Thraks Posted June 19, 2018 Posted June 19, 2018 This should be fairly straight forward, but has the location SSID's for PineAP are stored changed from "/etc/pineapple/ssid_file"? My pool location still points to the default "/etc/pineapple/", but I'm not able to see any SSID's in ssid_file, and it has a file size of 0 bytes. This is persistent through restarts, adding new SSIDs via GUI, as well as adding them to ssid_file (obv file size changes here) yet the list of existent ssids in PineAP is persistent and functional. I've grep'd to locate ssid's i know should be in the file, but that comes up with empty results as well.
b0N3z Posted June 19, 2018 Posted June 19, 2018 its now stored as a database. I dont know why some of the options to change location are still in the webui because they dont seem like they are relevant. Ive noticed this a while ago and wondered why those options were still there. @Foxtrot
Thraks Posted June 19, 2018 Author Posted June 19, 2018 That makes a lot more sense. Anyway to import to that db that you're aware of?
Just_a_User Posted June 19, 2018 Posted June 19, 2018 1 hour ago, Thraks said: That makes a lot more sense. Anyway to import to that db that you're aware of? I think SSID's are stored in /etc/pineapple/pineapple.db (so location is as per the GUI option) which is a sqlight3 database AFAIK there are a few tools to view/open/edit after downloading it. I also think notifications are in there along with notes, maybe more as i haven't spent much time digging.
Thraks Posted June 19, 2018 Author Posted June 19, 2018 5 minutes ago, Just_a_User said: I think SSID's are stored in /etc/pineapple/pineapple.db (so location is as per the GUI option) which is a sqlight3 database AFAIK there are a few tools to view/open/edit after downloading it. I also think notifications are in there along with notes, maybe more as i haven't spent much time digging. Thanks, you're right it is in pineapple.db Incase anyone else is interested other tables are: api_tokens, downloads, notes, notifications, ssids, tracking Kind of a shame they moved from the simple list file. Made swapping, importing, comparing and joining super easy. But then again, it can't hurt to learn sql. Anyway, thanks for your help guys.
Foxtrot Posted June 19, 2018 Posted June 19, 2018 4 hours ago, b0N3z said: its now stored as a database. I dont know why some of the options to change location are still in the webui because they dont seem like they are relevant. Ive noticed this a while ago and wondered why those options were still there. @Foxtrot The change location is still there because it allows you to change the location of the database, should the user want to. It will (and should) always be named 'pineapple.db'. This is why the "Change Location" input box omit the filename.
Dave-ee Jones Posted June 19, 2018 Posted June 19, 2018 Interesting - so is the Pineapple hosting an SQL server as well (phpMyAdmin maybe?) or is it just exporting to a .db file?
Foxtrot Posted June 20, 2018 Posted June 20, 2018 2 hours ago, Dave-ee Jones said: is the Pineapple hosting an SQL server as well ... No, the SQL DB(s) we use are SQLite, and we manipulate it by opening connections to it, modifying, and closing the connection. 2 hours ago, Dave-ee Jones said: (phpMyAdmin maybe?) Absolutely not.
Dave-ee Jones Posted June 20, 2018 Posted June 20, 2018 8 minutes ago, Foxtrot said: No, the SQL DB(s) we use are SQLite, and we manipulate it by opening connections to it, modifying, and closing the connection. Absolutely not. Alright, calm down, was just curious. ?️
Just_a_User Posted June 20, 2018 Posted June 20, 2018 8 hours ago, Dave-ee Jones said: Alright, calm down, was just curious. ?️ Maybe wrong but i think its because phpmyadmin has had 244 known CVE over the last 17 years so would possibly be a massive target/weakness on the pineapples. ? probably best to avoid it if possible.
Dave-ee Jones Posted June 21, 2018 Posted June 21, 2018 15 hours ago, Just_a_User said: Maybe wrong but i think its because phpmyadmin has had 244 known CVE over the last 17 years so would possibly be a massive target/weakness on the pineapples. ? probably best to avoid it if possible. In their defence 17 years is a long time and I'm pretty sure Microsoft's Windows has had more than that in the past 10 years. I do use phpMyAdmin for my SQL server though, but it's not like it's open to the world ready for anyone to start hacking at it whenever they feel like it. Alternatives?
Just_a_User Posted June 21, 2018 Posted June 21, 2018 7 hours ago, Dave-ee Jones said: In their defence 17 years is a long time and I'm pretty sure Microsoft's Windows has had more than that in the past 10 years. I do use phpMyAdmin for my SQL server though, but it's not like it's open to the world ready for anyone to start hacking at it whenever they feel like it. Alternatives? You kinda just made my point for me - Microsoft has millions of targets... erm i mean CVE, phpmyadmin = musch less, custom bit of code on a bespoke wifi auditing device = way way less. Im just thinking if the pineapple is potentially picking up a red team or blackhat during an audit... i dunno though, Im just thinking out loud.
Thraks Posted June 21, 2018 Author Posted June 21, 2018 Comparing phpmyadmin to any full fledge operating system is almost ludacris. Windows has an attack surface that is exponentially that of phpmyadmin. That’s like saying that it’s not so bad that my hobby level drone is a flying telnet server because a Boeing jetliner has a million more vulnerabilities.
Dave-ee Jones Posted June 22, 2018 Posted June 22, 2018 17 hours ago, Thraks said: That’s like saying that it’s not so bad that my hobby level drone is a flying telnet server because a Boeing jetliner has a million more vulnerabilities. Not entirely true, but funny.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.