Jump to content

MANA Attack, for the Pineapple.


Recommended Posts

  • Replies 446
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

MANA-Toolkit! Pineapple NANO + TETRA. (IPK installation-files, and source-files ready to compile with OpenWRT-SDK) MANA Toolkit includes a working version of SSLstrip2+dns2proxy for the Pineapples.

Sorry for not answering SBB's question. I didn't notice that someone had posted until RazerBlade did. I'll try to explain what's going on with those errors that you're getting. It is obviously re

This is under development. So the only thing the startup-script will do at the moment is to behave as a normal AP would on wlan1, (with the mana patches) It will try to fool clients that are probing

Posted Images

16 hours ago, Zylla said:

If you plan on attacking ONLY a specific SSID, you also have to edit the hostapd-mana,conf to enable the ssid-filtering. Because it's disabled by default.
Let's say i only want to attack my own network. Then i open hostapd-mana.conf and edit this line: (Just remove the # sign in the beginnign to enable it)


#mana_ssid_filter_file=/etc/mana-toolkit/hostapd.ssid_filter

Aferwards i open up /etc/mana-toolkit/hostapd.ssid_filter and add the name of the networks i plan to attack on a separate line.
So hostapd.ssid_filter might end up looking like this:


Zylla
Zylla-5GHz
MyCorporateWifi

 

you are a hero, and i must have been way too tired, thank you:) i spent days setting up the mana toolkit, running into i think almost every singel error on this forum, so i guess i ran out of focuss. I used the hostapd.ssid_filter file, but i added a MAC-adress, not an SSID, bc i was working with MAC-adresses all day. Anyway, thanks for the quick response.

Link to post
Share on other sites
1 minute ago, display-names said:

you are a hero, and i must have been way too tired, thank you:) i spent days setting up the mana toolkit, running into i think almost every singel error on this forum, so i guess i ran out of focuss. I used the hostapd.ssid_filter file, but i added a MAC-adress, not an SSID, bc i was working with MAC-adresses all day. Anyway, thanks for the quick response.

*single

Link to post
Share on other sites
4 hours ago, display-names said:

you are a hero, and i must have been way too tired, thank you:) i spent days setting up the mana toolkit, running into i think almost every singel error on this forum, so i guess i ran out of focuss. I used the hostapd.ssid_filter file, but i added a MAC-adress, not an SSID, bc i was working with MAC-adresses all day. Anyway, thanks for the quick response.

Totally understandable. No worries, i'm here for support.
My goal is to make this as easy as possible to use.

Link to post
Share on other sites

First, thank you Zylla for all your work on porting mana to the Pineapples :smile: ! However, I cannot get it to work and was hoping you could help.

Here is what I did so far:

  • I am running the latest firmware 2.2.0
  • I am facing the SD card bug, so I am using an SD card reader on the USB port
  • I did not use a USB hub to connect both the SD card reader and additional radio yet
  • I am using your /etc/profile to fix the missing $PATH
  • I installed the mana-toolkit using your INSTALL.sh
  • I installed the dependencies using install-mana-depends

However, here is the output of launch-mana:

root@Pineapple:~# launch-mana 
Mana Toolkit - Pineapple Edition!

Device seems to be: ONLINE.
RTNETLINK answers: File exists
Configuration file: /sd/etc/mana-toolkit/hostapd-mana.conf
Using interface wlan1 with hwaddr 00:c0:ca:90:b1:29 and ssid "MANA"
wlan1: interface state UNINITIALIZED->ENABLED
wlan1: AP-ENABLED 
RTNETLINK answers: Invalid argument

hostapd-mana  is running with pid: 5194

DHCP Server  is running with pid: 5219

Exiting! (Error code: 5)
SSLstrip+ was not launched correctly.

Mana Toolkit  has been shutdown.

I checked the launch-mana script and tried to launch SSLStrip+ manually for debugging purposes:

root@Pineapple:~# python /sd/usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip.py -l 10000 -a -w /sd
/tmp/sslstrip.log
Could not find platform independent libraries <prefix>
Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
ImportError: No module named site

So it seems that the INSTALL.sh script broke python as I have the same error whatever I am trying to run with python:

root@Pineapple:~# python -c 'print "Hello Python?"'
Could not find platform independent libraries <prefix>
Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
ImportError: No module named site

Taking a look at your INSTALL.sh, I noticed the following lines that might cause the issue.

rm -r /usr/lib/python2.7
mkdir -p /sd/usr/lib/python2.7
ln -s /sd/usr/lib/python2.7 /usr/lib/python2.7

Shouldn't we copy /usr/lib/python2.7 into /sd/usr/lib/python2.7 before creating the symlink? I will try the whole process again doing so and keep you updated. However, I would highly appreciate your help on this if you have any idea how to solve this issue :smile:

Link to post
Share on other sites
5 minutes ago, openkiwi said:

First, thank you Zylla for all your work on porting mana to the Pineapples :smile: ! However, I cannot get it to work and was hoping you could help.

