dark_pyrro Posted August 26 Share Posted August 26 That doesn't say anything specific about what chipset it is (other than from that Windows driver numbering, and some imagination, could link it to being a RTL8153 based adapter). There is a Corechip SR9900 though (not SR990) that is a 10/100 adapter and seems to be based on RTL 8152. What is the output of the lsusb command when you have the adapter plugged in to the Pineapple? Quote Link to comment Share on other sites More sharing options...
Anteros Posted August 26 Author Share Posted August 26 (edited) 31 minutes ago, dark_pyrro said: That doesn't say anything specific about what chipset it is (other than from that Windows driver numbering, and some imagination, could link it to being a RTL8153 based adapter). There is a Corechip SR9900 though (not SR990) that is a 10/100 adapter and seems to be based on RTL 8152. What is the output of the lsusb command when you have the adapter plugged in to the Pineapple? RTL8153 chipset. Edited August 26 by Anteros Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 26 Share Posted August 26 Should be supported by the Pineapple out of the box. But, it needs to be verified further (hence asking for the output of lsusb). Quote Link to comment Share on other sites More sharing options...
Anteros Posted August 26 Author Share Posted August 26 (edited) Yeah, the wifi management portal came back, so I guess it's a bit flaky. "lsusb -v" yields verbose info... Bus 001 Device 006 is the USB->Ethernet adapter: Quote Bus 001 Device 006: ID 0bda:8153 Realtek USB 10/100/1000 LAN Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.10 bDeviceClass 0 bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x0bda idProduct 0x8153 bcdDevice 30.00 iManufacturer 1 Realtek iProduct 2 USB 10/100/1000 LAN iSerial 6 000001 bNumConfigurations 2 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 0x0027 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 350mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 bInterfaceSubClass 255 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0002 1x 2 bytes bInterval 8 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 0x0050 bNumInterfaces 2 bConfigurationValue 2 iConfiguration 0 bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 350mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 2 bInterfaceSubClass 6 bInterfaceProtocol 0 iInterface 5 CDC Communications Control CDC Header: bcdCDC 1.10 CDC Union: bMasterInterface 0 bSlaveInterface 1 CDC Ethernet: iMacAddress 3 00E04C6836A2 bmEthernetStatistics 0x00000000 wMaxSegmentSize 1514 wNumberMCFilters 0x0000 bNumberPowerFilters 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0010 1x 16 bytes bInterval 8 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 0 bInterfaceClass 10 bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 1 bNumEndpoints 2 bInterfaceClass 10 bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 4 Ethernet Data Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Binary Object Store Descriptor: bLength 5 bDescriptorType 15 wTotalLength 0x000c bNumDeviceCaps 1 USB 2.0 Extension Device Capability: bLength 7 bDescriptorType 16 bDevCapabilityType 2 bmAttributes 0x00000006 BESL Link Power Management (LPM) Supported can't get debug descriptor: Resource temporarily unavailable Device Status: 0x0000 (Bus Powered) Edited August 26 by Anteros Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 27 Share Posted August 27 If it's RTL8153 based, it should be possible to connect the Pineapple as a client to a network using that adapter. Quote Link to comment Share on other sites More sharing options...
Anteros Posted August 27 Author Share Posted August 27 39 minutes ago, dark_pyrro said: If it's RTL8153 based, it should be possible to connect the Pineapple as a client to a network using that adapter. As stated here: https://docs.hak5.org/wifi-pineapple/faq/establishing-an-internet-connection/configuring-a-usb-ethernet-adapter So it looks like it should just be "on" when plugged in. I have the ethernet adaptor with a USB-A -> USB-C adapter going into the USB-A socket of the pineapple, and with an ethernet cable plugged into a switch, and the router, but this is on the 192.1168.1.* internal LAN, not using a 172.16.24.* address as seems to be required by the Pineapple.. The ethernet lights come on, but no wired connection seems to be available. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 27 Share Posted August 27 The Pineapple will obtain an address from the network to which you connect the Pineapple (using the Type A port and a USB Ethernet adapter), just like it does when you connect it to a wireless network as a client using the wlan2 interface of the Pineapple. If you haven't got any DHCP daemon running on the network, you need to set a static IP address for the USB adapter that is within the IP range of the network to which the Pineapple is connected. Quote Link to comment Share on other sites More sharing options...
