Sunday, 3 January 2016

Configuring the Wi-Fi Pineapple Nano

With the new white user interface for the WiFi Pineapple, there are some things that are not quite apparent when you are setting it up. So here is my quickstart guide to configuring the Pineapple with Windows (10 in my case)

Setting up your network

Once you plug in your Pineapple, Windows begins to install the necessary drivers and set itself up to use the device. Once it is installed, the network adapter will appear in the Network and Sharing Center. You should now enable sharing from your internet enable network adapter to the Pineapple

I usually rename the adapters based on what I use them for because I have on average 6 different network cards attached to my machine at any given time.

To rename your network adapater, just open Network and Sharing Center, click on the Change adapater settings link in the left menu. Right click on the network you want to rename and click the Rename menu item. Your Pineapple will be the ASIX AX88772A USB2.0 to Fast Ethernet Adapter type. In the screenshot you can see that I have renamed mine to “Pineapple”

RenamedPineapple

Now you can share your internet access using the Internet Connection Sharing function in Windows. Right click on the network that has internet access and click Properties. Select the Sharing tab and check the box Allow other network users etc. Select the Pineapple from the dropdown and click OK

Sharing

A small caveat here. Sometimes (ie more times than I would like), Windows will change the IP address of the Pineapple to its own internal sharing address. So to be sure your settings are correct for the Pineapple by right clicking on the network adapter and clicking Properties. Double click Internet Protocal Version 4 (TCP/IPv4) and check that your IP address is 172.16.42.42

ipv4

Configure defaults on the Pineapple

At this point, you can browse to http://172.16.42.1:147 and log into your Pineapple

pineappleLogin

First things first, you should update your timezone settings so you can see the correct timestamp against your logs. Go to http://172.16.42.1:1471/#/modules/Configuration and change your timezone to your local one. Remember to click Save Time Zone

timezone

 

Browse to the PineAp settings page http://172.16.42.1:1471/#/modules/PineAP

Here is where you can setup your default settings for your Pineapple to persist from session to session. In my case I have set the following

Defaults

If you want to persist these settings so that they stay the same between reboots, click on the dropdown arrow beside the Configuration titles to save the settings as default.

SaveDefaults

 

That will get you started at least with the Nano. The next post will detail how to create storage and swap partitions on a MicroSD card to use with the device.

Friday, 1 January 2016

First look at the Wi-Fi Pineapple Nano

If you have seen any of my security presentations or attended any security talks hosted by Troy Hunt, you will be familiar with the Wi-Fi Pineapple. This is a small rogue access point that you can deploy within a couple of minutes and cause havoc with the Wi-Fi connections of the people around you. Hak5, the creators of the Pineapple have now updated their product line with the new Wi-Fi Pineapple Nano.

The main reason for the update is the scarcity of the components that made up the Mark V and also the methods used by people who use the Mark V have changed. So the new Nano addresses these concerns with new radios and a new form factor.

I ordered mine from the US on the 20th of December, and I had it in my hands on the 24th of December in Ireland. So here is my review of the new Wi-Fi Pineapple Nano

NOTE: The Wi-Fi Pineapple Nano is available as a developer kit right now as Hak5 are waiting for SAR certification. This means that its not official yet but the hardware is V1.0 and ready to use. If you are buying this type of equipment right now, it shouldn’t make any difference to you but Hak5 have to tell you this.

What's in the box?

Opening the box you see straight away the new Nano form factor nicely cradled in protective foam. Under that is a USB Y-Cable for powering the device, 2 RP-SMA antennas and a very small instruction card. I picked up the Tactical edition which includes a Pineapple Juice 4000 battery pack, an attachable pouch and a morale patch.

WP_20160101_14_37_31_Pro_thumb[1]

With a standard issue external hard disk for scale

WP_20160101_14_37_03_Pro_thumb[2]

Nano in its protective foam

WP_20160101_14_37_54_Pro_thumb[1]

Unboxed and with an external hard disk for scale

WP_20160101_14_38_34_Pro_thumb[1]

diagram_large_thumb

The device has 2 Atheros high gain radios and a USB Ethernet adaptor. With the new USB Ethernet adaptor interface, you can power the device from your PC. It also means that the device can be used by mobile phones that have support for USB Ethernet such as Android devices. This makes the Nano much more mobile and easier to use in public places.

