Zylla Posted September 16, 2016 Share Posted September 16, 2016 MANA-Toolkit! Pineapple NANO + TETRA.(IPK installation-files, and source-files ready to compile with OpenWRT-SDK)MANA Toolkit includes a working version of SSLstrip2+dns2proxy for the Pineapples.Last update: 22.07.2018Changelog: Taxonomy part of hostapd is activated. Updated to follow upstream, same updated source-code as Sensepost is using. Changes have been done to installation part! Remember to read the output! Will no longer use a copy of my python-library. But download the needed python packages fro SSLstrip2, SSLsplit, dns2proxy, crackapd, net-creds, firelamb and every part of the MANA-Toolkit comes with the package. (Even aslEAP) EAP penetration testing is now very feasible. Install procedure: root@Pineapple:~# wget -qO- https://raw.githubusercontent.com/adde88/hostapd-mana/master/INSTALL.sh | bash -s -- -v -v After a little while you should get a message saying installation was successful. But we're not quite done. You need to install the python-dependencies with this command: root@Pineapple:~# install-mana-depends How do i start MANA? Make sure you are not using wlan1 for anything. (For example having it in monitor mode) If you are, hostapd-mana will not be able to set the interface to 'master' mode Type 'launch-mana' in the terminal to launch the attack. The attack should go silently into the background while at the same time giving output to the screen and to the log-files. root@Pineapple:~# launch-mana Type 'kill-mana' in the terminal to stop the attack. root@Pineapple:~# kill-mana Module:https://github.com/adde88/ManaToolkit I have released a "pre-release" version of the Mana Toolkit "Module" for the Pineapples. This lets you launch the attack from the Pineapples web-interface. General feedback or tips for improving the module are greatly appreciated! Github repo. + source-codes:https://github.com/adde88/hostapd-mana-openwrthttps://github.com/adde88/hostapd-manahttps://github.com/adde88/ManaToolkit (The Mana Toolkit Module - dev. stage) The first repo. contains the IPK files you need to install everything, but it also contains the files you need to build it yourself with a proper SDK. The second repo. is used by the SDK. The SDK Makefile will download everything it needs from this repo. to build the MANA-Toolkit package. You don’t need to touch the second repo. to get anything up and running. (OpenWRT-SDK shouold handle this automatically.) The third repo. is the MANA Toolkit "Module", that needs testing and feedback from you guys. It also has a new dev-branch that contains my latest fresh changes, but it's not as stable as the master branch.Important directories:Config files: /etc/mana-toolkit/Log files: /pineapple/modules/ManaToolkit/log (This is the log-directory, even if you don't have the Module installed) You will find the usual MANA Tools at: /usr/share/mana-toolkit/ OPKG Installation Files: (For those who want to install it manually):https://github.com/adde88/hostapd-mana-openwrt/raw/master/bin/ar71xx/packages/base/asleap_2.2-1_ar71xx.ipkhttps://github.com/adde88/hostapd-mana-openwrt/raw/master/bin/ar71xx/packages/base/hostapd-mana_2.6-15_ar71xx.ipk Donations are very helpful, and would help me contribute towards keeping all of these custom tools ported and up-to-date. Link to comment Share on other sites More sharing options...
BeNe Posted September 18, 2016 Share Posted September 18, 2016 Hi Zylla, thanks for your hard work and share! I´m just stucking in the dark - what i should do with the MANA-Toolkit on the pineapple. Is it better then the PineAP itself or do you combine them ? The EAP thing is new on the pineapple (i mean). In which case do you use it on your pineapple ? Link to comment Share on other sites More sharing options...
