Hacking Airwaves with Fruit Part 1: WiFi Pineapple Mark IV Basics

| June 10, 2014 | 0 Comments

Hacking Airwaves - WiFi Pineapple Mark IV LogoIf you’re doing any wireless penetration testing these days, odds are you have a WiFi Pineapple Mark IV from Hak5 in your toolkit. If you’re not a professional penetration tester or are just starting out with wireless hacking, the Pineapple is a device that will save you a considerable amount of headaches and is easily the best “all-in-one” tool for the job. This first article in a series of three tutorials is all about walking you through those first baby steps of configuration to get your new toy up and running. Part 1 starts with the Mark IV since many shops have this device already. Part 2 of this series covers the new Mark V, and Part 3 will show the device in action on a real pen test.

The first step to being successful in any endeavor is preparation, and the pineapple is no different. This tool packs a considerable amount of options into a small frame, and getting your new device up and running prior to “game time” is critical. We’ll show you how to set up your host computer’s network interfaces, the communication options to talk to the device, installing and configuring modules (known as Infusions), and more. So let’s get to it.

Hacking Airwaves - WiFi Pineapple Mark IV

Figure 1: WiFi Pineapple Mark IV 

Hardware Basics of the WiFi Pineapple Mark IV

Taking a look at the Pineapple, you’ll notice it has a few different ports, including one USB port and two Ethernet ports. We’ll be using the USB port primarily for extended storage memory, as the Pineapple itself has very limited memory, and we’ll want to load software extras via the GUI to extend our ability to do fun things. The Ethernet ports will be used to both manage the Pineapple from a PC as well as to provide direct internet access, should we choose. It should be noted that while power can be provided by both AC and battery, the Mark IV suffers from some issues when driven by battery that may affect its ability to power an attached USB device. When using a USB flash drive for storage, this presents an obvious problem, so my recommendation is to stick to using AC when possible.

Hacking Airwaves with WiFi Pineapple Mark IV - Image 2

Figure 2: Ethernet Ports on the Pineapple

Host Configuration

Let’s get this baby running! The easiest way to access the Pineapple is by tethering it to a PC that has two network interfaces. This can be done either through two separate NICS or, as in our example, by using one NIC and a wireless connection (as found on most laptops). We’ll be connecting the Pineapple to the laptop via the “PoE LAN” port and our laptop’s NIC and using the wireless card to connect our laptop to the Internet. By sharing the wireless connection and setting a static IP address on the laptop NIC, we not only communicate with the Pineapple, but allow it to talk to the outside world as well.

In Windows, first open your Network Connections, right-click on your wireless adapter, and choose Properties. Next, click the Sharing tab and check the “Allow other network users to connect through this computer’s Internet connection” box. Make sure to choose your LAN adapter in the dropdown under “Home networking connection”.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 3

Figure 3: Wireless Network Connection Properties

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 4

Figure 4: Sharing the Wireless Network Connection

The next step is to configure the LAN with a static IP to talk to the Pineapple. Right-click on the Local Area Connection and choose properties. Click on “Internet Protocol Version 4 (TCP/IPv4)” and again click properties. In the box that pops up, choose “Use the following IP address” and enter the following settings.

IP Address: 172.16.42.42

Subnet Mask: 255.255.255.0

Preferred DNS Server: 8.8.8.8

Hacking Airwaves with WiFi Pineapple Mark IV - Image 5 

Figure 5: Local Area Network Properties

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 6

Figure 6: Editing IPv4 Settings

Hacking Airwaves with WiFi Pineapple Mark IV - Image 7 

Figure 7: Setting a Static IP Address

You can verify that the settings are correct and we can talk to both the internet and the Pineapple through a command window using “ipconfig” and “ping”.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 8

Figure 8: Verifying Network Settings

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 9

Figure 9: Verifying Connectivity to Pineapple and Internet

If you’re using Linux, the following commands can be run to achieve the same results that we did above with Windows.

  • wget wifipineapple.com/wp4.sh
  • chmod +x wp4.sh
  • ./wp4.sh
  • firefox http://172.16.42.1/

Accessing the WiFi Pineapple Mark IV

Now that we’re all configured, let’s start talking to the Pineapple. There are two options here: Web interface (HTTP) and Secure Shell (SSH). You’ll be using the web interface for all of the “hacking” features that the Pineapple offers, but being able to manage the Linux operating system that the device runs on is best done over SSH.

To access the web interface, fire up your browser and navigate to the Pineapple’s default IP address of 172.16.42.1 and default port 1471 (http://172.16.42.1:1471). You’ll immediately be prompted to log in, which is done using the default credentials “root / pineapplesareyummy”.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 10

Figure 10: Logging into the Pineapple Web Interface

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 11

Figure 11: Logged In!

