Wifi Pineapple Mark V on TP-Link MR3020
From Zam Wiki
Hardware
- TP-Link TL-MR3020 ver 1.x (ver. 1.9 in my case)
- USB Flash Drive (8GB or more)
Software
- Ubuntu Desktop 14.04
- VMware (Workstation, Fusion) - If your primary OS is not Linux, then use this to install Linux OS
- OpenWRT
- WiFi Pineapple Mark V ver.2.2.0
- Step 1 :
Download the OpenWRT:
If your MR3020 is still using stock firmware of TP-Link, you'll need to use this OpenWRT firmware:
wget http://downloads.openwrt.org/attitude_adjustment/12.09-rc1/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin
If you are upgrading from previous version of OpenWRT:
wget http://downloads.openwrt.org/attitude_adjustment/12.09-rc1/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin
- Step 2 :
Configure your computer to static IP address:
IP address : 192.168.0.10 Gateway : 192.168.0.1
Connect your MR3020 to your computer via ethernet cable. Then go to admin interface at 192.168.0.254 using your web browser.
The username and password are both "admin":"admin".
- Step 3 :
Go to the "System Tools" -> "Firmware Upgrade" -> "Browse" and select the OpenWRT .bin file that you have downloaded. Then click "Upgrade" button to perform upgrade.
Wait a moment as it will upgrade the firmware and rebooting.
- Step 4 :
Once upgraded to OpenWRT, the IP address will changed to 192.168.1.1.
Configure your computer to static IP address :
IP address : 192.168.1.10 Gateway : 192.168.1.1
Again, go to admin interface at 192.168.1.1 using your web browser. At this moment, there is no password to login. Just click login to enter the admin interface.
Then set a STRONG password for root at "System" -> "Administration".
To set the timezone, go to "System" -> "System" and select your proper timezone.
- Step 5 :
Enable wireless at "Network" -> "Wifi".
Enable DHCP protocol at "Network" -> "Interfaces". Then click "Edit", select "DHCP Client" and click "Switch Protocol".
- Step 6 :
Now, connect your MR3020 using ethernet cable to a router. Ensure that your router has an Internet connection. Then connect you laptop to the same router either via WiFi or cable.
Once you get the IP address, e.g. 192.168.1.100, you can connect to the MR3020 via ssh.
ssh root@192.168.1.100
Enter your root password.
- Step 7 :
Install the following packages:
opkg update opkg install kmod-usb-storage opkg install kmod-fs-ext4 opkg install block-mount
- Step 8 :
Format your USB pendrive e.g. 8GB USB pendrive as ext4 and swap. 2GB for swap (sda1) and 6GB for ext4 (sda2). You can use GParted in Linux to make this step easier.
- Step 9 :
Then insert the USB pendrive to the MR3020. Execute the following command one line at time.
mkdir -p /mnt/sda2 mount /dev/sda2 /mnt/sda2 mkdir -p /tmp/cproot mount --bind / /tmp/cproot tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda2 -xf - umount /tmp/cproot umount /mnt/sda2
- Step 10 :
Enable and start fstab:
/etc/init.d/fstab enable /etc/init.d/fstab start
Edit fstab config file
vi /etc/config/fstab
Change the content as the following:
config mount option target / option device /dev/sda2 option fstype ext4 option options rw,sync option enabled 1 option enabled_fsck 0 config swap option device /dev/sda1 option enabled 1
Command for using vi:
i - go to the insert mode and ready for edit Esc - exit from insert mode :w - write the changes to the file :q - quit the vi
- Step 11 :
After edit the fstab, save the file and reboot the device:
reboot
Once the device is boot up again, login back to the device via ssh and check if the USB pendrive is mounted as "/" or not:
mount df
- Step 12 :
Turn off the MR3020 and take the USB Pendrive out from the device and insert to your computer.
Back up the USB Pendrive to your computer.
cd ~/Desktop mkdir mr3020 sudo cp -R /media/1234....1123/* ~/mr3020/ sudo cp -R ~/mr3020/lib ~/mr3020/lib-original
- Where /media/1234....1123/ is different from yours.