Anteros Posted August 27 Author Share Posted August 27 2 hours ago, dark_pyrro said: The Pineapple will obtain an address from the network to which you connect the Pineapple (using the Type A port and a USB Ethernet adapter), just like it does when you connect it to a wireless network as a client using the wlan2 interface of the Pineapple. If you haven't got any DHCP daemon running on the network, you need to set a static IP address for the USB adapter that is within the IP range of the network to which the Pineapple is connected. The wired connection does connect, but as with the wifi, it's a bit flaky, as if the unit itself or the GUI at least, seizes up, and eventually comes back. Doesn't seem to be the connection, although I found that by moving antennae i could see the management SSID. I have an ESSID running, but it doesn't seem to work properly - doesn't forward to the portal, or even connect usually. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 27 Share Posted August 27 20 hours ago, Anteros said: not working: 5. wired connection direct to pineapple. So, this isn't on the "not working" list any longer. Good to know to not needing to spend time on things that works... Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 27 Share Posted August 27 7 minutes ago, Anteros said: I have an ESSID running, but it doesn't seem to work properly - doesn't forward to the portal, or even connect usually. What AP? The open one? When saying "portal", are you referring to the evil portal module? Quote Link to comment Share on other sites More sharing options...
Anteros Posted August 27 Author Share Posted August 27 21 minutes ago, dark_pyrro said: What AP? The open one? When saying "portal", are you referring to the evil portal module? The portal means the fake portal that is activated in the evil portal module. On laptop, it went to msftconnect, then to msn rather than the portal; on smartphone once only it displayed a page with "evil portal" and information about the phone on it. Since then, I haven't been able to connect to it successfully. Quote Link to comment Share on other sites More sharing options...
Anteros Posted August 27 Author Share Posted August 27 26 minutes ago, dark_pyrro said: So, this isn't on the "not working" list any longer. Good to know to not needing to spend time on things that works... Correct, but, it gets a DHCP address, and when inside the box you can see it seeming to come and go, and then I lost connection and haven't been able to reconnect via ethernet since, and even after a couple of reboots. I made connection with wifi once, then connection lost again, and it's right next to the laptop. Not sure how helpful moving antennae is. The laptop is a new-ish one. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 27 Share Posted August 27 1 hour ago, Anteros said: it displayed a page with "evil portal" and information about the phone on it From that input, I assume you have made some portal yourself, not downloaded any pre-made portals (such as the Kleo ones). If the Evil Portal module is started with an activated portal, the module should force the connected client to the portal page since it shouldn't be able to go anywhere else based on iptables rules that is added when the Evil Portal is enabled/running. If the connected client hasn't been added (the IP), the selected portal should be presented to the client if connected to the correct AP. 1 hour ago, Anteros said: I made connection with wifi once, then connection lost again, and it's right next to the laptop. Don't position a wireless client too close to an AP. It won't do things better, rather the opposite in most cases. Quote Link to comment Share on other sites More sharing options...
