Mr-Protocol Posted December 31, 2011 Share Posted December 31, 2011 Yup, it has to have the Connect even when not broadcasting enabled as well (Win7 Pro x64). I think XP auto connects though. I know mobile phones will, at least my blackberry lol. I guess you could just spoof common probe requests out to devices, like "linksys", "netgear", "home", and so on. But ideally you will be in a target rich environment with already "free" wifi there and results may vary. Could deauth off the free wifi to connect to yours. Quote Link to comment Share on other sites More sharing options...
hak5superfan Posted January 1, 2012 Author Share Posted January 1, 2012 Thank you guys for checking! I was just asking because I wanted to make sure that this was normal and that my Pineapple was not broken or something. I think that still most of the "common" people would fall for the "freeinternet" SSID lol only if they knew. I was thinking about all the people that have their home networks configured so the SSID is not broadcasted as a security measure. After all I remember the A+ states as a security measure to disable SSID broadcasting. Well this people are easy prey because they must have their internet connection configured so it will connect even if the SSID is not broadasted making them connect to one of our pineapples if we have karma activated lol. Anywas thank you guys for the wonderful work you are doing and happy new years! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 1, 2012 Share Posted January 1, 2012 Thank you guys for checking! I was just asking because I wanted to make sure that this was normal and that my Pineapple was not broken or something. I think that still most of the "common" people would fall for the "freeinternet" SSID lol only if they knew. I was thinking about all the people that have their home networks configured so the SSID is not broadcasted as a security measure. After all I remember the A+ states as a security measure to disable SSID broadcasting. Well this people are easy prey because they must have their internet connection configured so it will connect even if the SSID is not broadasted making them connect to one of our pineapples if we have karma activated lol. Anywas thank you guys for the wonderful work you are doing and happy new years! A+ is about as basic as can be. I personally consider it pretty worthless. Disabling SSID broadcast really does nothing to help secure a network. Easy enough to run airodump-ng to find them or just blast deauth all over and the clients will probe and they can be found. I guess from an end user perspective it's "safe". Quote Link to comment Share on other sites More sharing options...
mreidiv Posted January 2, 2012 Share Posted January 2, 2012 (edited) A+ is about as basic as can be. I personally consider it pretty worthless. Disabling SSID broadcast really does nothing to help secure a network. Easy enough to run airodump-ng to find them or just blast deauth all over and the clients will probe and they can be found. I guess from an end user perspective it's "safe". if you have a ducky you can run a script i made to automatically add a ssid with open connection and no encryption and auto-connect even though not broadcasting. then it reboots the computer. you can modify the script with the exact ssid and social engineer it how you want to. here is the link or you can check it out in the usbrubberducky wiki http://www.iducke.com/Encoder/IDE/3f Hope it helps someone... Edited January 2, 2012 by mreidiv Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 2, 2012 Share Posted January 2, 2012 if you have a ducky you can run a script i made to automatically add a ssid with open connection and no encryption and auto-connect even though not broadcasting. then it reboots the computer. you can modify the script with the exact ssid and social engineer it how you want to. here is the link or you can check it out in the usbrubberducky wiki http://www.iducke.com/Encoder/IDE/3f Hope it helps someone... Typically you will not get physical access to people's computers like on airplanes or airports. Quote Link to comment Share on other sites More sharing options...
mreidiv Posted January 2, 2012 Share Posted January 2, 2012 (edited) Typically you will not get physical access to people's computers like on airplanes or airports. true but i think it would be use full if you acted like a computer tech checking security or something like that. i will be using it at school showing my friends how that script makes there computer go faster. then the will let me run it that's y it pulls up task manager and task manager hides all that is going on in the background then it reboots for the auto connection to take effect. and bingo the pineapple has got the win 7 computers if you don't think it is useful feel free to take it off the wiki Edited January 2, 2012 by mreidiv Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 2, 2012 Share Posted January 2, 2012 It's not that I would consider it "not useful" but more of a work around to newer security implementations through physical access. Miss the good ole days of Pineapple Mark I :( Quote Link to comment Share on other sites More sharing options...
