Wifi Pineapple Mark V on TP-Link MR3020

From Zam Wiki
Revision as of 20:27, 1 September 2015 by Zam (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Hardware

  1. TP-Link TL-MR3020 ver 1.x (ver. 1.9 in my case)
  2. USB Flash Drive (8GB or more)


Software

  1. Ubuntu Desktop 14.04
  2. VMware (Workstation, Fusion) - If your primary OS is not Linux, then use this to install Linux OS
  3. OpenWRT
  4. WiFi Pineapple Mark V ver.2.2.0


  • Step 1 :

Download the OpenWRT:

If your MR3020 is still using stock firmware of TP-Link, you'll need to use this OpenWRT firmware:

cd ~/Desktop
wget http://downloads.openwrt.org/attitude_adjustment/12.09-rc1/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin

If you are upgrading from previous version of OpenWRT:

cd ~/Desktop
wget http://downloads.openwrt.org/attitude_adjustment/12.09-rc1/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin


  • Step 2 :

Configure your computer to static IP address:

IP address : 192.168.0.10
Gateway    : 192.168.0.1

Connect your MR3020 to your computer via ethernet cable. Then go to admin interface at 192.168.0.254 using your web browser.

The username and password are both "admin":"admin".


  • Step 3 :

Go to the "System Tools" -> "Firmware Upgrade" -> "Browse" and select the OpenWRT .bin file that you have downloaded. Then click "Upgrade" button to perform upgrade.

Wait a moment as it will upgrade the firmware and rebooting.


  • Step 4 :

Once upgraded to OpenWRT, the IP address will changed to 192.168.1.1.

Configure your computer to static IP address :

IP address : 192.168.1.10
Gateway    : 192.168.1.1

Again, go to admin interface at 192.168.1.1 using your web browser. At this moment, there is no password to login. Just click login to enter the admin interface.

Then set a STRONG password for root at "System" -> "Administration".

To set the timezone, go to "System" -> "System" and select your proper timezone.


  • Step 5 :

Enable wireless at "Network" -> "Wifi".

Enable DHCP protocol at "Network" -> "Interfaces". Then click "Edit", select "DHCP Client" and click "Switch Protocol".


  • Step 6 :

Now, connect your MR3020 using ethernet cable to a router. Ensure that your router has an Internet connection. Then connect you laptop to the same router either via WiFi or cable.

Once you get the IP address, e.g. 192.168.1.100, you can connect to the MR3020 via ssh.

ssh [email protected]

Enter your root password.


  • Step 7 :

Install the following packages:

opkg update
opkg install kmod-usb-storage
opkg install kmod-fs-ext4
opkg install block-mount


  • Step 8 :

Format your USB pendrive e.g. 8GB USB pendrive as ext4 and swap. 2GB for swap (sda1) and 6GB for ext4 (sda2). You can use GParted in Linux to make this step easier.


  • Step 9 :

Then insert the USB pendrive to the MR3020. Execute the following command one line at time.

mkdir -p /mnt/sda2
mount /dev/sda2 /mnt/sda2
mkdir -p /tmp/cproot
mount --bind / /tmp/cproot
tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda2 -xf -
umount /tmp/cproot
umount /mnt/sda2


  • Step 10 :

Enable and start fstab:

/etc/init.d/fstab enable
/etc/init.d/fstab start

Edit fstab config file

vi /etc/config/fstab

Change the content as the following:

config mount
       option target /
       option device /dev/sda2
       option fstype ext4
       option options rw,sync
       option enabled 1
       option enabled_fsck 0

config swap
       option device /dev/sda1
       option enabled 1

Command for using vi:

i   - go to the insert mode and ready for edit
Esc - exit from insert mode
:w  - write the changes to the file
:q  - quit the vi


  • Step 11 :

After edit the fstab, save the file and reboot the device:

reboot

Once the device is boot up again, login back to the device via ssh and check if the USB pendrive is mounted as "/" or not:

mount
df


  • Step 12 :

Turn off the MR3020 and take the USB Pendrive out from the device and insert to your computer.

Back up the USB Pendrive to your computer.

cd ~/Desktop
mkdir mr3020
sudo cp -R /media/1234....1123/* ~/Desktop/mr3020/
sudo cp -R ~/Desktop/mr3020/lib ~/Desktop/mr3020/lib-original
  • Where /media/1234....1123/ is different from yours.
  • Do not take out the USB Pendrive from your computer.


