Nano Issues, not working as intended

[charlie1]

Hey all! 🙂

Had a nano for a couple of years now. It has never worked. Not in any OS or VM. Not in any capacity 😞

 

I wish it did, I think its an awesome device and I have tried so hard to get it to work but I am considering giving in at this point.

 

I used to own a basic alfa adapter (around $15 on amazon). That and kali worked, it only operated on 2.4 GHz and you had to do all the work manually but it was pretty functional, definitely worth the price paid at least. I am thinking of selling the nano to get 2 of those adapters again. 

 

I own a Macbook Pro, 2014 retina. I am on seperate subnet at home so connection sharing is not currently practical via MacOS. Using Kali as either a Live USB or a VM in either Virtualbox or VMware Fusion doesn't work either unfortunately. I have been able to get the connection shared and setup in linux but it does not stay functional, breaking after a very short time ~5 mins or so. At most, I was able to get the bulletins to load and run a scan but the scan didn't yield expected results (much less than expected) and I wasn't able to capture so much as a handshake, much less attempt a MITM attack or similar....

Connection sharing never shares, it's setup as required and flat out does not work, or does, then breaks as soon as you use anything else. I have seen others having issues with getting the SSID list to populate from scans but i haven't had that issue. The problem i have is getting them to broadcast. I was ONCE able to get it to broadcast SSID's it had captured from a scan (woohoo!) and when i connected to the network i had no access at all 😕 

I love the concept but I've had it a while now and it's never once worked at home when ive had an idea to try it out for something, let alone taking out for use in the field.

I just have no idea how i am ever going to see any value from this thing, if i cant make it do what it was intended to do, at home, on my own network - giving it everything on a platter, how can i expect it to work in a much more secure environment? It's got so bad ive been searching how to utilize it for it's adapters alone, disregarding the interface, which is not what i want to do! It did work once breifly doing a de-auth, once breifly broadcasting SSID's but I never feel I had the full use out of it.

The new ones look awesome too, i just can't justify buying one if the experience is like this 😞

 

Anyone else having issues ? Can anyone offer any support before i give in?

I have Mac laptop / desktop, Windows desktop and various Live USB's and VM's I can use for troubleshooting

 

Many Thanks!!

 

 

 

 

 

[chrizree]

5 hours ago, charlie1 said:

I was ONCE able to get it to broadcast SSID's it had captured from a scan (woohoo!) and when i connected to the network i had no access at all

What wireless network(s) did you try to mimic? What protection was configured for them? You can't "copy" a protected network and expect clients to connect to an open network on the Pineapple just simply because of the fact that the SSID is the same. And, if you mimic networks that are configured as open and still can't get clients to connect, how are your filters set up? ICS should work, but I rarely use it. Attach a USB WiFi adapter to the Nano instead and get internet access through that interface.

[charlie1]

I have tried many. In this post i am referring specifically to my home network, or a test router i plug in. They were setup with wpa2 and insecure respectively.

I shouldnt need another wifi adapter. That is what you're meant to do with these, share connection from one antennae to the other.

 

The filters have always been set in deny mode (anyone, anywhere) as I thought it best to get it working before doing anything else. (If it wont work like that, how will it work only pinpointing one target? for example)

 

If I have to buy another adapter, is it not more sensible to buy 2 and get rid of this (was kinda my initial point)?

 

Im simply saying that by firing the commands myself, on a much cheaper adapter, that, unfortunately, I had much more usability than I do with this 😞

 

ICS is kinda the point with the pineapple, otherwise everyone would just have large quantities of antennae everywhere they go 😕

Also, Hak5 have made7 iterations of a script (wp*.sh) to set this up for everyone via IPTables and other wizardry, so I think its fair to say that it should work and i should not need to spend more money on more adapters.

 

Maybe I'm a complete idiot and am missing something, Maybe I'm unfortunate and it just wont work in my configuration, maybe my pineapple is broken... I dont know.
 

"You can't "copy" a protected network and expect clients to connect to an open network on the Pineapple just simply because of the fact that the SSID is the same."

