Jump to content

Complete and Utter Disappointment


gabehcoud

Recommended Posts

I am completely and utterly disappointed. i have been searching for weeks to find out how to preform a arp-poising MITM attack to sniff plain text credentials, the best thing i could find was Responder. There is no guide on how to use this explicitly on the WiFi Pineapple. I have basically paid $250 for a box. The last person to ask about this did not get anywhere in terms of help either. Please Can somebody in this entire forum show me how i can configure Responder to work on a Wireless network. Like from the ground level. What options do i select, do i connect in client mode (Wlan1, Wlan0) ect. Please, this was a big investment for me.

So far I tried Dwall but like Bored369 says, it doesn't log as far as I could tell. It does grab things, but doesn't log.

With the amount of data going by, I don't think I can use tcpdump...

Maybe like dustbyter says Wireshark and some real-time filtering?

I tried using Responder for two hours last night and I honestly couldn't get it to grab anything from my target even though I was on the target opening FTP connections silly-nilly. My hunch is Responder is what I need, but its not cooperating.

You'd think something as basic as unencrypted forms and plaintext credentials would be something this platform could do out of the box.

Link to comment
Share on other sites

If you are looking to sniff for plain text credentials from websites, just run the Dwall module. There is no need to ARP poison if the clients are already connected on to the WiFi Pineapple.

Here is the test I ran on my TETRA using the site freesound.org since they use plain text.

post-16519-0-24976800-1463311145_thumb.j

You can also install the urlsnarf module, install the dependencies, SSH to the WiFi Pineapple, and run dsniff since a module is not created for it at present.

More Info: https://www.monkey.org/~dugsong/dsniff/

You can also use tcpdump (watch the screen or...), save it to a file, load the file in Wireshark on your local machine.

Regards.

  • Upvote 2
Link to comment
Share on other sites

You see, real devices will not connect to the pineapple, only phones and they are pretty useless. people do not answer questions here, they answer their own question. please help me with responder. also dwall does not log or sort the data like cain and abel does or save it as pcap for something like networkminer to analyse. With two powerful network cards, the heart of the pineapple, surely ill be able to do the same thing as my intel ac7260. im open to ssh into pineapple as i can make my own module when its all configured. the reason i got the pineapples was to preform arp-poisoning and i got both your tacticals to make sure i was not missing anything and now im kinda upset

Edited by gabehcoud
Link to comment
Share on other sites

so essentially im wanted to preform arp-poising mitm attack with http, imap and pop3 with challenge spoofing and either sort it there or log it to a pcap file for me to run through networkminer, responder seems to be the way to go, but im not sure how to set it up.

Edited by gabehcoud
Link to comment
Share on other sites

Hi gabehcoud,

I'm sorry to hear that you are upset about the WiFi Pineapple. I'd like to emphasize that what Mr Protocol said about arp poisioning not being needed. As you are inherently the man-in-the-middle, there is no need. The traffic is already passing through you.

In regards to how to use responder, I suggest you ask in the appropriate module thread. Please keep in mind that modules are created by community members for free, and are not directly supported by Hak5. If you have any concerns regarding the WiFi Pineapple itself (excluding modules), please raise these on our bug tracker.

Now, if you want to create a pcap (no need for ARP poisioning), you can simply run TCPDump and log to a file. That you can then import into networkminer, wireshark, tshark, etc. If you are set on using responder, you should listen on br-lan (the bridge of the WiFi Pineapple between internet and clients).

Best Regards,

Sebkinne

  • Upvote 1
Link to comment
Share on other sites

  • 4 weeks later...
On 5/15/2016 at 7:47 PM, Sebkinne said:

Hi gabehcoud,

I'm sorry to hear that you are upset about the WiFi Pineapple. I'd like to emphasize that what Mr Protocol said about arp poisioning not being needed. As you are inherently the man-in-the-middle, there is no need. The traffic is already passing through you.

In regards to how to use responder, I suggest you ask in the appropriate module thread. Please keep in mind that modules are created by community members for free, and are not directly supported by Hak5. If you have any concerns regarding the WiFi Pineapple itself (excluding modules), please raise these on our bug tracker.

