barry99705 Posted January 21, 2016 Share Posted January 21, 2016 Heh. Wow, that escalated quickly. Every os has its pros and cons. I was anot Apple certified hardware and os tech for years. I gave up on them a couple years after they went intel. Jobs started getting too big for his britches this king he knew better than everybody else. I still support macs, but I won't spend another dollar on their hardware. Quote Link to comment Share on other sites More sharing options...
audibleblink Posted January 21, 2016 Share Posted January 21, 2016 So what were the resulting configs? Nano: IP: Gateway: OS X : IP: Gateway: Quote Link to comment Share on other sites More sharing options...
confuded Posted January 21, 2016 Share Posted January 21, 2016 winter_soldier, thanks for the script. I won't try it as it works it seems otherwise. I saw that thread, but the first post mentioned other issues and I thought it was not related to mine. barry99705, at least they didn't completely hijack the thread... audibleblink, Nano: IP: 192.168.2.2 (or anything up to 192.168.2.253) Gateway: 192.168.2.1 OS X : IP: NOT 192.168.2.1. Anything but that. Gateway: Empty - or you will lose your internet connection. Just for kicks. ~confuded Quote Link to comment Share on other sites More sharing options...
audibleblink Posted January 21, 2016 Share Posted January 21, 2016 Something just popped into my head: It's been mentioned before that once someone is connected to a fake AP, that client can access the IPs on the network providing the internet connection. For example: If my home network is 10.0.1.0/24 and I share my internet connection to the pineapple, the client that was captured at 172.16.42.XXX can ping something at 10.0.1.10. Bad Luck Brian if you happen to trap someone that knows what a pineapple is and knows how to use it better than you. This can be remedied with an IPTables rule saying that anything originating from the 172 network and destined for the 10 network be dropped. (or by not sharing your home internet when trying to pwn your neighbors =P) I'm wondering if this is something that Apple disables by default. @confunded - can you ping a device on your network from a trapped client with ICS enabled on the 192.168.2.0/24 network? Quote Link to comment Share on other sites More sharing options...
confuded Posted January 21, 2016 Share Posted January 21, 2016 (edited) audibleblink, no I can't ping my Mac nor can I see it using Fing (network tool for android). What I could see, and is a huge derp, is my pineapple! I can even log in form my victim! Fing reports ports 22, 53 and 80 open (ssh, dns and http). This is a big problem. I really don't want my targets knowing that they are being pwned... My thread was moves here. Maybe it is appropriate to rename the thread as it has to do more with ICS for Mac than for Client mode... Here is my /etc/config/network: config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth0' option type 'bridge' option proto 'static' option ipaddr '192.168.2.2' option netmask '255.255.255.0' option gateway '192.168.2.1' option dns '8.8.8.8, 8.8.4.4' config interface 'usb' option ifname 'usb0' option proto 'dhcp' option dns '8.8.8.8, 8.8.4.4' config interface 'wan' option proto 'dhcp' option dns '8.8.8.8, 8.8.4.4' And here if the output from ifconfig: br-lan Link encap:Ethernet HWaddr 00:C0:CA:8D:A6:55 inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9394 errors:0 dropped:64 overruns:0 frame:0 TX packets:5959 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1818930 (1.7 MiB) TX bytes:2447761 (2.3 MiB) eth0 Link encap:Ethernet HWaddr 00:C0:CA:8D:A6:55 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5732 errors:0 dropped:0 overruns:0 frame:0 TX packets:8048 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1646855 (1.5 MiB) TX bytes:2289132 (2.1 MiB) Interrupt:4 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:42 errors:0 dropped:0 overruns:0 frame:0 TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3442 (3.3 KiB) TX bytes:3442 (3.3 KiB) wlan0 Link encap:Ethernet HWaddr 00:C0:CA:8D:8F:E3 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6540 errors:0 dropped:0 overruns:0 frame:0 TX packets:4011 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:571506 (558.1 KiB) TX bytes:648241 (633.0 KiB) wlan1mon Link encap:UNSPEC HWaddr 00-C0-CA-8D-C0-6D-00-44-00-00-00-00-00-00-00-00 UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1 RX packets:69413 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:10567832 (10.0 MiB) TX bytes:0 (0.0 B) ~confuded P.S. How can I make the code quotes collapsable as not to clutter the thread? Edited January 21, 2016 by confuded Quote Link to comment Share on other sites More sharing options...
audibleblink Posted January 21, 2016 Share Posted January 21, 2016 The client will have to see the pineapple. It's their gateway. What you could do is drop packets coming from the client network to the gateway's dport of 1471 1 Quote Link to comment Share on other sites More sharing options...
confuded Posted January 21, 2016 Share Posted January 21, 2016 (edited) audibleblink, hmm. Can't apache, or whatever is running the web server, configured to only listen to certain networks? Same for ssh? Then the victims can be segmented into their own network maybe not in the tethering network. Although if a victim decides to change his NIC to an address in the 192.168.2.1/24 pool, it probably can still reach everything. Is there a way to segment that whole victim or tethered network off? It's a bit of a flaw having victims on your tethered network... ~confuded EDIT (as not to double post): I found Sebastian Kinne at DefCon 23 here (41m, 46s) speaking and saying that it is currently a problem, that you as the pineapple user and your victims are on the same network, so you are vulnerable to arp poisoning too. SSL is also off by default (they mentioned this problem and that there is a wiki for it). So i guess it isn't so simple. Darren Kitchen, if you are reading this - do you have any information on this point. Why can't we have 2 networks, one for victims and one for the pineapple user? They are on different NICs after all (in case of using the USB NIC). Edited January 22, 2016 by confuded Quote Link to comment Share on other sites More sharing options...
