Jump to content

Recommended Posts

Posted

My post is more of a question but I was thinking if it's possible on the pineapple or the computer providing internet

to strip out ip hops?

just wondering if someone that was smarter could tell if the network was suspicious by the hop count or hops themselves?

another idea I had was to do the karma thing but for network shares and printers?

not sure how those protocols work maybe could slip in a back door file?

Posted (edited)

I think hop wise, it will be hard to tell for anyone not experienced.

If you know what you are looking for and do a traceroute and start investigating each hop then yes, you will know.

It all depends on the set-up you have though.

Karma for network shares / printers. That sounds like an interesting idea. I believe something similar exists in Metasploit.

I think it targets single clients though. I sadly don't know enough about that..

Edited by sebkinne
Posted

so i got some clients connected to my pineapple. i wanna fire metasploit on the connected clients, how is this possible from backtrack ?

Total can of worms here... but I find that the pineapple gives a tremendous amount of opportunities for Social Engineering.

A simple method I once used before was to set up the pineapple for phishing like Darren's tutorial showed (for the mark II). Create a file through metasploit to open a reverse TCP or what have you on the target machine when opened and throw it in the /www folder on the pineapple. Then, socially engineer them to open the file (convince them they need to run the file for an imaginary facebook plugin to work from your phished site).

Rather confident that the Social Engineering Toolkit could do this better than just described; I just did a proof of concept but you get the idea.

Regards

Posted (edited)

i've been looking into karmetasploit tutorials but i can't seem to find anything that runs through the pineapple. mostly these guys talk about setting up a soft AP on backtrack with another alpha card. so if i was to rickroll these clients through a client side attack with metasploit i would have to have metasploit on the pineapple itself or would i just be able to run it from my system ? wouldn't i be on the same ip range as my pineapple ? since my eth0 is on my computer. also one other thing, when im sniffing traffic, just have wireshark listen on eth0 ?

Edited by allisonmagic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...