Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Skinny

  1. You need to initially setup the pineapple by using the internet either through tethering with a personal electronic device or with a laptop. It is necessary to do so in order to download the latest firmware and to complete the nano setup process. After this is complete, you really do not need the internet to operate the nano. Also, after setup you can use the IP address above. 99% percent of the work I do with the nano does not require me to have an internet connection. There is plenty to do without it. I'm sure you may already know about this webpage, but a compilation of all the setup tutorials can be found here: https://www.wifipineapple.com/pages/faq
  2. I'm assuming you're asking how to see the user interface without having to physically connect it to a device. In that case connect to the management access point and go to this IP address:
  3. No problem. Hope you can get it worked out.
  4. As far as question #1 with your Android, I've noticed something similar. Here is an example regarding the conditions that cause a similar behavior. First, I use my android device to connect to an access point called GOODGRAVY with WPA2 security. Next, I kill that access point and bring up the pineapple using the same SSID. The android device will not show that it sees the pineapple because in its list of approved SSIDs, it sees an access point already called GOODGRAVY. Furthermore, the legitimate access point required a password, whereas the new one does not. If I tell my android device to forget the first access point (the legitimate one), then it will see the pineapple beaconing out the unsecure version(s). I believe you are correct regarding your assumption for question #2. If you are trying to deauth clients from a secure network and then get them to reconnect to you via an unsecure connection, you may have issues. WPA2 encryption is implemented so that both the client and the AP can verify the legitimacy of each other via a 4-way handshake. Your clients may not be seeing your spoofed AP as legitimate because it can't participate in this process as the clients expect. Past this point is where my knowledge abruptly ends. I think someone mentioned on this forum that if you capture that 4-way handshake and crack the password, there might be a way to get the pineapple to legitimize itself to a client using the APs credentials.
  5. Something isn't adding up here. If the device you are trying to snag is unassociated, then there is no need to deauthenticate it from an access point. Furthermore, if you want the client to automatically connect to a spoofed SSID via the pineapple, that target device will have needed to associate with an SSID of the same name in the past. Otherwise, you will need to wait for the user to manually connect to your pineapple. Another thing to consider is that if the legitimate access point you are trying to spoof was WPA2 protected, then the pineapple will not be able to participate in the 4-way authentication handshake with the client. Therefore, it is easier to trick a client to connect to the pineapple using common, open access, SSID names such as hhonors, attwifi, or Starbucks.
  6. It could be due to 100 different reasons. Could you give more detail? Are you wanting to capture unassociated or associated clients? Are you trying to Deauth a client? Do you want any client to connect or a certain client to connect? Are you posing as an AP that is using WPA2 or as an open AP? It's hard to help without a scenario.
  7. I don't know that anyone is working on a module. The one line of bash script that fugu wrote works just fine.
  8. Thanks for bringing up the question. You shouldn't be able to cause a client to connect to the pineapple if that client is looking for SSIDs that have a WPA2 key associated with them. After your question, I ran this test on two devices: a Nexus 7 tablet and a laptop running Ubuntu. I had both devices connect to an access point requiring a WPA2 password. I then powered down the access point. I booted the pineapple and only had the SSID of the previous access point available in the PineAP module. The pineapple only beckoned out the SSID of the previous access point. Neither device would automatically connect. I was pleasantly surprised this was the case but then thought about the nature of WPA2. For WPA2 a four way handshake is needed. During this process both client and AP are trying to prove their legitimacy to each other. It follows then that the pineapple might not be successful in the case you stated. However, my test was a sample set of 2. I believe any device that is implementing decent WiFi security measures would follow suit but it would be interesting to see if there are any exceptions out there. I'll probably be testing Windows based systems later. This piece of knowledge is going to make me cut my SSID pool down. If APs / SSIDs requiring WPA2 aren't going to help me snag client devices, I might as well cut them from the pool.
  9. I have virtually the same battery: http://www.amazon.com/Poweradd-Pilot-2GS-Portable-External/dp/B00ITILPZ4/ref=sr_1_1?ie=UTF8&qid=1463023566&sr=8-1&keywords=poweradd+battery I should work fine if it's true to the specs.
