Jump to content

Mark Iv Info And Wifi Pineapple Road-map

Darren Kitchen

By Darren Kitchen
in WiFi Pineapple Mark IV

 Share

Recommended Posts

xpath Newbie

xpath

Posted
Posted

A way to protect yourself which has been mentioned a lot is to create a fake access point and save it to your devices. So if your laptop or iPod Touch or whatever sees the network called "Pineapple Proximity-abc123" that you created then it can work as an alert system to say "Hey this might not be a good place for WiFi Banking".

and how many average people would know how to do that excatly? lulz

microsoft and hardware Co's should do some thing about this to help protect users from this kind of attack.

apart from being a easy to use pen test tool they offer little other function.

and to be honest you can do everthing the pineapple can do in linux alone.

Link to comment
Share on other sites
  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Dioxin Newbie

Dioxin

Posted
Posted

A very simple way to protect yourself from these types of devices, Don't put yourself in a position where you cant trust your connection.

Isnt there also a way in which you can use an encrypted ssh tunnel to a trusted host in order to have safe browsing?

Pretty sure this was discussed in a Hak5 episode.

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

and how many average people would know how to do that excatly? lulz

microsoft and hardware Co's should do some thing about this to help protect users from this kind of attack.

apart from being a easy to use pen test tool they offer little other function.

and to be honest you can do everthing the pineapple can do in linux alone.

It's not really a hardware issue. But Microsoft has disabled the "Automatically Connect" to open authentication no encryption networks. It has to be manually checked by a user. And yes it can be done in linux with hostapd so on. But keep in mind the flexibility with this device to be a tiny phishing server in a starbucks cup or whatever. Yes, it is a pen-testing tool and it is sold and made as just that. It is not a "hack your friend's myspace" device.

*** DISCLAIMER ***

Jasager is a projected intended for the security professional. It can be a valuable tool for penetration testing or other such security auditing. We do not encourage using Jasager with malicious intent.

As with any tools, this tool can be used for good or bad. Here are some of the good uses:

In your office - Set it up to capture laptops before the bad guys do. Use a website to remind them of the rules.

On penetration tests - Lure in target clients to find a back door into networks.

At home - Have fun with neighbors who try to steal your WiFi bandwidth.

http://forums.hak5.org/index.php?showtopic=9823

http://forums.hak5.org/index.php?showannouncement=6

Also as in any security audit, people are the problem. Everyone wants to scratch that WiFi itch ;)

Link to comment
Share on other sites
telot Newbie

telot

Posted
Posted

So to those who have the mk4 - Seb, Darren, and of you lucky Shmooer's - can the 400mhz proc handle a tcpdump with the cap file being stored on a fat usb stick (32gb lets say) for later retrieval? If so, then this is the it. If not, and you still need a laptop providing ICS and wireshark/tcpdumping the traffic - then why not stick with the mark3? Maybe its just me, but my love for the pineapple is for its mitm attacking - no more stupid arp poisoning! I've got all the traffic already! Heres my dream pineapple:

Internal atheros in master mode, serving up karma'd goodness.

Eth0 & Eth1 being and interceptor on the wire

usb port with 4 port powered usb hub. On the hub would be the usb alfa card for either connecting like a network monkey or deauthing or supplying 'clean' internet for the karma'd internal wlan, sprint wimax dongle (for unlimited goodness), and the biggest usb stick I can find.

All with enough power to sniff and cap the karma'd victims, the intercepted wired connection - both dumping to the usb thumbdrive simultaneously (write speed would be super important here). It'd also run pptpd for vpn'ing in to retrieve the info via the 4g card.

Are you making my dreams a reality with the mark4? Shall I still plan on utilizing the raspberry pi to accomplish all this? Thanks for the info and hard work guys - this device dynamited my love for hacking SoC's! Swoot

telot

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

Would it make sense If your going to use the AWUS036H to use that as the karma'd interface and the internal wifi to connect to the internet/tethered to phone?

as the alfa is more powerful and has a bigger and external antenna

I guess that troughs a wrench into the mix, having to make the firmware with the ability to switch/change what interfaces it uses.

or maybe the karma'd interface needs to be an atheros.

I like hfam's idea to allow the early adapters;-)

The interface acting as an AP has to be either an Atheros or Prism54 therefore the internal is the best one to use.