Gaining access to the Pineapple over SSH requires using Putty or a similar tool. All you need to do here is enter the Pineapple’s default IP address of 172.16.42.1 and go.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 12

Figure 12: Pineapple Default IP in Putty

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 13

Figure 13: SSH Access

Setup

You’ve finally configured your laptop or PC and connected to the Pineapple, but now what? Good question. The first thing you want to do is update your firmware, install any additional infusions (aka modules) that may interest you, change the default password, and configure the services that start automatically when the Pineapple is powered on.

Let’s start with updating the firmware. From the web interface, after you log in, you’ll find an “Upgrade” link near the top, along with several other navigation links. Click on Upgrade and then click “Check for Upgrades”. If a newer version of the firmware is available, you’ll have the option to flash the newer version. If you choose to, you also have the option to manually download firmware and upgrade by copying the “.bin” file to the Pineapple.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 14

Figure 14: Upgrading Firmware

After flashing new firmware, the Pineapple will reboot and you will have to log in to the web interface again. Be warned that when you flash new firmware, you lose all saved settings and the Pineapple reverts to the default username and password.

The Pineapple supports a wide range of additional infusions, also known as modules, which may be installed. Navigating to “Pineapple Bar” at the top of the web interface will bring you to a screen that has a “List available Infusions” link. Click this link and be amazed at the options! A number of these infusions have been written by the community to extend the functionality of the Pineapple.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 15

Figure 15: Pineapple Bar

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 16

Figure 16: Available Infusions

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 17

Figure 17: Available Infusions

To install in infusion, simply click the “Install” link to the right of the infusion name. If you’ve configured a USB flash drive as extra storage (highly recommended), you will be prompted on where to install the new infusion. Once again, it’s important to remember that there is limited storage on the Pineapple, so installing multiple infusions can quickly result in the onboard memory quickly filling up.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 18

Figure 18: Infusion Installation

You can view your installed infusions by clicking the “Pineapple Bar” link at any time. You also have the ability to “pin” any of these infusions to the Navigation bar at the top of the web interface for easy access.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 19

Figure 19: Pinning an Infusion to the Navigation Bar

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 20

Figure 20: Pinned Infusion

Now it’s time to change the default password. We’d be hard pressed to call ourselves much of a hacker if we made the mistake of leaving the default credentials. Click on the “Advanced” link and scroll down to “Change Root Password”. Enter your new password and click “Change Password” to save.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 21

Figure 21: Click Advanced to Change the Default Root Password

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 22

Figure 22: Change the Default Root Password

The final step in our basic configuration is to decide whether you want Karma to start automatically when the Pineapple is powered on. I recommend disabling Karma’s “Autostart” ability to prevent inadvertent “hacking” (and any associated legal problems) unless you know what you’re doing.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 23

Figure 23: Disable Autostart

Our final step in setting up the Pineapple is to configure your local time zone. We have to SSH into the Pineapple for this step, as demonstrated in the “Accessing the Pineapple” section above. Once you have SSH access, enter the following commands to edit the “system” file located in the “/etc/config” directory.

  • cd /etc/config
  • vim system

Scroll down to “option timezone” and change the default “UTC” value to your appropriate timezone. Your can find a list of all of the available timezone codes at the OpenWrt website.

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 24

Figure 24: List of Available Timezones on OpenWrt Website

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 25

Figure 25: Eastern Standard Time

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 26

Figure 26: Default ‘UTC’ Timezone

 Hacking Airwaves with WiFi Pineapple Mark IV - Image 27

Figure 27: Updated Eastern Standard Timezone

After you’ve saved the file, you’ll have to reboot for the updated timezone to take effect.

Congratulations, you’ve now fully configured and ready to start using your WiFi Pineapple Mark IV! Stay tuned for the next articles on the WiFi Pineapple:

  • Hacking Airwaves with Fruit Part 2 – The New WiFi Pineapple Mark V
  • Hacking Airwaves with Fruit Part 3 – Penetration Testing with the WiFi Pineapple

Required Warnings: It’s important to state that the WiFi Pineapple Mark IV & V are powerful tools for professional penetration testers and for educators who wish to demonstrate wireless security. When using this device, be SURE that you understand what you’re doing and any applicable laws. As the saying goes, “with great power comes great responsibility.”


 

Erik Frasier (@EvilGeppetto) has spent the past 15 years learning the Information Technology ropes, from working as a Software Engineer to Network Defense to Penetration Testing. He has been a cyber-security subject matter expert (SME) in Security Operations for both the Legislative and Judicial branches of the U.S. Government, as well as performing internal, external, web, wireless, physical penetration testing, and social engineering, for numerous Fortune 500 companies. Erik now calls Knowledge Consulting Group home and works with a small group of elite “good guy” hackers trying to make a difference in the world of security.

Tags: ,

Category: /root

Leave a Reply