Pineapple Vs Laptop Rogue Hotspot?

[pinecone]

Hi all,

I just recently discovered this site and have enjoyed learning about the pineapple. I was considering building/buying one sometime in the near future. I was wondering, what exactly makes the Pineapple device different than jut setting up your laptop as a rogue hotspot?

Also, does anyone know if there are going to be any more Pineapple devices put back in stock anytime soon? Building one seems fairly straightforward but I'd rather just purchase if they are gonna be available again soon.

Look forward to being a part of this forum :)

Also, thanks for the info ahead of time!

-Pinecone

[pinecone]

OH one more question.

Is there a SINGLE page with the full tutorial on how to convert a fonera router to a pineapple device? I have come across several pages but it seems kinda scattered. Is there is a single consolodated resource? If not what is the best page?

I currently have just been browsing these forums and watched this video on configuration: http://www.viddler.com/explore/hak5/videos/56/

Thanks!

[Mr-Protocol]

The fon routers are the older versions. The mark III is the Alfa AP51.

Not sure if they will get any Mark III in stock so you might be better off buying an AP51 and building your own for now. Rumor has it that Mark 4 is being looked into.

The pineapple will respond to any open non encrypted probe for clients to connect. A laptop with just a rogue AP will not (unless you have the correct scripts running).

[bobbyb1980]

Think it depends on what you want to do. If you're trying to use meterpreter on your victims or get some type of client/server connection as directly and simple as possible, it might be better to use a laptop. It has more resources than a small router and IMO easier to control.

But if you want to do phishing type stuff then it would probably be easier to use a router.

[Mr-Protocol]

Think it depends on what you want to do. If you're trying to use meterpreter on your victims or get some type of client/server connection as directly and simple as possible, it might be better to use a laptop. It has more resources than a small router and IMO easier to control.

But if you want to do phishing type stuff then it would probably be easier to use a router.

If you are using a pineapple, chances are you have a laptop doing ICS. So that kind of makes your statement invalid because there is (in most cases not all) a laptop involved for ICS.

[bobbyb1980]

I nor the op said anything about ICS. I said it depends what you want to do.

When I said "use a laptop" I was implying to use it as a rogue hotspot as the op asked. Way I see it, end goal is either to obtain credentials or install malware, both of which don't require ICS or a router, just a decent laptop with a good card.

Edited January 20, 2012 by bobbyb1980

[Mr-Protocol]

The pineapple without ICS is pretty limited. Yes you can make up a phishing site, but they will suspect something is up when they cannot reach anything after their "login attempt". It was an assumption to use a laptop with ICS because that is how even mark I was used.

[bobbyb1980]

Using a good laptop and the various rogue ap tools you can accomplish everything the pineapple does without the need for a router/ICS and only on the laptop. Once the attack is complete client is deauthed from the rogue ap (laptop), no longer given probes, then allowed to connect to their natural AP.

It may not be as technically discreet as having ICS setup, but it does eliminate the need to be the only person in a cafe with an antenna sticking out their bag. It also simplifies meterpreter attacks therein increasing their probability of success.

Much love for the pineapple though, and probably better for phishing.

[Mr-Protocol]

If you just have a laptop with hostapd + karma you still still need another interface to do ip forwarding/ICS.

[telot]

Laptop can easily respond to any probe request and respond by initializing a authentication request and then an association request. See airbase-ng. The pineapple is just so damn convenient and awesome. I can attach a high db gain antenna, I can automate it easier, as it's purpose is focused, and there's a great community based around it (ahem). Yes, there's lots of reasons to go with the pineapple.

telot

[Mr-Protocol]

Pineapple runs hostapd instead of airbase-ng due to stability if I'm not mistaken.

[Darren Kitchen]

Telot hit the nail on the head. Sure your laptop can do the same thing, but it may not be purpose built for this function, small enough to conceal or as portable. If the rumors are correct the Mark 4 should make it absolutely clear which is the more convenient attack platform. We'll find out at Shmoocon ;)

[telot]

Pineapple runs hostapd instead of airbase-ng due to stability if I'm not mistaken.

And I can understand why. I've been playing with airbase-ng for a few days now, and I've found it to be very unreliable. Sometimes my dhcp server plays nice, sometimes it doesnt. When it doesn't, sometimes certain devices will autoassign themselves an IP (169.xxx.xxx.xxx range) and sometimes that same device refuses, and other devices simply will not play ball at all. Whilst wiresharking all these inconsistencies I noticed erratic behavior from airbase as the common denominator. Its a great tool, but I don't think its nearly as refined as other tools in the aircrack suite (such as airmon, airodump, and of course aircrack). Its definitely best to stick with the pineapple.

You can use the butt end of a screw driver to pound in a nail, and still use that screwdriver for many other things (screwing screws, pry bar, inner ear scratcher) but using a tool that was built with pounding a nail in mind works much better and is worth the cost.

telot