Jump to content

Remote Access to Pineapple unit itself


Anteros

Recommended Posts

Hi

If I leave a pineapple connected to power and ethernet at home, can I remote into it from another location, maybe even another country, and do all of the same things as if I am connected to it locally?

Do I need to have it connected to a local PC, and have the internet connection either via the PC or via a shared switch to whatever router or WAP I'm getting internet from?

Does the pineapple have a feature to conceal your own IP address if you connect to it, and use it remotely via a router or WAP?

Does connecting two pineapples together either locally or remotely (one in each of two different geographical locations) offer any options to conceal your source IP?

Thanks

Link to comment
Share on other sites

6 minutes ago, Anteros said:

If I leave a pineapple connected to power and ethernet at home, can I remote into it from another location, maybe even another country, and do all of the same things as if I am connected to it locally?

It depends on your network setup. I.e. if it's possible to reach local devices on the LAN from the WAN (most often the internet). It's of course possible to use Cloud C2, but you need to host it somewhere on the internet to avoid punching holes in the firewall of your local network. Another way would perhaps be to use some "LAN-over-WAN" service such as Zerotier and reach it that way. Don't remember if I've tried that on the Mark VII specifically.

9 minutes ago, Anteros said:

Do I need to have it connected to a local PC, and have the internet connection either via the PC or via a shared switch to whatever router or WAP I'm getting internet from?

The Mark VII can be used stand alone. I.e. connect to a local network using WiFi (or an Ethernet adapter if available), and there's no need to have it connected to a PC all the time just as long as the network that the Mark VII is connected to offers internet access.

12 minutes ago, Anteros said:

Does the pineapple have a feature to conceal your own IP address if you connect to it, and use it remotely via a router or WAP?

Not really sure what you mean by that, but the outside world should see the IP address that the Pineapple gets from the network it's connected to as a client.

13 minutes ago, Anteros said:

Does connecting two pineapples together either locally or remotely (one in each of two different geographical locations) offer any options to conceal your source IP?

Elaborate on that. In what way should that conceal the source IP, and what is the definition of "source IP" in this case?

Link to comment
Share on other sites

9 hours ago, Anteros said:

 

Does the pineapple have a feature to conceal your own IP address if you connect to it, and use it remotely via a router or WAP?

Does connecting two pineapples together either locally or remotely (one in each of two different geographical locations) offer any options to conceal your source IP?

Thanks

Why? Are you concerned about leaving forensic evidence on a device that you own and presumably no one else has access to? If you remote access a PC connected to the Pineapple, then no. If you expose port 80 on the Pineapple to the Internet and don't use a VPN, then the source IP address may be logged.

Edited by DramaKing
Link to comment
Share on other sites

Why? Because we're all here to learn wholistically about how everything works and how everything happens, and fill in any gaps or uncertainties in knowledge.

On 8/17/2024 at 7:54 AM, dark_pyrro said:

It depends on your network setup. I.e. if it's possible to reach local devices on the LAN from the WAN (most often the internet). It's of course possible to use Cloud C2, but you need to host it somewhere on the internet to avoid punching holes in the firewall of your local network. Another way would perhaps be to use some "LAN-over-WAN" service such as Zerotier and reach it that way. Don't remember if I've tried that on the Mark VII specifically.

So I have looked into MiFi and industrial cellular routers as a way to do this. Teltonika RUT24

On 8/17/2024 at 7:54 AM, dark_pyrro said:

The Mark VII can be used stand alone. I.e. connect to a local network using WiFi (or an Ethernet adapter if available), and there's no need to have it connected to a PC all the time just as long as the network that the Mark VII is connected to offers internet access.

 

On 8/17/2024 at 7:54 AM, dark_pyrro said:

Not really sure what you mean by that, but the outside world should see the IP address that the Pineapple gets from the network it's connected to as a client.

 

On 8/17/2024 at 7:54 AM, dark_pyrro said:

Elaborate on that. In what way should that conceal the source IP, and what is the definition of "source IP" in this case?

 

Link to comment
Share on other sites

On 8/17/2024 at 5:24 PM, DramaKing said:

Why? Are you concerned about leaving forensic evidence on a device that you own and presumably no one else has access to? If you remote access a PC connected to the Pineapple, then no. If you expose port 80 on the Pineapple to the Internet and don't use a VPN, then the source IP address may be logged.

Why? Because we're all here to learn wholistically about how everything works and how everything happens, and fill in any gaps or uncertainties in knowledge.

Looking at it the other way round, and I want to see traces of forensic evidence left by an attacker, it makes sense to see the problem in reverse to be able to but barriers and mitigations in place, or better still, be able to trace an attacker based on whatever it's possible to detect about them.

I think I have identified industrial cellular routers with onboard VPN as a practicable solution to the question.