Now, if you want to create a pcap (no need for ARP poisioning), you can simply run TCPDump and log to a file. That you can then import into networkminer, wireshark, tshark, etc. If you are set on using responder, you should listen on br-lan (the bridge of the WiFi Pineapple between internet and clients).

Best Regards,

Sebkinne

Hi,

You say that you don't need ARP posioning for sniffing but i did not found other module that can capture IMAP/POP3 password than ettercap and when run witn -M arp on br-lan. That's the only way i was able to reproduce sniffing imap on my own iphone. The interesting part is that my iphone is ste to use SSL for incoming settings on port 993 and im still abel to sniff the password!?

Link to comment
Share on other sites

On 5/15/2016 at 6:10 AM, gabehcoud said:

so essentially im wanted to preform arp-poising mitm attack with http, imap and pop3 with challenge spoofing and either sort it there or log it to a pcap file for me to run through networkminer, responder seems to be the way to go, but im not sure how to set it up.

these are all things one learns to do through reading and practicing.

You do not need to ARP poison the client if the client is connected to the pineapple and is using the pineapple as it's gateway.

I don't understand why you would be upset at a hardware vendor when the problem is your lack of knowledge and experience.

  • Upvote 2
Link to comment
Share on other sites

On 6/14/2016 at 11:18 PM, nickphx said:

these are all things one learns to do through reading and practicing.

You do not need to ARP poison the client if the client is connected to the pineapple and is using the pineapple as it's gateway.

I don't understand why you would be upset at a hardware vendor when the problem is your lack of knowledge and experience.

Would be better to help him. Just let him know what plugin and option to use to sniff pop3/imap ...

Link to comment
Share on other sites

  • 3 weeks later...
On 5/15/2016 at 10:47 AM, Sebkinne said:

Hi gabehcoud,

I'm sorry to hear that you are upset about the WiFi Pineapple. I'd like to emphasize that what Mr Protocol said about arp poisioning not being needed. As you are inherently the man-in-the-middle, there is no need. The traffic is already passing through you.

Now, if you want to create a pcap (no need for ARP poisioning), you can simply run TCPDump and log to a file. That you can then import into networkminer, wireshark, tshark, etc. If you are set on using responder, you should listen on br-lan (the bridge of the WiFi Pineapple between internet and clients).

Best Regards,

Sebkinne

I can understand his frustration, especially if he didn't spend years in college or out of college reading iptables and protocol manuals.  I'm slightly in his boat except I know bitching to strangers on a forum only leads to your questions going unanswered.  I wish I had spent my college years with this instead of Everquest.  While I wish there was more provided documentation about the pineapple itself, I can understand the reasoning behind the lack of it.  Don't buy a sailboat if you've never seen water.  Is the br-lan hardwired or iptables and configurable?

gabehcoud: I understand your feelings.  I created a thread in the nano board some months back that really was a way for me to keep track of the places I found useful information.  I can't recall the title off the top of my head but your mastery in searching out information tells me the taste should be easy peasy.  I try to apply the concept of this graph fairly often when I believe the moment of clarity is going to last: THE STAGES OF A PHOTOGRAPHER. http://enticingthelight.com/wp-content/uploads/2010/01/Stages-of-a-Photographer.pngStages-of-a-Photographer.png 

Edited by Spoonish
Link to comment
Share on other sites

Hak5 has turned into a garbage operation.  There aren't any updates to anything, even the latest hardware.  Nothing but misleading nonsense, I just can't believe they continue to take people's money for these devices when they have all but stop supporting them. 

Link to comment
Share on other sites

1 minute ago, billbishere said:

Hak5 has turned into a garbage operation.  There aren't any updates to anything, even the latest hardware.  Nothing but misleading nonsense, I just can't believe they continue to take people's money for these devices when they have all but stop supporting them. 

Where is support lacking?  Tell us in which specific areas because I don't understand where you're coming from in your statement.

Link to comment
Share on other sites

There have been no updates to any of the devices for 6 months or more....  The firmware is buggy.  We have been mislead into believing there would be new firmware for the new devices.... which there has NOT.... also, we have been mislead into believing there would be a update to Mk5 to the latest firmware, yet there isn't.  

