hostapd-mana MANA Attack, for the Pineapple.

[Zylla]

1 minute ago, Mr.miYagi said:

i switched back to FW 2.4 where all the packages are installed.

Managed to get mana to work. But have trouble get the DHCP client to work correctly.

Something is overwriting the conf file. Im still searching what the reason. I guess some cronjob...

You mean the dhcp-server, right? Because the startup script launches dnsmasq, which is the dhcp-server, and it's config file is located at: /etc/mana-toolkit/dnsmasq-dhcpd.conf
There couldn't possibly be any cronjob overwriting that file. But you could try to list all the processes that are running by issuing the ps command, just to check.

[Mr.miYagi]

Maybe i messed uf some configuration.

the path to /etc/mana-toolkit/dnsmasq-dhcpd.conf is correct in the launch script.

But when i restart dnmasq, the first line of the conf file shows me:

 auto-generated config file from /etc/config/dhcp

 

Also the wireless settings are reset, if i change it or delete it.

wlan0 has the right ip (10.0.0.1), dnmasq associate the (new)client, the client didnt get a ip. Devices that already was connected, gets ip.

Maybe i changed to much conf files and i have to begin from scratch...

 

And back to 3.0 is a no go, because of the SD corruptions

 

Edit:

The changes to : ./rom/etc/init.d/dnsmasq

maybe are the problem they overwrite my dchp settings

Edited October 11, 2016 by Mr.miYagi

[Zylla]

2 minutes ago, Mr.miYagi said:

But when i restart dnmasq, the first line of the conf file shows me:

 auto-generated config file from /etc/config/dhcp

 

Also the wireless settings are reset, if i change it or delete it.

wlan0 has the right ip (10.0.0.1), dnmasq associate the (new)client, the client didnt get a ip. Devices that already was connected, gets ip.

Maybe i changet to much conf files and i have to begin from scratch...

How exactly do you "restart dnsmasq"? What command are you issuing?
Because the command that is needed to launch dnsmasq/dhcp-server correctly is:

dnsmasq -z -C /etc/mana-toolkit/dnsmasq-dhcpd.conf -i wlan0 -I lo

Regarding your wireless settings:
How are you connected to your pineapple when you are testing this?
Because if you have the default settings on your Pineapple, you are already broadcasting on wlan0.
You will need to turn this off if you want to use mana on wlan0. (It cannot run two instances of hostapd on one wifi-card.)
You are probably also running another dhcp-server on this interface, if you have running with factory settings.
Check if udhcpc is listed as a running process, either by using ps or top

Regarding your custom startup script. Would you mind sharing it with me?
And also, share the output of ps if you can. It's much easier to help you debug this, when i have this info.
As i don't have a working MKV at the moment. I'm using a Tetra and a Nano.

[Mr.miYagi]

after i changed the location of the dhcp file:

/etc/init.d/dnsmasq

will reset your config file.

Im connected with ethernet. On FW 3.0 (similar to nano, i think) i could empty the wireless file and its stays empty. Now it would populated with the standart settings, and fter i reboot my pineapple are broadcasting Pineapple_XXXX.

 

I found out, if i connect with my new device to the ssid that are configured on the hostapd file, i get a ip. If i connect to a invisible network, not.

 

to the startup scrip. I havent really one, i try to get it working manually, till all works.

But changes i made:
i launch a scrip that starts your script on screen, so it dont stops on disconnect

/bin/echo 'sleep 5s'
sleep 5
/bin/echo 'launch mana on screen -r mana'
/usr/sbin/screen -dmS mana /usr/share/mana-toolkit/run-mana/mana-pineapple.sh

also you have to use absolute path's if you want to launch it on boot.

on your script i had do add

- absolute path's

- mkdir /var/lib/misc (or you get: dnsmasq: cannot open or create lease file /var/lib/misc/dnsmasq.leases: No such file or directory)

- /usr/bin/killall hostapd

- changed wlan1 to wlan0

ps output http://pastebin.com/D1r9PLAW

top output http://pastebin.com/4HYmgkkJ

launcher http://pastebin.com/fRt3H30W

and to launch it, i modified the Karma tile, so it lauches your script instead of mana, with 1click ;)

function toggle_karma($enable)
{
    if ($enable) {
        exec("/sd/manalauncher.sh");
    } else {
       # exec("pineapple karma stop");
        exec("killall screen");
    }
    return true;
}

edit:

dnsmasq seems to listen correctly:

sudo netstat -tulpen | grep dnsmasq
-ash: sudo: not found
root@Pineapple:~#  netstat -tulpen | grep dnsmasq
tcp        0      0 10.0.0.1:53             0.0.0.0:*               LISTEN      5960/dnsmasq
netstat: /proc/net/tcp6: No such file or directory
udp        0      0 10.0.0.1:53             0.0.0.0:*                           5960/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           5960/dnsmasq

or not?