- Do not take out the USB Pendrive from your computer.
- Step 13 :
Pineapple firmware installation
Download the Pineapple firmware (upgrade-2.2.0.bin at the time of this writing) to your computer, e.g. Ubuntu :
sudo wget -O upgrade-2.2.0.bin https://wifipineapple.com/index.php?downloads&download_mk5_upgrade=2.2.0
Install firmware-mod-kit on your Ubuntu or other Linux OS if you do not have it:
wget https://firmware-mod-kit.googlecode.com/files/fmk_099.tar.gz cd ~/Desktop/fmk/ chmod +x sudo ./extract-firmware.sh upgrade-2.2.0.bin cd fmk/rootfs
Copy the requested directories to the USB Pendrive.
sudo cp -R bin/* /media/1234....1123/bin/ sudo cp -R sbin/* /media/1234....1123/sbin/ sudo cp -R usr/* /media/1234....1123/usr/ sudo cp -R etc/* /media/1234....1123/etc/ sudo cp -R www/* /media/1234....1123/www/ sudo cp -R pineapple /media/1234....1123/ sudo cp -R lib/firmware/* /media/1234....1123/lib/firmware/ sudo cp lib/* /media/1234....1123/lib/ sudo cp lib/wifi/* /media/1234....1123/lib/wifi/
sudo cp ~/mr3020/etc/config/fstab /media/1234....1123/etc/config/ sudo cp ~/mr3020/etc/passwd /media/1234....1123/etc/ sudo cp ~/mr3020/etc/shadow /media/1234....1123/etc/ sudo cp -R ~/mr3020/lib-original /media/1234....1123/
- Step 13a :
To allow the victim to surf the internet via Pineapple, you need to change the DNS and Gateway at:
/etc/config/network
Change the gateway IP from 172.16.42.1 to 172.16.42.42.
Change the DNS IP to 8.8.8.8
- Step 14 :
Start your engine!
Insert back the USB Pendrive to MR3020. Switch "On" MR3020 until it is booted up.
On your laptop, down this code:
wget http://www.wifipineapple.com/wp5.sh
or copy and save this code below:
#!/bin/bash #define variables echo "$(tput setaf 3) _ ___ _______ ____ _ __ " echo " | | / (_) ____(_) / __ \\(_)___ ___ ____ _____ ____ / /__ " echo " | | /| / / / /_ / / / /_/ / / __ \/ _ \/ __ '/ __ \/ __ \/ / _ \\" echo " | |/ |/ / / __/ / / / ____/ / / / / __/ /_/ / /_/ / /_/ / / __/" echo " |__/|__/_/_/ /_/ /_/ /_/_/ /_/\___/\__,_/ .___/ .___/_/\___/ " echo " $(tput sgr0) OWN the Network $(tput setaf 3)/_/ /_/$(tput sgr0) v2.2" echo "" echo -n "Pineapple Netmask [255.255.255.0]: " read pineapplenetmask if $pineapplenetmask == '' ; then pineapplenetmask=255.255.255.0 #Default netmask for /24 network fi echo -n "Pineapple Network [172.16.42.0/24]: " read pineapplenet if $pineapplenet == '' ; then pineapplenet=172.16.42.0/24 # Pineapple network. Default is 172.16.42.0/24 fi echo -n "Interface between PC and Pineapple [eth0]: " read pineapplelan if $pineapplelan == '' ; then pineapplelan=eth0 # Interface of ethernet cable directly connected to Pineapple fi echo -n "Interface between PC and Internet [wlan0]: " read pineapplewan if $pineapplewan == '' ; then pineapplewan=wlan0 #i.e. wlan0 for wifi, ppp0 for 3g modem/dialup, eth0 for lan fi temppineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default echo -n "Internet Gateway [$temppineapplegw]: " read pineapplegw if $pineapplegw == '' ; then pineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default fi echo -n "IP Address of Host PC [172.16.42.42]: " read pineapplehostip if $pineapplehostip == '' ; then pineapplehostip=172.16.42.42 #IP Address of host computer fi echo -n "IP Address of Pineapple [172.16.42.1]: " read