WiFi PineApple Nano for a Dummie

[Stahlvormund]

Hey guys,

I have no professional background in IT and am learning how to use a PineApple Nano as a job for a friend of mine who has but has no time himself to do it.

The goal is to be able to use the PineApple for a demonstration to show an audience that you can Man-In-The-Middle between their mobile devices and an AP provided for the demonstration, that you can read their traffic and lure them on an Evil Portal.

I have a hard time finding step-by-step tutorials for the recent build and for someone that is an amateur and really has to be lead to the simplest steps. What I managed to achieve so far:
 

1. I set up my WiFi PineApple Nano on a Windows 7 Professional computer and established an Internet Connection

2. I downloaded the latest update and bulletins and also currently three modules, SSLSplit, DWall and Evil Portal

3. I ran Recon Scans, saw local SSIDs and added them and their MAC adress to my Filter and PineAP Pool

4. I've been trying to follow the PineApple Primer video and ran the PineAP accordingly. With an open WiFi I created here, I could passively listen to unsecured traffic on a device I connected with that and show it in WireShark and DWall

5. What I am now trying to do is make my PineApple pretend its an open WiFi and grant access to the Internet. Currently devices can connect to such a pretender AP but then dont have access to the Internet.

6. I would also like to be able to listen to secured traffic.

 

If you have any ressources I could read up upon or watch, I'd be grateful.

 

Kind regards

[Stahlvormund]

I cant even get my devices to receive Internet over the wifipineappletest, nor to properly connect to the fake it sends out!
If you need credentials to believe I am sincere, I can provide in PM.

[Stahlvormund]

So the concrete example:

With my WiFi Pineapple I caught a WiFi "FreeWifi" from an LTE router my laptop connected with already. So I broadcast that FreeWifi, my Laptop logs into the FreeWifi my Pineapple is broadcasting and my laptop shows no connectivity issues.
However, it cant browse webpages, it doesnt get into the internet over the Pineapple broadcasted and hijacked WiFi.

The Pineapple itself has internet and can receive updates and bulletins. It also registers the laptop as connected client.

Laptop shows no IPv6-connectivity. When I open the IPv6 configuration it receives IPv6 and DNS adress automatically.

Can you help me please?

[Stahlvormund]

Alright, so I changed my approach entirely now.

I am now using the Oracle Virtual Box 5.2.8 and Linux Kali 2018.1 as the environment for my PineApple.

The PineApple is connected via the USB-Y cable to my PC running Windows 7 which then runs Linux Kali via Virtual Box.
I can see the PineApple as eth1 in ifconfig in Kali, can access the PineApple in Kali via Firefox and I successfully ran the wp6.sh script. I can load Bulletins and search for updates with my PineApple in Kali.

So then I started to broadcast the PineAP's by activating the daemon, ticking all boxes for now as I dont have a specific pentest goal yet and just am learning it, and I have my laptop connect to a captured SSID which I broadcast.
After connecting, my Laptop (Windows 7) receives IPv4, but no IPv6 and shortly after it loses IPv4 connectivity as well.

While sharing connection directly with my Windows 7 machine instead of Virtual Box Kali, at least IPv4 stayed stable but also no IPv6 which I need for a successful test and demonstration.

 

What could I be missing?

[Stahlvormund]

Also yes, I can access Internet without issues inside my Kali using Firefox.

[Stahlvormund]

I specified the problem a bit more: DHCP is deactivated for the PineApple. I set the IPv4 adress as per instructions but how do I set the IPv6 adress if not automatically?

[RayvenHawk]

On 3/10/2018 at 6:39 AM, Stahlvormund said:

Hey guys,

I have no professional background in IT and am learning how to use a PineApple Nano as a job for a friend of mine who has but has no time himself to do it.

The goal is to be able to use the PineApple for a demonstration to show an audience that you can Man-In-The-Middle between their mobile devices and an AP provided for the demonstration, that you can read their traffic and lure them on an Evil Portal.