  10. It depends on if the client is in idle/sleep mode or not. If it's in sleep mode, I have not been able to get any response from the client. If the client is not in sleep mode, then you can get the real MAC address if the client connects to the Pineapple. When an apple client is associated with an AP, it will use it's real MAC address.
  11. Hi venu413, There is an option to download the list in PineAP. Navigate to the PineAP module. Scroll down to the SSID Pool portion. Next to the SSID Pool title is a drop-down arrow. Click the arrow. Select Download SSID Pool. If you are looking to interface it with an app, then you might want to SSH in and look in the /etc/pineapple/ directory. There you will find a file called ssid_file. It contains the list.
  12. I can't speak to newer Apple devices but just as an example my old iPod has a setting that says "Ask to Join Networks". With this enabled even if everything is in my favor per my previous post, the user has to take a specific action to join the Nano. If they are at work and all the sudden their phone asks them if they want to connected to the McDonalds access point, I doubt my day will be successful.
  13. Not so with Apple. Newer Apple devices roll their MAC address every minute or so if they are not associated with an AP. It makes it a bit more difficult to track a phone based on just its MAC address. When it associates, it's true MAC is revealed. This is not the hardest part about getting an unassociated Apple to connect with the pineapple. When most of these devices are in idle/sleep mode, they beacon out using these random MAC addresses, however they never beacon out any SSIDs for which they are searching. So you need to have the SSID it wants already in your PineAP pool or make sure to have Beacon Response activiated in PineAP. In addition, if you do have the correct SSID in the pool, it will not connect to the pineapple or any AP until it awakes from sleep mode. In fact, it's been my experience that you will get no response what-so-ever from the device until it is awakened. Finally, everything I've said so far goes out the window if the user manually changes the settings making it less or more secure. I am sometimes happily surprised when I'm able to grab a newer apple product. I suspect it's because the user played with the settings or awakened the device at some point during my activities.
  14. If the apple client associates with the pineapple (aka it becomes a client), then it will do so with the real MAC address. If you are running recon and just looking to see what's out there, you will more than likely get the random MAC addresses.
  15. Seb, The fix works great! I'm running a Nexus 7 with Android version 6.0.1. The tethering process worked without a problem and I'm navigating the Nano gui with no issue. Thanks for all your hard work!
  16. Yes, the pineapple can let you know the devices in the area according to their MAC address without using the internet.
  17. This is a known issue that should be corrected with the next firmware update. This generally happens to me when there is no client or AP to be detected in an area, but others have had other reasons.
  18. Great job fugu! Checked out the results from both this morning and this one-liner has the exact functionality as the python script. The python script produces two files. The first is just like you've made here. It shows the rankings. The second is the same as the first, it eliminates the ranking and just has the list of SSIDs. This second file is what gets put in /etc/pineapple/ for the PineAP pool. I believe you're just one cut command from having that file as well. Thanks for posting this. I've learned a few things about formatting output from you. Seeing your one line of commands made me feel like an idiot after building a script in python for 6 hours. If you don't mind, I might contact you later in regards to some ubertooth-rx output I've been trying to shape. Have a great day and thanks again!
  19. Thanks fugu. It's getting late, so I'll give it a try tomorrow.
  20. One technique that might not be looked upon kindly is to wait until you are in the lead, then jam the whole 2.4GHz band bringing everything to its knees. You can get jammers from china, turn on a couple microwave ovens, or just buy several really cheap RF video transmitters that operate in the 2.4GHz band. This probably isn't helpful. I'm sorry. Sometimes I just like to watch the world burn.
  21. Nice work! I like the approach. There is a minor hitch for me with the second command but it just depends on what kind of list you're trying to build. For the ssid cat command, all the SSIDs are counted in the file regardless of how many times a single mac address may have beaconed it out. The python code above will not count an SSID as having a higher rank if that SSID has been beaconed for by the same mac address over and over. For instance, in one of my pineap.log files there is an SSID called FiOS-4Z7UY. With the above cat command this SSID ranks second overall with a count of 19, but when you manually look through the log file you only see 2 mac addresses beaconing for that SSID over and over. By repeatedly beaconing the SSID, the ranking for that SSID becomes artificially inflated. The python script on the other hand puts the SSID much further down the list with a count of 2. The count is 2 because only two unique mac addresses beaconed for it. What I need out of an SSID pool is for that list to be filled with SSIDs with a high count from multiple devices to have the highest likelihood of grabbing the attention of a random, unassociated client. That's why the script is written in this manner.
