Jump to content

Functionality question


samd12

Recommended Posts

I am in IT  for a school and have a question about the functionality of a pineapple.  If there is a forgotten password when on a chrome book or phone to access a google account or some other app but the password is saved so you just hit enter on the app can the pineapple intercept the traffic to get the info?  This is not really my forte maintaining a large network of many devices can get crazy.

Also we have kids putting up hotspots to bypass our network and get out without going through the filter server, can I grab that information to try to mitigate that from happening?

Thx, hopefully not too much of a noob question but like I said this is not really my thing

Thx

Link to comment
Share on other sites

40 minutes ago, samd12 said:

I am in IT  for a school

I doubt that.

 

40 minutes ago, samd12 said:

intercept the traffic to get the info

The pineapple is literally made for intercepting traffic, so yes it can perform MITM attack, but the traffic you are talking about is encrypted and i doubt anything on the pineapple can decrypt it, so no you cant steal their creds that way.

 

40 minutes ago, samd12 said:

can I grab that information to try to mitigate that from happening

Yes you can grab the information and "track down" the AP, or deauth people from it, but (or tell them)

The best thing to do here is to put restrictions on the computer,(or just let them use the internet freely)

 

25 minutes ago, samd12 said:

Also what if the kids use hidden ssids on their hotspots?

You cant hide radio waves, you will still be able to see the BSSID (MAC of the AP)

 

 

Edited by Lord_KamOS
Link to comment
Share on other sites

14 minutes ago, Lord_KamOS said:

I doubt that.

Oooook.... I get that

 

The pineapple is literally made for intercepting traffic, so yes it can perform MITM attack, but the traffic you are talking about is encrypted and i doubt anything on the pineapple can decrypt it, so no you cant steal their creds that way.

Not looking to steal creds, if they are using our network which is payed for by public dollars I have the right and the authority to do what is needed to protect it and filter it.  Actually by law since all equipment is payed for by public dollars it must be filtered at some level by law not even a choice.

 

Yes you can grab the information and "track down" the AP, or deauth people from it, but (or tell them)

The best thing to do here is to put restrictions on the computer,(or just let them use the internet freely)

Can't do.  It is my job to keep them filtered.  I am just an IT guy who does not specialize in this stuff and being in a public school don't have the funds or resources to do half of what we do.  When the kids are bypassing things and it disrupts instruction they look to me to find a solution, thats all.  When you have a bunch of teenagers (MS is worse than HS) that want to do something and you have limited resources you do what you can.  We just had another local district where the kids were able to get a key logger onto media center machines and got into the SIS system.  They are unable to do that because we have things locked down but we are moving more towards chrome books away from PC's and my experience comes from dealing in AD to lock down things.  I am still learning the chrome and dealing with the nightmare ipads which suck when it comes to network accountability.

 

You cant hide radio waves, you will still be able to see the BSSID (MAC of the AP)

Thanks

I do appreciate the feedback.  I am not embarrassed to say that this kind of stuff is not my thing but I am being led down that road whether i like it or not.  I do very much thank you for any information that will help.  I get how people that are not in the know are "looked down" upon in forums like this but any feedback is welcome.  

 

 

 

  • Upvote 2
Link to comment
Share on other sites

1 hour ago, samd12 said:

I have the right and the authority to do what is needed to protect it and filter it

I do not see how intercepting passwords help you filter and protect the network but ok.

1 hour ago, samd12 said:

I do appreciate the feedback.

No problem.

Link to comment
Share on other sites

It's not that we're looking down on newbs, but at times the questions asked are kind of suspect.  

You don't need their account info to filter the internet, that's done at the firewall.

The pineapple won't help you track down rogue access points.  You use a laptop and kismet to do that.

Having worked at a K-12 school district, I feel your pain.  The best way to find your way past a network filter is to ask a middle schooler. They can get through damn near anything...

  • Upvote 1
Link to comment
Share on other sites

You can't really block a 3G/4G hotspot connection. Sounds like you have your solution soon anyway - Chromebooks. I'm pretty sure you can completely lock down Chromebooks to only a select few websites. Not 100% sure but Chromebooks can get so locked down I just steer clear of them. They are completely managed by a cloud and I find I can't do anything with them except use Microsoft Word..I hate 'em, however, they are useful for your situation. It means you can lock down the internet even if the MS peeps use their phone to bypass the WiFi.

Also, when you say the MS peeps use their phone's hotspot to bypass the WiFi filter do you mean they hotspot YOUR connection or hotspot a 3G/4G connection (in which they would be using their own data from a phone plan)? If they are using your connection you need to filter all requests at the router, not at the APs. Remember, they may connect to the APs but it still has to go through the router to get to the internet, so setup your router to block those websites, not the APs, as they can setup a fake AP to bypass this.