pineappleip if $pineappleip == '' ; then pineappleip=172.16.42.1 #Thanks Douglas Adams fi echo "" echo "$(tput setaf 6) _ . $(tput sgr0) $(tput setaf 7)___$(tput sgr0) $(tput setaf 3)\||/$(tput sgr0) Internet: $pineapplegw - $pineapplewan" echo "$(tput setaf 6) ( _ )_ $(tput sgr0) $(tput setaf 2)<-->$(tput sgr0) $(tput setaf 7)[___]$(tput sgr0) $(tput setaf 2)<-->$(tput sgr0) $(tput setaf 3),<><>,$(tput sgr0) Computer: $pineapplehostip" echo "$(tput setaf 6) (_ _(_ ,)$(tput sgr0) $(tput setaf 7)\___\\$(tput sgr0) $(tput setaf 3)'<><>'$(tput sgr0) Pineapple: $pineapplenet - $pineapplelan" ifconfig $pineapplelan $pineapplehostip netmask $pineapplenetmask up echo '1' > /proc/sys/net/ipv4/ip_forward iptables -X iptables -F iptables -A FORWARD -i $pineapplewan -o $pineapplelan -s $pineapplenet -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE route del default route add default gw $pineapplegw $pineapplewan echo "" echo "Browse to http://$pineappleip:1471" echo ""
Run "wp5.sh" script at your computer:
chmod +x wp5.sh sudo ./wp5.sh
It will ask about you network interface. For connection from PC to device, put your ethernet network e.g. eth0. For connection from PC to Internet, put your wireless network e.g. wlan0. The IP address will be detected automatically.
Now, your laptop can access Internet and also can access the MR3020(Pineapple). Victims can also access the Internet when they connected to your Pineapple.
Browse the IP address that is showing on the screen. You will be asked to enter the password twice for the initial login. You should enter the root password that you created before.
If you want to reset what "wp5.sh" script have done, you need to run the following script that is created by Samiux.
To reset:
#!/bin/bash # Blueberry - The Wifi Pineapple Mark V, created by Samiux # killwp5.sh echo "$(tput setaf 1) _ ___ _______ ____ _ __ " echo " | | / (_) ____(_) / __ \\(_)___ ___ ____ _____ ____ / /__ " echo " | | /| / / / /_ / / / /_/ / / __ \/ _ \/ __ '/ __ \/ __ \/ / _ \\" echo " | |/ |/ / / __/ / / / ____/ / / / / __/ /_/ / /_/ / /_/ / / __/" echo " |__/|__/_/_/ /_/ /_/ /_/_/ /_/\___/\__,_/ .___/ .___/_/\___/ " echo " $(tput sgr0) OWN the Network $(tput setaf 1)/_/ /_/$(tput sgr0) v2.2" echo "" echo "" echo "Reset the setting of Blueberry - The WiFi Pineapple Mark V - PC Tethering ...." echo "" echo "Only for reset the previous setting," echo "if you did not run the wp5.sh before, do NOT run this script." echo "Otherwise, you cannot connect to the internet." echo "" echo "Your current iptables rules ....." echo "" iptables -L echo "" echo "It will DELETE all iptables rules (if any) ...." echo "" echo -n "Are you sure to run this script (Y/N) - [default - Y]? " read doit if $doit == '' || $doit == 'Y' || $doit == 'y' ; then route del -net 172.16.42.0 netmask 255.255.255.0 iptables -X iptables -F echo '0' > /proc/sys/net/ipv4/ip_forward route -n echo "Reset completed!" echo "" echo "If you do not see any default gateway, you need to reboot your PC." echo "Otherwise, you cannot access to the internet." echo "It is because you did not run wp5.sh before." else echo "" echo "Nothing to do, quit!" fi
This will reset everything back to normal. :)
All credit to Samiux [1]. He's the owner of this awesome step.