Zylla Posted January 15, 2017 Author Share Posted January 15, 2017 2 hours ago, Jsync said: Hey Zylla this may be dumb but is the script completed or not. Also ive installed it but how do i use it and its features, once install is done it says to type launch-mana after that what do i do. Hi Jsync! The script is not FINISHED per se. I'am still working on adding other other stuff to the launcher-script. Perhaps even a module? But it works. If you have tested MANA-Toolkit on Kali, you might have noticed that it has several launch-scripts. One script with NAT to MitM encrypted traffic, one with no NAT (noupstream) to launch attacks against corporate networks (EAP). I have a unstable build running at my office that works against EAP networks. And i'am going to add this function to the stable build when it's stable, and user friendly enough. You can still modify the script yourself to do EAP attacks. Every part of the MANA attack works on the Pineapples now, it's just that not every part of the attack is built into the launcher script yet. I have several projects i'am working on, and a family. "If only the days had more hours." But it's progressing at least! :) Your last question: If you type launch-mana you will start the attack, and nearby clients might be tricked into connecting to your Pineapple. You will then be the MitM! sslstrip2, dns2proxy, sslsplit, and net-creds then takes care of fooling the clients to use a false certificate when using SSL/TLS, and then logs the output and credentials captured to : /var/lib/mana-toolkit/ Link to comment Share on other sites More sharing options...
Jsync Posted January 15, 2017 Share Posted January 15, 2017 8 minutes ago, Zylla said: Hi Jsync! The script is not FINISHED per se. I'am still working on adding other other stuff to the launcher-script. Perhaps even a module? But it works. If you have tested MANA-Toolkit on Kali, you might have noticed that it has several launch-scripts. One script with NAT to MitM encrypted traffic, one with no NAT (noupstream) to launch attacks against corporate networks (EAP). I have a unstable build running at my office that works against EAP networks. And i'am going to add this function to the stable build when it's stable, and user friendly enough. You can still modify the script yourself to do EAP attacks. Every part of the MANA attack works on the Pineapples now, it's just that not every part of the attack is built into the launcher script yet. I have several projects i'am working on, and a family. "If only the days had more hours." But it's progressing at least! :) Your last question: If you type launch-mana you will start the attack, and nearby clients might be tricked into connecting to your Pineapple. You will then be the MitM! sslstrip2, dns2proxy, sslsplit, and net-creds then takes care of fooling the clients to use a false certificate when using SSL/TLS, and then logs the output and credentials captured to : /var/lib/mana-toolkit/ Just if i'm getting this wrong it does it all automatically yes? Link to comment Share on other sites More sharing options...
Zylla Posted January 15, 2017 Author Share Posted January 15, 2017 1 minute ago, Jsync said: Just if i'm getting this wrong it does it all automatically yes? You are correct. It takes care of being the mitm and logging automatically. Success will vary. Some units are patched against this attack (just as with the karma attacks), and some users will not accept the fake certificate. Many users though are foolish enough to just press continue when confronted with these "strange" certificate errors. But please. Do not start this attack in the middle of the city! You will then most likely be breaking several laws! Please ensure that you have the consent of every user that's nearby. Link to comment Share on other sites More sharing options...
Jsync Posted January 15, 2017 Share Posted January 15, 2017 6 minutes ago, Zylla said: You are correct. It takes care of being the mitm and logging automatically. Success will vary. Some units are patched against this attack (just as with the karma attacks), and some users will not accept the fake certificate. Many users though are foolish enough to just press continue when confronted with these "strange" certificate errors. But please. Do not start this attack in the middle of the city! You will then most likely be breaking several laws! Please ensure that you have the consent of every user that's nearby. ok thanks also one more quick question its 1am in Australia what logs and information will i obtain from mana also if possible could u link me mana toolkit for kali. Thanks Link to comment Share on other sites More sharing options...
