Jump to content

Modules Requests Discussion


WiFiJuice

Recommended Posts

@AlfaAlfa: I know how to cross compile for the pineapple, I have the environment and I already did it in the past (e.g. with p0f, mdk3 binaries).

I just thought that it would be easier:

1) to do it in shell, in one line; and

2) to maintain the code in the repository.

As a side note, I'm not the one who decides if a binary can be put in the repository but Seb does. I prefer that Seb comments on that one.

That said, I can have a look to compile your code on the pineapple if you want.

In summary, the modo for module development is more to use existing tools and use language such as Python, Perl or shell.

  • Upvote 2
Link to comment
Share on other sites

Well I've done it, at least for the nano I believe so: Does this look good? (Yes certainly, you can take a look and see if I did it correctly and test it for me, compiling it yourself, then let me know how I can do the same for the Tetra!) Look I don't want you to have to do everything for me, see I'm putting the effort in here! I should add: Thank you ahead of time.

Alf@UNKNOWN:~/pineapple-builder/MK5/package/uploadwpa/package/bin$ readelf -a -d uploadwpa
ELF Header:
  Magic:   7f 45 4c 46 01 02 01 00 01 00 00 00 00 00 00 00
  Class:                             ELF32
  Data:                              2's complement, big endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       1
  Type:                              EXEC (Executable file)
  Machine:                           MIPS R3000
  Version:                           0x1
  Entry point address:               0x401770
  Start of program headers:          52 (bytes into file)
  Start of section headers:          0 (bytes into file)
  Flags:                             0x70001005, noreorder, cpic, o32, mips32r2

6hVkkqX.png

Since the MK5 and nano have a similar mips architecture is that correct? The Tetra on the other hand is different... Where can I download the firmware and cross compiler toolkit for it?

See now this wasn't so hard was it, my github has been updated but the ipk isn't there just the updated source with the new makefiles and instructions on what I did to compile it. I did successfully generate an ipk though and extracted it and checked the binary to confirm it is in fact compiled for mips!

As DataHead posted It previously when he's done this, I have to post this here too:

I cant put enough emphasis on this, this is not an official package provided from the hak5 team, and there for is NOT supported by them. Until if and or when they add them into their official repos, and you download it from their official repos, this is all installed at YOUR OWN RISK. so using this provided ipk, do not go to the hak5 team for support for which are not officially provided by them.
i also hold no responsibility for any damage or for your usage that may occur, i can provide the sources and installable ipk, and can give you my word that their is no malicious code added to these ipk, they are clean and no infection.
it is your choice and responsibility if you want to use them or not.


You've been warned, now here is the goods :)
------------------------------------------------------------

the main github has been updated to reflect successful compilation in a openwrt environment, if you would like to compile it yourself -> https://github.com/Alf-Alfa/uploadwpa

[iPK link will be placed here shortly]

Once copied to to your MK5 or nano:

opkg install uploadwpa-1-ar71xx.ipk

Then if nano you can also copy the 'UploadWPA' to /pineapple/modules for the GUI

Otherwise you must use it from the command line once you have a terminal to your pineapple! :smile:

Tetra version coming soon, as soon as I get the proper environment setup to cross compile for RISC.

Edited by AlfAlfa
Link to comment
Share on other sites

Right know I use WiFi tracker for android. Which does ok. The drawbacks are strength. You can't pick up past the first row of buildings, what I do get is somewhat scattered on accuracy. But it does put things on a map and give a ballpark plus it exports to csv, probably my favorite feature.

The drawback is that it's awfully demanding on even the snappiest arm systems. I had logged 5400 aps, just driving around and it took 5 minutes to load. So the gui was useful on a small scale, cumbersome on a large scale.

So I guess if I had to boil down what feature would be most important on for pineapple handling of this task would be the ability of export to csv.

Ideally, Maybe there is a way that a set of data can be narrowed down and displayed in gui on the host machine. The pineapple I guess would struggle to do all the mapping itself but if it could pass some of that work off to host to do that might be a beautiful thing.

