bobtheman Posted March 9, 2012 Share Posted March 9, 2012 from my understanding karma only works if the network the users nic is looking for isnt there. if im at home connecting to my home network that is already saved and setup then I would not connect to the rouge pineappple ap (i think this is right). ive seen talk about having to process deauth attks to force a disconnect to attempt to have the nic send probe requests to attempt to have the kara intercept. If this is correct, couldnt the process of deauth be incorporated into karma? Quote Link to comment Share on other sites More sharing options...
Andrei0427 Posted March 9, 2012 Share Posted March 9, 2012 If I understood your question, you cant deauth and use karma on the same interface, you will need a laptop or mobile to do the deauth Quote Link to comment Share on other sites More sharing options...
bobtheman Posted March 10, 2012 Author Share Posted March 10, 2012 hey Andrei yeah ... using a separate nic for deauth that's correct. I see what your saying though, couldn't incorporate a feature that requires another piece of hardware. Is my understand of how karma works correct? It will only intercept if your attempting to connect to a AP that is not present? Quote Link to comment Share on other sites More sharing options...
iamk3 Posted March 10, 2012 Share Posted March 10, 2012 bobtheman: Not exactly. If you are closer to the "possible" client, karma will respond to the probe request before the "legitimate" AP. Therefore, he will join your network instead of the "legitimate" one. This might be thwarted however if the "legitimate" AP broadcasts a stronger signal. Then it is pretty much luck of the draw. :) Quote Link to comment Share on other sites More sharing options...
telot Posted March 10, 2012 Share Posted March 10, 2012 bobtheman: Not exactly. If you are closer to the "possible" client, karma will respond to the probe request before the "legitimate" AP. Therefore, he will join your network instead of the "legitimate" one. This might be thwarted however if the "legitimate" AP broadcasts a stronger signal. Then it is pretty much luck of the draw. :) Just like in real estate, pineapple'ing is all about location, location, location. And big antennas. :) telot Quote Link to comment Share on other sites More sharing options...
bobtheman Posted March 11, 2012 Author Share Posted March 11, 2012 would a deauth attempt in your given scenario make any difference in attempting to have the user disassociate themselves from the legitimate AP and connect to the pineapple? Quote Link to comment Share on other sites More sharing options...
bobtheman Posted March 11, 2012 Author Share Posted March 11, 2012 im also assuming that if you start using the fake ap after the clients have already connnected to the legitimate AP then no exchange would occur as they are already associated with the real ap. Quote Link to comment Share on other sites More sharing options...
telot Posted March 11, 2012 Share Posted March 11, 2012 im also assuming that if you start using the fake ap after the clients have already connnected to the legitimate AP then no exchange would occur as they are already associated with the real ap. I'm totally confused by your question bobtheman. Sorry - are you asking if deauthing will get the targets to your pineapple if they're already attached to the legitimate AP? If so, the answers a huge resounding yes - thats the whole point of deauthing the AP. Lets break it down in some easy to understand terms so that you can perhaps clarify your question. Target1 is a person on a laptop, they are at coffee shop with a wifi ssid of coffee_shop. You are there with your laptop and pineapple we'll call Attacker1. Lets say you've connected your laptop to your phone via tethering for internet to be shared through the Attacker1 laptop to the attacking pineapple. Ok! Target1 is already at the coffee shop when you arrive. They are connected to coffee_wifi and happily surfing the net without getting rick rolled, ngrep'd, tcpdump'd, and wtfpwn'd. Lucky them. You arrive on the scene and fire up your laptop to ICS via tethered phone to your pineapple, which is of course hidden away in your backpack. So right now any newcomer to the coffee shop who has coffee_wifi saved as a AP on their computer/phone/tablet will likely connect to the pineapple, but only if your signal is stronger than coffee_wifi (because it will respond to the probe request faster). If the newcomer has never been to the coffee shop, and doesn't have coffee_wifi saved on their computer (because they've never connected) but DO have another open authentication access point saved on their computer (maybe airport_wifi or something) they will connect to the pineapple and the user will think they've connected to airport_wifi. Now! On your attacking laptop, you plug in your alfa usb wifi and turn on monitor mode and do an airodump-ng to see whats going on