Here is what I did so far:

  • I am running the latest firmware 2.2.0
  • I am facing the SD card bug, so I am using an SD card reader on the USB port
  • I did not use a USB hub to connect both the SD card reader and additional radio yet
  • I am using your /etc/profile to fix the missing $PATH
  • I installed the mana-toolkit using your INSTALL.sh
  • I installed the dependencies using install-mana-depends

However, here is the output of launch-mana:


root@Pineapple:~# launch-mana 
Mana Toolkit - Pineapple Edition!

Device seems to be: ONLINE.
RTNETLINK answers: File exists
Configuration file: /sd/etc/mana-toolkit/hostapd-mana.conf
Using interface wlan1 with hwaddr 00:c0:ca:90:b1:29 and ssid "MANA"
wlan1: interface state UNINITIALIZED->ENABLED
wlan1: AP-ENABLED 
RTNETLINK answers: Invalid argument

hostapd-mana  is running with pid: 5194

DHCP Server  is running with pid: 5219

Exiting! (Error code: 5)
SSLstrip+ was not launched correctly.

Mana Toolkit  has been shutdown.

I checked the launch-mana script and tried to launch SSLStrip+ manually for debugging purposes:


root@Pineapple:~# python /sd/usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip.py -l 10000 -a -w /sd
/tmp/sslstrip.log
Could not find platform independent libraries <prefix>
Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
ImportError: No module named site

So it seems that the INSTALL.sh script broke python as I have the same error whatever I am trying to run with python:


root@Pineapple:~# python -c 'print "Hello Python?"'
Could not find platform independent libraries <prefix>
Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
ImportError: No module named site

Taking a look at your INSTALL.sh, I noticed the following lines that might cause the issue.


rm -r /usr/lib/python2.7
mkdir -p /sd/usr/lib/python2.7
ln -s /sd/usr/lib/python2.7 /usr/lib/python2.7

Shouldn't we copy /usr/lib/python2.7 into /sd/usr/lib/python2.7 before creating the symlink? I will try the whole process again doing so and keep you updated. However, I would highly appreciate your help on this if you have any idea how to solve this issue :smile:

Shit. Thanks for reminding me about this.
I've been debugging evyerthing on on my Tetra, so i forgot that the INSTALL script actually wipes out your python-dir on the Nano! (the older one then copied over and used my python-lib)

I'll fix it right away.

Link to post
Share on other sites

But still strange... As it actually installs the needed python stuff after deleting those dirs. Hmmm. Might need further debugging. I'll get it fixed today.

Link to post
Share on other sites

I've updated the install script, let me know if there's any errors. I don't have time atm to test on my Nano before in a couple of hr's.
Should maybe reset the nano first, to default settings.

Link to post
Share on other sites
19 minutes ago, Zylla said:

I've updated the install script, let me know if there's any errors. I don't have time atm to test on my Nano before in a couple of hr's.
Should maybe reset the nano first, to default settings.

Wow, huge thanks for the ultra fast response :grin: ! It works fine now, I am able to launch-mana without any more issue.

I am only starting with the mana-toolkit so it is possible that my following question is not relevant: is it possible to use the original run-mana scripts? I find nothing inside the /sd/usr/share/mana-toolkit/run-mana/ directory. From the official mana-toolkit repo:

start-nat-full.sh - Will fire up MANA in NAT mode (you'll need an upstream link) with all the MitM bells and whistles.
start-nat-simple.sh - Will fire up MANA in NAT mode, but without any of the firelamb, sslstrip, sslsplit etc.
start-noupstream.sh - Will start MANA in a "fake Internet" mode. Useful for places where people leave their wifi on, but there is no upstream Internet. Also contains the captive portal.
start-noupstream-eap.sh - Will start MANA with the EAP attack and noupstream mode.