Zylla Posted January 15, 2017 Author Share Posted January 15, 2017 2 hours ago, Jsync said: ok thanks also one more quick question its 1am in Australia what logs and information will i obtain from mana also if possible could u link me mana toolkit for kali. Thanks It will log all HTTP/HTTPS and SSL/TLS traffic. For example SMTP encrypted by SSL. It will also log credentials, such as credit-card numbers, login-information, etc. When cracking EAP you could get the login-information of the user to the windows domain, if for example mschapv2 is used. https://github.com/sensepost/manaThere you can download the toolkit for linux. Or by simply using apt-get install mana-toolkit Personally i prefer downloading it from github. Link to comment Share on other sites More sharing options...
robrod14 Posted January 17, 2017 Share Posted January 17, 2017 Zylla, Thanks very much for your efforts and putting the script together. I was able to take my fresh tetra pinapple and run the command you provided and it installed successfully with no issues. I also was able to use launch-mana to get mana to run. I have a few questions as I am new to Mana-toolkit. Is there a way to run "launch-mana" and have it only target certain Mac addresses? I would like to continue to test this out without affecting everybody around me. I went to /etc/mana-toolkit/ and saw hostapd.deny and accept. Would this be the files I need to mess with or are there some other files? Also can this be used for capturing WPA/WPA2 handshakes and saving them to .pcap file to crack with rainbow tables for later? Again thanks for all the hard work and the straight forward installation. Link to comment Share on other sites More sharing options...
Zylla Posted January 17, 2017 Author Share Posted January 17, 2017 Just now, robrod14 said: Zylla, Thanks very much for your efforts and putting the script together. I was able to take my fresh tetra pinapple and run the command you provided and it installed successfully with no issues. I also was able to use launch-mana to get mana to run. I have a few questions as I am new to Mana-toolkit. Is there a way to run "launch-mana" and have it only target certain Mac addresses? I would like to continue to test this out without affecting everybody around me. I went to /etc/mana-toolkit/ and saw hostapd.deny and accept. Would this be the files I need to mess with or are there some other files? Also can this be used for capturing WPA/WPA2 handshakes and saving them to .pcap file to crack with rainbow tables for later? Again thanks for all the hard work and the straight forward installation. Good question: I'll try to provide a good answer! :) First, about mac-adresses. YES. You can decide who gets to join, or who gets to not-join your network. First, you have to enable this in the "hostapd-mana.conf" file located in /etc/mana-toolkit. By setting macaddr_acl=1 Then remove the # (comment) "flag from deny_mac_file=/etc/mana-toolkit/hostapd.deny" When enabled, it reads the hostapd.accept, hostapd.deny files. (depends on which you chose to use in the config) You can even enable it on a deeper level with mana, so that probe-frames don't get sent out to the mac-adresses you don't want. (mana_macacl=1) You can also enable the "Karma attack" at the same time by setting: mana_loud=1 Mana will then respond to all devices. Which generates a lot of "noise", but could also let you get more clients connected. Mana is not supposed to capture WPA handshakes, but can be used to crack the tougher EAP encryptions (mschapv2, eap-tls, etc.) often used by corporate networks. I haven't enabled this in the launcher script yet. But with some tweakin , you can get it up and running yourself :) Link to comment Share on other sites More sharing options...
robrod14 Posted January 18, 2017 Share Posted January 18, 2017 Thanks for your help I was easily able to make the changes. I also found some settings online for me to enable encryption. I will describe what I am doing and hopefully you can find my mistake or let me know it isn't possible, deauth (i will work on that part later). I am trying to have my phone connect to my AP instead of my home AP. So current setup is me downstairs with the Pineapple next to me while my home AP is upstairs. I'm thinking pineapple AP will win the race condition and I should connect to that first. Here are the WPA settings inside of " hostapd-mana.conf": wpa=3 wpa_psk_file=/etc/hostapd-psk wpa_key_mgmt=WPA-PSK WPA-EAP wpa_pairwise=CCMP TKIP rsn_pairwise=CCM TKIP Here are the settings inside of "/etc/hostapd-psk": 00:00:00:00:00:00 password <- this isn't the password of my home AP but didn't think it needed to be either. When i run "launch-mana" i get this inside of putty: wlan1: STA 00:ae:fa:xx:xx:xx IEEE 802.11: authenticated wlan1: STA 00:ae:fa:xx:xx:xx IEEE 802.11: associated (aid 1) The above looks good to me, but when i go to my phone it says: connecting and then says authentication error or something similar to that. Now my question is, is this the expected result or am i doing something wrong? I see all over that creating a fake WPA2 AP and deauthing a client and having them successfully connect to you and browse the internet is not possible because of the 4-way handshake. However, I have a friend who says it is possible and he has done it. So can you tell me if I am doing something incorrectly or it just isn't possible? If it isn't possible then that means you would only be able to get people to connect to your open AP (automatically) that are sending out probes for previously connected OPEN APs only? My next question as I am still new to the Wifi Pineapple and hostapd. Once my phone connects to me besides seeing it scroll by on the putty screen is there any place i can go to see clients connected (similar to the pineapple where you see how many clients connected to you)? I also love the dwall and urlsnarf module in the wifi pineapple because who doesn't like to cleanly see the pics and urls. Is there a location where the URL's get stored within hostapd? I saw the credentials.txt but that's all i found. I guess another way of putting it would be once my phone connects can i log into the browser of my pineapple and take over from there or will that part have to wait until a module gets developed. wow sorry for all the questions but just trying to learn as much as i can with my new toy. Link to comment Share on other sites More sharing options...