On 8/17/2024 at 7:54 AM, dark_pyrro said:

It depends on your network setup. I.e. if it's possible to reach local devices on the LAN from the WAN (most often the internet). It's of course possible to use Cloud C2, but you need to host it somewhere on the internet to avoid punching holes in the firewall of your local network. Another way would perhaps be to use some "LAN-over-WAN" service such as Zerotier and reach it that way. Don't remember if I've tried that on the Mark VII specifically.

As indicated above, I have looked into MiFi and industrial cellular routers as a way to do this. Teltonika RUT241 has ZeroTier support and other similar capabilities. There seem to be several such industrial IoT devices by industrial manufacturers like Digi and others, that are maybe more suited for this than consumer digital nomad cellular router/WAPs.

 

On 8/17/2024 at 7:54 AM, dark_pyrro said:

Not really sure what you mean by that, but the outside world should see the IP address that the Pineapple gets from the network it's connected to as a client.

I mean like presenting changeable alternative "spoof" addresses or profiles presented by the Pineapple to mask it's real one, a bit like things like this: https://sereneblue.github.io/chameleon/ , after all, the unit does do various forms of "pretending" and concealment in what seem like similar ways.

On 8/17/2024 at 7:54 AM, dark_pyrro said:

Elaborate on that. In what way should that conceal the source IP, and what is the definition of "source IP" in this case?

I guess I am imagining something like a Citrix tunnel from one geographical (and IP) locality to another though a particular port with other access credentials. Sometimes VPNs only superficially work, but more sophisticated systems can still identify your real geographical location, despite what the VPN is set to.

Link to comment
Share on other sites

21 hours ago, Anteros said:

Why? Because we're all here to learn wholistically about how everything works and how everything happens, and fill in any gaps or uncertainties in knowledge.

Looking at it the other way round, and I want to see traces of forensic evidence left by an attacker, it makes sense to see the problem in reverse to be able to but barriers and mitigations in place, or better still, be able to trace an attacker based on whatever it's possible to detect about them.

I think I have identified industrial cellular routers with onboard VPN as a practicable solution to the question.

As indicated above, I have looked into MiFi and industrial cellular routers as a way to do this. Teltonika RUT241 has ZeroTier support and other similar capabilities. There seem to be several such industrial IoT devices by industrial manufacturers like Digi and others, that are maybe more suited for this than consumer digital nomad cellular router/WAPs.

 

I mean like presenting changeable alternative "spoof" addresses or profiles presented by the Pineapple to mask it's real one, a bit like things like this: https://sereneblue.github.io/chameleon/ , after all, the unit does do various forms of "pretending" and concealment in what seem like similar ways.

I guess I am imagining something like a Citrix tunnel from one geographical (and IP) locality to another though a particular port with other access credentials. Sometimes VPNs only superficially work, but more sophisticated systems can still identify your real geographical location, despite what the VPN is set to.

Browser profiles have no parallel to anything on the Pineapple. There are pentesting tools to spoof source IP addresses. Hping3, for example, can do it.

Link to comment
Share on other sites

44 minutes ago, DramaKing said:

Browser profiles have no parallel to anything on the Pineapple. There are pentesting tools to spoof source IP addresses. Hping3, for example, can do it.

But when your pineapple connects to another device, there is surely a MAC and an IP, it still has a NIC inside, doesn't it. Surely it can spoof those rather than leave them visible?

Link to comment
Share on other sites

Not sure how/why you should spoof the IP address if you connect the Pineapple to something, the Pineapple will get the IP address that it gets from the network (if not using a static one, but it would still not be something strange or suspicious to the network you are connecting to since it's expected). For MAC address, you can try macchanger.

Link to comment
Share on other sites

On 8/19/2024 at 9:55 PM, Anteros said:

But when your pineapple connects to another device, there is surely a MAC and an IP, it still has a NIC inside, doesn't it. Surely it can spoof those rather than leave them visible?

I've never known any method of changing the MAC address on the Pineapple, although if dark_pyrro says to use macchanger, then I don't doubt that it works. Er, the MACs could also be editable under the AP settings. I don't remember. Bear in mind that if you leave your Pineapple at home, this is irrelevant.

Like dark_pyrro also said, the IP address isn't something to usually worry about. There are tools that can spoof the source IP as mentioned, but it's normally used for DoS or Nmap Idle scans. Static IP addressing is what you'll want if you're needing to get responses. What you may really want is ARP spoofing.

Link to comment
Share on other sites

There is "censorship mode", which might do something like what I describe.

Censorship Mode

Censorship Mode will hide parts sensitive information such as MAC Addresses, SSIDs, and other such data.
If Random Censorship is enabled, data is spoofed in addition to being part-censored.

This feature is experimental, and comes AS-IS with NO WARRANTY.

Link to comment
Share on other sites

12 hours ago, Anteros said:

There is "censorship mode", which might do something like what I describe.

Censorship Mode

Censorship Mode will hide parts sensitive information such as MAC Addresses, SSIDs, and other such data.
If Random Censorship is enabled, data is spoofed in addition to being part-censored.

This feature is experimental, and comes AS-IS with NO WARRANTY.

Censorship Mode will partially redact the mentioned data in PineAP but can be turned off.

