arcangelny

I am a Network Engineer... hardware guy. Need to demo Network vulnerabilities. Would love to see a step by step quick and dirty video on how to do a MiTM attack using the mark 5 I just purchased. How can I collect a password from a test account my client set up? Would help ALOT of noobs!

I can relate to the noob... I have purchased a pineapple, set it up successfully and fooled around a bit. My problem is that I actually need to do some pen testing for work. My pineapple is up and running... I have karma working. Seeing probes.... How do I setup to demo a MiTM attack to a client? Can't find info or videos to help. Not a programmer or developer. Isn't there anything out there to help?

Actually it's management I need to educate. They have several offices throughout several buildings in a corporate park. They were paying a local telco a fortune to ride their network between the various buildings. It iused a number of circuits for redundancy all of which incurred monthly circuit fees, plus equipment. I set up several line of sight wireless links between buildings using boosters and Yagi antennas. All equipment was purchased outright. In addition, I setup several hotspots for visiting employees. The business has hundreds of work at home and field service employees. Again they saved a considerable amount by allowing ermployees toi w3ork at home and not have to provide special accomodations when the employees are required to work on site (average 3-4 times a month) After saving all this money... You would think they would be willing to spend a few dollars tom beef up security... Nope. Some "expert" told themn all they needed was to set up MAC address filtering on the hotspots and their worries woiuld be over. Moreover he stated that the Government used MAC filtering ton secure there networks. Well I check with my son, who is in an army specialm forces unit and is often used to do some coputer work in the field (he used to work for me when he was a teen and made the mistake of telling his superiors he knew something about IT). He did confirm that they do indeed use MAC filtering, as well as several other safeguards. After researching I found several methods to discover and spoof MAC addresses. After dislosing this to mmanagerment, they decided thta the risk was minimal, anyway... How did they get to be in charge? I have a BackTrack Live R5 CD. It seems to take a while to produce. IOt may be me but I have had limited success with it. I may be wrong but it seems like the Pineapple will produce quicker results with less effort. Again I am just stating what I think i understand. In any event. i think I will be ordering a Pineapple, at least to teach myself. It would be fun to write my bosses password on a piece of paper and hand it to him... One way to make a case for more security dollars in the budget.

Well... It's kinda funny... Have been an IT professional since the mainframe days... I remmeber 75 baud modems and testing lines by licj=kin nmy fingers and touching the leads to "test" for current. Life was simnpler. Data comm was all point to point. I even ran a Salt Air BBS at home with 4 direct dialk lines (before the days of internet. Security was confined to safeguarding passwords. War dialers and brute force attacks were high tech. I have a perfunctory understanding of Unix (via being an admin to some HP mini's running SCO UNix a few years ago and some Linux server experience). I must admit that the "hacking:" is a somewhat perplexing concept. It's a whole new world "playing on the other side of the fence" so to speak. I have toyed with reaver and airmon. Would most out here suggest I just get a pineapple and dive in? I also have a background in Cisco and checkpoint, but they really don't explain in depth how people get in where they're not supposed to be, just what the accepted procedures to keep most out are. Can anyone estimate how much time it would take a fairly computer literate tech to get a pinapple up and operational? As for youtube... I viewed a number of videos but none were really "step by step". If someone knows of something that corresponds to what I am doing I would love the URL. My main interest would be corporate network security and wifi provided for visiting or transient users. Saw mostly "phishing videos for collecting passwords to EMail and Social Networking sites, Don't know how or if that's relevant to what I am looking to accomplish.

Can someone point me to where I an read about specifically what is involved with hacking wifi access using the Pineapple MK IV. I am a net engineer and work daily with WIFI but new to security hacking. Besides the Pineapple, what else would I need? Are there any docs, blogs or forums I might benefit from? Any speific infusions I would need (and/or could reead up on)? Is there possibly a set of step by step instructions around? Thanks.