Zylla Posted January 18, 2017 Author Share Posted January 18, 2017 On 18.1.2017 at 3:04 AM, robrod14 said: Thanks for your help I was easily able to make the changes. I also found some settings online for me to enable encryption. I will describe what I am doing and hopefully you can find my mistake or let me know it isn't possible, deauth (i will work on that part later). I am trying to have my phone connect to my AP instead of my home AP. So current setup is me downstairs with the Pineapple next to me while my home AP is upstairs. I'm thinking pineapple AP will win the race condition and I should connect to that first. Here are the WPA settings inside of " hostapd-mana.conf": wpa=3 wpa_psk_file=/etc/hostapd-psk wpa_key_mgmt=WPA-PSK WPA-EAP wpa_pairwise=CCMP TKIP rsn_pairwise=CCM TKIP Here are the settings inside of "/etc/hostapd-psk": 00:00:00:00:00:00 password <- this isn't the password of my home AP but didn't think it needed to be either. When i run "launch-mana" i get this inside of putty: wlan1: STA 00:ae:fa:xx:xx:xx IEEE 802.11: authenticated wlan1: STA 00:ae:fa:xx:xx:xx IEEE 802.11: associated (aid 1) The above looks good to me, but when i go to my phone it says: connecting and then says authentication error or something similar to that. Now my question is, is this the expected result or am i doing something wrong? I see all over that creating a fake WPA2 AP and deauthing a client and having them successfully connect to you and browse the internet is not possible because of the 4-way handshake. However, I have a friend who says it is possible and he has done it. So can you tell me if I am doing something incorrectly or it just isn't possible? If it isn't possible then that means you would only be able to get people to connect to your open AP (automatically) that are sending out probes for previously connected OPEN APs only? My next question as I am still new to the Wifi Pineapple and hostapd. Once my phone connects to me besides seeing it scroll by on the putty screen is there any place i can go to see clients connected (similar to the pineapple where you see how many clients connected to you)? I also love the dwall and urlsnarf module in the wifi pineapple because who doesn't like to cleanly see the pics and urls. Is there a location where the URL's get stored within hostapd? I saw the credentials.txt but that's all i found. I guess another way of putting it would be once my phone connects can i log into the browser of my pineapple and take over from there or will that part have to wait until a module gets developed. wow sorry for all the questions but just trying to learn as much as i can with my new toy. I'll give you a short answer to the situation you described: And you can probably guess why the client won't associate "correctly". It's because of the handshake. The handshake which the STA/client provides, do not match the parts needed to build the PSK of the AP it usually connects to. Because /etc/hostapd-psk differs from the original AP. The interesting thing though, is that you have enough information to crack the password of the AP the client usually connects to, by looking at a capture from when the client attempted to connect. Because he then provided you with the handshake to the normal AP :) It is not necessary to complete the four-way handshake. All the variables needed to crack it are exchanged in the first two packets sent, and the AP does not even need to know the correct pre-shared key. Try running a capture at the same time, and scan it later. This image illustrates the handshaking situation: This shows that you can actually crack WPA/WPA2 without even having the AP present. It's enough to fake a AP. Which can also be done using airbase (part of aircrack-ng) Example: airbase-ng -c 1 -e MYSSID -F wpa -z 2 -W 1 wlan0mon (WPA+TKIP) airbase-ng -c 1 -e MYSSID -F wpa -Z 4 -W 1 wlan0mon (WPA2-CCMP) -z option means WPA, -Z option means WPA2. 2 means TKIP, and 4 is CCMP encryption. Link to comment Share on other sites More sharing options...
denver Posted January 19, 2017 Share Posted January 19, 2017 Hello,I managed to finish the installation a first time despite errors in the end: Quote No such file or directory No such file or dire The launch of launch-mana was working though, so I picked up everything from the beginning and now I have a block to install at this level Installing python-ctypes (2.7.9-5) to sd ... Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-ctypes_2.7.9-5_ar71xx.ipk. I have to format the SD card and reset the factory settings sorry for my English :-/ Link to comment Share on other sites More sharing options...
