iface option device 'radio0' option network 'lan' option mode 'ap' option encryption 'psk2+ccmp' option ssid 'Roomba' option key 'stupidpassword' option disabled '0' config wifi-device 'radio1' option type 'mac80211' option channel '11' option hwmode '11g' option macaddr '00:13:37:##:##:##' config wifi-iface option device 'radio1' option network 'lan' option mode 'sta' option ssid 'Pineapple5_%%%%' option hidden '0' option encryption 'none' Those wifi's are running on one device wlan0. Radio1 (wlan1) should have another Pineapple5_#### but the last four numbers are different. Wlan1 should not be up and running as an AP because its being used to listen and other stuff in PineAP. If after looking at your /etc/config/wireless and verifying your password, I'm not sure whats going wrong. I hate to tell you to factory.bin again, trust me I've done that alot myself, but I would also recommend doing the factory.bin and then manual upgrade-2.2.0.bin. See if the other firmware allows you to connect to your Secure Management Access Point. Quote Link to comment Share on other sites More sharing options...
Phini Posted June 12, 2015 Author Share Posted June 12, 2015 Thank you very much, as far as I can see everything is fine... Perhaps I did got the meaning of the MAC-blacklist wrong? I thought it will only blacklist Karma/Dogma/PineAP stuff do be done with the device, though "could it be" that it actually refuses already the wifi-connection? Then I did something stupid.... Is there a right way to keep my own devices from connection to the honeypot? Or is it only done by blacklisting my own networks SSID's? Thanks! Quote Link to comment Share on other sites More sharing options...
funnybunny Posted June 13, 2015 Share Posted June 13, 2015 To prevent your own SSIDs from being faked you should black list them. Now there is an issue within firmware 2.3.0 where some SSIDs are not getting black listed. I went back to firmware 2.2.0 and the black list is working fine. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted June 13, 2015 Share Posted June 13, 2015 To prevent your own SSIDs from being faked you should black list them. Now there is an issue within firmware 2.3.0 where some SSIDs are not getting black listed. I went back to firmware 2.2.0 and the black list is working fine. We really cannot reproduce this issue. What SSIDs are you unable to blacklist? Quote Link to comment Share on other sites More sharing options...
funnybunny Posted June 13, 2015 Share Posted June 13, 2015 I'll try to reproduce again. Stock loaded firmware 2.3.0 with no infusions. Connected via laptop eth0 (kali) to MKV. Power via MKV provided wall power. ./wp5.sh to provide internet Laptop connect to SSID 3MTA3_nomap, Linksys e4200 Tomato Firmware 1.28, via Kali wifi. Internet functioning PineAP --> Karma --> add 3MTA3_nomap to SSID black list black mode Karma log still set to /tmp All PineAP started ssh connection with top running just after starting PineAP added a spare cell phone via wifi to SSID 3MTA3_nomap to beacon the request reviewed karma log and found 3MTA3_nomap after the cell phone beacon MKV set to UTC reviewed current active faked SSIDs and 3MTA3_nomap is there Let me know if I'm doing something wrong. That last SSID is pretty funky. Anyway...focus. Hey do you think its because of the _ ? Cleared SSIDs, black list, karma log. Change wifi AP to 3MTA3. Reconnected to 3MTA3 SSID on kali laptop. ./wp5.sh again Internet still good and PineAP off. Added 3MTA3 to SSID black list in black mode Sorry reached my image limit in the forum so bear with me. All PineAP started. Added cell beacon to 3MTA3. 3MTA3 shows in PineAP. Shows as faked also. So not the _ Maybe my MKV is sP3ci4L... Quote Link to comment Share on other sites More sharing options...
funnybunny Posted June 13, 2015 Share Posted June 13, 2015 This is a little crud but might help some people in the mean time if they are experiencing their SSIDs being replicated. ssh to your MKV cd /sd nano remove_these_ssid.sh copy and paste...replace <YOUR SSID> here #!/bin/bash sed -i '/<YOUR SSID>/d' /etc/pineapple/ssid_file exit 0 save (ctrl+o) exit (ctrl+x) chmod +x /sd/remove_these_ssid.sh add * * * * * /sd/remove_these_ssid.sh to configuration --> schedule task and save should remove your SSID from the fake list every minute Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted June 14, 2015 Share Posted June 14, 2015 Thank you for the detailed report! Right now, the SSID will be replicated only by dogma (and collected by harvester) and not karma. What this does show is that we will still harvest blacklisted SSIDs, something we did intentionally (to harvest everything around us). We'll make sure that once blacklisted, an SSID cannot be harvested. Best regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
Phini Posted August 4, 2015 Author Share Posted August 4, 2015 (edited) Perhaps I found a bug in the driver of my Surface Pro 3, too? That one Honeypot-AP name that the Pineapple normally does stays in my Wifi-list in Windows 8.1 forever now, if I turn Wifi off it vanishes, if I turn wifi on it's back there, with other existing wifi-networks. The Thing is, the pineapple is turned off. :P WTF is my pineapple doing to my hardware? XD Do'h, never mind. Win8 just "saved" the network-name. The labeling in Win8 is so ridicules userunfriendly :P Edited August 5, 2015 by Phini Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.