Anteros Posted August 29 Author Share Posted August 29 On 8/27/2024 at 3:01 PM, dark_pyrro said: From that input, I assume you have made some portal yourself, not downloaded any pre-made portals (such as the Kleo ones). If the Evil Portal module is started with an activated portal, the module should force the connected client to the portal page since it shouldn't be able to go anywhere else based on iptables rules that is added when the Evil Portal is enabled/running. If the connected client hasn't been added (the IP), the selected portal should be presented to the client if connected to the correct AP. Don't position a wireless client too close to an AP. It won't do things better, rather the opposite in most cases. No the portals are from a couple of github sources, including the kleo ones. I am now in a hotel in a different country completely, and I have the pineapple with me... I still can only connect via USB. I moved the pineapple across the room, but unable to log in. Both the laptop and the pineapple seem to retaining AP info from the previous country. I will keep adjusting things methodically until I get reliable access. I brought the same usb-ethernet adapter to try that out when i find a wired socket i can use. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 29 Share Posted August 29 2 hours ago, Anteros said: the pineapple seem to retaining AP info from the previous country Not exactly sure what you mean when saying that, but if you see the APs in the air that are the same as the ones you had in your previous location, then it sounds like you are capturing ESSIDs to pool and actively broadcasting that pool wherever the Pineapple is located (since it seems highly unlikely that the same APs/ESSIDs would be active in two different locations in two different countries even). If so, I'd suggest turning off ESSID pool broadcasting/impersonation until you get the other issues sorted. The Pineapple isn't a "turn on everything" device. It should ideally be focused on one (1) task at a time based on the engagement at hand. Quote Link to comment Share on other sites More sharing options...
Anteros Posted August 30 Author Share Posted August 30 (edited) On 8/29/2024 at 10:53 AM, dark_pyrro said: Not exactly sure what you mean when saying that, but if you see the APs in the air that are the same as the ones you had in your previous location, then it sounds like you are capturing ESSIDs to pool and actively broadcasting that pool wherever the Pineapple is located (since it seems highly unlikely that the same APs/ESSIDs would be active in two different locations in two different countries even). If so, I'd suggest turning off ESSID pool broadcasting/impersonation until you get the other issues sorted. The Pineapple isn't a "turn on everything" device. It should ideally be focused on one (1) task at a time based on the engagement at hand. Yes it was that. Another lingering problem is that with the Pineapple powered on, I can see the WiFi management SSID with an android phone, but I can't see it with the laptop. The unit is without the 5G add on at the moment, so it's only 2.4GHz, and I would expect the laptop to be more likely to see it, and have no trouble logging in. After a few minutes I could finally see the management code. I am now in yet another geographical location, that is isolated from most signals. The impersonation is turned off. I still see SSIDs from the previous two countries. Then it appears, and I can't get in. but I bet I can via the USB cable direct to a laptop... so what is that all about? it seems to be very difficult to connect to the pineapple by wifi and impossible to get internet into it via wired connection. Alright, there was some impersonation of captured SSIDs on, so I've turned that off, with the pineapple connected via USB. Just combing through it turning anything off that looks like it might be an issue, before trying to log in again via WiFi. Update... I think I solved the problem... it's that the management wifi SSID has to be added to the filter allow page... at least that seems to be most likely of all the things I changed... I did a scan, and added it from there. not sure about the wired ethernet connection yet, but I have no suitable access for that now (or usually), so less of a priority. Edited August 30 by Anteros Quote Link to comment Share on other sites More sharing options...
DramaKing Posted September 1 Share Posted September 1 On 8/30/2024 at 3:15 PM, Anteros said: Update... I think I solved the problem... it's that the management wifi SSID has to be added to the filter allow page... at least that seems to be most likely of all the things I changed... I did a scan, and added it from there. That's crazy. Quote Link to comment Share on other sites More sharing options...
Anteros Posted September 1 Author Share Posted September 1 (edited) 15 minutes ago, DramaKing said: That's crazy. it's what happened... what's supposed to happen? i could log into it before a couple of times, very flaky, lost access soon after, and nothing since... then i did a scan, saw my own management SSID and added it to the allow filter, and bang, i can get in every time, like flicking a switch... [shrug] The implication at the moment is that if I want to put the pineapple somewhere, and remote into it, I should probably have it plugged into a small computer like a NUC or Pi, and maybe have a router connected too, like a triangle of devices, and plug into the wall in a building, or if outside, with a maybe a tiny UPS or battery or an adapter to connect to a car power source like for USB phone chargers, all in a small pelicase (with some glands for antennas and cables) pehaps, then it should be quite robust, in terms of having more than one way into it. Edited September 1 by Anteros Quote Link to comment Share on other sites More sharing options...