Link to comment
Share on other sites

I guess something has failed with the cross compilation, on the NANO and on the TETRA

root@Pineapple:/tmp# opkg install uploadwpa-1-ar71xx.ipk
Collected errors:
 * deb_extract: uploadwpa-1-ar71xx.ipk: invalid magic
 * pkg_init_from_file: Failed to extract control file from uploadwpa-1-ar71xx.ipk.

By the way, this is the CPU information for the TETRA, no RISC architecture here :wink:

system type        : Atheros AR9344 rev 2
machine            : tetra
processor        : 0
cpu model        : MIPS 74Kc V4.12
BogoMIPS        : 278.93
wait instruction    : yes
microsecond timers    : yes
tlb_entries        : 32
extra interrupt vector    : yes
hardware watchpoint    : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa            : mips1 mips2 mips32r1 mips32r2
ASEs implemented    : mips16 dsp dsp2
shadow register sets    : 1
kscratch registers    : 0
package            : 0
core            : 0
VCED exceptions        : not available
VCEI exceptions        : not available

And if you need it as well, this is the CPU information for the NANO:

system type        : Atheros AR9330 rev 1
machine            : WiFi Pineapple NANO
processor        : 0
cpu model        : MIPS 24Kc V7.4
BogoMIPS        : 265.42
wait instruction    : yes
microsecond timers    : yes
tlb_entries        : 16
extra interrupt vector    : yes
hardware watchpoint    : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa            : mips1 mips2 mips32r1 mips32r2
ASEs implemented    : mips16
shadow register sets    : 1
kscratch registers    : 0
package            : 0
core            : 0
VCED exceptions        : not available
VCEI exceptions        : not available
  • Upvote 1
Link to comment
Share on other sites

I guess something has failed with the cross compilation, on the NANO and on the TETRA

root@Pineapple:/tmp# opkg install uploadwpa-1-ar71xx.ipk
Collected errors:
 * deb_extract: uploadwpa-1-ar71xx.ipk: invalid magic
 * pkg_init_from_file: Failed to extract control file from uploadwpa-1-ar71xx.ipk.

Thanks for checking it out, as for the Tetra not being a mips I guess I read that wrong he said a newer RISC architecture but that didn't mean it's not mips just a newer better mips arch...

As for it failing to extract the control file, I think there's something wrong with the way it's packaging it since the file is actually in there if I do this I can extract it manually:

Alf@UNKNOWN:~/Downloads/uploadwpa-ipk$ tar xzvf uploadwpa_1_ar71xx.ipk
./debian-binary
./data.tar.gz
./control.tar.gz
Alf@UNKNOWN:~/Downloads/uploadwpa-ipk$ tar xzvf control.tar.gz
./
./control
Alf@UNKNOWN:~/Downloads/uploadwpa-ipk$ tar xzvf data.tar.gz
./
./bin/
./bin/uploadwpa
Alf@UNKNOWN:~/Downloads/uploadwpa-ipk$ ls bin/
uploadwpa
Alf@UNKNOWN:~/Downloads/uploadwpa-ipk$

The control file itself contains:

Package: uploadwpa
Version: 1
Depends: libc, libstdcpp
Provides:
Source: package/uploadwpa
Section: utils
Status: unknown ok not-installed
Essential: no
Priority: optional
Maintainer: OpenWrt Developers Team <openwrt-devel@openwrt.org>
Architecture: ar71xx
Installed-Size: 8198
Description:  Uploads a WPA handshake to various online crackers!

And the binary itself is mips so it wont execute on my x86_64 (didn't even try, just looked at it with readelf)

I think I see the problem, when I open the individual control.tar.gz and data.tar.gz with a visual extractor I see:

QK8mG8C.png

and inside the . folder is the control file!

Unless that's how it's supposed to be, then that appears to be the problem. What could be wrong with my configuration that it creates that extra "." (dot) folder and that's why it isn't finding it.

Downloaded another ipk for something else extracted it and it has the same thing, so that .(dot) folder actually does appear to be normal so that's not the problem!

