Jump to content

New Pineapple Question About Association.


Jinx161

Recommended Posts

So I just got my new Alfa AP51 Router today, and just flashed it with the newest Mark III firmware. I logged in and got ICS going in windows 7 to test it out, logged into the "Free_Wifi" to see if its working and sure enough ICS is working. I have a few questions though. Please answer seriously, this is an attempt from a novice to probe some peoples minds and expand my own based on their recommendations and ideas, not a plea to walk me through hacking someones facebook or doing all the work for me. So here we go:

1. To my understanding, the pineapple will only get connections from devices that have saved open unsecured networks on auto connect, However I noticed a few associations that said "Pass through Linksys, and Pass through NETGEAR" etc. So these wifi networks that are secure when I scan, so I am curious what the "Pass through" means? Did it just grab them?

Also I am kinda new to Infosec and penetration testing and have been reading a lot lately. Besides trying to follow along with the videos on Hak5 and use the pineapple, I was curious what other people are doing with it? I got the pineapple thinking it would be really cool for me to play with at home and mess with my girlfriend on our network and just learn a bit more, but I must say its a bit confusing to me at first. I know a working knowledge of linux and some networking, and understand a lot of different attacks. Currently I am just using Wireshark and watching the stream from the interface sharing the internet with the pineapple as people are on it. Id like to try session hijacking myself but I need to get ferret and hamster going. So

2. What are some things I can do with the pineapple? Id like to read up on more things people are doing and learn about.

For now im going to just watch some traffic, and try to mess with ngrep a bit. Thank you for all your input.

Link to comment
Share on other sites

So I just got my new Alfa AP51 Router today, and just flashed it with the newest Mark III firmware. I logged in and got ICS going in windows 7 to test it out, logged into the "Free_Wifi" to see if its working and sure enough ICS is working. I have a few questions though. Please answer seriously, this is an attempt from a novice to probe some peoples minds and expand my own based on their recommendations and ideas, not a plea to walk me through hacking someones facebook or doing all the work for me. So here we go:

1. To my understanding, the pineapple will only get connections from devices that have saved open unsecured networks on auto connect, However I noticed a few associations that said "Pass through Linksys, and Pass through NETGEAR" etc. So these wifi networks that are secure when I scan, so I am curious what the "Pass through" means? Did it just grab them?

Also I am kinda new to Infosec and penetration testing and have been reading a lot lately. Besides trying to follow along with the videos on Hak5 and use the pineapple, I was curious what other people are doing with it? I got the pineapple thinking it would be really cool for me to play with at home and mess with my girlfriend on our network and just learn a bit more, but I must say its a bit confusing to me at first. I know a working knowledge of linux and some networking, and understand a lot of different attacks. Currently I am just using Wireshark and watching the stream from the interface sharing the internet with the pineapple as people are on it. Id like to try session hijacking myself but I need to get ferret and hamster going. So

2. What are some things I can do with the pineapple? Id like to read up on more things people are doing and learn about.

For now im going to just watch some traffic, and try to mess with ngrep a bit. Thank you for all your input.

Pass through! A not so descriptive term. Here is a perfect chance to learn more and expand upon your wireshark skills. Using wireshark is all about filtering. Practice your skills by filtering through to an answer to this question and post it here :) I think this would be a great exercise for anyone with a new pineapple and a budding knowledge of infosec.

You're certainly on the right path with Wireshark - its the end all be all MITM friend. But theres so much extraneous information that it can be very very very overwhelming. Goto securitytube.net and listen to the wifi god's (vivek) explanation of 802.11 packet formation and significance if you really want to learn it inside and out and get some great examples of proper wireshark use. I just got done with the Wifi Megaprimer and the amount of knowledge Vivek shares (for free!) is amazing. Plus hes pretty funny too.

Some thing I've been doing with the pineapple...yes, ganking the wife's wifi connection is great fun, but theres waaay more you can do. Personally, I've been doing some hardware hacks (POE Cable: http://telot.org/betterusbpoecable5.jpg) and working on a case for to hold the raspberrypi(.org) and the pineapples PCB and a small battery pack in a conveniently nonchalant enclosure for a drop-box kind of system (like the mark4 will be). I've also done a little convenience scripting (http://telot.org/1script2rulethemall.sh) in preparation for the r-pi's automated attackings.

Let us know how your ngrep goes - thats one area I really haven't messed with the pineapple. I'd love to see your wordlists.

The pineapple is a great beginners tool and a great way to go head first into wifi security. Enjoy!

telot

Link to comment
Share on other sites

Pass through! A not so descriptive term. Here is a perfect chance to learn more and expand upon your wireshark skills. Using wireshark is all about filtering. Practice your skills by filtering through to an answer to this question and post it here :) I think this would be a great exercise for anyone with a new pineapple and a budding knowledge of infosec.

You're certainly on the right path with Wireshark - its the end all be all MITM friend. But theres so much extraneous information that it can be very very very overwhelming. Goto securitytube.net and listen to the wifi god's (vivek) explanation of 802.11 packet formation and significance if you really want to learn it inside and out and get some great examples of proper wireshark use. I just got done with the Wifi Megaprimer and the amount of knowledge Vivek shares (for free!) is amazing. Plus hes pretty funny too.

Some thing I've been doing with the pineapple...yes, ganking the wife's wifi connection is great fun, but theres waaay more you can do. Personally, I've been doing some hardware hacks (POE Cable: http://telot.org/betterusbpoecable5.jpg) and working on a case for to hold the raspberrypi(.org) and the pineapples PCB and a small battery pack in a conveniently nonchalant enclosure for a drop-box kind of system (like the mark4 will be). I've also done a little convenience scripting (http://telot.org/1script2rulethemall.sh) in preparation for the r-pi's automated attackings.

Let us know how your ngrep goes - thats one area I really haven't messed with the pineapple. I'd love to see your wordlists.

The pineapple is a great beginners tool and a great way to go head first into wifi security. Enjoy!

telot

Thank you so much for your answer. I will watch it, I also have been looking into the Wireshark University training. Yes its very overwhelming at first. Also I am sniffing the interface, which is the internet facing wifi interfacing sharing the connection. Should I be sniffing the interface, the wired nic that is connected to the pineapple instead? I see packets going through both, and I figured its the same traffic since its sharing but figured id ask. Anyways thanks for your help. Any other suggestions would be appreciated! Some fun things I am looking to try and learn about:

1. Possibly making a video of my choosing run at the top of every webpage. Or a quote to start.

2. Session Hijack the old lady.

3. Use ngrep a bit more. Try to catch some interesting stuff.

4. Replace every picture on someones page like ettercap can do.

Bottom line, I want to understand whats going on in each of these things, not just replicate them. Its gonna take a while but any other ideas would be great! Again, not asking for a walkthrough just an idea as a starting point. Thanks again Telot!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...