denver Posted January 19, 2017 Share Posted January 19, 2017 21 minutes ago, denver said: Hello,I managed to finish the installation a first time despite errors in the end: The launch of launch-mana was working though, so I picked up everything from the beginning and now I have a block to install at this level Installing python-ctypes (2.7.9-5) to sd ... Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-ctypes_2.7.9-5_ar71xx.ipk. I have to format the SD card and reset the factory settings sorry for my English :-/ Sorry ! The installation continues .. I did not remember that it was so long (15 minutes now) Link to comment Share on other sites More sharing options...
denver Posted January 19, 2017 Share Posted January 19, 2017 The installation is complete (after more than 50 minutes) now I have these messages:Normal? thank you in advance grep: /usr/lib/opkg/info/ip.control: No such file or directory cat: can't open '/usr/lib/opkg/info/ip.list': No such file or directory Configuring libevent2-openssl. grep: /usr/lib/opkg/info/libevent2-openssl.control: No such file or directory cat: can't open '/usr/lib/opkg/info/libevent2-openssl.list': No such file or directory Configuring python-db. grep: /usr/lib/opkg/info/python-db.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-db.list': No such file or directory Configuring python-decimal. grep: /usr/lib/opkg/info/python-decimal.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-decimal.list': No such file or directory Configuring python-distutils. grep: /usr/lib/opkg/info/python-distutils.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-distutils.list': No such file or directory Configuring tinyproxy. grep: /usr/lib/opkg/info/tinyproxy.control: No such file or directory cat: can't open '/usr/lib/opkg/info/tinyproxy.list': No such file or directory Configuring stunnel. grep: /usr/lib/opkg/info/stunnel.control: No such file or directory cat: can't open '/usr/lib/opkg/info/stunnel.list': No such file or directory Configuring python-compiler. grep: /usr/lib/opkg/info/python-compiler.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-compiler.list': No such file or directory Configuring python-ctypes. grep: /usr/lib/opkg/info/python-ctypes.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-ctypes.list': No such file or directory Configuring python-email. grep: /usr/lib/opkg/info/python-email.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-email.list': No such file or directory Configuring python-gdbm. grep: /usr/lib/opkg/info/python-gdbm.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-gdbm.list': No such file or directory Configuring python-logging. grep: /usr/lib/opkg/info/python-logging.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-logging.list': No such file or directory Configuring python-multiprocessing. grep: /usr/lib/opkg/info/python-multiprocessing.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-multiprocessing.list': No such file or directory Configuring python-ncurses. grep: /usr/lib/opkg/info/python-ncurses.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-ncurses.list': No such file or directory Configuring python-pydoc. grep: /usr/lib/opkg/info/python-pydoc.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-pydoc.list': No such file or directory Configuring python-unittest. grep: /usr/lib/opkg/info/python-unittest.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-unittest.list': No such file or directory Configuring python-xml. grep: /usr/lib/opkg/info/python-xml.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python-xml.list': No such file or directory Configuring python. grep: /usr/lib/opkg/info/python.control: No such file or directory cat: can't open '/usr/lib/opkg/info/python.list': No such file or directory Configuring libevent2. grep: /usr/lib/opkg/info/libevent2.control: No such file or directory cat: can't open '/usr/lib/opkg/info/libevent2.list': No such file or directory Configuring libevent2-pthreads. grep: /usr/lib/opkg/info/libevent2-pthreads.control: No such file or directory cat: can't open '/usr/lib/opkg/info/libevent2-pthreads.list': No such file or directory Configuring sslsplit. grep: /usr/lib/opkg/info/sslsplit.control: No such file or directory cat: can't open '/usr/lib/opkg/info/sslsplit.list': No such file or directory Configuring hostapd-mana. grep: /usr/lib/opkg/info/hostapd-mana.control: No such file or directory cat: can't open '/usr/lib/opkg/info/hostapd-mana.list': No such file or directory Configuring asleap. grep: /usr/lib/opkg/info/asleap.control: No such file or directory cat: can't open '/usr/lib/opkg/info/asleap.list': No such file or directory Collected errors: * extract_archive: Cannot create symlink from ./usr/lib/libevent-2.0.so.5 to 'libevent-2.0.so.5.1.10': Operation not permitted. * extract_archive: Cannot create symlink from ./usr/lib/libevent_openssl-2.0.so.5 to 'libevent_openssl-2.0.so.5.1.10': Operation not permitted. * extract_archive: Cannot create symlink from ./usr/lib/libevent_pthreads-2.0.so.5 to 'libevent_pthreads-2.0.so.5.1.10': Operation not permitted. Installation completed! Link to comment Share on other sites More sharing options...
