WiFi PineA64 Pineapple

[Ghelorn]

im building a pineapple with one of my pines. well why not. i figured i would post my instructions. this is adapted from an install script i wrote for reaver a few months back.

remember that any of these tools must be used on networks that you own or have permission to use.
some of these tools on here can interfere with computers/devices on a network.
i will not be held responsible for killing your router, causing nuclear winter, you going to prison or your neighbour bashing the shit out of you for using all of his internet and costing him a small fortune.
i will also not answer questions on how to use the software included. everything has a "--help" or man page for usage. if you still dont know what your are doing then this is not the guide for you.

THIS IS ONLY FOR THOSE WHO KNOW WHAT THEY ARE DOING



my setup.
pine a64+ 2GB board + 64GB SD card. metasploit alone takes up 10gigs.
pine64 wifi module. used for connecting to personal wireless hotspot provided by my mobile device. dont plug this in just yet. we dont want this called wlan0 or wlan1
2 x external wireless network cards with reasonable antennas. most of the wireless tools out there only really attack the 2.4GHz band so the cards should be single band.




first download the latest debian longsleep base image.

burn SD card and boot your pine.



start by changing the default password

Code:

passwd

update system
coz im a baddie for security.

Code:

sudo -s

use all our avaliable storage space

Code:

resize_rootfs.sh

lets make sure kernel and uboot is updated

Code:

pine64_update_kernel.sh
pine64_update_uboot.sh
reboot

lets su and run more updates

Code:

sudo -s
apt-get update
apt-get upgrade -y && apt-get dist-upgrade -y
reboot #it never hurts to do a reboot on a fresh system after updating.

setup wireless hardware
now plug in the first of your wireless adapters
check it shows up.

Code:

iwconfig

if nothing shows apart from wlan0 and wlan1 (presuming your using the built in wifi as well), you may need to load the wireless firmware.
i usually do this by running the following

Code:

lsusb

root@pine64:/home/debian# lsusb
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

here i can see my card has an atheros chipset. so now i can run.

Code:

apt-cache search atheros|grep firmware

and i get the following output

firmware-atheros - Binary firmware for Atheros wireless cards

so i run

Code:

apt-get install firmware-atheros

now unplug and replug your wifi card. 
check again for your wireless card

Code:

iwconfig

wlan0     IEEE 802.11bgn  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

you will need to do this for each of your wireless cards your using.

at the end i ended up with the following output from iwconfig and lsusb

root@pine64:/home/debian# iwconfig
eth0      no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

dummy0    no wireless extensions.

sit0      no wireless extensions.

lo        no wireless extensions.

wlan1     IEEE 802.11bgn  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm
          Retry  long limit:7   RTS thr=2347 B   Fragment thr:off
          Encryption key:off
          Power Management:on

root@pine64:/home/debian# lsusb
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 003: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

shutdown the pine and plug in our built in wifi.

just to double check everything is good

debian@pine64:~$ lsusb
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
debian@pine64:~$ sudo iwconfig
eth0      no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

dummy0    no wireless extensions.

rename7   IEEE 802.11bgn  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm
          Retry  long limit:7   RTS thr=2347 B   Fragment thr:off
          Encryption key:off
          Power Management:on

wlan2     unassociated  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency=2.412 GHz  Access Point: Not-Associated
          Sensitivity:0/0
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/100  Signal level=0 dBm  Noise level=0 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

sit0      no wireless extensions.

lo        no wireless extensions.

wlan1     unassociated  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency=2.412 GHz  Access Point: Not-Associated
          Sensitivity:0/0
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/100  Signal level=0 dBm  Noise level=0 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

hmmm something funny going on here. the wifi module has called itself wlan1 and wlan2 while my second external adapter is called rename7

i had to play around with the udev rules making a rule for the second interface on the wifi module.
file to look at is /etc/udev/rules.d/70-persistent-net.rules

after a reboot i get the following output from iwconfig. this is what i was expecting.

debian@pine64:~$ sudo iwconfig
wlan3     unassociated  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency=2.412 GHz  Access Point: Not-Associated
          Sensitivity:0/0
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/100  Signal level=0 dBm  Noise level=0 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

eth0      no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

dummy0    no wireless extensions.

wlan2     unassociated  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency=2.412 GHz  Access Point: Not-Associated
          Sensitivity:0/0
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/100  Signal level=0 dBm  Noise level=0 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

sit0      no wireless extensions.

lo        no wireless extensions.

wlan1     IEEE 802.11bgn  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm
          Retry  long limit:7   RTS thr=2347 B   Fragment thr:off
          Encryption key:off
          Power Management:on

setup remote ssh wireless connection
we want to setup connection to our wireless hotspot so we can run our pentests from a tablet or even on mobile device via ssh.
edit the file /etc/network/interfaces and add the following to the end.

auto wlan2
iface wlan2 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

now edit the file /etc/wpa_supplicant/wpa_supplicant.conf and add the following

network={
ssid="YOUR_NETWORK_NAME"
psk="YOUR_NETWORK_PASSWORD"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP
auth_alg=OPEN
}

wifi software
thats our hardware and remote side of things done and setup. time to install some wifi cracking software.

make us a nice working directory.