mreidiv Posted January 2, 2012 Share Posted January 2, 2012 (edited) It's not that I would consider it "not useful" but more of a work around to newer security implementations through physical access. I am open to any input anyone may have. I was just trying to find a way of making my pineapple useful on win 7 boxes. If you have any suggestions to make the pineapple work better with win 7 please let me know or any suggestions to clean up my code i am really new to this currently going to school for ISS or as they like to call it now at my school ISCC Information systems cyber crime. Edited January 2, 2012 by mreidiv Quote Link to comment Share on other sites More sharing options...
telot Posted January 2, 2012 Share Posted January 2, 2012 I am open to any input anyone may have. I was just trying to find a way of making my pineapple useful on win 7 boxes. If you have any suggestions to make the pineapple work better with win 7 please let me know or any suggestions to clean up my code i am really new to this currently going to school for ISS or as they like to call it now at my school ISCC Information systems cyber crime. Even if the pineapple isn't "Yes-manning" win7 targets to you, you can still use it as a compromised access point. As I've suggested before, the best way to get noobs (non computer folk that is) to your pineapple is to replicate the nearest free wifi hotspot. So if you're in a coffee shop, and the ESSID of the free wifi is coffee_shop_wifi - deauth the shit out of that access point and edit your karma.conf to be coffee_shop-wifi or something with just one small character off. People will lose their connection, windows/OSX/whatever will autoscan around for another one, and they'll find and manually click on coffee_shop-wifi. The end result is the same - you're wiresharking/ngreping/urlsnarfing their traffic. I think this is best way to maximize the net you're casting out there. If you happen to get some karma'd clients, then great - but everyone will have to connect to you anyways, as the coffee_shop_wifi is now crippled. Enjoy telot Quote Link to comment Share on other sites More sharing options...
mreidiv Posted January 4, 2012 Share Posted January 4, 2012 (edited) Even if the pineapple isn't "Yes-manning" win7 targets to you, you can still use it as a compromised access point. As I've suggested before, the best way to get noobs (non computer folk that is) to your pineapple is to replicate the nearest free wifi hotspot. So if you're in a coffee shop, and the ESSID of the free wifi is coffee_shop_wifi - deauth the shit out of that access point and edit your karma.conf to be coffee_shop-wifi or something with just one small character off. People will lose their connection, windows/OSX/whatever will autoscan around for another one, and they'll find and manually click on coffee_shop-wifi. The end result is the same - you're wiresharking/ngreping/urlsnarfing their traffic. I think this is best way to maximize the net you're casting out there. If you happen to get some karma'd clients, then great - but everyone will have to connect to you anyways, as the coffee_shop_wifi is now crippled. Enjoy telot ok i ran the pineapple in a target rich environment "My Tech school" and was able to get people to connect to it, nmaped most of them and the all seemed to be running xp, there was one win 7 that i know of because he was sitting in class next to me but im sure it is because i slipped my ducky in with my win7 auto connect script on it. i had everything running for three hours and the mk3 sitting on the laptop cooling pad right onto of the fan after stopping i notice a significant heat difference. I have three more days at school this week i will try to mimic the results with different configurations and see if it works the same. Most of the connections other than xp were phones ipods and tablets. Edited January 4, 2012 by mreidiv Quote Link to comment Share on other sites More sharing options...
hfam Posted January 6, 2012 Share Posted January 6, 2012 Even if the pineapple isn't "Yes-manning" win7 targets to you, you can still use it as a compromised access point. As I've suggested before, the best way to get noobs (non computer folk that is) to your pineapple is to replicate the nearest free wifi hotspot. So if you're in a coffee shop, and the ESSID of the free wifi is coffee_shop_wifi - deauth the shit out of that access point and edit your karma.conf to be coffee_shop-wifi or something with just one small character off. People will lose their connection, windows/OSX/whatever will autoscan around for another one, and they'll find and manually click on coffee_shop-wifi. The end result is the same - you're wiresharking/ngreping/urlsnarfing their traffic. I think this is best way to maximize the net you're casting out there. If you happen to get some karma'd clients, then great - but everyone will have to connect to you anyways, as the coffee_shop_wifi is now crippled. Enjoy telot Exactly this. Quote Link to comment Share on other sites More sharing options...
kahhak Posted January 7, 2012 Share Posted January 7, 2012 I'm seeing this with a fully patched XP pro box too. This definitely wasn't the case before, certainly not with my old fon 2100. Might something in jasager changed or is this a MS update that's killed it? Would there be a way to have the MK3 broadcast a LIST of ssid's in addition to listening. I know we can setup one Karma SSID, but being able to send out beacons for multiple ssid's at once would be cool (linksys, att_wifi, etc) Quote Link to comment Share on other sites More sharing options...