  • Step 13 :

Pineapple firmware installation

Download the Pineapple firmware (upgrade-2.2.0.bin at the time of this writing) to your computer, e.g. Ubuntu :

cd ~/Desktop
sudo wget -O upgrade-2.2.0.bin https://wifipineapple.com/index.php?downloads&download_mk5_upgrade=2.2.0

Install firmware-mod-kit on your Ubuntu or other Linux OS if you do not have it:

cd ~/Desktop
wget https://firmware-mod-kit.googlecode.com/files/fmk_099.tar.gz
tar -zxvf fmk_099.tar.gz
cd fmk/
chmod +x extract-firmware.sh
sudo ./extract-firmware.sh ~/Desktop/upgrade-2.2.0.bin
cd fmk/rootfs

Copy the "rootfs" directories to the USB Pendrive.

sudo cp -R bin/* /media/1234....1123/bin/
sudo cp -R sbin/* /media/1234....1123/sbin/
sudo cp -R usr/* /media/1234....1123/usr/
sudo cp -R etc/* /media/1234....1123/etc/
sudo cp -R www/* /media/1234....1123/www/
sudo cp -R pineapple /media/1234....1123/
sudo cp -R lib/firmware/* /media/1234....1123/lib/firmware/
sudo cp lib/* /media/1234....1123/lib/
sudo cp lib/wifi/* /media/1234....1123/lib/wifi/
sudo cp ~/Desktop/mr3020/etc/config/fstab /media/1234....1123/etc/config/
sudo cp ~/Desktop/mr3020/etc/passwd /media/1234....1123/etc/
sudo cp ~/Desktop/mr3020/etc/shadow /media/1234....1123/etc/
sudo cp -R ~/Desktop/mr3020/lib-original /media/1234....1123/


  • Step 13a :

To allow the victim to surf the internet via Pineapple, you need to change the DNS and Gateway at:

/etc/config/network

Change the gateway IP from 172.16.42.1 to 172.16.42.42.

Change the DNS IP to 8.8.8.8


  • Step 14 :

Start your engine!

Insert back the USB Pendrive to MR3020. Switch "On" MR3020 until it is booted up.

On your laptop, down this code:

wget http://www.wifipineapple.com/wp5.sh

or copy and save this code below:

#!/bin/bash
#define variables

echo "$(tput setaf 3)  _       ___ _______    ____  _                              __   "
echo " | |     / (_) ____(_)  / __ \\(_)___  ___  ____ _____  ____  / /__ "
echo " | | /| / / / /_  / /  / /_/ / / __ \/ _ \/ __ '/ __ \/ __ \/ / _ \\"
echo " | |/ |/ / / __/ / /  / ____/ / / / /  __/ /_/ / /_/ / /_/ / /  __/"
echo " |__/|__/_/_/   /_/  /_/   /_/_/ /_/\___/\__,_/ .___/ .___/_/\___/ "
echo " $(tput sgr0) OWN the Network                            $(tput setaf 3)/_/   /_/$(tput sgr0)       v2.2"
echo ""

echo -n "Pineapple Netmask [255.255.255.0]: "
read pineapplenetmask
if $pineapplenetmask == '' ; then 
pineapplenetmask=255.255.255.0 #Default netmask for /24 network
fi

echo -n "Pineapple Network [172.16.42.0/24]: "
read pineapplenet
if $pineapplenet == '' ; then 
pineapplenet=172.16.42.0/24 # Pineapple network. Default is 172.16.42.0/24
fi

echo -n "Interface between PC and Pineapple [eth0]: "
read pineapplelan
if $pineapplelan == '' ; then 
pineapplelan=eth0 # Interface of ethernet cable directly connected to Pineapple
fi

echo -n "Interface between PC and Internet [wlan0]: "
read pineapplewan
if $pineapplewan == '' ; then 
pineapplewan=wlan0 #i.e. wlan0 for wifi, ppp0 for 3g modem/dialup, eth0 for lan
fi

temppineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default
echo -n "Internet Gateway [$temppineapplegw]: "
read pineapplegw
if $pineapplegw == '' ; then 
pineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default
fi