Code:

cd ~
mkdir working
cd working

install macchanger. because you should be changing your mac address on your wifi cards before doing any attack.

Code:

sudo apt-get install macchanger

install aircrack-ng from source.

Code:

sudo apt-get install libnl-3-dev libnl-genl-3-dev libssl-dev libsqlite3-dev
svn co http://svn.aircrack-ng.org/trunk/ aircrack-ng
cd aircrack-ng
make sqlite=true experimental=true ext_scripts=true
sudo make sqlite=true experimental=true ext_scripts=true install
sudo airodump-ng-oui-update

now lets test packet injection on our cards

Code:

sudo ifconfig wlan0 down && sudo macchanger wlan0 -r && sudo iwconfig wlan0 mode monitor && sudo ifconfig wlan0 up
sudo aireplay-ng --test wlan0

sudo ifconfig wlan1 down && sudo macchanger wlan1 -r && sudo iwconfig wlan1 mode monitor && sudo ifconfig wlan1 up
sudo aireplay-ng --test wlan1

install pixiewps

Code:

cd ~/working
git clone https://github.com/wiire/pixiewps.git
cd pixiewps
cd src
make
sudo make install

install wifite

Code:

cd ~/working
wget https://raw.github.com/derv82/wifite/master/wifite.py
chmod +x wifite.py
sudo cp wifite.py /usr/local/bin/

install reaver with pixie dust source files. reaver-wps-fork-t6x.
reaver doesnt like the newer versions of libpcap so we will download the older ones.

Code:

cd ~/working
mkdir libpcap
cd libpcap
wget https://launchpad.net/ubuntu/+archive/primary/+files/libpcap-dev_1.4.0-2_all.deb
wget https://launchpad.net/ubuntu/+archive/primary/+files/libpcap0.8-dev_1.4.0-2_arm64.deb
wget https://launchpad.net/ubuntu/+archive/primary/+files/libpcap0.8-dbg_1.4.0-2_arm64.deb
wget https://launchpad.net/ubuntu/+archive/primary/+files/libpcap0.8_1.4.0-2_arm64.deb
sudo dpkg --install *.deb
sudo apt-mark hold libpcap-dev libpcap0.8 libpcap0.8-dbg libpcap0.8-dev

install reaver now.

Code:

cd ~/working
git clone https://github.com/t6x/reaver-wps-fork-t6x.git
cd reaver-wps-fork-t6x*/
cd src/
./configure
make
sudo make install

now on to Bully

Code:

cd ~/working
git clone https://github.com/aanarchyy/bully
cd bully
cd src
make
sudo make install

now to make things easy with this code a lovely guy made. thanks SilentGhost for making HT-wps breaker.

Code:

mkdir ~/code
cd ~/code
git clone https://github.com/SilentGhostX/HT-WPS-Breaker.git
sudo ln HT-WPS-Breaker/HT-WB.sh /sbin/HT-WB.sh

my next step is installing this in an old wireless router with a battery.

more is to come. i will be adding some exploits like metasploit and some MITM attacks like sslstrip and such. this is just the base setup. i remember there was a web interface for this. just dont remember what it was called.

edit: i added macchanger to the wifi tools. cant believe i forgot it.

[Ghelorn]

I went through some of my crap and found this old linksys wrt54g router and the big external n-type connector antennas.
   
   
   

Running through some airodump tests I found the big antennas being compairable to my 11db rp-sma antennas I have. So now if I can't mount my wireless cards securly with rp-sma, I can always use the original connectors

Now to do the mounting.

I also have a 5000mah 3.7v battery floating around for power options

Edit: I thought it was 5000mah as it was in a 5000mah battery pack I got for playing ingress ages ago but when I pulled it apart the battery is only rated at 2500mah. Ill do some tests with the 2 wireless cards and see how long it will last.

Edit2: just tried the battery, it charges nicely but not enough power to run the wifi cards.

Edit3: man I'm a dill. Forgot about the battery jumper so the usb ports didn't have power. So I have tested packet injection on both cards at the same time running only from battery and it works.

[Ghelorn]

when your moving house you tend to find stuff you forgot about. I just came across this router that I had running open wrt for a while.


looking at the back pannel it looks like the rp-sma connectors are pannel mount.


pulling it apart it has coax fly leads coming off the rp-sma connectors. This makes mounting the wireless cards a lot easier. Also there is pleanty of space for the pine and the battery pack.


And the front pannel has pleanty of indicators for power, charge, wireless, boot and anything else I could want.


This is going to be my pineapple box I think. bugger the wrt box. Ill save that for another project later down the track.