Jump to content
Whistle Master

[Official] Site Survey Module

Recommended Posts

On 07/05/2016 at 8:15 PM, Whistle Master said:

As I said, the problem is with aircrack, which is not 100% accurate. You have two other programs that you can use:

- Pyrit

- Cowpatty

 

Note: I've managed to run Pyrit on the pineapple. I will integrate it in the next release of the module to provide a more accurate information about handshake. I'll also add the option to "strip" a cap file to only keep the handshake, which will reduce the file size.

@Whistle Master would you be able to provide detail for the pyrit install onto the pineapple? I have been trying this myself and have tried the old ipk file

https://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages/pyrit_0.4.0-1_ar71xx.ipk

It seems to install OK but then running it gives errors: -

Traceback (most recent call last):
  File "/usr/bin/pyrit", line 4, in <module>
    import pyrit_cli
  File "/usr/lib/python2.7/site-packages/pyrit_cli.py", line 32, in <module>
    import cpyrit.cpyrit
  File "/usr/lib/python2.7/site-packages/cpyrit/cpyrit.py", line 41, in <module>
    import util
  File "/usr/lib/python2.7/site-packages/cpyrit/util.py", line 52, in <module>
    import _cpyrit_cpu
ImportError: File not found

Trying to build it locally on the pineapple gives me another error: -

unable to execute 'mips-openwrt-linux-uclibc-gcc': No such file or directory
error: command 'mips-openwrt-linux-uclibc-gcc' failed with exit status 1

I looked at cross compiling but that seems well out of my comfort zone at the moment. Any pointers would be much appreciated.

Edited by Just_a_User

Share this post


Link to post
Share on other sites

Is something wrong with the handshake capture ? Every cap file that, according to the module, should have a handshake in it seems not to have one in it. I uploaded them to onlinehashcrack and get this message: "we are unable to find any valid WPA handshakes in your file".

Anyone got the same issues and know how to resolve it ? Or maybe an alternative for collecting handshakes?

Share this post


Link to post
Share on other sites
HI , No handshake works. When i scan and i want to refresh the information my tetra beuf saturates and i am obliged to restart my tetra. what to do ? How to reset it completely?

Share this post


Link to post
Share on other sites

I'm wondering if it is possiable to add an extra feature to this module. I'm after a capture that is not targeted at individual AP's or clients but a collect on all AP/clients on all channels with selectable bands (2.4 & 5ghz). I currently do this in terminal with airodump-ng and use the .csv for in Maltego Casefile to produce a graphical map for the full network around me to identify possiable threats.

Share this post


Link to post
Share on other sites

Just got the tactical antenna upgrade for the nano and have been doing some testing with them.  Ive noticed that the scan under recon tab detects quiet a bit more ssids and clients than the the module does.  Do both scans use the same program to scan for networks and clients?

Share this post


Link to post
Share on other sites

Hi,

any news about handshake capture? I'm still get a capture file without handshake even if site survey module say that i got it...

Share this post


Link to post
Share on other sites
On 1/15/2017 at 7:57 AM, codeforge said:

Hi,

any news about handshake capture? I'm still get a capture file without handshake even if site survey module say that i got it...

this has been an issue since the module came out.  I have had good and bad luck with handshake captures for the sitesurvey module but I will say that for the most part i get more handshakes that not.  If you start capturing and 5sec later it shows a handshake capture and very little IVS, then most likely you dont have a handshake.  I also check all the handshakes with aircrack-ng throught the cli.

Share this post


Link to post
Share on other sites

Definitely my favorite module so far.  Hats off to @Whistle Master for the awesome work of populating 75% of the available mods.  And frankly to anybody who programs then.  Really appreciate it.

I've had mixed luck as @b0N3z mentions.  Sometimes I can grab a capture pretty quick within range.  Other times, the signal will be upwards of 75% or more and I can see the capture has started, IVS flowing but a Deauth (start, stop, start, refresh) and just waiting, doesn't always work.  Whereas the Aircrack suite pretty much works flawless to an AP with a client in range.

That being said, this is by far the most useful mod for quickly getting what you need and taking it offline to work elsewhere.

Share this post


Link to post
Share on other sites

I'm also having trouble with this on a tetra running FW 1.1.2. Does anyone know what the root cause of this is? It's really annoying having bought this only to have to fall back to a laptop running kali. This is the simplest use case for this device and it consistently fails at it :(

Share this post


Link to post
Share on other sites

@diabolic It's by far my favorite use of the Nano... discrete and you can grab the WPA Handshake and work it offline.

Everything else (URLSnarf, SSL, etc.. ) is somewhat intrusive.  But this.. it's just brilliant! 

What has worked for me is installing it to the SD card so there's never a question of space and to go for a Capture that is higher than 50% Quality.  Even then (last attempt) it failed to grab Message 3 of 4 for the EPOL but it was close.

Like the theads says.. aircrack-ng is the fastest method and works on the Pineapple.  Although I think it's much more flawless when a handshake is captured via my laptop than the Nano (both programs saying a handshake was captured).

Share this post


Link to post
Share on other sites

I've had much better luck using this module lately by:

  • ensuring there's enough space
  • a good quality signal prior to capture (35% signal quality is terrible)  I shoot for 60% (green indicator)
  • 200 IVS .. if I get a capture quickly, I just let it run for another 100 IVS.  In the past, I've stopped when it says WPA Handshake = YES and found that I missed just a single EPOL message.  By allowing it to go a few IVS past the success, I've seen my overall success rate increase

Love the PIneapple thus far but it's gotta be in close proximity.  A poor signal to begin with just leads to endless captures and frustrating deauth attempts.  Need to be in the green for signal quality to really be effective.  Not that it hasn't happened to me in maybe 45% signal quality but it's more rare and more time consuming.