Link to comment
Share on other sites

2 hours ago, barry99705 said:

It's not that we're looking down on newbs, but at times the questions asked are kind of suspect.  

You don't need their account info to filter the internet, that's done at the firewall.

The pineapple won't help you track down rogue access points.  You use a laptop and kismet to do that.

Having worked at a K-12 school district, I feel your pain.  The best way to find your way past a network filter is to ask a middle schooler. They can get through damn near anything...

We have a filter, the kids are putting up hot spots and they attach to that.  Would love to have a way to track them down I will take a look at kismet.  It is funny how MS is worse than HS.  I guess the HS kids have better things to do.lol

Link to comment
Share on other sites

43 minutes ago, Dave-ee Jones said:

You can't really block a 3G/4G hotspot connection. Sounds like you have your solution soon anyway - Chromebooks. I'm pretty sure you can completely lock down Chromebooks to only a select few websites. Not 100% sure but Chromebooks can get so locked down I just steer clear of them. They are completely managed by a cloud and I find I can't do anything with them except use Microsoft Word..I hate 'em, however, they are useful for your situation. It means you can lock down the internet even if the MS peeps use their phone to bypass the WiFi.

Also, when you say the MS peeps use their phone's hotspot to bypass the WiFi filter do you mean they hotspot YOUR connection or hotspot a 3G/4G connection (in which they would be using their own data from a phone plan)? If they are using your connection you need to filter all requests at the router, not at the APs. Remember, they may connect to the APs but it still has to go through the router to get to the internet, so setup your router to block those websites, not the APs, as they can setup a fake AP to bypass this.

You can't lock them down that far, it becomes counter productive.  The people who come across my network get a default filter if the filter does not know who they are.  When they broadcast their ssid friends attach to it.  I want to somehow get a grasp on that.

Link to comment
Share on other sites

37 minutes ago, samd12 said:

You can't lock them down that far, it becomes counter productive.  The people who come across my network get a default filter if the filter does not know who they are.  When they broadcast their ssid friends attach to it.  I want to somehow get a grasp on that.

Okay so when you say they setup a hotspot you mean they turn their phone into an AP that acts as a bridge of your network? Meaning it basically relays your WiFi from the phone? That's called a rogue/fake AP. One of the strongest ways to infiltrate a network's security, but as I said, block it from the router, applying the filter to all underneath that based on the IP they get. If it's an unknown IP, give em a hard filter. You could maybe slow the internet down for those APs?

Link to comment
Share on other sites

Google i very secured against mitm with stripping.  Your only way of getting that info, and it will be a session cookie not the password, would be to https proxy and accept the bad cert to install the root from your mitm proxy and https proxy to get it.

If hotspots mean a student's hotspot on their cellular network they are using with their own devices, you cannot tamper with them directly.  I think that is illegal since you are messing with a service not owned by you.  If they are using your machines to access the hotspot then filter like someone else mentioned and lock down from adding access points to your machines.  A bit of hd encryption will keep them from using bootdisks to modify to the contents of the disk to gain admin rights too.

 

Link to comment
Share on other sites

5 hours ago, PoSHMagiC0de said:

Google i very secured against mitm with stripping.  Your only way of getting that info, and it will be a session cookie not the password, would be to https proxy and accept the bad cert to install the root from your mitm proxy and https proxy to get it.

If hotspots mean a student's hotspot on their cellular network they are using with their own devices, you cannot tamper with them directly.  I think that is illegal since you are messing with a service not owned by you.  If they are using your machines to access the hotspot then filter like someone else mentioned and lock down from adding access points to your machines.  A bit of hd encryption will keep them from using bootdisks to modify to the contents of the disk to gain admin rights too.

 

Bingo!  If it's their own device's network, you can't legally do a thing to them. Let them eat up their parent's data.  If they're using school chromebooks, then you can still put restrictions on them.  Our district would do the detention, suspension, complete removal of school tech access, for any computer hackery.  Chromebooks didn't exist at the time, but we did have a test program going.  Every middle school student was issued a Macbook.  We had a few thousand macbooks floating around, and for the most part it worked pretty well.  One of the guys programed up a phone home program that would check in with one of our public facing servers.  If the laptop's mac address was on a file, it would return as much network info it could.  It helped there were only two places you could get a Mac worked on in town, so theft wasn't really a big deal.  We'd usually get them back within a couple months.  It helped the next "big" town was an 8 hour drive away.

Edited by barry99705
  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...