Zylla Posted January 20, 2017 Author Share Posted January 20, 2017 Denver, I've never encountered that error before. What device are you installing it to? Also, what exact steps did you do to install it? You could simply try rebooting the device and retrying. It doesn't usually take 50 minutes to install it. On my Tetra it takes a couple minutes, while on my nano it takes a little more time, but not nearly 50. This was really strange. Those "errors" that repeats about missing .control files can safely be ignored. Link to comment Share on other sites More sharing options...
denver Posted January 20, 2017 Share Posted January 20, 2017 Zylla, Thank you for this return.I have a nano versionIt also seemed to me that it was faster during my first installationI just launched the command wget -qO- https://raw.githubusercontent.com/adde88/hostapd-mana/master/INSTALL.sh | Bash -s - -v -v Followed by this command Ln -s /sd/usr/lib/python2.7/ /usr/lib/python2.7 Link to comment Share on other sites More sharing options...
Zylla Posted January 20, 2017 Author Share Posted January 20, 2017 5 minutes ago, denver said: Zylla, Thank you for this return.I have a nano versionIt also seemed to me that it was faster during my first installationI just launched the command wget -qO- https://raw.githubusercontent.com/adde88/hostapd-mana/master/INSTALL.sh | Bash -s - -v -v Followed by this command Ln -s /sd/usr/lib/python2.7/ /usr/lib/python2.7 The only thing you need to do is this: root@Pineapple:~# wget -qO- https://raw.githubusercontent.com/adde88/hostapd-mana/master/INSTALL.sh | bash -s -- -v -v The install script detects the pineapple nano, and takes care of sym-linking the directory itself. It should be done before installing the packages. Also, if you were to copy the commands that you specified above (wget, Bash, Ln). It would fail. It should be run with lower letters, no big letters anywhere. There's also an error with the operators you supply to bash. So please, when installing. Copy the command i showed you above. It's the only thing you should need to do. Also, i need to stress this again: This is not for the faint of heart! Don't try installing this, and using this if you're not familiar with OpenWRT, SSH, and linux systems. You could potentially screw something up, if you don't know what you're doing. I'am working on a module that will make all this a lot easier, and user-friendly for everyone. And i'm hoping to have it ready soon. Link to comment Share on other sites More sharing options...
denver Posted January 23, 2017 Share Posted January 23, 2017 Again thank you for this return Quote Also, i need to stress this again: This is not for the faint of heart! I am aware of what you are emphasizing here, it is always important to remind. In my first tests I had nevertheless followed the letter tuto without adding another command (and respecting the case) Installing "python-ctypes" "python decimal" "python distutils" seems to take a considerable amount of timeCan this be due to writing to the SD card (bad quality card?) Can you tell me how long the script should run all the commands? Quote You could potentially screw something up Is it possible to make the material unusable? Even after a reset? Congratulations for your work! And thank you for taking the time to answer our questions.I look forward to the module Link to comment Share on other sites More sharing options...
Zylla Posted January 23, 2017 Author Share Posted January 23, 2017 33 minutes ago, denver said: Installing "python-ctypes" "python decimal" "python distutils" seems to take a considerable amount of timeCan this be due to writing to the SD card (bad quality card?)Can you tell me how long the script should run all the commands?Is it possible to make the material unusable? Even after a reset? Congratulations for your work! And thank you for taking the time to answer our questions.I look forward to the module I timed the installation of the packages on both my Tetra and Nano. Here are the results:NANO INSTALLATION: root@nano:/sd/ipks# time opkg --force-overwrite --dest sd install hostapd-mana_2017-01-13_ar71xx.ipk asleap_2.2-1_ar71xx.ipk Installing hostapd-mana (2017-01-13) to sd... Multiple packages (asleap and asleap) providing same name marked HOLD or PREFER. Using latest. Installing asleap (2.2-1) to sd... Configuring hostapd-mana. Configuring asleap. real 6m 57.33s user 4m 45.68s sys 0m 26.43s TETRA INSTALLATION: root@tetra:~# time opkg --force-overwrite install hostapd-mana_2017-01-13_ar71xx.ipk asleap_2.2-1_ar71xx.ipk Installing hostapd-mana (2017-01-13) to root... Installing asleap (2.2-1) to root... Configuring hostapd-mana. Configuring asleap. real 0m 43.02s user 0m 24.18s sys 0m 5.69s Conclusion: Installation took several minutes on the Nano, and under a minute on the Tetra. I don't use a SD-card on my nano. Instead i use a usb-drive mounted as /sd. I don't think the bottleneck is the sd-card. Which should be capable of several MB/s. I think the Nano is just generally "limited" because of its memory, CPU, and eeprom (93cx6) internal-storage. Whereas the Tetra has much more memory, better CPU, and uses 2GB flash-memory for its internal-storage. Link to comment Share on other sites More sharing options...