in the air around you - yes you can do it with the pineapple, but as has been discussed its a pain in the ass in its present form. So you've got your airodump-ng output on your attacking laptop, and you notice that Target1 is happily surfing away on coffee_wifi. Well this cannot stand! Again using your alfa usb awus036H, you run aireplay-ng -0 40 and nuke the whole AP down. Now everyone, Target1 and anyone else attached to coffee_wifi will lose their internet connection, and their wifi devices will almost instantly begin sending out probe requests for coffee_wifi and every other saved AP they might have at one time connected to. Thats when your pineapple will surely respond with a probe response saying that YES HELLZ YEAH IM COFFEE_WIFI! So no matter how much more powerful the signal on coffee_wifi might have been than your pineapple (people sitting far away from you, closer to the AP) will get them karma'd up with a little yes man action. Even if you're attached to coffee_wifi yourself as Attacker1 (you cheapass, go get yourself an android!), you can do a targeted deauth on coffee_wifi and just pick off each user one by one and yes man their probe requests and proceed to wtfpwn them. Now, I may have been totally confused by your question, and if the above doesn't explain anything at all - please rephrase your question using the terms Attacker1, coffee_wifi, Target1, etc. Hope this helped tho telot Quote Link to comment Share on other sites More sharing options...
bobtheman Posted March 12, 2012 Author Share Posted March 12, 2012 thanks telot your example was very helpful. I am referring to the incorporation of the said deauth attacks into the mk4 web interface. Im assuming that since using airodump on the mk4 is a huge pain this would not be ideal. I guess another way to express my idea is. Karma is receiving/ picking up probe request's regarding an AP called coffee_wifi. Attacker1 is late on the scene and coffee_wifi already has 50 users actively using it. Would it be possible, would you be interested in incorporating some sort of feature regarding deauth's to disassociate those 50 users into karma itself or the pineapple web gui? Quote Link to comment Share on other sites More sharing options...
condor Posted March 12, 2012 Share Posted March 12, 2012 Can multiple usb devices be used through a usb hub-like device? So, perhaps another wireless device can be used for sending out deauth packets, monitoring, etc. All while the pineapple still uses it's antenna for karma and it's clients? Add the 3G modem, and a battery. Leave it some place real nice...... ....log into it from anywhere and essentially be as if you were physically there, sending death packets, airodump the vicinity, etc... Quote Link to comment Share on other sites More sharing options...
barry99705 Posted March 12, 2012 Share Posted March 12, 2012 Can multiple usb devices be used through a usb hub-like device? So, perhaps another wireless device can be used for sending out deauth packets, monitoring, etc. All while the pineapple still uses it's antenna for karma and it's clients? Add the 3G modem, and a battery. Leave it some place real nice...... ....log into it from anywhere and essentially be as if you were physically there, sending death packets, airodump the vicinity, etc... Depends on their power consumption. If you use a powered usb hub, then you'd probably be okay. Quote Link to comment Share on other sites More sharing options...
telot Posted March 12, 2012 Share Posted March 12, 2012 Can multiple usb devices be used through a usb hub-like device? So, perhaps another wireless device can be used for sending out deauth packets, monitoring, etc. All while the pineapple still uses it's antenna for karma and it's clients? Add the 3G modem, and a battery. Leave it some place real nice...... ....log into it from anywhere and essentially be as if you were physically there, sending death packets, airodump the vicinity, etc... Adding an alfa USB awus036H has been on my list of things to do since I got my hands on the markIV. As barry mentioned, a powered hub would definitely been necessary for multiple usb devices (especially if two of them are additional radios). Right now you can deauth using the pineapples interface (top right on the status page, where it says Airmon-ng). The only problem is getting the BSSID. If you have an android phone, you can use the program called "Wifi Analyzer" to get BSSIDs and type them into the markIV status page and deauth that way. I like to use my alfa on my laptop primarily because I like airodump-ng - I just love seeing the "full picture" of what all is going on around me. But yeah, you can do almost everything from the pineapple itself - even running airodump - but that requires a power cycle to get it back and ready to karma those who you're about to deauth...hence the pain in the ass factor :) telot Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.