Zylla Posted September 18, 2016 Author Share Posted September 18, 2016 This is under development. So the only thing the startup-script will do at the moment is to behave as a normal AP would on wlan1, (with the mana patches) It will try to fool clients that are probing for networks to connect to it. If my phone is looking for "FREE_WIFI", the Pineapple would then send a probe-response with that SSID. Other clients will NOT see this probe-responses/SSID, like they will with PineAP, or Karma. So it's a bit "stealthier". When the script is "completed" it should run just like it would on a computer. hostapd-mana - modified hostapd that implements new karma attacks and looks a lot like PineAP crackapd - a tool for offloading the cracking of EAP credentials to an external tool (asleap) and re-adding them to the hostapd EAP config (auto crack 'n add) sslstrip-hsts - Modified sslstrip + dns2proxy Firelamb - captures and writes cookies to a firefox profile for easy use. I do not suggest you install this yet, if you don't know that much about hostapd, mana-toolkit, etc. If you watch the presentation from Sensepost about MANA, or read about it, you should get some ideas about what the Pineapple could do. :) Link to comment Share on other sites More sharing options...
Mr.miYagi Posted September 30, 2016 Share Posted September 30, 2016 Hi zylla thanks for the great work Edit: After a reset, enough space.... Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 1, 2016 Share Posted October 1, 2016 im tring to tweak the script,to run it on a MKV. changed in the script wlan1 to wlan0/0-1 but still getting errors: rfkill: Cannot open RFKILL control device nl80211: Could not configure driver mode nl80211 driver initialization failed. hostapd_free_hapd_data: Interface wlan0 wasn't started rfkill is installed for what i see, but it seems to not work correctly. my guess is that wlan0 is initialized with the karma hostpd config file. But the file is not static and located in the /temp/ folder. Im searching the script that starts wlan0/0-1 or creates the hostpad file to modify it to the mana config file. Anybody a hint where is located? Link to comment Share on other sites More sharing options...
Zylla Posted October 1, 2016 Author Share Posted October 1, 2016 1 minute ago, Mr.miYagi said: im tring to tweak the script,to run it on a MKV. changed in the script wlan1 to wlan0/0-1 but still getting errors: rfkill: Cannot open RFKILL control device nl80211: Could not configure driver mode nl80211 driver initialization failed. hostapd_free_hapd_data: Interface wlan0 wasn't started rfkill is installed for what i see, but it seems to not work correctly. my guess is that wlan0 is initialized with the karma hostpd config file. But the file is not static and located in the /temp/ folder. Im searching the script that starts wlan0/0-1 or creates the hostpad file to modify it to the mana config file. Anybody a hint where is located? The rfkill warning can safely be ignored. I get it aswell. Regarding the driver failing to initialize. The most common problem is that the device is already in use by another hostapd/karma process. Try this: #!/bin/bash killall hostapd airmon-ng check kill /usr/share/mana-toolkit/run-mana/mana-pineapple.sh Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 1, 2016 Share Posted October 1, 2016 thanks for the fast reply. i think its why the interface wlan0 is initialized with the karma hostpd. still no luck, killing hostapd before starting the script. root@WiFi Router:~# killall hostapd root@WiFi Router:~# airmon-ng check kill Killing these processes: 3014 root 1816 S /usr/sbin/wpa_supplicant -B -P /var/run/wpa_supplica 3049 root 1380 S udhcpc -p /var/run/udhcpc-wlan1.pid -s /lib/netifd/d 3408 root 1376 S grep wpa_action\|wpa_supplicant\|wpa_cli\|dhclient\| root@WiFi Router:~# /usr/share/mana-toolkit/run-mana/mana-pineapple.sh Pineapple seems to be: ONLINE. RTNETLINK answers: File exists Configuration file: /etc/mana-toolkit/hostapd-mana.conf rfkill: Cannot open RFKILL control device nl80211: Could not configure driver mode nl80211 driver initialization failed. hostapd_free_hapd_data: Interface wlan0 wasn't started MANA has started successfully! Press enter to kill it properly Link to comment Share on other sites More sharing options...
Zylla Posted October 1, 2016 Author Share Posted October 1, 2016 Are you running the MKV in client mode? Because i see that wpa_supplicant is running, and also udhcpc (dhcp client). If wpa_supplicant is running on wlan0 or wlan0-1 it will interfere with launching hostapd on the same interface. Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 1, 2016 Share Posted October 1, 2016 yes i am. but also when i stop it. i have the same error. but running top i saw that: 1832 1 root S 1856 3% 0% /usr/sbin/hostapd -P /var/run/wifi-ph /var/run/hostapd-phy0.conf and it restarts automatically. I think a sort of cronjob is running to keep it alive. i think the best is to swap it to the mana conf file Link to comment Share on other sites More sharing options...