Why? If my pineapple has ICS correctly setup, and something connects to an open network on it, it appears in clients/connections, that device should now have internet access via the pineapple? Am I mistaken?

"ICS should work, but I rarely use it"

Yes, it should. It is part of the design of these devices. If I didnt require the ICS functionality of the pineapple, any wifi adapter that supports injection is enough to get going with network audits. Having a usb over eth and 2+ decent antennae in a neat and tidy package, with a linux backend, a lovely interface AND a bunch of plug-ins & modules is what makes this a great product IMO, saving alot of bag space and setup / headaches and so on. I just cant get mine to work 😄

Finally, Thankyou @chrizree for your rapid response

[chrizree]

ok I see that you have made your mind up when it comes to future choices

[charlie1]

Not entirely 🙂, I am hoping that there is a solution, I can get it working, and I would certainly be interested in upgrading given the newer units price!

I have had some luck here and there as I said, I've used it in the past with some basic success. I have not been able to experience the pineapple & suite in its full beauty and this is all i am looking to acheive 🙂

 

Is there any way to test if a unit is defunct or infact working fine, is it worth trying an older / different firmware maybe?

 

Thanks again for any and all suggestions 🙂

[charlie1]

I borked it.. I was still able to ssh, so i ran this - "jffs2reset -y && reboot" and set it up in windoze..

It worked!

I knew the pineapple wasnt broken 🙂 So following instructions from an earlier post by "b0N3z" I used "defaults write" command to add some info to the (Mac) OS generated NAT.plist file which seems to determine NAT config on OSX like so:

 

defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberStart 172.16.42.42

defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberEnd 172.16.42.200

defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkMask 255.255.255.0

I then had to set the DHCP manually under the AX88x72A in the network preferences to 172.16.42.42 and it works great.

 

This worked too! 🙂

 

I still couldnt get it working under kali vm though so I continued...

I figured out that the wp*.sh script works on a full install but is flaky at best on a live usb/vm.. I changed the wan interface in the script which made it run consistently and function properly inside live usb / vm distro's, without making any changes to OSX / NAT config. Strangely, with the original script it would still connect, and download bulletins but would drop connection soon after, or as soon as I used the radios for anything.

 

Here's what i changed / ended up with:

 

#!/bin/bash

wpver=7.0
spineapplenmask=255.255.255.0
spineapplenet=172.16.42.0/24
spineapplelan=eth1
spineapplewan=eth0
spineapplegw=192.168.172.2
spineapplehostip=172.16.42.42
spineappleip=172.16.42.1
sfirsttime=1

    ip addr add $spineapplehostip/$spineapplenmask dev $spineapplelan
    ip link set $spineapplelan up
    echo '1' > /proc/sys/net/ipv4/ip_forward # Enable IP Forwarding
    iptables -X #clear chains and rules
    iptables -F
    iptables -A FORWARD -i $spineapplewan -o $spineapplelan -s $spineapplenet -m state --state NEW -j ACCEPT #setup IP forwarding
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A POSTROUTING -t nat -j MASQUERADE
    ip route del default #remove default route
    ip route add default via $spineapplegw dev $spineapplewan #add default gateway
    printf "\n    Browse to http://$spineappleip:1471\n\n"
    exit

function bunny {
    printf "\nNetmask $spineapplenmask\nPineapple Net $spineapplenet\nPineapple LAN $spineapplelan\nPineapple WAN $spineapplewan\nPineapple GW $spineapplegw\nPineapple IP $spineappleip\nHost IP $spineapplehostip\n"
    printf "\n$(lsusb | grep ASIX)\n\n$(ip link)\n\n$(ip route)\n\n$(dmesg | grep -E '[aA][sS][iI[[xX].*|00:[cC]0:[cC][aA]')\n"
    printf "\n/)___(\ \n(='.'=)\n(\")_(\")\n"
    exit
}

 

 

It works now 🙂

[charlie1]

need to remove an 'exit' but can't edit my posts