WakeUpWolfgang Posted March 8, 2012 Posted March 8, 2012 I ordered mt first pineapple it is going to get here in about 3 hours. I am ok with linux I can do most things on linux but I would like to know. What should I do first with the Pineapple IV, and what documents should I read I have been browsing the forums but I dont know what information I should look at. Quote
Technoprenerd Posted March 8, 2012 Posted March 8, 2012 plz use search function & google. btw, posted twice; twice! Quote
Sebkinne Posted March 8, 2012 Posted March 8, 2012 First upgrade it. Play around with it, many things are self explanatory. Then read the forum. Enjoy your pineapple, Sebkinne Quote
Darren Kitchen Posted March 8, 2012 Posted March 8, 2012 The MK4 comes with a quick start guide that should have you up and running in no time. There is no "right way" to use the WiFi Pineapple however. It's a pretty versatile WiFi auditing tool and comes in a pretty generic configuration. It really depends on what you're trying to achieve. I've heard some pretty crazy stories of what pen testers have done with it. I guess it really just depends on your networking experience and how far you're willing to go with it. Have fun! Quote
telot Posted March 8, 2012 Posted March 8, 2012 The MK4 comes with a quick start guide that should have you up and running in no time. There is no "right way" to use the WiFi Pineapple however. It's a pretty versatile WiFi auditing tool and comes in a pretty generic configuration. It really depends on what you're trying to achieve. I've heard some pretty crazy stories of what pen testers have done with it. I guess it really just depends on your networking experience and how far you're willing to go with it. Have fun! Stories?! I love stories!! Sharing is caring Darren...lets hear 'em! telot Quote
WakeUpWolfgang Posted March 8, 2012 Author Posted March 8, 2012 The MK4 comes with a quick start guide that should have you up and running in no time. There is no "right way" to use the WiFi Pineapple however. It's a pretty versatile WiFi auditing tool and comes in a pretty generic configuration. It really depends on what you're trying to achieve. I've heard some pretty crazy stories of what pen testers have done with it. I guess it really just depends on your networking experience and how far you're willing to go with it. Have fun! I am in IT (network administrator) and I am planing on using this to find hackers on my network and then hack them back. :D but I did not know how easy it is to use the pineapple. Quote
Mr-Protocol Posted March 8, 2012 Posted March 8, 2012 I am in IT (network administrator) and I am planing on using this to find hackers on my network and then hack them back. :D but I did not know how easy it is to use the pineapple. "Hacking them back" is not really ethical, but routing all DNS entries to loopback on them could be fun. Quote
WakeUpWolfgang Posted March 8, 2012 Author Posted March 8, 2012 "Hacking them back" is not really ethical, but routing all DNS entries to loopback on them could be fun. When I say "hacking them back" I mean something like rerouting the DNS to the loopback or to a rickroll. Just something that will get them frustrated I am not going to be stealing information just going to make the blackhat hackers frustrated with hacking the network and get some good laughs at the blackhats. Quote
CanadianTaco Posted March 8, 2012 Posted March 8, 2012 What should I do first with the Pineapple Slice it? http://howtocutapineapple.com/ Quote
Mr-Protocol Posted March 8, 2012 Posted March 8, 2012 Keep in mind you will most likely get the everyday users instead of "hackers" with a pineapple. Quote
WakeUpWolfgang Posted March 8, 2012 Author Posted March 8, 2012 I know about 99.9% of the users will be everyday users I will write a script that will only target users who fit a profile that I make. Once the user fits the profile I will be contacted to look at their activty and if we deem them as a blackhat I will have the pineapple start messing with that user. But right now it is only an idea so before we implement it I am testing your product to see if it can do what we are looking for. Quote
condor Posted March 9, 2012 Posted March 9, 2012 I know about 99.9% of the users will be everyday users I will write a script that will only target users who fit a profile that I make. Please feel free to post said script when it's complete. I'd love that... Quote
hfam Posted March 9, 2012 Posted March 9, 2012 Please feel free to post said script when it's complete. I'd love that... ;) Quote
WakeUpWolfgang Posted March 9, 2012 Author Posted March 9, 2012 Please feel free to post said script when it's complete. I'd love that... I would bet a lot of people would but I am not going to be making this for myself but my company that I work for. IF we do deiced to use the script it will become property of the company and I would not be able to post it online for security/legal reasons. If you do want to do something like that there is other methods of going this. You could use an Intrusion Detection Systems(IDS) such as SNORT and have it tell you what IP it is. There is many ways at doing this but I am going some research to find out the best way for my company. If we dont go with the pineapple I get to have it since I paid for it and they will reimburse me if we do use it. Quote
