Armaal

try some ping and nmap

If you wanna to do the same things as mitnick you should see BEEF (XSS). You could inject some malicious javascript inside the victim browser (like a fake adobe update) & get a hooks (->get shell->hi jacking cookies->steal password->etc...) but I don't know if we could get beef into the pineapple

(yes the Nintendo 3DS are not very quiet with the probe request (Thanks to StreePass) she wanna go pollute your logs!)

(perhaps some "malformed" probe (from the client itself) could get this result on your terminal.

Hello The Amped SR10000 will be great for you (great product). Better than the Pineapple for you request. You can check also the TL-WA830RE less cost and great performance for the price.

"Most successful attacks come from the user's laziness" Yes & yes.

PineAP cannot craft special beacons from a secured network (like WPA2) even if you have the password Karma method for 10 years now is working ONLY with open network In your case you can create the same ESSID / Channel and on other hand perfom a deauth packets

Great jobs dude

@Seb There is a bug for the DIP switch. The nginx return error 500 I cannot save my request by the POST method (button Save DIP Configuration)

(I like this Codename & the logo :) )

François Beaufort "Did you ever wish you could talk to your Chromebook simply when the screen is on and unlocked? Lucky you! Say "Ok Google" in Dev Channel and ask for anything!" Yes right now you can control your chromeOS via voice recognition it's nice. But something tick me -> François Beaufort "As expected, all your voice and audio activity will be easily accessible at https://history.google.com/history/audio "

That looks like a social engineering attack in first following by (hyper) complex malware..

My summary about it.. I'm not a ninja wifi user and perhaps it's not totally TRUE but I've been reading some artical about wireless security. Especially WPA-AES-PSK To redirect the subject about the Pineapple & her-self security -> "Offensive (open access point)" WLAN0 No security inside (no WPA no WPA2 no AES, no TKIP etc...) -> this network are not encrypted (if you are not under HTTPS) then you can sniff packets easily (turn on Wireshark TCPDUMP etc..) It's working like a charm with Karma method (auto connect on unsecure accesPoint) (the basic sense!) Pineapple Management are listening under 1471 and everybody can go here (you (read next under line) & clients) (you need your unix credits to connect & manage) so don't connect with your admin password! Like sud0nick said you shouldn't (mark admin) navigate (on www) on this open access point because all clients with Wireshark CAN sniff your web-surfing... (hacker hacked? sad story..) "Management (secured access point) " WLAN0-1 Built-in security WPA2 ->This network are " fully " encrypted (TKIP - AES) and it's almost impossible to sniff data frames. Why almost ? because in wireshark you can decrypt by applying the passphrase : Edit -> Preferences -> Protocol -> IEEE 802.11 -> Enable Decryption” checkbox. Then click on Edit “Decryption Keys” section & add your PSK by click “New“. You have to select Key-type as “wpa-pwd” when you enter the PSK in plaintext. Password (Passphrase) on this network mean "No KARMA | NO CLIENTS" here. Just you the admin. And you are the only one person to know the passphrase. Pineapple Management are listening under 1471 and everybody only the admin can go here (passphrase)

I've seen this article 4 days ago on SecureNinja. Very nice handwriting. I liked it a lot.

I was in hotel suite 2 days ago. The installation (Wifi Extender, Routeur etc..) was HP stuff. Exactly ProCurve. The system was performing under MAC filter only

Captive portal based "only" on mac adress is a really bad idea but i'm pretty sure it's almost 60% of WiFI router. HP ProCurve ?

It seems you have problem with your iptables rules

You would share internet connection from pineapple. right ? Be sure your wlan1 are in client mode then connect to your AP (ISP connect) Your wlan0 normaly broadcast the AP where your clients should connect to it. If you wanna monitor your pineapple by your computer launch a Linux VM & connect her to the pineapple. Also make a SSH connection and then try a ping 8.8.8.8 if you have a real connect' ..

For Europeen (It's a dutch store ! Da ! @ BeNe ^^ ) http://varia-store.com/ I've purchased about 200€ (antenna, cable, router...) my mark is 5/5. Good quality. Very responsive. "Pro"

I think seb is very busy. Hak5 team are moving to a new office ->

Mmmh Buisness ? Owned guy

hey Bene where are you getting your terminal ? from windows ? in VM with konsole etc?

Yes the ac:22:0b:5c:ef:13 are the Nexus 7 (BeNe said that 1week ago)

BeNe your ac:22:0b:5c:ef:13 are running under CYANOGENMOD ?

Banks alias Jillian Rose Banks !