Zylla Posted January 23, 2017 Author Share Posted January 23, 2017 41 minutes ago, denver said: Is it possible to make the material unusable? Even after a reset? No. If something gets messed up because of my packages, a reset will work. It was meant as a warning for the people who don't even know how to reset their device. Because of the sym-linking procedure, the users entire python-library gets deleted, then overwritten by another library that contains the correct libraries needed to run sslstrip+ and main parts of the attack. Which means that if the user has any custom python-libraries installed, they will loose it when using the script on their nano. I really doubt this will happen to anyone, but i thought it was a good idea to give people a heads-up. Link to comment Share on other sites More sharing options...
denver Posted January 23, 2017 Share Posted January 23, 2017 What reactivity!Thank you for these results. I managed to approach it now (still a little longer on my nano) Just after installation on a "fresh" installation I got this message: ImportError: No module named site /sd/usr/sbin/launch-mana: line 171: /sd/var/lib/mana-toolkit/net-creds.log: No such file or directory I remove and handed the SD card and then test: it works!Now and after reboot, I still have this message: root@Pineapple:~# launch-mana Device seems to be: ONLINE. Remember: Press CTRL+C to kill MANA-Toolkit properly. RTNETLINK answers: File exists /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 126: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 138: cd: /sd/usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/: No such file or directory /sd/usr/sbin/launch-mana: line 141: cd: /sd/usr/share/mana-toolkit/sslstrip-hsts/dns2proxy/: No such file or directory /sd/usr/sbin/launch-mana: line 143: cd: OLDPWD not set /sd/usr/sbin/launch-mana: line 147: sslsplit: command not found Could not find platform independent libraries <prefix> Could not find platform dependent libraries <exec_prefix> Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] Could not find platform independent libraries <prefix> Could not find platform dependent libraries <exec_prefix> Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] ImportError: No module named site ImportError: No module named site /sd/usr/sbin/launch-mana: line 171: /sd/var/lib/mana-toolkit/net-creds.log: No such file or directory while : root@Pineapple:~# df Filesystem 1K-blocks Used Available Use% Mounted on rootfs 2240 300 1940 13% / /dev/root 12800 12800 0 100% /rom tmpfs 30600 100 30500 0% /tmp /dev/mtdblock3 2240 300 1940 13% /overlay overlayfs:/overlay 2240 300 1940 13% / tmpfs 512 0 512 0% /dev /dev/sdcard/sd1 3878912 111968 3766944 3% /sd /dev/sdcard/sd1 3878912 111968 3766944 3% /sd root@Pineapple:~# cd sd -ash: cd: can't cd to sd root@Pineapple:~# cd /sd root@Pineapple:/sd# cd var/lib/mana-toolkit/ lamb_braai/ sslsplit/ root@Pineapple:/sd# cd var/lib/mana-toolkit/ lamb_braai/ sslsplit/ root@Pineapple:/sd# cd var/lib/mana-toolkit/ root@Pineapple:/sd/var/lib/mana-toolkit# ls -la drwxr-xr-x 4 root root 32768 Jan 23 13:58 . drwxr-xr-x 3 root root 32768 Jan 23 13:44 .. drwxr-xr-x 2 root root 32768 Jan 13 11:24 lamb_braai -rwxr-xr-x 1 root root 0 Jan 23 13:58 net-creds.log drwxr-xr-x 2 root root 32768 Jan 13 11:24 sslsplit What do you think ?I thought to see on the forum that the use of the SD card seems to be problem so I will do like you and try with a usb-drive mounted as /sd Link to comment Share on other sites More sharing options...
