Jump to content

Where To Start


Recommended Posts

I ordered mt first pineapple it is going to get here in about 3 hours. I am ok with linux I can do most things on linux but I would like to know. What should I do first with the Pineapple IV, and what documents should I read I have been browsing the forums but I dont know what information I should look at.

Link to comment
Share on other sites

The MK4 comes with a quick start guide that should have you up and running in no time. There is no "right way" to use the WiFi Pineapple however. It's a pretty versatile WiFi auditing tool and comes in a pretty generic configuration. It really depends on what you're trying to achieve. I've heard some pretty crazy stories of what pen testers have done with it. I guess it really just depends on your networking experience and how far you're willing to go with it. Have fun!

Link to comment
Share on other sites

The MK4 comes with a quick start guide that should have you up and running in no time. There is no "right way" to use the WiFi Pineapple however. It's a pretty versatile WiFi auditing tool and comes in a pretty generic configuration. It really depends on what you're trying to achieve. I've heard some pretty crazy stories of what pen testers have done with it. I guess it really just depends on your networking experience and how far you're willing to go with it. Have fun!

Stories?! I love stories!!

Sharing is caring Darren...lets hear 'em!

telot

Link to comment
Share on other sites

The MK4 comes with a quick start guide that should have you up and running in no time. There is no "right way" to use the WiFi Pineapple however. It's a pretty versatile WiFi auditing tool and comes in a pretty generic configuration. It really depends on what you're trying to achieve. I've heard some pretty crazy stories of what pen testers have done with it. I guess it really just depends on your networking experience and how far you're willing to go with it. Have fun!

I am in IT (network administrator) and I am planing on using this to find hackers on my network and then hack them back. :D but I did not know how easy it is to use the pineapple.

Link to comment
Share on other sites

I am in IT (network administrator) and I am planing on using this to find hackers on my network and then hack them back. :D but I did not know how easy it is to use the pineapple.

"Hacking them back" is not really ethical, but routing all DNS entries to loopback on them could be fun.

Link to comment
Share on other sites

"Hacking them back" is not really ethical, but routing all DNS entries to loopback on them could be fun.

When I say "hacking them back" I mean something like rerouting the DNS to the loopback or to a rickroll. Just something that will get them frustrated I am not going to be stealing information just going to make the blackhat hackers frustrated with hacking the network and get some good laughs at the blackhats.

Link to comment
Share on other sites

I know about 99.9% of the users will be everyday users I will write a script that will only target users who fit a profile that I make. Once the user fits the profile I will be contacted to look at their activty and if we deem them as a blackhat I will have the pineapple start messing with that user.

But right now it is only an idea so before we implement it I am testing your product to see if it can do what we are looking for.

Link to comment
Share on other sites

I know about 99.9% of the users will be everyday users I will write a script that will only target users who fit a profile that I make.

Please feel free to post said script when it's complete. I'd love that...

Link to comment
Share on other sites

Please feel free to post said script when it's complete. I'd love that...

I would bet a lot of people would but I am not going to be making this for myself but my company that I work for. IF we do deiced to use the script it will become property of the company and I would not be able to post it online for security/legal reasons.

If you do want to do something like that there is other methods of going this. You could use an Intrusion Detection Systems(IDS) such as SNORT and have it tell you what IP it is. There is many ways at doing this but I am going some research to find out the best way for my company. If we dont go with the pineapple I get to have it since I paid for it and they will reimburse me if we do use it.

Link to comment
Share on other sites

I would bet a lot of people would but I am not going to be making this for myself but my company that I work for. IF we do deiced to use the script it will become property of the company and I would not be able to post it online for security/legal reasons.

If you do want to do something like that there is other methods of going this. You could use an Intrusion Detection Systems(IDS) such as SNORT and have it tell you what IP it is. There is many ways at doing this but I am going some research to find out the best way for my company. If we dont go with the pineapple I get to have it since I paid for it and they will reimburse me if we do use it.

Be careful. Some contracts state that ANY intellectual property created by the employee is then owned by XYZ company. Even if it was not developed for the company.

Link to comment
Share on other sites

Be careful. Some contracts state that ANY intellectual property created by the employee is then owned by XYZ company. Even if it was not developed for the company.

I know that is why I am not going to post the script. But I was just giving him an idea of one way how he can do it with SNORT. That is all of the details I am willing to give out about this. That "IF" is saying we might or might not use it and if we don't use it I still wont be able to post it.

If we dont use it and I get to keep the pineapple I can make my own scripts and they are my scripts I can post my own if I choose. There is alot of rules about me making my own like it cant contain any code from their scripts etc.

Link to comment
Share on other sites

It sounds interesting to hack back but I personally don't think a hacker would leave there hacktop probing for open ssids?

and even if that said person was to manually connect to the pineapple they would see that its not the real wireless or get NYAN Rolled and try to connect to the real network?

maybe direct them to a fake internal website with an awesome new web product being tested but is actually a back doored java applet.

Link to comment
Share on other sites

If WakeUpWolfgang is working for a company to implement this script running on a pineapple (not sure about legality there anyway) then if he were to "hack the hackers" he / the company would be doing something which is in turn illegal.

Just something to keep in mind.

Regards,

Sebkinne

Link to comment
Share on other sites

If WakeUpWolfgang is working for a company to implement this script running on a pineapple (not sure about legality there anyway) then if he were to "hack the hackers" he / the company would be doing something which is in turn illegal.

Just something to keep in mind.

Regards,

Sebkinne

I use the term hack very loosely. We might do something like a rickroll and edit the dns entries and stuff like that. But once the hacker gets off of our network it will undo everything on their computer. And we will block the mac of that computer(I know it is easily spoofed).

the list of what it will do

1. mounter the use of all of the users that are using our wifi.

2. if it thinks some one is trying to hack us it will notify the IT department.

3. the IT department will look at the use of the person in question and decides if they are trying to hack us.

4. if the IT department decides that the person in question is trying to hack us implement the script

5. once the hacker gets off our network the hack stops and removes its self

That is a very simple overview of what it will do but as you see it will not edit any files or view any files or gather any information. Once they get off of the network the script will stop working and it will remove its self from the computer

Link to comment
Share on other sites

If you do want to do something like that there is other methods of going this. You could use an Intrusion Detection Systems(IDS) such as SNORT and have it tell you what IP it is. There is many ways at doing this but I am going some research to find out the best way for my company. If we dont go with the pineapple I get to have it since I paid for it and they will reimburse me if we do use it.

 
if( $line =~ m/going/ ) {
                $line = "doing" . $line;
                print  "$line\n";

>>nudge

but seriously, you do open an interesting facet for the device. To answer your question (which is interesting if you're such a code_ninja) re: where to start is simple; begin "testing" each feature independently before layering them. Keep a journal of ideas for implementation within your co. As experience increases, attempt some of the ideas from your journal...

...or simply follow taco's advice up there ^

Link to comment
Share on other sites

Yes I did have a spelling mistake.

If we do use the pineapple I wont be the coder for it. I was just looking for some documentation so I could read up on it before I started to play with it.

And that is a simplified list of things we want it to do to give as an example. There is more that I am not aloud to say so there for I am done posting on this thread before I say something that I will regret.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...