Zylla Posted October 1, 2016 Author Share Posted October 1, 2016 Test this then. #!/bin/bash uci set wireless.@wifi-iface[0].mode='sta' uci set wireless.@wifi-iface[1].mode='sta' uci set wireless.@wifi-iface[2].mode='sta' uci commit wireless wifi This will edit your /etc/config/wireless file abit To check what setting you already have, you can run: uci show wireless,or just make a backup of your /etc/config/wireless file. Try to run those commands i wrote above, if it doesn't work then i'd like to see how your original /etc/config/wireless file looks like :) Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 1, 2016 Share Posted October 1, 2016 Thanks for your patience. Solution was reset wifi settings run your script (not sure is necessary) and bam: ANA - Attempting to generate Broadcast response : xxxxxxxxxxxxxxxxxxxxxxxxxxxxx MANA - Attempting to generate Broadcast response : xxxxxxxxxxxxxxxxxxxxxxxxxxxxx MANA - Attempting to generate Broadcast response : xxxxxxxxxxxxxxxxxxxxxx MANA - Attempting to generate Broadcast response : xxxxxxxxxxxxxxxxxxxxxxxxxx MANA - Attempting to generate Broadcast response :xxxxxxxxxxxxxxxxxxxxxxxxxxxxx seems to run very nice till now now i try to get sslstrip and the other toll to run properly. Thanks a lot Link to comment Share on other sites More sharing options...
Zylla Posted October 1, 2016 Author Share Posted October 1, 2016 My startup-script just takes care of loading hostapd-mana with the config file, sets up a dhcp-server, modifies iptables correctly, and loads: ssltrip2, dns2proxy, sslsplit, net-creds with the correct settings. You could also just launch hostapd-mana from the console, and supply the config file. But the clients will not connect properly, recive an ip-adress and so forth. I'd love to see ppl. work on improving the script though, so feel free to share ideas. :) Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 1, 2016 Share Posted October 1, 2016 mana starts nice with your script. i try to implement dniff and sslplit, if i get i working, i will post it here. Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 2, 2016 Share Posted October 2, 2016 SSLstrip seems to miss some dependencies: Traceback (most recent call last): File "/usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip.py", line 27, in <module> from twisted.web import http And for getting hostnames in the Client page (WEBGUI) modify: nano /pineapple/modules/Clients/api/module.php the line leases = explode("\n", @file_get_contents('/var/run/dnsmasq.leases')); leases = explode("\n", @file_get_contents('/var/lib/misc/dnsmasq.leases')); Link to comment Share on other sites More sharing options...
Zylla Posted October 2, 2016 Author Share Posted October 2, 2016 Yeah, SSLstrip+ is "broken" currently, because some python-libraries needs to be updated. (Twisted, Zope, etc..) I have gotten it to run by cross-compiling the python-packages myself, but it took alot of tweaking. So the easiest solution would be to just wait for the packages to get updated. I would guess that's a high-priority, given that it actually runs pretty nice on the Nano, not to mention the Tetra! I'll see if i have a copy of that python directory, with the working libraries. (If you wanted to test sslstrip+) You would then just owerwrite your current python dir (/usr/lib/python2.7) with my copy. And it should run. Link to comment Share on other sites More sharing options...
Zylla Posted October 2, 2016 Author Share Posted October 2, 2016 https://github.com/adde88/hostapd-mana-openwrt/blob/master/python2.7.tar.gz Here is a copy of my /usr/lib/python2.7 folder. The contents of this file needs to be extracted into your /usr/lib/python2.7 folder, if you want to run SSLstrip+ on the Pineapple. This currently works to get SSLstrip+ up and running. (And everything else in the mana-toolkit) It's not the prettiest "fix", but it works. I'll update it when i get time. Remember! If your python2.7 folder is located on the SD-card, you need to extract this to /sd/usr/lib/python2.7 Or another dir. on the sd-card, and then make a sym-link reference from that folder to /usr/lib/python2.7 This folder is 30MB big when extracted! Do NOT extract it anywhere on your internal-storage, except for the Pineapple Tetra. Which has the capacity. Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 2, 2016 Share Posted October 2, 2016 Easy? wait for realease? Too boring :D You are my hero, i try to set up phyton soon. THX Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 4, 2016 Share Posted October 4, 2016 thanks for the advise. Installed an sdcard. But sslstrip is still missing some modules (twisted web etc). i try to find out whats the matter. mybe i have to reinstall python or register the modules in some wise. Thank i apreciate much your help. Thanks Link to comment Share on other sites More sharing options...