Zylla Posted January 23, 2017 Author Share Posted January 23, 2017 1 hour ago, denver said: What reactivity!Thank you for these results. I managed to approach it now (still a little longer on my nano) Just after installation on a "fresh" installation I got this message: ImportError: No module named site /sd/usr/sbin/launch-mana: line 171: /sd/var/lib/mana-toolkit/net-creds.log: No such file or directory I remove and handed the SD card and then test: it works!Now and after reboot, I still have this message: root@Pineapple:~# launch-mana Device seems to be: ONLINE. Remember: Press CTRL+C to kill MANA-Toolkit properly. RTNETLINK answers: File exists /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 126: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 138: cd: /sd/usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/: No such file or directory /sd/usr/sbin/launch-mana: line 141: cd: /sd/usr/share/mana-toolkit/sslstrip-hsts/dns2proxy/: No such file or directory /sd/usr/sbin/launch-mana: line 143: cd: OLDPWD not set /sd/usr/sbin/launch-mana: line 147: sslsplit: command not found Could not find platform independent libraries <prefix> Could not find platform dependent libraries <exec_prefix> Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] Could not find platform independent libraries <prefix> Could not find platform dependent libraries <exec_prefix> Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] ImportError: No module named site ImportError: No module named site /sd/usr/sbin/launch-mana: line 171: /sd/var/lib/mana-toolkit/net-creds.log: No such file or directory while : root@Pineapple:~# df Filesystem 1K-blocks Used Available Use% Mounted on rootfs 2240 300 1940 13% / /dev/root 12800 12800 0 100% /rom tmpfs 30600 100 30500 0% /tmp /dev/mtdblock3 2240 300 1940 13% /overlay overlayfs:/overlay 2240 300 1940 13% / tmpfs 512 0 512 0% /dev /dev/sdcard/sd1 3878912 111968 3766944 3% /sd /dev/sdcard/sd1 3878912 111968 3766944 3% /sd root@Pineapple:~# cd sd -ash: cd: can't cd to sd root@Pineapple:~# cd /sd root@Pineapple:/sd# cd var/lib/mana-toolkit/ lamb_braai/ sslsplit/ root@Pineapple:/sd# cd var/lib/mana-toolkit/ lamb_braai/ sslsplit/ root@Pineapple:/sd# cd var/lib/mana-toolkit/ root@Pineapple:/sd/var/lib/mana-toolkit# ls -la drwxr-xr-x 4 root root 32768 Jan 23 13:58 . drwxr-xr-x 3 root root 32768 Jan 23 13:44 .. drwxr-xr-x 2 root root 32768 Jan 13 11:24 lamb_braai -rwxr-xr-x 1 root root 0 Jan 23 13:58 net-creds.log drwxr-xr-x 2 root root 32768 Jan 13 11:24 sslsplit What do you think ?I thought to see on the forum that the use of the SD card seems to be problem so I will do like you and try with a usb-drive mounted as /sd It seems to be having issues launching some of the core-applications within the toolkit. Interesting. Well, if the sd-card is having problems it will definitely show in your dmesg output. Or it could be issues within the script and the way it's calling the applications. If that's the case i find it strange that everyone doesn't experience such problems. What happens if you only try to launch these commands?: root@Pineapple:~# ip root@Pineapple:~# sslsplit My guess is that somehow something failed with the install, and that's why it cannot find the files on the sd-card. Either that, or it might be the sd-card problem. I'd checkout dmesg for errors related to sd-card, and also try to reinstall on a usb-drive. To see if that helps. :) Link to comment Share on other sites More sharing options...
denver Posted January 23, 2017 Share Posted January 23, 2017 After a reboot I run the command "launch-mana" root@Pineapple:~# launch-mana Device seems to be: OFFLINE. The result of the commands : root@Pineapple:~# ip Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filename where OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm | netns | l2tp | fou | tcp_metrics | token | netconf } OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | -h[uman-readable] | -iec | -f[amily] { inet | inet6 | ipx | dnet | bridge | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | -rc[vbuf] [size] | -n[etns] name | -a[ll] } root@Pineapple:~# sslsplit sslsplit: can't load library 'libevent_openssl-2.0.so.5' You will find in the attached file the dmesg checkout I test a reinstallation on a new card sd and after on usb drive I'll make you a return soon Denver dmesg.txt Link to comment Share on other sites More sharing options...
