Search the Community
Showing results for tags 'injection'.
Found 3 results
Hi, I was hoping to leverage PineAP's frame injection capability to execute key reinstallation attacks. However, when I tried injecting arbitrary packets with PineAP, I couldn't pick up said packets on another monitor. On my machine, I set up a Fedora VM with wireshark/airmon-ng and a USB WiFi card to monitor packets, and the Pineapple next to the WiFi card. From the Pineapple, I used aireplay-ng on wlan1mon to play a deauthentication attack, and successfully captured the deauth packets on my VM. I then copied the packet's hex stream from wireshark, and tried to play the same attack using PineAP. (MACs changed) c0 00 3a 01 60 ab 67 12 34 56 e8 cc 18 22 34 56 e8 cc 18 12 34 56 50 27 07 00 < client MAC > < AP MAC > I pasted the above (minus the comments) into the payload field, with parameters; Channel: 3 (the same channel I was monitoring on with the VM) Frame count: 100 Send delay: 100ms However, I didn't pick up any such packets on my VM. Same thing happens on different channels, as well as after I rebooted the Pineapple. I tried to use the CLI, but I did not pick up any packets from this either: $ cat test.packet c0 00 3a 01 60 ab 67 12 34 56 e8 cc 18 22 34 56 e8 cc 18 12 34 56 50 27 07 00 $ pineap inject test.packet 3 100 100 Am I missing something on how to inject frames using PineAP? Doesn't seem like a hardware issue, since aireplay-ng is able to use the radios to replay packets. Additionally, instead of blocking for (100 packets * 100ms delay per packet) = 10s, the above injections, from the web UI and the pineap invocation, instantly returned. Is this command supposed to be non-blocking? Thanks!
Hi, let me give you some introduction: I bought the nano months ago and pentested some of my old routers. Unfortunately I had to realize that the nano only can handle the 2.4 GHz frequency, but no problem, great product anyway. Most newer routers support both 2.4 to 5 GHz, so I decided to buy the tetra to continue pentesting with my network that has one brand new access point with both frequencies up at the same time. The start with the tetra was great, because with the "Recon" tab it's possible to scan both frequencies at the same time. Sorry I'm not a fan of the "Modules" so I always continue with an ssh connection and use the aircrack-ng tools. Here comes the question: Why can I scan my networks (2.4 and 5 GHz on same AP), but the injection does not work on the 5 GHz frequency? I know that the MAC Address changes in the last character, but I started to airodump my 5 GHz and fixed the channel (also tried different ones), but it is still not working. What am I doing wrong? Screenshots included. Scan results: http://i.imgur.com/2QV8OkJ.png Airodump: http://imgur.com/taEl4EY Aireplay: http://imgur.com/wRSW3ed Second test with another router (also dual frequencies): I'm wondering how I can capture my WPA2 handshake when I'm connected to the 2.4 GHz frequency and when I try to deauth my phone for example, it will reconnect to the 5 GHz frequency without giving the handshake. Same goes if I'm connected to the 5 GHz first and deauth it, the reconnect goes to the 2.4 GHz. I know that is normal behavior for modern devices, but can you please give me some advices how to handle this? Maybe a script with a loop of switching frequenies and deauth could work? Thank You!