audibleblink Posted January 28, 2016 Share Posted January 28, 2016 For all future visitors looking for ICS on a Mac, regardless of version, here's a long-winded thing - https://forums.hak5.org/index.php?/topic/37483-ics-on-a-mac-a-future-resilient-howto/ 1 Quote Link to comment Share on other sites More sharing options...
Brian3656 Posted January 29, 2016 Share Posted January 29, 2016 For all future visitors looking for ICS on a Mac, regardless of version, here's a long-winded thing - https://forums.hak5.org/index.php?/topic/37483-ics-on-a-mac-a-future-resilient-howto/ Most concise methodology to sort the Mac OSx ICS problem I have ever read. IceFloor, various settings, this that the other thing, I slaughtered a couple of chickens and visited my local VooDoo priestess. STILL NO DICE! Kali 2.0 on Oracle VMbox gets it done for me. But since I've read this......I just might have to try it again. Trix are for kids...right? Thanks for the moment of clarity! Quote Link to comment Share on other sites More sharing options...
Jsteve Posted February 23, 2016 Share Posted February 23, 2016 nano its don't able to connect on hide network throw client mode? the scan results don't show me hide networks Quote Link to comment Share on other sites More sharing options...
TaNk5665 Posted March 10, 2016 Share Posted March 10, 2016 This message is for anyone to answer (if they can) but it is primarily focused to the Nano peeps... Could you give us MAC guys some love and assist us in getting the Nano setup on our MACS.. There are alot of ppl out there that use MACS with VM's on them.. I am one of them.. cant get the nano to the 'net through the VM or the OS X... We all paid some good money for this product, we would like to be able to use it on our laptops.. I spent 3K on a MAC so I wouldent have to buy a crappy windows lappy... Darren, if you could help us out with this, I would appreciate it.... Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted March 10, 2016 Share Posted March 10, 2016 Is it to late to return your crappy Mac? After all it's Apple's fault why ICS is not working:p and now that more and more ransomwear and virus are coming to Mac no more excuses. Everybody already using Windows for superior video editing.macbooks have been going downhill... Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted March 10, 2016 Share Posted March 10, 2016 (edited) K not hangry anymore ate at Popeye s :) understand your frustration but some forum post showed a work around did you search for it yet Edited March 10, 2016 by shadowmmm 1 Quote Link to comment Share on other sites More sharing options...
mikew Posted March 10, 2016 Share Posted March 10, 2016 (edited) I use a rMPB with Kali under Fusion. The easiest way is connect the nano after Kali is running and tell vmWare to connect the device to Kali and not the OSX. Then you can just run the wp6 script and everything works pretty well. I've also done it by connecting to the Mac, turning off assigning IP to that interface in MacOS then giving maping that NIC to a virtual switch in vmWare, but that's considerably more complicated. Edited March 10, 2016 by mikew Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted March 10, 2016 Share Posted March 10, 2016 https://forums.hak5.org/index.php?/topic/37483-ics-on-a-mac-a-future-resilient-howto/#entry272061 Quote Link to comment Share on other sites More sharing options...
Purrball Posted April 12, 2016 Share Posted April 12, 2016 (edited) Can anybody help explain how client mode is intended to work with an additional usb wifi dongle? My trouble is that when using it no clients can connect via PineAP, in fact they don't even seem to exist. Running a recon scan shows only my phone connected with Management AP, and the hotspot I'm connected to providing it internet. Here's the process and issues: -I connected my WiFi dongle, it becomes wlan2, which I've connected to another AP to provide internet to the NANO. -Connect via Management AP, able to control the NANO, great! -Make sure everything in PineAP is running. -Check for internet connectivity, it works, great. -Attempt to connect with another client device (phone, laptop, etc) and it just doesn't exist or broadcast anything. -Check Networking, and there's a bunch of stuff listed in DNS that wasn't there earlier (two 192.* entries for wlan2 and the default route for brlan) Should there be a specific route configuration when using client mode? What are the correct routes for Networking to enable internet sharing and use PineAP with the NANO's built in adapters (wlan0, wlan01, wlan1) as it normally would? It appears something is configured incorrectly, as it works flawlessly without using the additional adapter and just running through a host computer sharing internet. Am I missing something? Any help would be appreciated! Edited April 12, 2016 by purrball Quote Link to comment Share on other sites More sharing options...
Crackananases Posted May 11, 2016 Share Posted May 11, 2016 Hello everyone, Today I recieve my pineapple NANO and I am extremly happy. But there is something I can't get to work. How do i setup client mode on a wifi network that has a landing page that you need to accept? Is there a way to let the pineapple accept this page? Greeting, Crackananases Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.