 

Edit: Seems some devices/android versions doesent get a ip. Headache for nothing....

its a android 4.2.2 tablet, all other devices connects nice

Edited October 12, 2016 by Mr.miYagi

[bme2008]

First off, thank you for putting in the work to get this ported over to the Tetra!  Following some of the details on this thread I've been able to get mana up and running on my device through your starup script (mana-pineapple.sh).  Upon connecting, my test wireless devices (Android tablet and phone) are able to acquire an 10.0.0.* IP address from the DHCP server and I can manually navigate to landing page I've created.

In a nutshell I'm basically trying to replicate the "start-noupstream.sh" script from the original sensepost Git repo (https://github.com/sensepost/mana).  My pineapple doesn't always have access to an Internet connection for passing requests through, so I have no need for sniffing or SSLstrip at the moment.

Looking at /etc/mana-toolkit/dnsspoof.conf, all DNS requests are directed to 10.0.0.1 but for some reason when I try and navigate to a page through my browser, I just hit a timeout.    Not sure if this has anything to do with the Google DNS server being used for bridging the Internet connection.

Any ideas?

[r3g3x]

Zylla:

 

I want to test this on my Tetra and Nano's tonight.  Based on what you said above, I get your code and follow the directions it should work without issues on the Tetra and Nano.  Is that correct?  The current sslstrip for the Nano/Tetra does not work due to the certificate.  :(

 

I am really excited to try this - I will let you know how I make out.

[Zylla]

10 minutes ago, r3g3x said:

Zylla:

 

I want to test this on my Tetra and Nano's tonight.  Based on what you said above, I get your code and follow the directions it should work without issues on the Tetra and Nano.  Is that correct?  The current sslstrip for the Nano/Tetra does not work due to the certificate.  :(

 

I am really excited to try this - I will let you know how I make out.

Yeah. It's working on both the Nano and the Tetra, if you follow the instructions correctly.
It also gets the latest sslstrip+ up and running with dns2proxy. 

Just let me know if you encounter any problems. :)

[yonomas]

1 hour ago, Zylla said:

Yeah. It's working on both the Nano and the Tetra, if you follow the instructions correctly.
It also gets the latest sslstrip+ up and running with dns2proxy. 

Just let me know if you encounter any problems. :)

 

How do i install this on nano? 

[Zylla]

1 hour ago, yonomas said:

How do i install this on nano? 

Just follow the instructions, and read this thread carefuly. If you get any issues try looking in this thread to see if anyone else have been experiencing it.
However, If you're not experienced in installing packages manually with opkg i strongly recommend you do not give this a try. Rather wait til i get up a one-click install type of install.

Just remember to install to the SD card when using the nano. The install is quite big, and the nano have limited internal storage.

[awooga]

This looks great - love playing with mana on my nethunter tablet - but I'm not confident enough yet to do the manual install. So out of interest is it going to be difficult to make this a one-click install? How long might that take? Otherwise might have to get confident and give the manual install a crack! 

[yonomas]

31 minutes ago, Zylla said:

Rather wait til i get up a one-click install type of install.

Just remember to install to the SD card when using the nano. The install is quite big, and the nano have limited internal storage.

2

This is the tool that might help to my presentation in a few weeks,
but I have no experience installing  these things,  how much time until we get up a one-click install type of install?

[Zylla]

I've been pretty occupied the last month, both with work and private life. That's why i haven't gotten that much work done on this.
My idea was to use two install files. One for the Nano, and one for the Tetra.
Then i need to work on launching Mana quite easy. Perhaps a pineapple module that gives the user easy access.
And also a launch-script, that lets you chose between seperate attacks. (NAT/no-upstream/etc). (Like the wp6.sh script, with options)
I'm open to suggestions! :)

I hope to get some work done on this project this week, maybe even tomorrow.
Shouldn't take more than a few hours of testing and writing some lines of code.

I also hope that the out-dated python libraries gets updated soon, so we can run ssltrip+ without all the hassle i had to go though to get it working.
That would also make the one-click install part  a lot easier. But i digress.. . :)

[yonomas]

2 minutes ago, Zylla said:

I've been pretty occupied the last month, both with work and private life. That's why i haven't gotten that much work done on this.
My idea was to use two install files. One for the Nano, and one for the Tetra.
Then i need to work on launching Mana quite easy. Perhaps a pineapple module that gives the user easy access.
And also a launch-script, that lets you chose between seperate attacks. (NAT/no-upstream/etc). (Like the wp6.sh script, with options)
I'm open to suggestions! :)

I hope to get some work done on this project this week, maybe even tomorrow.
Shouldn't take more than a few hours of testing and writing some lines of code.