Zylla Posted January 23, 2017 Author Share Posted January 23, 2017 Thanks for posting your kernel messages. I immediately saw what was wrong. You are experiencing a bug with the sd-card. It's a little tricky to say if it's the exact same bug as the one i have found, but it has some similarities, and some places where it differs. The reason your bug "differs" from mine could be because you are using a FAT file-system, and because of that some kernel-calls to the file-system will of course differ. The tracelog will then also look different. The whole thing starts at 57 seconds in your log. This is also the same place that my bug look similar: [ 57.160000] cdb[0]=0x28: 28 00 00 00 40 40 00 00 01 00 [ 57.160000] blk_update_request: I/O error, dev sda, sector 16448 Then it starts spamming repeated issues related to FAT and different blocknumbers. This is where it differs, but as they have the same "entry-point" i suspect it could be the same bug: [ 57.170000] FAT-fs (sda1): Directory bread(block 8256) failed [ 57.180000] FAT-fs (sda1): Directory bread(block 8258) failed After this the "device/sd-card" disconnects, and then re-connects with a new device-name. (Same as mine.) You could try formating the sd-card using the Pineapples web-interface. It would then use ext4. If that doesn't help, you have two-options left. Try another sd-card, or use a usb flash-drive mounted as /sd. PS. I remembered that i have a command i used to trigger the bug on my nano. When triggered, you will find the same error messages in dmesg. Here it is: badblocks -e 100 -v /dev/sdcard/sd1 (If the command doesn't work, try replacing /dev/sdcard/sd1 with /dev/sda1 or whatever your file-partition on the nano is.) Link to comment Share on other sites More sharing options...
denver Posted January 26, 2017 Share Posted January 26, 2017 Hi Zylla Thank you for these detailed explanationsIn fact the SD card was formatted in FATBut despite several tests (formatting via pineapple) and tests of several SD:- installation is always time consuming- I can launch the 'launch-mana' command a first time and after 1 minutes disconnectI connect again on the nano and this time impossible to launch the command : root@Pineapple:~# launch-mana Device seems to be: ONLINE. Remember: Press CTRL+C to kill MANA-Toolkit properly. RTNETLINK answers: File exists /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 121: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 126: /sd/usr/sbin/ip: No such file or directory /sd/usr/sbin/launch-mana: line 138: cd: /sd/usr/share/mana-toolkit/sslstrip-hsts /sslstrip2/: No such file or directory /sd/usr/sbin/launch-mana: line 141: cd: /sd/usr/share/mana-toolkit/sslstrip-hsts /dns2proxy/: No such file or directory /sd/usr/sbin/launch-mana: line 143: cd: OLDPWD not set /sd/usr/sbin/launch-mana: line 147: sslsplit: command not found /sd/usr/sbin/launch-mana: line 171: /sd/var/lib/mana-toolkit/net-creds.log: No s uch file or directory Could not find platform independent libraries <prefix> Could not find platform dependent libraries <exec_prefix> Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] Could not find platform independent libraries <prefix> Could not find platform dependent libraries <exec_prefix> Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] ImportError: No module named site ImportError: No module named site root@Pineapple:~# df Filesystem 1K-blocks Used Available Use% Mounted on rootfs 2240 340 1900 15% / /dev/root 12800 12800 0 100% /rom tmpfs 30600 108 30492 0% /tmp /dev/mtdblock3 2240 340 1900 15% /overlay overlayfs:/overlay 2240 340 1900 15% / tmpfs 512 0 512 0% /dev /dev/sdcard/sd1 2764904 45160 2559580 2% /sd /dev/sdcard/sd1 2764904 45160 2559580 2% /sd I unfortunately failed to mount the usb flash drive in SD. I continue on this path Link to comment Share on other sites More sharing options...
Zylla Posted February 6, 2017 Author Share Posted February 6, 2017 Update: I've successfully built hostapd version 2.6 with the MANA patches for OpenWRT. Senepost has not merged this version with the "release" version. But i feel like everything is stable enough to be pushed out. So i'm going to update my github repo. and packages asap. If you find any bugs, i'd be very happy if you could report them to me. PS. When running version 2.6, i'd be very very interested in peoples experiences with the "taxonomy" feature within hostapd. It's a feature that identifies the client device based on information stored within the probe and association packets being sent. I got this to work on my Linux version (PC), and i'd be very interested if we got this to work together with the MANA patches for OpenWRT. You would then be able to identify devices around you, based on their MAC address. For example: (Nexus 5, or iPhone 6s, etc.) PSS. Still working on a Pineapple Module. This turned out more time consuming than i had expected. But it's in progress.. :) Yours truly,Zylla / Andreas Link to comment Share on other sites More sharing options...
Zylla Posted February 6, 2017 Author Share Posted February 6, 2017 I just wanna give you guys a headsup that you can edit the hostapd config-file to activate ACS (Automatic Channel Survey), which surveys for the best channel to use. Just set the channel to 0 to activate it. Also: You can use 5GHz channels if you are using the Pineapple Tetra. Or you could use both 2.4 and 5GHz at the same time (wlan0 + wlan1), to cover both spectrums. ;) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.