Link to comment
Share on other sites

if I have two pineapples, I am curious about what can each one do with respect to the other... so for example, it's interesting to use a first pineapple to see a second pineapple in the vicinity, and then change the information the second pineapple broadcasts, to see it change in terms of what the first pineapple sees. It's a way to prove or demonstrate that a thing you do is actually happening, so has some benefit in visualising what can seem like an invisible process. Maybe pineapples can always recognise and identify each other?

Link to comment
Share on other sites

20 minutes ago, Anteros said:

if I have two pineapples, I am curious about what can each one do with respect to the other... so for example, it's interesting to use a first pineapple to see a second pineapple in the vicinity, and then change the information the second pineapple broadcasts, to see it change in terms of what the first pineapple sees. It's a way to prove or demonstrate that a thing you do is actually happening, so has some benefit in visualising what can seem like an invisible process. Maybe pineapples can always recognise and identify each other?

The permanent MAC address would be the only way.

Link to comment
Share on other sites

2 hours ago, dark_pyrro said:

Not really sure that Censorship Mode really obfuscates things totally. To me, that has been a web UI feature only, i.e. to mask things when navigating the web UI specifically, not what's actually stored and/or transmitted "under the hood".

It just seems to  partially redact the APs that you can see.

Link to comment
Share on other sites

Posted (edited)

I am struggling to even see the management client AP... I saw it appear once, on a phone.

I can connect to the pineapple with USB-C cable to a laptop. I have the pineapple set to 172.16.42.42 with the DNS. So when I plug in the USB-C cable from the pineapple to the laptop, I can see the Pineapple as another ethernet connection in "Control Panel\Network and Internet\Network Connections", I can go into network settings and put in the IP credentials, as described here: https://docs.hak5.org/wifi-pineapple/setup/connecting-to-the-wifi-pineapple-on-windows

I did see this AP briefly during set up, but did it via USB-C cable https://docs.hak5.org/wifi-pineapple/setup/connecting-to-the-wifi-pineapple-over-wifi

I can connect to my own Wifi via the client Wifi tab inside the pineapple, and share the ethernet when connected via USB.

When I disconnect the pineapple, USB-C and plug it into a different power source, such that it has no physical connection to the laptop or to a switch, I can't get into it over wifi... I tried changing my laptop Wifi IP address to something on the same subnet, but it doesn't see it. Even leaving the wifi client connection to my router with a 192.168.1.* address I still can't see the pineapple. I tried putting a USB splitter in between the 5G unit and the USB-A socket to add a USB-to-ethernet adapter, and connect the pineapple to a switch on my network via ethernet cable... nothing... so there must be something I'm missing. I think I have everything needed in the filters... what checks can I run through to isolate the problem please?

This is not to do with ssh remote connection into the pineapple, just wifi access to the web interface, but by implication I will be trying to get the remote ssh connection going... but it seems to be there, because I downloaded some stuff from github, via Ubuntu on WSL2 in windows (on a 172.*.*.* IP), and was able to upload to the pineapple via bash... but I guess it must be using the USB-C cable as part of that connection, so I'm not at the point where I can log in remotely.

 

[update]

 

so the wifi management access is working now, but when I log out, and connect a usb ethernet, i can't get in, so i don't know if there's something that needs to be set inside for wired usb access to be available. 

Wifi access seems fine, and I can power the pineapple via a powerbank and the unit draws 2.3W-2.4W, so can last for 24 hours on that.... and then wifi access flaked out... the only event was my changing the name of the OpenAP.

Edited by Anteros
Link to comment
Share on other sites

27 minutes ago, Anteros said:

so the wifi management access is working now, but when I log out, and connect a usb ethernet, i can't get in, so i don't know if there's something that needs to be set inside for wired usb access to be available. 

Wifi access seems fine, and I can power the pineapple via a powerbank and the unit draws 2.3W-2.4W, so can last for 24 hours on that.

Got me. Is there no way to plug it into an AC adapter?

Link to comment
Share on other sites

10 minutes ago, dark_pyrro said:

Not sure what to do with all that information. What is working, and what is not working? It's "it doesn't work" and "it does work" in the same post.

there are parts that work, and parts that don't... it's listed up there.

 

working:

1. client AP to home wifi

2. USB-C connection between pineapple and laptop

3. internet access via the pineapple when connected to laptop: both webinterface access to pineapple, and ssh access via 172.*.*.* ip from Ubuntu on Windows

 

sometimes working: 

4. management AP

 

not working:

5. wired connection direct to pineapple.

 

better?

Link to comment
Share on other sites

Posted (edited)
13 minutes ago, DramaKing said:

Got me. Is there no way to plug it into an AC adapter?

yes... but it should work on a big powerbank, and it did for a few minutes until I changed the OpenAP

It pulled 2.7W - 2.8W when rebooting... perhaps the powerbank goes to sleep and stops supplying the required voltage?

plugged into AC, and yeah it seems happier.

Edited by Anteros
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...