 

Link to post
Share on other sites
50 minutes ago, openkiwi said:

Wow, huge thanks for the ultra fast response :grin: ! It works fine now, I am able to launch-mana without any more issue.

I am only starting with the mana-toolkit so it is possible that my following question is not relevant: is it possible to use the original run-mana scripts? I find nothing inside the /sd/usr/share/mana-toolkit/run-mana/ directory. From the official mana-toolkit repo:


start-nat-full.sh - Will fire up MANA in NAT mode (you'll need an upstream link) with all the MitM bells and whistles.
start-nat-simple.sh - Will fire up MANA in NAT mode, but without any of the firelamb, sslstrip, sslsplit etc.
start-noupstream.sh - Will start MANA in a "fake Internet" mode. Useful for places where people leave their wifi on, but there is no upstream Internet. Also contains the captive portal.
start-noupstream-eap.sh - Will start MANA with the EAP attack and noupstream mode.

 

No problem. Glad it works ?
Well. Yes, Maybe, and No. You would definitely need to tweak some of them.
For example the ones trying to launch the Metasploit Console (msfconsole). As that doesn't even exist on the Pineapples.
But getting EAP captures is totally possible with some tweaking. Even cracking them on the Pineapples is possible thanks to aslEAP. However, it's insanely slow ?
So if you want it fast, i would recommend cracking captured hashes on a desktop.

I highly recommend you test the scripts, and customize them to your needs. :)

Link to post
Share on other sites
6 hours ago, Zylla said:

I've updated the install script, let me know if there's any errors. I don't have time atm to test on my Nano before in a couple of hr's.
Should maybe reset the nano first, to default settings.

I found the same error in the dependencies.sh script of the ManaToolkit module:

...
if [ -d /sd ]; then
        # sym-linking is only needed on the pineapple NANO.
        rm -r /usr/lib/python2.7
        mkdir -p /sd/usr/lib/python2.7
        ln -s /sd/usr/lib/python2.7 /usr/lib/python2.7
fi
...

It also break the python environment if you don't remove this snippet before running it :grin: .

 

5 hours ago, Zylla said:

No problem. Glad it works ?
Well. Yes, Maybe, and No. You would definitely need to tweak some of them.
For example the ones trying to launch the Metasploit Console (msfconsole). As that doesn't even exist on the Pineapples.
But getting EAP captures is totally possible with some tweaking. Even cracking them on the Pineapples is possible thanks to aslEAP. However, it's insanely slow ?
So if you want it fast, i would recommend cracking captured hashes on a desktop.

I highly recommend you test the scripts, and customize them to your needs. :)

Well thanks, I started digging into the mana toolkit and completely agree with what you just said. I guess I still have a little bit of work since I am mostly interested in the EAP captures :grin:.

On another topic, the microSD controller bug feels completely insane to me... Can you use the NANO for real workload while having this issue? I am not even talking about using the mana toolkit but standard PineAP workloads here.

Link to post
Share on other sites
18 hours ago, openkiwi said:

I found the same error in the dependencies.sh script of the ManaToolkit module:


...
if [ -d /sd ]; then
        # sym-linking is only needed on the pineapple NANO.
        rm -r /usr/lib/python2.7
        mkdir -p /sd/usr/lib/python2.7
        ln -s /sd/usr/lib/python2.7 /usr/lib/python2.7
fi
...

It also break the python environment if you don't remove this snippet before running it :grin: .

 

Well thanks, I started digging into the mana toolkit and completely agree with what you just said. I guess I still have a little bit of work since I am mostly interested in the EAP captures :grin:.

On another topic, the microSD controller bug feels completely insane to me... Can you use the NANO for real workload while having this issue? I am not even talking about using the mana toolkit but standard PineAP workloads here.

Wow, thanks. I completely forgot about that script also messing with the python-dirs. Should be fixed now!  ?

About the SD-card bug, i  actually first noticed it when i was trying to run wifite on my Nano.
It would often crash when reading/writing to the sd-card. So it's not just limited to my toolkit, but everything... :S
It's just that this crash, and re-naming of the device happens so "fast", so some stuff don't notice it happening. But the kernel would most surely notice it.
And i think it's a shame tbh. that this bug hasn't been taken more seriously, considering how many people it's affecting, and some people aren't even aware of it.
I've reported everything i've found regarding it to the bug-report site.