I also hope that the out-dated python libraries gets updated soon, so we can run ssltrip+ without all the hassle i had to go though to get it working.
That would also make the one-click install part  a lot easier. But i digress.. . :)

 

I wish I could help you, but I'm still learning the basic of python.  If is there something I can do, please let me know. 

[yonomas]

updates?

[Zylla]

I'll post a little update later today. The python files needed to run SSLstrip2 are built into the installation file.
Also a few patches to hostapd. No big changes regarding the startup-script though, yet.

[Zylla]

Update:

Patches added to hostapd. (Remove rfkill message, etc.)
Python files are now added to install-file. (Need to add --force-overwrite argument when installing)
SSLstrip2 works!
Startup script updated. Now it works like on Kali Linux.

More changes are in development as we speak!  This was just a small patch.

[yonomas]

51 minutes ago, Zylla said:

Update:

Patches added to hostapd. (Remove rfkill message, etc.)
Python files are now added to install-file. (Need to add --force-overwrite argument when installing)
SSLstrip2 works!
Startup script updated. Now it works like on Kali Linux.

More changes are in development as we speak!  This was just a small patch.

 

A-W-E-S-O-M-E!!!!

 

[Dynamite]

Maybe I missed something...is this only started and managed from terminal, correct? Nothing from the Pineapple interface?

[Zylla]

Just now, Dynamite said:

Maybe I missed something...is this only started and managed from terminal, correct? Nothing from the Pineapple interface?

You are correct. This is only done over a terminal.
I do have plans to make a Module, to make it more user-friendly. But i do not have an ETA on when that will be done.

I will keep this thread updated if any changes occur. 

[yonomas]

is it possible to get a step-by-step guide  about the installation and how to use it?


 

15 minutes ago, Zylla said:

You are correct. This is only done over a terminal.
I do have plans to make a Module, to make it more user-friendly. But i do not have an ETA on when that will be done.

I will keep this thread updated if any changes occur. 

 

 

[Zylla]

12 hours ago, yonomas said:

is it possible to get a step-by-step guide  about the installation and how to use it?


 

 

The installation procedure is outlined in my first post in this thread:
 

Install procedure: (5 first lines are for the Pineapple NANO, and the 5 last ones are for the Pineapple TETRA

root@nano:~# cd /tmp
root@nano:/tmp# wget https://github.com/adde88/hostapd-mana-openwrt/raw/master/bin/ar71xx/packages/base/asleap_2.2-1_ar71xx.ipk
root@nano:/tmp# wget https://github.com/adde88/hostapd-mana-openwrt/raw/master/bin/ar71xx/packages/base/hostapd-mana_2016-11-05_ar71xx.ipk
root@nano:/tmp# opkg update
root@nano:/tmp# opkg --dest sd --force-overwrite install asleap_2.2-1_ar71xx.ipk hostapd-mana_2016-11-05_ar71xx.ipk

root@tetra:~# cd /tmp
root@tetra:/tmp# wget https://github.com/adde88/hostapd-mana-openwrt/raw/master/bin/ar71xx/packages/base/asleap_2.2-1_ar71xx.ipk
root@tetra:/tmp# wget https://github.com/adde88/hostapd-mana-openwrt/raw/master/bin/ar71xx/packages/base/hostapd-mana_2016-11-05_ar71xx.ipk
root@tetra:/tmp# opkg update
root@tetra:/tmp# opkg --force-overwrite install asleap_2.2-1_ar71xx.ipk hostapd-mana_2016-11-05_ar71xx.ipk

How do i start MANA?
Make sure you are not using wlan1 for anything.
If you are, hostapd-mana will not be able to set the interface in 'master' mode.

root@Pineapple:~# /usr/share/mana-toolkit/run-mana/mana-pineapple.sh

Important directories:
Startup-script location: /usr/share/mana-toolkit/mana-pineapple.sh  (This script launches the attack)
Config files: /etc/mana-toolkit/
Log files: /var/lib/mana-toolkit/

You will also find the usual MANA tools located under: /usr/share/mana-toolkit/

Edited November 12, 2016 by Zylla

[Bsannie]

Zylla, First of all major props for your work! 

Following the guide i get a /usr/lib/opkg/info/hostapd-mana.list / asleep.list no such file or directory when trying to install. Any idea how to fix this? 

Thanks again!

[Zylla]

6 minutes ago, Bsannie said:

Zylla, First of all major props for your work! 

Following the guide i get a /usr/lib/opkg/info/hostapd-mana.list / asleep.list no such file or directory when trying to install. Any idea how to fix this? 

Thanks again!

Thanks Bsannie! 
You can safely ignore that "error" message. It does not affact the installation in any way. :)

Edited November 12, 2016 by Zylla

[Bsannie]

Hahaha never thought of just starting the program :D you sir, you just made my day!

Have a beer tonight on me man ;)

[Fr3q]

 Question

If i install this can i run sslstrip by its self?
i.e ssh to the pineapple  and run sslstrip