I have a hard time finding step-by-step tutorials for the recent build and for someone that is an amateur and really has to be lead to the simplest steps. What I managed to achieve so far:
 

1. I set up my WiFi PineApple Nano on a Windows 7 Professional computer and established an Internet Connection

2. I downloaded the latest update and bulletins and also currently three modules, SSLSplit, DWall and Evil Portal

3. I ran Recon Scans, saw local SSIDs and added them and their MAC adress to my Filter and PineAP Pool

4. I've been trying to follow the PineApple Primer video and ran the PineAP accordingly. With an open WiFi I created here, I could passively listen to unsecured traffic on a device I connected with that and show it in WireShark and DWall

5. What I am now trying to do is make my PineApple pretend its an open WiFi and grant access to the Internet. Currently devices can connect to such a pretender AP but then dont have access to the Internet.

6. I would also like to be able to listen to secured traffic.

 

If you have any ressources I could read up upon or watch, I'd be grateful.

 

Kind regards

I had a similar issue with my Nano, I was able to get internet on my Nano via ICS but when a client connected to the open wifi it was broadcasting they couldn't get any internet. The solution I went with was to do a factory reset of my Pineapple Nano, once I did that my issue was resolved. It would have been nice to know why it was failing, but I wasn't about to spend several hours trying to find a proverbial needle in a haystack. I was up and running again in 10 minutes tops with my problem gone.

Now as for your IPv6 issue, I haven't bothered to look at it just yet as IPv4 is still alive and kicking pretty well. But if I had to wager a guess, I'd say look at your interfaces for the Pineapple if I'm not mistaken there is one there that is utilizing IPv6 you may have to designate that one as the one clients connect to if you want to use IPv6 rather than IPv4.

[Stahlvormund]

I try to update the route but it always stays on br-lan.

[Stahlvormund]

A FACTORY RESET DID THE TRICK! THANK YOU SO MUCH!

[Stahlvormund]

I can listen to http traffic now using DWall or WireShark. Now it would be exciting to be able to listen to https, to get around hsts or to sniff passwords.
or is that currently not possible due to recent security improvements?

[Cap_Sig]

You should be capturing HTTPS traffic with wireshark already.  To see the plaintext of the traffic requires decrypting it.  I would recommend doing some research on wireshark and how to use it with different traffic types.

There are several good resources that can be found with a search.  You need to have a specific goal in mind as well to help find the best information on the topic.

[Stahlvormund]

I am reading now here:
https://blog.packet-foo.com/2016/07/how-to-use-wireshark-to-steal-passwords/comment-page-1/

that basically without consent of the client I'm not gonna be able to capture secured traffic. The point of why Im doing this is to use this attack in a presentation to shock ppl their credentials could be secretly stolen.

So I guess the next approach would be using an EvilPortal?

[Stahlvormund]

So I've been following the steps of this article:
https://blog.inspired-sec.com/archive/2017/01/10/cloning-captive-portals.html
 

but when I am waiting for the module to clone the website, it says an error has occured and I should see the logs, even though no log has been produced.
This error happens regardless of whether I saved Portal Auth on the SD or Internal Storage of the PineApple Nano.
I am trying to clone "https://www.gmx.net" and inject the default "Harvester" injection.

This is the error message:
 

[Stahlvormund]

Actually copying a website with Portal Auth causes the Wifi PineApple to restart for whatever reason.

[Stahlvormund]

And interestingly, even tho the error occurs, the website is actually cloned.

[Stahlvormund]

I am having lots of troubles getting PortalAuth working. When I try to copy a specific website, or often regardless the website, it produces an error.

Sometimes the cloning was then still successful, most times not.
I did not make any changes to settings after the initial recommended setup and used the modified Harvester injection set.

 

Also how can I access the WiFi Pineapples root and SD storage manually? I would like to put default portals from github there directly for testing purposes.