Link to comment
Share on other sites
Drifter-II Newbie

Drifter-II

Posted
Posted

Any chance you could give instructions for building a development environment for the new hardware. Actually I'd be interested in both the new and the III platform. I did a build my own pineapple MKIII when you guys ran out of stock. It's a great project, Ive had a lot of fun working with it, but I think it would be more fun to be able to actually write add-ons for the platform(s).

I have to be honest I looked into putting together a dev system when I got the Alfa ap51, but it got a bit more involved than I had time for at that time. I eventually took the short cut and burned your firmware.

Anyway, cudo's for the project. It's a very nice tool (i'm using it for active wireless pen testing, and love it) I'm liking the idea of the new hardware, and hoping it has a bit more power and generates less heat than the ALFA AP51. Also autonomous operation would be great as well.. ie. a wireless to wireless drop and go device. I think Mark IV has this potential.. Any chance it can pull power from a POE switch?

Anyway, Keep up the great work!!

-D

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

You basically checkout the latest version of openwrt, run make menuconfig and chose the appropriate packages and CPU type then run make.

It is a bit more tricky than that but see if you can get it working from there and ask if you can't

And the new hardware does POE on one of the interfaces.

Link to comment
Share on other sites
totalnub Newbie

totalnub

Posted
Posted

MK IV should make a great addition to the pentester wifi sec kit. I noted in the pictures from Shmoocon that the device was configured with a Virgin Mobile pre-paid USB - presumably to act as the gateway for captive clients. Would it be possible to include "out-of-the-box" support for 2-3 different USB 3G/4G devices/carriers when the version 1.0 MK IV is released? Other than that -- a couple of useful additions might include sslstrip and something to optionally create multiple Honeypots (OPEN/WEP/WPA?WPA2) with the same SSID for the enumeration/identification of clients with different security configurations. Just some random suggestions - thanks.

Link to comment
Share on other sites
Dioxin Newbie

Dioxin

Posted
Posted (edited)

I've noted that the Reaver-WPS is "quite" effective at obtaining WPA keys from routers susceptible to WPS abuse, is it feasible that the Pineapple also include this attack?

Such that once the WPA key is obtained the Pineapple could mimic the access-point and redirect traffic to itself?

As part of the "Yes Man" implementation

Edited by Dioxin
Link to comment
Share on other sites
nopenopenope Newbie

nopenopenope

Posted
Posted (edited)

I've noted that the Reaver-WPS is "quite" effective at obtaining WPA keys from routers susceptible to WPS abuse, is it feasible that the Pineapple also include this attack?

Such that once the WPA key is obtained the Pineapple could mimic the access-point and redirect traffic to itself?

As part of the "Yes Man" implementation

I little AP (or any AP for that matter) wouldn't be suited for any type of cracking. your best bet would be to use reaver or cowpatty w/ rainbow tables on the network you're looking to attack. then set up a pineapple (or at this point any AP) with the same SSID and password (not entirely sure if this would work with WPA because you need a handshake). then deauth the other and let them start rolling in. Since the broadcast name would be the same, there is no need for karma. (example: your at a college and you have auto connect set up and no matter what building your in, you always connect, because the name is always the same). I do this all the time without a pineapple, just a VM and a alfa and set the SSID to the same name of an SSID of an AP for what location I'm in ("myuniversity-Internet"), even without deauthing I always get clients to connect. You could always use karma but in this case your tageting a specific network, not random clients, therefore you don't really need it.

Edited by soka80
Link to comment
Share on other sites
telot Newbie

telot

Posted
Posted

FYI heres a little video about the Mark4

Link to comment
Share on other sites
csystem Newbie

csystem

Posted
Posted (edited)

If it is just the flash size...no problems!

Tomorrow i will desolder the chip and use a 8mib pin to pin...

will see if it works...

M1k:

The TP link 703 is a similar board as the Hornet, 32mb ram 4 mb flash. Did you have any luck swapping out the flash chip, which one did you use for the 8 mb?

Thanks!

Edited by csystem
Link to comment
Share on other sites
m1k Newbie

m1k

Posted
Posted (edited)

No..no way....

I could locate the 32mb RAM chip...(the big one near the capacitors)

Not the flash chip...being the AR7241 rev 1 a SoC,

i presume the flash memory is embedded on the processor.

Game over!

;)

Edited by m1k
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...