Even these forums, the support is lacking... You are QUICK to respond to criticism but... how about some actual software updates for hundreds of dollars in hardware we have spent our money on?!?  NOTHING has been updated.  The latest update to the Nano looks like March, and the other devices December... and the Mk5 a year ago............  

 

If this has to be explained to you then...  we are in bigger trouble than I first thought.  smh.  

 

Link to comment
Share on other sites

1 hour ago, billbishere said:

There have been no updates to any of the devices for 6 months or more....  The firmware is buggy.  We have been mislead into believing there would be new firmware for the new devices.... which there has NOT.... also, we have been mislead into believing there would be a update to Mk5 to the latest firmware, yet there isn't.  

Even these forums, the support is lacking... You are QUICK to respond to criticism but... how about some actual software updates for hundreds of dollars in hardware we have spent our money on?!?  NOTHING has been updated.  The latest update to the Nano looks like March, and the other devices December... and the Mk5 a year ago............  

 

If this has to be explained to you then...  we are in bigger trouble than I first thought.  smh.  

 

First of all, I am not affiliated with Hak5 so don't point fingers at me for support.  Second, I have provided support for all my modules/infusions and you can go searching through the forums yourself to find evidence of that.  Other module developers have provided plenty of support as well all for which we don't get paid.  We do this in our own time away from our busy lives.

Here is a link that shows there have been new firmware releases (https://www.wifipineapple.com/downloads).  That's four for the NANO and two for the TETRA with them being released in March and February respectively.  I'm no mathematician but that's fewer than 6 months back.  As for the updated firmware for the MKV it takes time.  Maybe you don't understand the workload involved at a startup company but they obviously bust their asses getting work done.  I recall a forum post a couple months back where someone was complaining about the firmware release cycle and I made the comment that you can't make anyone happy.  If you release firmwares too quickly people bitch about you not adding enough fixes.  If you release them too far apart people bitch that you aren't providing proper support.

It seems things need to be explained to you as you clearly don't have the capacity to perform simple searches for information and you jump to conclusions about people's position and the status of the software.  Please be quicker to think than to speak next time.

Edit:

The funny thing is I just went and checked on that post I referenced above and sure enough it was in response to you complaining.  Just to be clear I'm not saying I'm happy with the frequency of updates but to claim that they have dropped the project altogether is absurd.  Sometimes you don't get what you want in life, or at least not when you want it, but you need to learn to deal with it and move on.  At least present your concerns in a professional manner to Hak5 and see what they say.  Also, here's a thought, if you're so upset about them "taking people's money" then stop giving them your money.  Don't blame others for decisions you've made just because it didn't turn out the way you thought it would. /rant

Edited by sud0nick
  • Upvote 1
Link to comment
Share on other sites

4 hours ago, sud0nick said:

[...] Other module developers have provided plenty of support as well all for which we don't get paid.  We do this in our own time away from our busy lives. [...]

Everything is said. I couldn't agree more !

  • Upvote 2
Link to comment
Share on other sites

It's easy to complain. Fact is, it's a small team doing their damn'd best to give the lowest cost product they possibly can. And to keep everything else going that is happening with a very limited crew. Not to mention a large portion is community support and having actual basic networking knowledge. Can't expect people to give you a crash course on networking just so you can "hack a friend's facebook" kind of stuff. There are a good number of people behind the scenes that donate time and effort to help keep things going.

Just because the update cycle doesn't reflect a monthly patch like say Microsoft or Android, doesn't mean it's not being worked on. And if there is a bug, submit a bug report instead of just saying "HAZ BUGZ". Just make sure to search to not have repeat reports. https://www.wifipineapple.com/bugs . Plus, I'm not sure what you meant by "Update looks like March and others December". The goal isn't to keep changing the UI every update. That's just silly for a number of reasons.

Having worked first hand with the crew many times, every one of them puts maximum effort (haha Deadpool) with events, podcast, development, testing, etc. They are not a crew that walks in at 9 and clocks out at 5 and calls it a day. I find it insulting every time keyboard warriors complain as if they are some 500 employee company.

The original topic of this thread has gone way off topic and has been addressed. I am going to lock this thread and if anyone has more to say on the topic or discussions, feel free to direct message me.

  • Upvote 4
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...