angelburnt Posted April 23, 2013 Share Posted April 23, 2013 (edited) So its time to close the pineapple project :( its really frustrating to buy something useless and if i knew this a month ago, i wouldnt buy thi pineapple. I spent 200$ on the elite bundle plus 60$ to ship to Portugal (btw the expensive shippment i ever paid on internet). I really like the hak5 guys, but i think this sittuation must be warned on hak5 website. I waste 1 whole month trying to get my pinepple working, and i tought that was my fault... finally we now know the issue, the big "failure" in this project. At least i hope that someone could give us a list with the devices/OS that will for sure work with pineapple. I think its the honest way... Edited April 23, 2013 by angelburnt Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 23, 2013 Share Posted April 23, 2013 So its time to close the pineapple project :( its really frustrating to buy something useless and if i knew this a month ago, i wouldnt buy thi pineapple. I spent 200$ on the elite bundle plus 60$ to ship to Portugal (btw the expensive shippment i ever paid on internet). I really like the hak5 guys, but i think this sittuation must be warned on hak5 website. I waste 1 whole month trying to get my pinepple working, and i tought that was my fault... finally we now know the issue, the big "failure" in this project. At least i hope that someone could give us a list with the devices/OS that will for sure work with pineapple. I think its the honest way... I am guessing you are talking about the mark 4 but I guess the same applies to the older versions where this thread is located. The devices need to be configured to auto connect which operating systems have changed the default on. For Windows it is now a check box option to enable. This is not new information by any means. Also if a device scans, a user can still connect to it manually. Quote Link to comment Share on other sites More sharing options...
angelburnt Posted April 23, 2013 Share Posted April 23, 2013 I am guessing you are talking about the mark 4 but I guess the same applies to the older versions where this thread is located. The devices need to be configured to auto connect which operating systems have changed the default on. For Windows it is now a check box option to enable. This is not new information by any means. Also if a device scans, a user can still connect to it manually. Hi Mr-Protocol, yes im talking about the mark 4. And yes, if a device scans, a user can connect to it, but also my access point, since i remove the wireless password and leave anyone connect to it, them put ettercap to capture information.... what i mean is, if there is this big "issue" pineapple is useless. I can get my 3g adaptor, go to the airport wait for someone to connect and listen the packet tranfers... So, tell me whats the big deal with pineapple? maybe this was a great tool in the past, but now with windows 7 in the majority of laptops i dont see great utility... correct me if I'm wrong hug Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 24, 2013 Share Posted April 24, 2013 Hi Mr-Protocol, yes im talking about the mark 4. And yes, if a device scans, a user can connect to it, but also my access point, since i remove the wireless password and leave anyone connect to it, them put ettercap to capture information.... what i mean is, if there is this big "issue" pineapple is useless. I can get my 3g adaptor, go to the airport wait for someone to connect and listen the packet tranfers... So, tell me whats the big deal with pineapple? maybe this was a great tool in the past, but now with windows 7 in the majority of laptops i dont see great utility... correct me if I'm wrong hug It still works unless they modify the standard for how wireless works. The only difference is the operating systems not connecting by default. The users/clients would have to make the configuration to auto connect to their open network which would then work with the pineapple. Quote Link to comment Share on other sites More sharing options...
WallE Posted April 24, 2013 Share Posted April 24, 2013 Well....Is it possible to know which OS will auto connect to the wifi Pineapple and which one will not? Almost everybody is buying the pineapple for the auto-connect feature and learning it is not working is a huge deception Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 24, 2013 Share Posted April 24, 2013 Well....Is it possible to know which OS will auto connect to the wifi Pineapple and which one will not? Almost everybody is buying the pineapple for the auto-connect feature and learning it is not working is a huge deception It's not that it doesn't work or is a product of deception, security practices change. This project has been alive a long time and vendors have recognized this flaw. Instead of automagically having connections by default, there is a checkbox to opt-in for auto connect to unencrypted networks.This would probably work best as a table on the wiki with everyone populating what they encounter or tested. Different patches for the variety of OSs may have different results. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.