Some ppl. on Raspberry Pi having the same kernel-version: 3.18.x was having the exact same issue, where they suspected it came from to little power to the device in question.
So, i'm wondering if the SD-card is receiving enough juice. If not, then it HAS to be a kernel issue. And i would love to see a jump from 3.18.x to 4.x.
I haven't tried installing the 4.x kernel on my devices, even though i've compiled em. But i'm so tempted, just to see if it would fix the problem.

Edited by Zylla
  • Like 1
Link to post
Share on other sites
18 minutes ago, Zylla said:

Wow, thanks. I completely forgot about that script also messing with the python-dirs. Should be fixed now!  :)

No worries :smile:! I worked on this the all day and fixed a few other things here and there. I now have the nat-simple, nat-full and eaponly attacks implemented. Just so that you know, I forked both your hostapd-mana and ManaToolkit repos to keep track of my modifications. All changes are only local on my laptop for the moment but I will keep you updated once it is online. Maybe you will be interested to have a look on the multiple attack scripts.

Again, thanks a lot for the heavy lifting work!

  • Like 2
Link to post
Share on other sites
19 hours ago, openkiwi said:

No worries :smile:! I worked on this the all day and fixed a few other things here and there. I now have the nat-simple, nat-full and eaponly attacks implemented. Just so that you know, I forked both your hostapd-mana and ManaToolkit repos to keep track of my modifications. All changes are only local on my laptop for the moment but I will keep you updated once it is online. Maybe you will be interested to have a look on the multiple attack scripts.

Again, thanks a lot for the heavy lifting work!

I'd be super happy if people forked it. I know alot can be done with this, and alot of ideas in my head, especially regarding the Pineapple module.
Imagine a slimmer version of the IPK (i uploaded one to github btw) which only contains hostapd-mana. And then a module using it in conjunction with the other tools we have for the Pineapple. Like the EvilPortal stuff, and EAP attacks. That's what i really hope to create.
Because all of the SSL stuff is insanely demanding on the Pineapples. Just having one client connected takes up alot of resources!

It'd be awesome to see a module working together with your laptop. Let's say the module routes traffic to your laptop, which then launches Bettercap on the laptop to take care of the SSL stuff. That would be really cool to see. And it's totally feasible.

  • Like 1
Link to post
Share on other sites

@Zylla I know how to whitelist ssid for the Manatoolkit, which by the way I just installed for the first time in a while to see how progress has been going and the install was very quick on the tetra and has been working very well!! Great work.   Is there a way to blacklist ssid kinda like whitelisting? 

Edited by b0N3z
Link to post
Share on other sites
3 hours ago, b0N3z said:

@Zylla I know how to whitelist ssid for the Manatoolkit, which by the way I just installed for the first time in a while to see how progress has been going and the install was very quick on the tetra and has been working very well!! Great work.   Is there a way to blacklist ssid kinda like whitelisting? 

If mana_ssid_filter_file is enabled in the config it will only operate in a "whitelist" mode. But having a blacklist-mode is not a dumb idea.
I'll take a look into the source, too see if this is something i can add myself. If not, i'll be suggesting it to Singe, the creator of hostapd-mana. ?

EDIT: Just brought this up with Singe @ Sensepost (The creator of the hostapd-mana patches). And he actually already have plans for this, but has some other more critical fixes that needs to be looked into, as he's heading to defcon soon. He gave me some advice if i was to do the work. So i'll be taking a deeeep dive into the source tonight, and hopefully i can manage to create this blacklist-mode, and send a PR to Sensepost. ?

Edited by Zylla
  • Upvote 1
Link to post
Share on other sites
2 hours ago, Zylla said:

If mana_ssid_filter_file is enabled in the config it will only operate in a "whitelist" mode. But having a blacklist-mode is not a dumb idea.
I'll take a look into the source, too see if this is something i can add myself. If not, i'll be suggesting it to Singe, the creator of hostapd-mana. ?

EDIT: Just brought this up with Singe @ Sensepost (The creator of the hostapd-mana patches). And he actually already have plans for this, but has some other more critical fixes that needs to be looked into, as he's heading to defcon soon. He gave me some advice if i was to do the work. So i'll be taking a deeeep dive into the source tonight, and hopefully i can manage to create this blacklist-mode, and send a PR to Sensepost. ?

Thats awesome, Your the man @Zylla cant wait to see what the future brings!!!