Mr-Protocol Posted March 9, 2012 Posted March 9, 2012 I would bet a lot of people would but I am not going to be making this for myself but my company that I work for. IF we do deiced to use the script it will become property of the company and I would not be able to post it online for security/legal reasons. If you do want to do something like that there is other methods of going this. You could use an Intrusion Detection Systems(IDS) such as SNORT and have it tell you what IP it is. There is many ways at doing this but I am going some research to find out the best way for my company. If we dont go with the pineapple I get to have it since I paid for it and they will reimburse me if we do use it. Be careful. Some contracts state that ANY intellectual property created by the employee is then owned by XYZ company. Even if it was not developed for the company. Quote
WakeUpWolfgang Posted March 9, 2012 Author Posted March 9, 2012 Be careful. Some contracts state that ANY intellectual property created by the employee is then owned by XYZ company. Even if it was not developed for the company. I know that is why I am not going to post the script. But I was just giving him an idea of one way how he can do it with SNORT. That is all of the details I am willing to give out about this. That "IF" is saying we might or might not use it and if we don't use it I still wont be able to post it. If we dont use it and I get to keep the pineapple I can make my own scripts and they are my scripts I can post my own if I choose. There is alot of rules about me making my own like it cant contain any code from their scripts etc. Quote
PineDominator Posted March 9, 2012 Posted March 9, 2012 It sounds interesting to hack back but I personally don't think a hacker would leave there hacktop probing for open ssids? and even if that said person was to manually connect to the pineapple they would see that its not the real wireless or get NYAN Rolled and try to connect to the real network? maybe direct them to a fake internal website with an awesome new web product being tested but is actually a back doored java applet. Quote
Sebkinne Posted March 9, 2012 Posted March 9, 2012 If WakeUpWolfgang is working for a company to implement this script running on a pineapple (not sure about legality there anyway) then if he were to "hack the hackers" he / the company would be doing something which is in turn illegal. Just something to keep in mind. Regards, Sebkinne Quote
Valsacar Posted March 9, 2012 Posted March 9, 2012 Hack the Hackers!!!! no wait... that's not right... Quote
WakeUpWolfgang Posted March 9, 2012 Author Posted March 9, 2012 If WakeUpWolfgang is working for a company to implement this script running on a pineapple (not sure about legality there anyway) then if he were to "hack the hackers" he / the company would be doing something which is in turn illegal. Just something to keep in mind. Regards, Sebkinne I use the term hack very loosely. We might do something like a rickroll and edit the dns entries and stuff like that. But once the hacker gets off of our network it will undo everything on their computer. And we will block the mac of that computer(I know it is easily spoofed). the list of what it will do 1. mounter the use of all of the users that are using our wifi. 2. if it thinks some one is trying to hack us it will notify the IT department. 3. the IT department will look at the use of the person in question and decides if they are trying to hack us. 4. if the IT department decides that the person in question is trying to hack us implement the script 5. once the hacker gets off our network the hack stops and removes its self That is a very simple overview of what it will do but as you see it will not edit any files or view any files or gather any information. Once they get off of the network the script will stop working and it will remove its self from the computer Quote
condor Posted March 11, 2012 Posted March 11, 2012 If you do want to do something like that there is other methods of going this. You could use an Intrusion Detection Systems(IDS) such as SNORT and have it tell you what IP it is. There is many ways at doing this but I am going some research to find out the best way for my company. If we dont go with the pineapple I get to have it since I paid for it and they will reimburse me if we do use it. if( $line =~ m/going/ ) { $line = "doing" . $line; print "$line\n"; >>nudge but seriously, you do open an interesting facet for the device. To answer your question (which is interesting if you're such a code_ninja) re: where to start is simple; begin "testing" each feature independently before layering them. Keep a journal of ideas for implementation within your co. As experience increases, attempt some of the ideas from your journal... ...or simply follow taco's advice up there ^ Quote
WakeUpWolfgang Posted March 11, 2012 Author Posted March 11, 2012 Yes I did have a spelling mistake. If we do use the pineapple I wont be the coder for it. I was just looking for some documentation so I could read up on it before I started to play with it. And that is a simplified list of things we want it to do to give as an example. There is more that I am not aloud to say so there for I am done posting on this thread before I say something that I will regret. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.