Jump to content
Hak5 Forums
Whistle Master

[Official] Site Survey Module

Recommended Posts

On 07/05/2016 at 8:15 PM, Whistle Master said:

As I said, the problem is with aircrack, which is not 100% accurate. You have two other programs that you can use:

- Pyrit

- Cowpatty

 

Note: I've managed to run Pyrit on the pineapple. I will integrate it in the next release of the module to provide a more accurate information about handshake. I'll also add the option to "strip" a cap file to only keep the handshake, which will reduce the file size.

@Whistle Master would you be able to provide detail for the pyrit install onto the pineapple? I have been trying this myself and have tried the old ipk file

https://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages/pyrit_0.4.0-1_ar71xx.ipk

It seems to install OK but then running it gives errors: -

Traceback (most recent call last):
  File "/usr/bin/pyrit", line 4, in <module>
    import pyrit_cli
  File "/usr/lib/python2.7/site-packages/pyrit_cli.py", line 32, in <module>
    import cpyrit.cpyrit
  File "/usr/lib/python2.7/site-packages/cpyrit/cpyrit.py", line 41, in <module>
    import util
  File "/usr/lib/python2.7/site-packages/cpyrit/util.py", line 52, in <module>
    import _cpyrit_cpu
ImportError: File not found

Trying to build it locally on the pineapple gives me another error: -

unable to execute 'mips-openwrt-linux-uclibc-gcc': No such file or directory
error: command 'mips-openwrt-linux-uclibc-gcc' failed with exit status 1

I looked at cross compiling but that seems well out of my comfort zone at the moment. Any pointers would be much appreciated.

Edited by Just_a_User

Share this post


Link to post
Share on other sites

Is something wrong with the handshake capture ? Every cap file that, according to the module, should have a handshake in it seems not to have one in it. I uploaded them to onlinehashcrack and get this message: "we are unable to find any valid WPA handshakes in your file".

Anyone got the same issues and know how to resolve it ? Or maybe an alternative for collecting handshakes?

Share this post


Link to post
Share on other sites
HI , No handshake works. When i scan and i want to refresh the information my tetra beuf saturates and i am obliged to restart my tetra. what to do ? How to reset it completely?

Share this post


Link to post
Share on other sites

I'm wondering if it is possiable to add an extra feature to this module. I'm after a capture that is not targeted at individual AP's or clients but a collect on all AP/clients on all channels with selectable bands (2.4 & 5ghz). I currently do this in terminal with airodump-ng and use the .csv for in Maltego Casefile to produce a graphical map for the full network around me to identify possiable threats.

Share this post


Link to post
Share on other sites

Just got the tactical antenna upgrade for the nano and have been doing some testing with them.  Ive noticed that the scan under recon tab detects quiet a bit more ssids and clients than the the module does.  Do both scans use the same program to scan for networks and clients?

Share this post


Link to post
Share on other sites

Hi,

any news about handshake capture? I'm still get a capture file without handshake even if site survey module say that i got it...

Share this post


Link to post
Share on other sites
On 1/15/2017 at 7:57 AM, codeforge said:

Hi,

any news about handshake capture? I'm still get a capture file without handshake even if site survey module say that i got it...

this has been an issue since the module came out.  I have had good and bad luck with handshake captures for the sitesurvey module but I will say that for the most part i get more handshakes that not.  If you start capturing and 5sec later it shows a handshake capture and very little IVS, then most likely you dont have a handshake.  I also check all the handshakes with aircrack-ng throught the cli.

Share this post


Link to post
Share on other sites

Definitely my favorite module so far.  Hats off to @Whistle Master for the awesome work of populating 75% of the available mods.  And frankly to anybody who programs then.  Really appreciate it.

I've had mixed luck as @b0N3z mentions.  Sometimes I can grab a capture pretty quick within range.  Other times, the signal will be upwards of 75% or more and I can see the capture has started, IVS flowing but a Deauth (start, stop, start, refresh) and just waiting, doesn't always work.  Whereas the Aircrack suite pretty much works flawless to an AP with a client in range.

That being said, this is by far the most useful mod for quickly getting what you need and taking it offline to work elsewhere.

Share this post


Link to post
Share on other sites

I'm also having trouble with this on a tetra running FW 1.1.2. Does anyone know what the root cause of this is? It's really annoying having bought this only to have to fall back to a laptop running kali. This is the simplest use case for this device and it consistently fails at it :(

Share this post


Link to post
Share on other sites

@diabolic It's by far my favorite use of the Nano... discrete and you can grab the WPA Handshake and work it offline.

Everything else (URLSnarf, SSL, etc.. ) is somewhat intrusive.  But this.. it's just brilliant! 

What has worked for me is installing it to the SD card so there's never a question of space and to go for a Capture that is higher than 50% Quality.  Even then (last attempt) it failed to grab Message 3 of 4 for the EPOL but it was close.

Like the theads says.. aircrack-ng is the fastest method and works on the Pineapple.  Although I think it's much more flawless when a handshake is captured via my laptop than the Nano (both programs saying a handshake was captured).

Share this post


Link to post
Share on other sites

I've had much better luck using this module lately by:

  • ensuring there's enough space
  • a good quality signal prior to capture (35% signal quality is terrible)  I shoot for 60% (green indicator)
  • 200 IVS .. if I get a capture quickly, I just let it run for another 100 IVS.  In the past, I've stopped when it says WPA Handshake = YES and found that I missed just a single EPOL message.  By allowing it to go a few IVS past the success, I've seen my overall success rate increase

Love the PIneapple thus far but it's gotta be in close proximity.  A poor signal to begin with just leads to endless captures and frustrating deauth attempts.  Need to be in the green for signal quality to really be effective.  Not that it hasn't happened to me in maybe 45% signal quality but it's more rare and more time consuming.

