myst32

I did and it is working great!! Thanks!!

Thanks!!

I don't think the deauth would work because the target PC is not expecting them. I would guess the target would just drop the packet. Plus, unless you know the mac of the target the best you could do is broadcast deauth for a network the target is not even on. I would think the trick above would work on a Android phone for the same reason it works on the Win7 box. However I do not have an Android phone to test with so I cant confirm this.

SUCCESS... I was able to "wake up" the target pc by generating "fake" beacons. Here is my setup if others wish to test. Target PC is a win7 laptop. Removed all wireless networks and then created an open network called "test". Set encryption to open Selected "Connect automatically when this network is in range" Did NOT select "Connect even if the network is not broadcasting its name (SSID)" I then... Booted BT5 on attacking laptop and hooked up pineapple. Let set for several min... Win7 box did not connect and never sent a probe request. I then... Connected a ALFA AWUS036H to the BT5 laptop and placed it in monitor mode. I then created a text file called "wifinames" with the following info... attwife crazy test openwifi I then issued the following command.. airbase-ng --essids ./wifinames -c 11 mon0 I let it run for about 2 seconds and then killed it with Ctrl-C Looked over at the pineapple and the light started flashing... checked command center and... KARMA: Probe Request from XX:XX:XX:XX:XX:XX for SSID 'test' KARMA; Successful Association of XX:XX:XX:XX:XX:XX Check Win7 machine and it had indeed connected. The idea here is to use airbase-ng to generate "fake" beacons. Airbase-ng already has the capability to generate SSIDs from a list with the --essids command. So in theory we would just need to make a list of the most common open networks. Feed this list to airbase-ng... let it run long enough to generate the beacons for each SSID and then shut it off. Karma will take care of the rest... If you do not wish to use the file you can test using this command.. airbase-ng --essid <essid> -c 11 mon0 Please test for yourself....

Where you creating real APs? I am just talking about generating fake beacons...

It would seem that an easy fix would be for Karma to have an option that would allow you to load in a list of popular open SSID's and then send two or three beacons for each SSID on the list. This might "wake up" the non-working devices since they are passively looking for known networks. One of you could test this by running airbase-ng with the SSID you used on the phone.... Start and then stop it... then see if the client will connect via Karma on the pineapple... Also could run mdk3 with the "b -f <SSID_List.txt>" Beacon Flood Mode switch.....

No Problem!!

I just run ettercap on the pineapple and dump everything to a pcap file.... cd /usb ettercap -Tq -i br-lan -w filename.pcap When done collecting open the file in NetworkMiner 1.4 Click on images tab... done PS Sometimes I just run driftnet on the host PC that the pineapple is connected to..