[New Pineapple, connected to Internet, wifi working...can't get to console]

try some ping and nmap

[Kevin mitnick video]

Hi, anyone knows how to inject the fake adobe flash update like Kevin in the MKV and where i can found these scrips(fakedns & beginspoofing.sh)

Thanks!

If you wanna to do the same things as mitnick you should see BEEF (XSS).

You could inject some malicious javascript inside the victim browser (like a fake adobe update) & get a hooks (->get shell->hi jacking cookies->steal password->etc...)

but I don't know if we could get beef into the pineapple

[What are you showing me, Harvester?!]

(yes the Nintendo 3DS are not very quiet with the probe request (Thanks to StreePass) she wanna go pollute your logs!)

[What are you showing me, Harvester?!]

(perhaps some "malformed" probe (from the client itself) could get this result on your terminal.

[WIFI extender]

Hello

The Amped SR10000 will be great for you (great product). Better than the Pineapple for you request.

You can check also the TL-WA830RE less cost and great performance for the price.

[How many devices are vulnerable to Pineapple?]

Most successful attacks come from the user's laziness. People don't keep their systems up to date like they should nor do they harden their systems. People will install anything and everything that they want, opening ports without even knowing, and not pay attention to the risks. You know there are still many organizations running Windows XP right? There are a lot of people that out there that just don't want to change their system because it is familiar. You won't get everyone but you will get some. When performing a pentest on an organization you will most likely trick a few people.

"Most successful attacks come from the user's laziness"

Yes & yes.

[Got PineAP(not pineapple) questions? Let me answer them!]

If I know the password of a specific Wireless network, can PineAP automatically spoof/clone this network and deauth clients on the real network to force them to join the honeypot network?

If the answer is yes, can this be done if the password for this network is not known as well?

Thanks in advance.

PineAP cannot craft special beacons from a secured network (like WPA2) even if you have the password

Karma method for 10 years now is working ONLY with open network

In your case you can create the same ESSID / Channel and on other hand perfom a deauth packets

[[Release] 2.2.X - Codename: Disassociotops]

This issue has been fixed and pushed to the WiFi Pineapple Bar.

Best Regards,

Sebkinne

Great jobs dude

[[Release] 2.2.X - Codename: Disassociotops]

@Seb

There is a bug for the DIP switch.

The nginx return error 500

I cannot save my request by the POST method (button Save DIP Configuration)

[[Release] 2.2.X - Codename: Disassociotops]

(I like this Codename & the logo :) )

[OK Google.. (voice recognition)]

François Beaufort

"Did you ever wish you could talk to your Chromebook simply when the screen is on and unlocked? Lucky you! Say "Ok Google" in Dev Channel and ask for anything!"

Yes right now you can control your chromeOS via voice recognition it's nice.

But something tick me ->

François Beaufort

"As expected, all your voice and audio activity will be easily accessible at https://history.google.com/history/audio "

[What does the sony thing mean for linux.]

That looks like a social engineering attack in first following by (hyper) complex malware..

[Open Access Point vs. Secure Access Point]

My summary about it..

I'm not a ninja wifi user and perhaps it's not totally TRUE but I've been reading some artical about wireless security. Especially WPA-AES-PSK

To redirect the subject about the Pineapple & her-self security ->

"Offensive (open access point)"

• WLAN0
• No security inside (no WPA no WPA2 no AES, no TKIP etc...) -> this network are not encrypted (if you are not under HTTPS) then you can sniff packets easily (turn on Wireshark TCPDUMP etc..)
• It's working like a charm with Karma method (auto connect on unsecure accesPoint) (the basic sense!)
• Pineapple Management are listening under 1471 and everybody can go here (you (read next under line) & clients) (you need your unix credits to connect & manage) so don't connect with your admin password!
• Like sud0nick said you shouldn't (mark admin) navigate (on www) on this open access point because all clients with Wireshark CAN sniff your web-surfing... (hacker hacked? sad story..)

"Management (secured access point) "

• WLAN0-1
• Built-in security WPA2 ->This network are " fully " encrypted (TKIP - AES) and it's almost impossible to sniff data frames. Why almost ? because in wireshark you can decrypt by applying the passphrase : Edit -> Preferences -> Protocol -> IEEE 802.11 -> Enable Decryption” checkbox. Then click on Edit “Decryption Keys” section & add your PSK by click “New“. You have to select Key-type as “wpa-pwd” when you enter the PSK in plaintext.
• Password (Passphrase) on this network mean "No KARMA | NO CLIENTS" here. Just you the admin. And you are the only one person to know the passphrase.
• Pineapple Management are listening under 1471 and everybody only the admin can go here (passphrase)

[WiFi Pineapple seen on TV]

While not explicitly stated, I think it is fairly safe to assume that the device mentioned in this article is probably a WiFi Pineapple

I've seen this article 4 days ago on SecureNinja.

Very nice handwriting. I liked it a lot.

[Students caught modifying their grades.]

The last part didn't make any sense

I was in hotel suite 2 days ago. The installation (Wifi Extender, Routeur etc..) was HP stuff. Exactly ProCurve.

The system was performing under MAC filter only

[Students caught modifying their grades.]

Captive portal based "only" on mac adress is a really bad idea but i'm pretty sure it's almost 60% of WiFI router. HP ProCurve ?

[Question about passing trafic by device]

I did so

But i found a cause of problem

If i turn on ettercap in pineapple

devices which connect to pineapple can't access internet

if i turn off, everything is ok, how to fix it?

It seems you have problem with your iptables rules

[Question about passing trafic by device]

You would share internet connection from pineapple. right ?

Be sure your wlan1 are in client mode then connect to your AP (ISP connect)
Your wlan0 normaly broadcast the AP where your clients should connect to it.

If you wanna monitor your pineapple by your computer launch a Linux VM & connect her to the pineapple.
Also make a SSH connection and then try a ping 8.8.8.8 if you have a real connect' ..

[Cool website for WIFI Antennas]

For Europeen (It's a dutch store ! Da ! @ BeNe ^^ )

http://varia-store.com/

I've purchased about 200€ (antenna, cable, router...) my mark is 5/5.
Good quality. Very responsive. "Pro"

[The disassociation problem]

I think seb is very busy. Hak5 team are moving to a new office ->

[Anonabox- what do you think of it?]

Mmmh
Buisness ?
Owned guy

[Change Terminal size]

hey Bene

where are you getting your terminal ? from windows ? in VM with konsole etc?

[The disassociation problem]

It could theoretically be, that i dont own this device . But surely i have a permission to the test this on these.

No idea on what for a OS it runs. But must be a Asus (MAC AC:22:0B AsustekC)

But somethimes my HTC and Sony Phones are going crazy like this one.

One has a modded ROM and the sony is on stock.

Yes the ac:22:0b:5c:ef:13 are the Nexus 7 (BeNe said that 1week ago)

[The disassociation problem]

BeNe

your ac:22:0b:5c:ef:13 are running under CYANOGENMOD ?

[What song did you listen to today?]

Banks alias Jillian Rose Banks !