  22. Whistle Master, As far as a dream module using the script above, being able to take the produced SSID file, trim it to a specific number of top SSIDs, and then manage those produced files would be helpful. With a way to manage the files, you could load or withdraw specific, high ranking SSID pools depending on what geographic location you find yourself. A simpler module would just be a button that you click. With one click it would take a look at the pineap.log file, run it through the script above, and allow the user to download the resulting file for editing. I'm a bit of an idiot when it comes to coding and have never used the languages required to write a module. I'm stepping through the video Darren and Seb made but I think it's going to take a few iterations and time I don't have. If you decide to pursue this as a project, let me know if there is a way I can assist and I'll help where I can.
  23. Hi Guys, I've been working on a python script to help organize the pineapple's SSID pool. Most of the work I do with the pineapple has to do with attracting unassociated clients. As such it's sometimes undesirable to have an extremely large SSID pool. For instance, if I'm trying to grab a client and it's looking for an SSID that's 2250 on the list, but the pineapple rolling through SSIDs at number 5 on the list, I might miss my opportunity. To help combat this, I generally use an SSID list that is smaller in number, but the SSIDs on that list are SSIDs that many people use (Ex: attwifi, panera, CableWifi). Up until now I've just been looking at multiple lists trying to pick out ones I think clients will be broadcasting. The script makes use of pineapple's pineap.log file. You can find this file by going to the Logging system module and clicking the Download button after you've used Pineap to log some probe requests. You can also find it on the pineapple in the /tmp/ directory. This file starts anew after each restart. If you place pineap.log in the same directory as the script and run the script, the script will: - harvest of the SSIDs and the mac addresses that probed for them - eliminate all duplicate requests - assign each SSID a rank based on the number of times a unique device requested that SSID - sort the SSID with the highest rank to the top with each successive rank behind - write the results to two files. The first file, SSIDlist.log, has just SSIDs listed in their appropriate rank order. The second file, finalRanking.log, has the same but each SSID has it's rank next to it. What I then do is edit SSIDlist.log, erase all but the top 100 SSIDs, rename the file to ssid_file, and place it in the pineapple's /etc/pineapple/ directory. (More on that here: https://forums.hak5.org/index.php?/topic/38060-ssid-pool-management/?p=275753) Now my standard pool of SSIDs are the top 100 SSIDs used in my part of the world. Just to give you an example of how I'm using this on the ground. Yesterday I took my pineapple to a large target area. I needed to know what SSIDs would most likely ensnare the devices and the employees' personal devices on that campus. I spent over an hour walking the grounds and ended up with over 450 SSIDs. Using this script, I'll cut that 450 down to 100 or even 50 to increase the speed and efficiency of grabbing a client. The example files that are with the script are from me driving around Tampa yesterday with the pineapple in the back of my car. Just for the record, war driving is a terrible way to collect probe requests for an area. You're better off walking. You might be asking, why isn't this a module? First, I've never used javascript or php. I'm attempting to learn, but I'm not even close. So if anyone finds this helpful enough and wants to make it a module, be my guest. Finally, I'd like to make a suggestion. If you use this script for a particular area and you don't mind sharing, I would like to make a repository of Top 100's on regions all over the world. I have webspace at skinnyrd.com and can post them all there in an organized fashion. The more distinct the region, like neighborhoods or industrial parks in cities vs entire metro areas, the better. If you live in a small town, that's welcome to. If you'd really rather not share, no big deal. If you have any questions just let me know. Have a great day! SSIDsort.zip
  24. I'm using StraightTalk mobile service with an Asus Zenphone running Android. Tethering has been working fine with this combination. However, I've also used a Nexus 7 that just has Wifi capability and it refuses to tether with the Pineapple. It will tether with other equipment like an SDR but not the pineapple. Reading through the forums it seems that many people have had the same struggle with the Nexus.
  • Create New...