Link to post
Share on other sites

@Zylla, do you think it is feasible to compile a more recent version of openssl to package with the manatoolkit? I have an EAP attack working but only on devices that does not require TLS 1.2. Unfortunately, the last version of Windows 10 requires TLSv1.2 and won't perform the challenge-response to the rogue AP. I confirmed this is the issue by removing this requirement on a test device (one registry edit) but I don't have any idea how I could solve this on the Pineapple side :unsure:

Link to post
Share on other sites
On 7/30/2018 at 3:29 PM, openkiwi said:

@Zylla, do you think it is feasible to compile a more recent version of openssl to package with the manatoolkit? I have an EAP attack working but only on devices that does not require TLS 1.2. Unfortunately, the last version of Windows 10 requires TLSv1.2 and won't perform the challenge-response to the rogue AP. I confirmed this is the issue by removing this requirement on a test device (one registry edit) but I don't have any idea how I could solve this on the Pineapple side :unsure:

Intriguing! If you could elaborate on this a bit, i would love to hear it.
You want me to compile hostapd-mana with a more recent version of openssl? I reckon you mean 1.1.0?
Also, you confirmed it by removing exctly what? TLS1.2? Did you forefully downgrade the Windows client TLS version?
I'm just trying to see if i got everything correctly.

I'll see if i can get a version compiled in a couple of minutes after writing this, this peaked my interest. ?

Link to post
Share on other sites
On 7/30/2018 at 3:29 PM, openkiwi said:

@Zylla, do you think it is feasible to compile a more recent version of openssl to package with the manatoolkit? I have an EAP attack working but only on devices that does not require TLS 1.2. Unfortunately, the last version of Windows 10 requires TLSv1.2 and won't perform the challenge-response to the rogue AP. I confirmed this is the issue by removing this requirement on a test device (one registry edit) but I don't have any idea how I could solve this on the Pineapple side :unsure:

Ok. As you requested i've compiled hostapd-mana for the Pineapples, with openssl-1.1.0h.
There's a few other dependencies as well that you will need to install. Not only the hostapd-mana IPK.
So, to make this easier for you i've created a directory within my "favourite tools" repo. for OpenWRT. (You need to install them all)
Link https://github.com/adde88/openwrt-useful-tools/tree/master/MANA/TESTING

I haven't tested this myself. But i would love for you to elaborate on what you are attempting to do. Pm me if you don't want it public, and i'll do my best to help you ?

Link to post
Share on other sites

@Zylla can the manatoolkit be started via shell command?  I have only installed the module, just looking to make a button script to turn off pineap and turn on mana

Link to post
Share on other sites
32 minutes ago, b0N3z said:

@Zylla can the manatoolkit be started via shell command?  I have only installed the module, just looking to make a button script to turn off pineap and turn on mana

Sure!

After completing installation, Mana Toolkit can be started by typing: launch-mana and killed by typing kill-mana.

launch-mana also supports an argument. An interface, capable of AP/master mode, which is not in use.
So you can launch it by issuing launch-mana wlan4
If no argument is provided wlan1 willl be used, as it's normally in-active. If not in monitor mode.

EDIT:
If you start Mana Toolkit like this, it will be the same as pressing start in the module.
So, if you browse to the module while it's active, or afterwards, you can watch the live output, and read the log-files.

Output from hostapd-mana will be displayed in the terminal while in a "daemonized mode" (so you can do other stuff at the same time), and it will log output as well.

Edited by Zylla
  • Upvote 1
Link to post
Share on other sites

Looks like i have 3 pinapples with bad USB power issues.

12v cord works so now i can try this.

when launching Mana it will go after all clients in range.

is is designed to use pinapple filters?
1. run recon and set filters on MAC's you want to target

2.run mana on just those MACS?

or will it go after everything and everyone it can?

Link to post
Share on other sites
4 minutes ago, Jehu4u said:

Looks like i have 3 pinapples with bad USB power issues.

12v cord works so now i can try this.

when launching Mana it will go after all clients in range.

is is designed to use pinapple filters?
1. run recon and set filters on MAC's you want to target

2.run mana on just those MACS?

or will it go after everything and everyone it can?

The MAC filters, and other "crucial settings" are specified within /etc/mana-toolkit/hostapd-mana.conf
Which you can edit within the module.
It's not connected in any way with Recon or Pineap,as of yet.
The default config will attack anything and anyone in range.
BUT It's running in "blacklist" mode, so you can add MAC's you want to avoid to /etc/mana-toolkit/hostapd.deny

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...