Looking more closely at the information you gave me though I think I see the actual problem. I'm using the older MK5 toolchain aren't I, and that isn't going to work for the nano and Tetra is it!?

AR71XX is not AR93XX!! :happy:

Or is it? Because it says when I enter the menuconfig with "make menuconfig" and select the first option 'Target System'

I get:

───────────────────────── Target System ───────────────────────────┐
                                                   │  Use the arrow keys to navigate this window or press the hotkey of │  
                                                   │  the item you wish to select followed by the <SPACE BAR>. Press    │  
                                                   │  <?> for additional information about this option.                 │  
                                                   │ ┌───────────────────^(-)─────────────────────────────────────────┐ │  
                                                   │ │               ( ) ARM Ltd. Realview board (qemu)               │ │  
                                                   │ │               ( ) Atheros AR231x/AR5312                        │ │  
                                                   │ │               (X) Atheros AR7xxx/AR9xxx                        │ │  
                                                   │ │               ( ) Atmel AT91                                   │ │  
                                                   │ │               ( ) Atmel AVR32                                  │ │  
                                                   │ │               ( ) Broadcom BCM2708/BCM2835                   

I do have that option selected as well. Should a ar93xx*.ipk be generated or do the packages called ar71xx*.ipk fit under the same umbrella and are combined supported for both?

So I'm confused, will the MK5 toolchain work, or do I need the newer one! You said you've got the environment set up, I bet you're not using the MK5 toolchain! I'll keep it in case I want to make my work backwards compatible for it, but I really should have the newer toolchain! I don't really need the firmware unless that's required since I'm not intending on extending the firmware or making anything 'baked into' the firmware, but just a way to produce a binary with a proper magic number. :smile:

When looking at a valid binary what does the magic number look like?

Is it different than: Magic: 7f 45 4c 46 01 02 01 00 01 00 00 00 00 00 00 00 ?

CONFIG_TARGET_ar71xx:                                                                                                                                               │  
  │                                                                                                                                                                     │  
  │ Build firmware images for Atheros AR7xxx/AR9xxx based boards.                                                                                                       │  
  │                                                                                                                                                                     │  
  │                                                                                                                                                                     │  
  │ Symbol: TARGET_ar71xx [=y]                                                                                                                                          │  
  │ Prompt: Atheros AR7xxx/AR9xxx                                                                                                                                       │  
  │   Defined at tmp/.config-target.in:59                                                                                                                               │  
  │   Depends on: <choice>                                                                                                                                              │  
  │   Location:                                                                                                                                                         │  
  │     -> Target System (<choice> [=y])                                                                                                                                │  
  │   Selects: HAS_SUBTARGETS [=y] && mips [=y]
Edited by AlfAlfa
Link to comment
Share on other sites

I don't know what the issue is with your ipk so I tried to compile it myself, but I get the following errors:

HTTPClient.o: In function `HTTPClient::Connect(char const*, int)':
HTTPClient.cpp:(.text+0x38c): warning: gethostbyname is obsolescent, use getnameinfo() instead.
uploadwpa.o: In function `postWPAHandshakeTo_onlinehashcrack()':
uploadwpa.cpp:(.text+0x2d0): undefined reference to `void HTTPClient::Log<char const*>(char const*, bool)'
collect2: error: ld returned 1 exit status
Makefile:2: recipe for target 'uploadwpa' failed
Link to comment
Share on other sites

Thank you again, I really do appreciate you trying to help me!

I think the problem is I shouldn't of used that outside of the httpclient that's the only place I used it outside of it.

replace line 43 in uploadwpa.cpp:

if(!file) { http->Log("ERROR Cannot open file"); return false; }
With:
if(!file) { std::cout << "ERROR Cannot open file"; return false; }
And if you have a version of HTTPClient.hpp that doesn't have these headers add them to the top as well:
#include <stdio.h>
#include <cstdlib>

When I was compiling I had to add those, as the reduced version of the standard library doesn't automatically include them with iostream like the normal desktop verison does...

