PineDominator Posted November 27, 2011 Share Posted November 27, 2011 My post is more of a question but I was thinking if it's possible on the pineapple or the computer providing internet to strip out ip hops? just wondering if someone that was smarter could tell if the network was suspicious by the hop count or hops themselves? another idea I had was to do the karma thing but for network shares and printers? not sure how those protocols work maybe could slip in a back door file? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted November 27, 2011 Share Posted November 27, 2011 (edited) I think hop wise, it will be hard to tell for anyone not experienced. If you know what you are looking for and do a traceroute and start investigating each hop then yes, you will know. It all depends on the set-up you have though. Karma for network shares / printers. That sounds like an interesting idea. I believe something similar exists in Metasploit. I think it targets single clients though. I sadly don't know enough about that.. Edited November 27, 2011 by sebkinne Quote Link to comment Share on other sites More sharing options...
allisonmagic Posted December 1, 2011 Share Posted December 1, 2011 so i got some clients connected to my pineapple. i wanna fire metasploit on the connected clients, how is this possible from backtrack ? Quote Link to comment Share on other sites More sharing options...
run it backwards Posted December 1, 2011 Share Posted December 1, 2011 so i got some clients connected to my pineapple. i wanna fire metasploit on the connected clients, how is this possible from backtrack ? Total can of worms here... but I find that the pineapple gives a tremendous amount of opportunities for Social Engineering. A simple method I once used before was to set up the pineapple for phishing like Darren's tutorial showed (for the mark II). Create a file through metasploit to open a reverse TCP or what have you on the target machine when opened and throw it in the /www folder on the pineapple. Then, socially engineer them to open the file (convince them they need to run the file for an imaginary facebook plugin to work from your phished site). Rather confident that the Social Engineering Toolkit could do this better than just described; I just did a proof of concept but you get the idea. Regards Quote Link to comment Share on other sites More sharing options...
Ghostshell Posted December 1, 2011 Share Posted December 1, 2011 i have successfully with permission used one of my jasager/karma routers to catch clients and use Metasploit to poke and open sessions to them Quote Link to comment Share on other sites More sharing options...
allisonmagic Posted December 1, 2011 Share Posted December 1, 2011 (edited) i've been looking into karmetasploit tutorials but i can't seem to find anything that runs through the pineapple. mostly these guys talk about setting up a soft AP on backtrack with another alpha card. so if i was to rickroll these clients through a client side attack with metasploit i would have to have metasploit on the pineapple itself or would i just be able to run it from my system ? wouldn't i be on the same ip range as my pineapple ? since my eth0 is on my computer. also one other thing, when im sniffing traffic, just have wireshark listen on eth0 ? Edited December 1, 2011 by allisonmagic Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.