computa Posted October 4, 2016 Share Posted October 4, 2016 Maybe not related, but in order to get mitmf running on kali i had to downgrade twisted by issuing following commands: pip freeze | grep twisted pip uninstall twisted pip install twisted==15.5.0 Link to comment Share on other sites More sharing options...
Zylla Posted October 4, 2016 Author Share Posted October 4, 2016 Twisted and all the other libs you need to run SSLstrip+ is included with the python2.7.tar.gz file i uploaded. I would start by removing python completely from the device. (Both internal, and sd-card) Then create this folder on the SD-card: /sd/usr/lib/python2.7/ Extract the contents of the archive to that folder. Then issue these commands: rm -r /usr/lib/python2.7/ ln -s /sd/usr/lib/python2.7/ /usr/lib/python2.7 Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 4, 2016 Share Posted October 4, 2016 Exactly whats i done, after my my google-foo. But it was only a short try. Try again later in the evening. The files are now on the sd. But at first try it didn't work. For sure my fault... Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 4, 2016 Share Posted October 4, 2016 the folder is 100% on the SD and its your folder. removed all python packages from root: python-base python-light python-openssl phython-sqlite3 python-codecs reinstalled all to -d sd removed all files and folders in /sd/usr/lib/python2.7/ and unpacked your files get me: python /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip.py Traceback (most recent call last): File "/usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip.py", line 27, in <module> from twisted.web import http ImportError: No module named twisted.web but since in my opkg manager python-twisted web is missing, the system did not reconize anyhow the module, no matter if the files are in the folder. i have to search a python-twisted web package for my version - i think and i saw in line 28 twisted.internet is needed. i try to search a package and i hope i dont brick it... Thanks for all the help Edit: Im not the only one, package is missing.... Link to comment Share on other sites More sharing options...
Zylla Posted October 7, 2016 Author Share Posted October 7, 2016 I suspect some files was missing in my last archive. I've created another archive, and tested it on both my Nano and Tetra. (100% working) I'll upload it to the github repo. in a few seconds. Regarding: "opkg not showing twisted-web". That's because you have not used opkg to install twisted, or any of the other libraries. (I'll try to add the modules to the ipk file later, so it gets installed with the toolkit) To correctly show your python libraries use: pip freeze Link to comment Share on other sites More sharing options...
Zylla Posted October 7, 2016 Author Share Posted October 7, 2016 Since it's a clone of my python directory the output of pip freeze should be the same on your Pineapple as mine. Here it goes: root@Pineapple:~# pip freeze Conch==0.8.0 Twisted==2.5.0 Twisted-Lore==0.3.0 Twisted-Mail==0.4.0 Twisted-Names==0.4.0 Twisted-News==0.3.0 Twisted-Runner==0.2.0 Twisted-Web==0.7.0 Twisted-Words==0.5.0 dnspython==1.14.0 nose==1.3.7 pcapy==0.10.9 py==1.4.31 pyOpenSSL==0.10 pycrypto==2.6 pyrit==0.4.0 pytest==3.0.3 scapy==2.3.1 sslstrip==0.9 wsgiref==0.1.2 zope.interface==4.3.2 Link to comment Share on other sites More sharing options...
Mr.miYagi Posted October 11, 2016 Share Posted October 11, 2016 i switched back to FW 2.4 where all the packages are installed. Managed to get mana to work. But have trouble get the DHCP client to work correctly. Something is overwriting the conf file. Im still searching what the reason. I guess some cronjob... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.