Anteros Posted September 5 Author Share Posted September 5 If you have an Open AP, and you set MAC address allow list filtering... is the MAC address of the device you connect with, visible through the ISP gateway at some point? I found that randomised MAC addresses just don't get through, even when you list them, I assume it just generates a new one each time, so you would need a stable spoofed MAC if you wanted to not have to put the real MAC on the allow list. Quote Link to comment Share on other sites More sharing options...
DramaKing Posted September 5 Share Posted September 5 2 hours ago, Anteros said: If you have an Open AP, and you set MAC address allow list filtering... is the MAC address of the device you connect with, visible through the ISP gateway at some point? I found that randomised MAC addresses just don't get through, even when you list them, I assume it just generates a new one each time, so you would need a stable spoofed MAC if you wanted to not have to put the real MAC on the allow list. If you're using allow list filtering, you need to disable randomized MAC addresses. Routers strip out Layer 2 headers and re-encapsulate each packet in a new frame with new source and destination MAC addresses. Are you worried that you're device's MAC address would be visible on the Internet if not randomized? Quote Link to comment Share on other sites More sharing options...
Anteros Posted September 5 Author Share Posted September 5 31 minutes ago, DramaKing said: If you're using allow list filtering, you need to disable randomized MAC addresses. Routers strip out Layer 2 headers and re-encapsulate each packet in a new frame with new source and destination MAC addresses. Are you worried that you're device's MAC address would be visible on the Internet if not randomized? Not the internet. The question is really... "if you connect the pineapple to someone else's switch that is connected to someone else's internet, and set the OpenAP to allow only a fixed range of MAC addresses, can those MAC addresses be seen by the someone else (whose internet connection it is) as they connect to the internet, in the same way that the pineapple (and other tools) can scan around and see the MAC addresses and other bits of device information for devices using the internet connection?" The reason for using MAC randomisation is to mitigate against this, and if you can't do it with the pineapple, using it like a wifi dongle, then that is useful to know. If it were possible to spoof your MAC all the way through, and get access to the internet in that way, then that's also useful to know. Quote Link to comment Share on other sites More sharing options...
DramaKing Posted September 6 Share Posted September 6 52 minutes ago, Anteros said: Not the internet. The question is really... "if you connect the pineapple to someone else's switch that is connected to someone else's internet, and set the OpenAP to allow only a fixed range of MAC addresses, can those MAC addresses be seen by the someone else (whose internet connection it is) as they connect to the internet, in the same way that the pineapple (and other tools) can scan around and see the MAC addresses and other bits of device information for devices using the internet connection?" The reason for using MAC randomisation is to mitigate against this, and if you can't do it with the pineapple, using it like a wifi dongle, then that is useful to know. If it were possible to spoof your MAC all the way through, and get access to the internet in that way, then that's also useful to know. I'm going to say no, and the reason for that is that the WiFi Pineapple is not a simple range extender or repeater. It's a router. The Open AP uses a separate subnet, much different from a USB dongle. The only MAC address that will come from the Pineapple on the client's LAN is the Pineapple's client address. In fact, the 802.11 only allows for one MAC address per session. I actually don't know how a range extender relays frames from clients without using its own MAC address. Quote Link to comment Share on other sites More sharing options...
Anteros Posted September 8 Author Share Posted September 8 I think the pineapple might be visible in some way, if it's not broadcasting its MAC address or loads of collected SSIDs, it might show up as a spike in traffic. Is there a way to: a. make the Pineapple behave like a USB WiFi dongle b. change the MAC address that is broadcast by the Open AP? It looks like you could just enter another one in the BSSID field, so if you found a device you wanted to mimic, in case of MAC whitelisting, you can enter a MAC of another device. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.