Setup

Setting up the device is a lot easier than it was with the Mark V. You just plug it in and it automatically assigns itself the correct IP address as compared to the Mark 5 where you have to reconfigure the network settings.

You can go to http://www.wifipineapple.com/nano to get the latest walkthroughs on setup and also a copy of the latest firmware for the device.

On first browse to the Admin page, you are greeted with an update to the latest firmware page. The page advises to turn off the Wi-Fi radios using the multi function reset button. A quick press turns off the radios and you can upload the latest firmware. It is a similar process to the Mark V after that. You create a new root password, SSID and password for it. Once that is done you log in to the new Admin UI.

Admin UI

The new admin dashboard is a change from the existing Pineapple Mark IV and V UIs. Its white for a start and not panel driven as in the previous incarnations. This both good and bad and I will go through these points later.

dashboard_thumb[1]

The menu on the left shows all the different areas that you can play with. One of the major improvements is you get a responsive design in the UI and it will work on mobile devices.

One of the issues I have found with the new UI is that unlike the previous black UI, this version does not auto refresh so you will need to manually refresh the page to see the uptime, new SSIDs in the pool etc. I am guessing with such an early release this will be fixed in newer updates.

On the new PineAP menu you have the configuration for the powerful PineAP features. This is what allows you to spoof SSIDs and also attract devices to your access point instead of the real ones.

pineap_thumb[2]

You need to enable the PineAP Daemon if you want to use the additional options below it such as Beacon Response and Broadcast SSID pool. The SSID broadcast is one of the most useful features in the whole Wi-Fi Pineapple arsenal as you can create a custom SSID list with the most common SSIDs in use, which can be hotels and airports in the area. Hotels chains normally use the same Wi-Fi name so their customers will have an easier time connecting. All the better for me!

reporting_thumb[1]

The new reporting module is what really struck me. For extended engagements, you can get reports emailed to you and also paint a picture when you are doing recon for a penetration test. Stick this device under a desk in a cable mounting and it will work away happily sending you information.

Overall thoughts

The Nano is not the successor to the Mark V but an update of the existing concept. It is wrapped in a new form factor, more portable but it is still limited to the 2.4GHz range. The very recently announced Wi-Fi Pineapple Tetra will allow both 2.4GHz and 5GHz in the one box and looks more like the Pineapple Mark VI.

Does that mean that the Nano is already out of date. No!. It still serves a very handy purpose. More devices operate on the 2.4GHz frequency than are on the 5GHz and I don’t know off the top of my head if any devices work exclusively in the 5GHz band. For portability, this device is excellent and it is also discrete in comparison to the Mark V which is saying something considering how small the Mark V is.

Depending on your usage requirements and your attack scenarios, the Nano will make more sense than the Mark V or the Tetra.

If you are in Oslo for the ProgramUtvikling Security Day, you will get a chance to see the device up close and have a play with it.

Thursday, 24 September 2015

A security tester’s toolkit @DevConnections

Last week I presented my Security Tester’s Toolkit talk or as I subtitled it “How to get arrested by doing stupid stuff!” at IT/DevConnections in Las Vegas.

Here are the list of tools and resources that I used or mentioned and also by request the hardware that I demonstrated during the the talk

Recon
Operating Systems
  • Kali Linux – Debian based Linux based penetration testing operating system
Wi-Fi Tools
Attack tools
Hardware

There are a lot of tools mentioned and demoed in this talk but that is only the tip of the testing toolkit iceberg.

Tuesday, 15 September 2015

Website Fuzziness @Devconnections

As this is being posted, I will be just finishing up my session at IT DevConnections on Website Fuzziness. This talk is how to hack your own website to discover potential flaws and vulnerabilities before someone else does.

As promised, here are the resources for the tools that I showed during this talk

Demo sites

These sites can be loaded locally or attacked without permission. You can use them as reference to test your scanners and also to demonstrate to people what should not be done in production systems

Tools

The following tools are designed to find cracks in your defenses. Use wisely and do not use against sites that you do not have permission to attack.