You still didn't say what you're using though for your compiling, is it that much of a secret? lol :ph34r:

Link to comment
Share on other sites

Because you asked the question after I've posted my answer by editing your post... and no, that not a secret, this is just the standard OpenWrt SDK, nothing more. You can use it to compile for the MK5, NANO, TETRA, etc.

Anyway, I've made the changes and it works fine now:

root@Pineapple:/tmp# opkg install uploadwpa_1_ar71xx.ipk
Installing uploadwpa (1) to root...
Configuring uploadwpa.
root@Pineapple:/tmp# uploadwpa
uploadwpa 1.0 ~ AlfAlfa
This module will upload a wpa handshake from a single capture file to www.onlinehashcrack.com
or you can give it up to 10 hashes seperated by spaces and of any hashes the site supports
Usage:
{Send WPA Handshake:}
uploadwpa -e youremail@yourdomain.com -c myaccesspoint.cap
uploadwpa -e email@yourdomain.com -c ~/captures/myaccesspoint.hccap -u "A Custom User Agent"
{Send up to 10 hashes at once of hashes supported by the site:}
uploadwpa -e youremail@yourdomain.com -a hash1 hash2 hash3 hash4 hash5 hash6 hash7 hash8 hash9 hash10
{Send both sequentially:}
uploadwpa -e example@example.com -a hash1 etc etc -c /path/to/capture.cap

In the mean time, could you please remove the link to the wrong ipk as users will get it wrong otherwise. Thanks.

  • Upvote 1
Link to comment
Share on other sites

WOOT WO0T! :grin:

Awesome! So you've got it going! I'll just get the standard OpenWrt SDK then, the issue lies somewhere in the sdk i've downloaded which is more specific to the mk5.

At least now I can see that it works! (I've removed that wrong ipk so there'll be no confusion as you've asked)

Version 2.0 is almost complete, it also links to libopenssl and libcrypto and I've gotten it to compile even with my broken sdk, (except openssl didn't have the version it was requesting anymore and had to source it from somewhere else (1.0.1e))

Perhaps the standard OpenWrt sdk will have a newer version anyway (like 1.0.2)!

Edited by AlfAlfa
Link to comment
Share on other sites

  • 2 weeks later...

Just as an update, I had to get caught up in my other work, but I finally got uploadwpa2 into a state that it has been much improved and is a worthy update!

Also something looks different about this module, dependency? :smile:

The main difference is adding SSL support, but also switching from hard coded specialized functions which would have to be coded for each site and re-done if the site changed, to a json config file with the default config stored at ~/.uploadwpa2/sites.cfg

It's a pretty simple format, and should be able to be configured for most sites except that require a logged in session or captcha. (maybe future features)

So with the standard openwrt sdk now I'm fairly sure I got the packaging right this time, so check the package out or it can be just built from source again.

additional dependencies: +libopenssl +libcrypto makefile has been updated.

"I cant put enough emphasis on this, this is not an official package provided from the hak5 team, and there for is NOT supported by them. Until if and or when they add it into their official repos, and you download it from their official repos, this is all installed at YOUR OWN RISK. so using this provided ipk, do not go to the hak5 team for support for which are not officially provided by them.
i also hold no responsibility for any damage or for your usage that may occur, i can provide the sources and installable ipk, and can give you my word that their is no malicious code added to this ipk, it is clean and has no infection.
it is your choice and responsibility if you want to use them or not.
"

You've been warned, now here is the goods :)

---------------------------------------------------------------------------------------------------------------

IPK:

http://www.filedropper.com/uploadwpa21ar71xx

http://www.speedyshare.com/jwNNd/uploadwpa2-1-ar71xx.ipk

Source:

https://github.com/Alf-Alfa/uploadwpa

EDIT: I've just realized I completely overlooked the javascript and php side of things, I'll have to flesh it out with support for the newer features. Like being able to give it more than 10 hashes at a time (you just configure how many hashes it accepts per post) and it sends out as many post requests as necessary to complete the job. (example of one new feature)

Edited by AlfAlfa
Link to comment
Share on other sites

The CLI version of meterpreter is pre-installed on all WiFi Pineapple NANO / TETRA devices. All you are missing is the front-end module.