echo -n "IP Address of Host PC [172.16.42.42]: "
read pineapplehostip
if $pineapplehostip == '' ; then 
pineapplehostip=172.16.42.42 #IP Address of host computer
fi

echo -n "IP Address of Pineapple [172.16.42.1]: "
read pineappleip
if $pineappleip == '' ; then 
pineappleip=172.16.42.1 #Thanks Douglas Adams
fi

echo ""
echo "$(tput setaf 6)     _ .   $(tput sgr0)        $(tput setaf 7)___$(tput sgr0)          $(tput setaf 3)\||/$(tput sgr0)   Internet: $pineapplegw - $pineapplewan"
echo "$(tput setaf 6)   (  _ )_ $(tput sgr0) $(tput setaf 2)<-->$(tput sgr0)  $(tput setaf 7)[___]$(tput sgr0)  $(tput setaf 2)<-->$(tput sgr0)  $(tput setaf 3),<><>,$(tput sgr0)  Computer: $pineapplehostip"
echo "$(tput setaf 6) (_  _(_ ,)$(tput sgr0)       $(tput setaf 7)\___\\$(tput sgr0)        $(tput setaf 3)'<><>'$(tput sgr0) Pineapple: $pineapplenet - $pineapplelan"

ifconfig $pineapplelan $pineapplehostip netmask $pineapplenetmask up

echo '1' > /proc/sys/net/ipv4/ip_forward

iptables -X
iptables -F

iptables -A FORWARD -i $pineapplewan -o $pineapplelan -s $pineapplenet -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

route del default

route add default gw $pineapplegw $pineapplewan

echo ""
echo "Browse to http://$pineappleip:1471"
echo ""

Run "wp5.sh" script at your computer:

chmod +x wp5.sh
sudo ./wp5.sh

It will ask about you network interface. For connection from PC to device, put your ethernet network e.g. eth0. For connection from PC to Internet, put your wireless network e.g. wlan0. The IP address will be detected automatically.

Now, your laptop can access Internet and also can access the MR3020(Pineapple). Victims can also access the Internet when they connected to your Pineapple.

Browse the IP address that is showing on the screen. You will be asked to enter the password twice for the initial login. You should enter the root password that you created before.

If you want to reset what "wp5.sh" script have done, you need to run the following script that is created by Samiux.

To reset:

#!/bin/bash

# Blueberry - The Wifi Pineapple Mark V, created by Samiux
# killwp5.sh

echo "$(tput setaf 1)  _       ___ _______    ____  _                              __   "
echo " | |     / (_) ____(_)  / __ \\(_)___  ___  ____ _____  ____  / /__ "
echo " | | /| / / / /_  / /  / /_/ / / __ \/ _ \/ __ '/ __ \/ __ \/ / _ \\"
echo " | |/ |/ / / __/ / /  / ____/ / / / /  __/ /_/ / /_/ / /_/ / /  __/"
echo " |__/|__/_/_/   /_/  /_/   /_/_/ /_/\___/\__,_/ .___/ .___/_/\___/ "
echo " $(tput sgr0) OWN the Network                            $(tput setaf 1)/_/   /_/$(tput sgr0)       v2.2"
echo ""
echo ""
echo "Reset the setting of Blueberry - The WiFi Pineapple Mark V - PC Tethering ...."
echo ""
echo "Only for reset the previous setting,"
echo "if you did not run the wp5.sh before, do NOT run this script."  
echo "Otherwise, you cannot connect to the internet."
echo ""
echo "Your current iptables rules ....."
echo ""
iptables -L
echo ""
echo "It will DELETE all iptables rules (if any) ...."
echo ""
echo -n "Are you sure to run this script (Y/N) - [default - Y]? "
read doit
if $doit == ''  || $doit == 'Y'  || $doit == 'y' ; then
        route del -net 172.16.42.0 netmask 255.255.255.0
        iptables -X
        iptables -F
        echo '0' > /proc/sys/net/ipv4/ip_forward
        route -n
        echo "Reset completed!"
        echo ""
        echo "If you do not see any default gateway, you need to reboot your PC."
        echo "Otherwise, you cannot access to the internet."
        echo "It is because you did not run wp5.sh before."
else
        echo ""
        echo "Nothing to do, quit!"

    fi

This will reset everything back to normal. :)

All credit to Samiux [1]. He's the owner of this awesome step.

blog comments powered by Disqus