Share this post


Link to post
Share on other sites

Hi,

I try to use the module SiteSurvey to catch Wpa handshake sbut I don't see all the client (just one or two if i'm lucky). My laptop or my mobile phone who are close to the wifi pineapple are not in the list. But if I connected to wifi pineapple in ssh and i launch "airodump wlan1mon (interface in monitor mode) ", I see all the clients connected to APs (my laptop and phone too).
Thanks.

Share this post


Link to post
Share on other sites
1 hour ago, denisit said:

Hi,

I try to use the module SiteSurvey to catch Wpa handshake sbut I don't see all the client (just one or two if i'm lucky). My laptop or my mobile phone who are close to the wifi pineapple are not in the list. But if I connected to wifi pineapple in ssh and i launch "airodump wlan1mon (interface in monitor mode) ", I see all the clients connected to APs (my laptop and phone too).
Thanks.

Just checking, do you have AP & Client selected?

 

Selection_013.png

Share this post


Link to post
Share on other sites

Yes, the option is actived because I see a client connected to an AP. But I don't know why I don't see the devices connected to my AP (which are closer). I've got at least 3 devices connected ( 2 mobile phones and 1 laptop). When I launch airodump on the Pineapple I see them but not in the web interface.

Share this post


Link to post
Share on other sites
50 minutes ago, denisit said:

Yes, the option is actived because I see a client connected to an AP. But I don't know why I don't see the devices connected to my AP (which are closer). I've got at least 3 devices connected ( 2 mobile phones and 1 laptop). When I launch airodump on the Pineapple I see them but not in the web interface.

strange one :)

1. How long are your scans that your doing? sometimes short scans dont pick up much.

2. Do you have filters set up? if so what are they? 

3. Do you get similar results when using the Pineapples Recon scan?

Share this post


Link to post
Share on other sites

1 . I tried 15sec,30sec, 1min and 2min, same result.
2. I haven't set up filters (I didn't see the option)
3. The recon scan display all the clients (even with a short scan).

Share this post


Link to post
Share on other sites
1 hour ago, denisit said:

1 . I tried 15sec,30sec, 1min and 2min, same result.
2. I haven't set up filters (I didn't see the option)
3. The recon scan display all the clients (even with a short scan).

Actually after running a few more comparisons it definitely doesn't display the same results as recon. I'm unsure if this is by design or not. The only thing I can suggest is that this module is aimed at deauthing and grabbing handshakes from AP's so the dev wanted to focus more on them... (im guessing) but its also useful to know which AP;s have clients .. for now you could run both a recon and sitesurvey as a work around. I think its maybe best to post to the actual modules thread and see if @Whistle Master has a better explanation if hes not busy.

Edited by Just_a_User

Share this post


Link to post
Share on other sites

I try to use the module SiteSurvey to catch Wpa handshakes but I don't see all the client (just one or two if i'm lucky). My laptop or my mobile phone who are close to the wifi pineapple are not in the list. But if I connected to wifi pineapple in ssh and i launch "airodump wlan1mon (interface in monitor mode) ", I see all the clients connected to APs (my laptop and phone too) . I tried 15sec,30sec, 1min and 2min, same result . The recon scan display all the clients (even with a short scan) .

Share this post


Link to post
Share on other sites

Yeah, that can happen unfortunately, Recon and SiteSurvey are not using the same method to list clients. As @Just_a_User said, it depends on the scan duration. I'll have a look to see if I can use the same method as Recon.

  • Like 1

Share this post


Link to post
Share on other sites

Suffering the same as described in the posting by PablitoEmilio on the firmware release topic

I have just updated the Nano firmware to 2.1.0 and downloaded Site Survey 1.3.

I have also found that upon opening the module for the very first time on a newly flashed Nano the "counter" shows 12 captures.

Subsequently trying to undertake a capture results in nothing obviously happening. It says a capture is in progress but nothing ever appears in the capture area and the counter stays at 12.

Anyone else getting this apart from just me and PablitoEmilio?

 

Share this post


Link to post
Share on other sites

I'm having the same issue as above. Haven't been able to get a capture since firmware update, although my rpi sitting next to the nano gets them without issues

Share this post


Link to post
Share on other sites

Despite trying to capture packets, a check of the /pineapple/modules/SiteSurvey/ folder showed that no "capture" folder was created / present. The script "capture.sh" suggests this is where the captures are stored.

Creating a folder "capture" in /pineapple/modules/SiteSurvey/ showed that captures were apparently now being saved, however:
(1) The capture did not appear in the table in the GUI
(2) The GUI captures indicator now showed that instead of 12 non-existant captures there were 115 non-existant captures.

I didn't explore further as I have spent too much time on this.

Share this post


Link to post
Share on other sites
On 6/12/2018 at 8:47 AM, aethernaut said:

Despite trying to capture packets, a check of the /pineapple/modules/SiteSurvey/ folder showed that no "capture" folder was created / present. The script "capture.sh" suggests this is where the captures are stored.

Creating a folder "capture" in /pineapple/modules/SiteSurvey/ showed that captures were apparently now being saved, however:
(1) The capture did not appear in the table in the GUI
(2) The GUI captures indicator now showed that instead of 12 non-existant captures there were 115 non-existant captures.

I didn't explore further as I have spent too much time on this.

Just wanted to stop by and also say i had to manually create the capture folder for Site Survey. I love the module but it seems the 2.x firmware may have some issues with it. I'm still not seeing the captures under the capture tab and it gives off random numbers after a capture, i just download the cap manually now.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×