We wanted to write it during a Let's Code, but things got in the way. Should get around to it soon though.

Best Regards,

Sebkinne

  • Upvote 1
Link to comment
Share on other sites

Hey guys,

what is your opinion on the following Topic:

Offline Pineapples might not be associated as modern os (mobile & Laptops) check for an available internet connection.

Usually this is done by checking in an webpage or file is accessible.

Do you think some kind of internet-connection fake-module would be interessting?

Cheers M.

Link to comment
Share on other sites

  • 2 weeks later...

I would like to create a captive portal/landing page that shows how much data each device has used. Im fine creating the HTML, but i'm not sure how to monitor data usage and then report it. Any advice on where I should start?

Link to comment
Share on other sites

  • 1 month later...

Anyone currently working on an infusion for cracking these on a NANO or at least getting the handshake I saw the OnlineHashCrack but what about an infusion uses bully and a couple different wep cracking attacks?

I mean I know some of you think WEP is dead but you'd honestly be surprised how many networks are still using it.

I believe their was a WPS infusion for the MK5 how is it so hard to make a automated script that has drop list of WEP/WPA attacks ?

Link to comment
Share on other sites

I don't think you are going to be able to crack even WEP passwords on the nano, there's just not enough processing/memory power to do so.

The Site Survey module will let you capture handshakes and then you can upload those using the online hash cracker or crack them on another system. I'm not sure if it does WEP though.

I'm sure the reaver/pixie dust module will come soon enough for WPS attacks, but in the meantime you can get wifite installed through SSH and working and it has most all of those attacks with it as well as the WEP/WPA captures. There was another post somewhere about the process to go about that somewhere as well i believe.

Link to comment
Share on other sites

I don't think you are going to be able to crack even WEP passwords on the nano, there's just not enough processing/memory power to do so.

The Site Survey module will let you capture handshakes and then you can upload those using the online hash cracker or crack them on another system. I'm not sure if it does WEP though.

I'm sure the reaver/pixie dust module will come soon enough for WPS attacks, but in the meantime you can get wifite installed through SSH and working and it has most all of those attacks with it as well as the WEP/WPA captures. There was another post somewhere about the process to go about that somewhere as well i believe.

WEP attacks are absolutely possible - WPA you'll lack processing power.

Best Regards,

Sebkinne

  • Upvote 1
Link to comment
Share on other sites

WEP attacks are absolutely possible - WPA you'll lack processing power.

Best Regards,

Sebkinne

How about script that runs like your airodump-ng commands and the aireplay-ng is too much for the cpu ? I mean I've been able to get handshakes manually running the commands via SSH on the MK5 and on a NANO it's just the hassle of needing to ssh in it be nice to do it via a UI I mean we had the old WPS infusion that used bully and reaver.

I'm not trying to crack the handshake on the NANO obviously thats not got the kinda power but an infusion that at least can capture a handshake and then store it on the SD to be transferred to a cracking machine would be nice.

In the Site Survey is the new infusion for that then no wonder I wasn't able to find the infusion I would've been looking for an infusion called "WPA Capture" or WiFi Attack idk :B

Edited by ZaraByte
Link to comment
Share on other sites

export data as a csv and load into an offlline saved map either on a box or mobile device... doesnt give you real time info like what business is located on that spot but if all you're trying to do is get the lay of the land ap wise that shouldnt matter there is also a really good 3rd party map app i downloaded not too long ago for android that pulls map data from google but stores the map pins locally on your phone that recieves KML imports

now we just need a good looking module to accept a gps dongle save scanned data as a table and export it as a csv or kml!!! :-)

https://support.google.com/mymaps/answer/3024836?hl=en

https://play.google.com/store/apps/details?id=com.exlyo.mapmarker&hl=en

Link to comment
Share on other sites

I'd really be interested in seeing a Module that would allow you to run commands from inside the NANO WebUI I don't really like having to SSH into the NANO outside the NANO would be kinda nice to have a module that allows us to access Command Line via WebUI

Makes it less of a hassle to SSH from another device into the NANO to run commands via SSH.

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...