Share this post


Link to post
Share on other sites

Hi,

I try to use the module SiteSurvey to catch Wpa handshake sbut I don't see all the client (just one or two if i'm lucky). My laptop or my mobile phone who are close to the wifi pineapple are not in the list. But if I connected to wifi pineapple in ssh and i launch "airodump wlan1mon (interface in monitor mode) ", I see all the clients connected to APs (my laptop and phone too).
Thanks.

Share this post


Link to post
Share on other sites
1 hour ago, denisit said:

Hi,

I try to use the module SiteSurvey to catch Wpa handshake sbut I don't see all the client (just one or two if i'm lucky). My laptop or my mobile phone who are close to the wifi pineapple are not in the list. But if I connected to wifi pineapple in ssh and i launch "airodump wlan1mon (interface in monitor mode) ", I see all the clients connected to APs (my laptop and phone too).
Thanks.

Just checking, do you have AP & Client selected?

 

Selection_013.png

Share this post


Link to post
Share on other sites

Yes, the option is actived because I see a client connected to an AP. But I don't know why I don't see the devices connected to my AP (which are closer). I've got at least 3 devices connected ( 2 mobile phones and 1 laptop). When I launch airodump on the Pineapple I see them but not in the web interface.

Share this post


Link to post
Share on other sites
50 minutes ago, denisit said:

Yes, the option is actived because I see a client connected to an AP. But I don't know why I don't see the devices connected to my AP (which are closer). I've got at least 3 devices connected ( 2 mobile phones and 1 laptop). When I launch airodump on the Pineapple I see them but not in the web interface.

strange one :)

1. How long are your scans that your doing? sometimes short scans dont pick up much.

2. Do you have filters set up? if so what are they? 

3. Do you get similar results when using the Pineapples Recon scan?

Share this post


Link to post
Share on other sites

1 . I tried 15sec,30sec, 1min and 2min, same result.
2. I haven't set up filters (I didn't see the option)
3. The recon scan display all the clients (even with a short scan).

Share this post


Link to post
Share on other sites
1 hour ago, denisit said:

1 . I tried 15sec,30sec, 1min and 2min, same result.
2. I haven't set up filters (I didn't see the option)
3. The recon scan display all the clients (even with a short scan).

Actually after running a few more comparisons it definitely doesn't display the same results as recon. I'm unsure if this is by design or not. The only thing I can suggest is that this module is aimed at deauthing and grabbing handshakes from AP's so the dev wanted to focus more on them... (im guessing) but its also useful to know which AP;s have clients .. for now you could run both a recon and sitesurvey as a work around. I think its maybe best to post to the actual modules thread and see if @Whistle Master has a better explanation if hes not busy.

Edited by Just_a_User

Share this post


Link to post
Share on other sites

I try to use the module SiteSurvey to catch Wpa handshakes but I don't see all the client (just one or two if i'm lucky). My laptop or my mobile phone who are close to the wifi pineapple are not in the list. But if I connected to wifi pineapple in ssh and i launch "airodump wlan1mon (interface in monitor mode) ", I see all the clients connected to APs (my laptop and phone too) . I tried 15sec,30sec, 1min and 2min, same result . The recon scan display all the clients (even with a short scan) .

Share this post


Link to post
Share on other sites

Yeah, that can happen unfortunately, Recon and SiteSurvey are not using the same method to list clients. As @Just_a_User said, it depends on the scan duration. I'll have a look to see if I can use the same method as Recon.

  • Like 1

Share this post


Link to post
Share on other sites

I've read a few of the posts here regarding the Site Survey module and the only thing I could find that helped was to do everything via SSH via Putty which worked. But I'd like to do it within the web portal. I've installed the module Site Survey (obviously...well it should be at least), I've run the airmon-ng start wlan1 via Putty and it turns on wlan1mon. I run a scan and find my wireless network (I should also mention my computer that the pineapple is attached to is connected via ethernet not wifi). I click the capture button and then the deauth button...

Under Running Processes I only see it running the deauth (aireplay-ng) but not the capturing piece. My cell is connected via wifi and never gets kicked off, if I manually disconnect I'm unable to connect again until I turn off both capture and deauth...my phone will keep trying but eventually tells me invalid password.

Randomly I'm able to just turn off deauth and connect again but nothing is captured. Is there a step I'm leaving out? I don't have PineAP running or anything at this point. Also just to include this, my ICS is being shared from my PC via it's ethernet connection to the Wifi Connection within Windows. I'm really beginning to suspect all my issues are because of Windows 10, I'm tempted to stop trying within Windows and just fire up my Kali VM and try from there.

Share this post


Link to post
Share on other sites

When i press capture in site survey module, the airodump starts and stops immediately again, so i cant capture anything...  can someone help me to fix this ? 

Share this post


Link to post
Share on other sites

Did you already have a read all of this one? maybe someone else has similar issue.

 

Share this post


Link to post
Share on other sites

Nope, there is nothing similar. I tried to reset my nano, but its still Not working.

„Airmon-ng check kill“ is killing a process but the prozess restarts imediatly, seems like its blocking the airodump from working. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...