Jump to content

Hide Pineapple From Other Pineapple'ers


JayBlack
 Share

Recommended Posts

One of the first things your realize when you start running your pineapple is it's shouting it's SSID 'pineapple'. Well we all can easily figure that one out. Goto /etc/config/wireless and change the line to say 'option SSID CHEVETTE'.

Well once that's all said and done we still know that the router runs a webhost control panel (ip/folder)... so we can check for that each time we connect to an openwifi. So what I would recommend is rename the folder under www to SomethingLessSuspicious, and then run a script (which you will need to write or get) to replace all strings in the subdirectory to your new directory... ex: for each instance of string oldfolder/ rename to SomethingLessSuspicious/ . Also go into /etc/config and edit httpd.conf, replacing string oldfolder/ to the new SomethingLessSuspicious/ . These are the places I've found to replace the string so far. My example is currently working without errors. You just don't want other people's 'cron jobs'/'brothers' checking your access points path with a simple directory check saying hey, does this 'pineapple' exist? --sound the alarm suspicious folk are about.

Broadcasting this identity either way is similar to letting a lot of people know you have the skill of slight of hand. And where as you are the good magician, they may instantly judge you to be the pick pocket out to get them. Proverbs 22:1 "A good name is more desirable than great riches;" As they say, this is simply a tool, use responsibly.

Now, I believe, these changes should remove the big red flag towards all shades of "HATs" (White/Gray/Black) out there. The one other thing I can think of is the network server/client numbering methodology. But this really doesn't raise any flags as being suspicious. Lots of different networks use different networking schemas.

Of course there are other network checking techniques, some can't see past this, some can.

Edited by JayBlack
Link to comment
Share on other sites

A couple of thoughts.

A good start is to change the MAC address so it doesn't give away the default hardware MAC vendor mapping performed by basic scanners.

Restrict the aliased SSID's.

Don't use the standard Nyan Cat redirects. It's a dead give away.

Plan your deployment and predict your outcomes upfront, to optimise your setup and the results.

Make sure the back channel works well, so as to reduce the change of any suspicion.

I'm playing with different user agents and techniques to see how the pinapple reacts to differing scanning techniques.

This is just for my interest... I think the WiFI Pinapple is great.

Link to comment
Share on other sites

A good start is to change the MAC address so it doesn't give away the default hardware MAC vendor mapping performed by basic scanners.

Restrict the aliased SSID's.

I'll have to look into this. I didn't know the MAC address could be redefined outside of 'burning in' a hard-wired network chip... I did know you could spoof it. I guess I just never thought about it.

When you say restrict... what do you mean by that?

Another quick thought, switch ssh login to an alternate port, or authorise the serial connection and not wlan.

Edited by JayBlack
Link to comment
Share on other sites

One of the first things your realize when you start running your pineapple is it's shouting it's SSID 'pineapple'. Well we all can easily figure that one out. Goto /etc/config/wireless and change the line to say 'option SSID CHEVETTE'.

This can also be done through the pineapple UI in the configuration tab.

Of course, editing the file works too. This just makes it easier.

Well once that's all said and done we still know that the router runs a webhost control panel (ip/folder)... so we can check for that each time we connect to an openwifi. So what I would recommend is rename the folder under www to SomethingLessSuspicious, and then run a script (which you will need to write or get) to replace all strings in the subdirectory to your new directory... ex: for each instance of string oldfolder/ rename to SomethingLessSuspicious/ . Also go into /etc/config and edit httpd.conf, replacing string oldfolder/ to the new SomethingLessSuspicious/ . These are the places I've found to replace the string so far. My example is currently working without errors. You just don't want other people's 'cron jobs'/'brothers' checking your access points path with a simple directory check saying hey, does this 'pineapple' exist? --sound the alarm suspicious folk are about.

This is a good point JayBlack, I think we can get this implemented in the UI. A full path changer. It really isn't too hard.

Thanks for the idea!

Of course there are other network checking techniques, some can't see past this, some can.

While this is not going to fool a skilled person, we have implemented a so called stealth mode in version 2.3.0 of the MK4.

This mode will drop all ICMP packets and make it unpingable. Of course, this will not throw anyone off who is actually determined to find pineapples.

All I can say is, guys, don't keep your password file in a directory accessable through your web server : P

Pineapple used to come default like that, not sure if it does anymore.

As far as I know the MK3 and MK4 did not / do not come like this.

The password for the UI is kept inside the /etc/shadow (and so on) file. Not accessible unless you are logged in and use the advanced tab in the UI to cat the file.

I'll have to look into this. I didn't know the MAC address could be redefined outside of 'burning in' a hard-wired network chip... I did know you could spoof it. I guess I just never thought about it.

We have macchanger onboard the pineapple MK4 and it will be implemented to the UI soon.

I have also moved this topic to the Jasager forum.

Best,

Sebkinne

Link to comment
Share on other sites

Very interesting idea - hide the fact your rocking a pineapple by obfuscating the /www directory...I guess I've never thought I'd ever run into anyone who knows what a pineapple is, let alone how to exploit it. But as the hacker con season is coming up, perhaps this would be a good addition to the new "stealth mode" pineapple features.

telot

Link to comment
Share on other sites

in my opinion changing the /www/pineapple folder would break things,

I have had no problems with it. The only oddity is when you try to access the pineapple folder after removing it you get an infinite loop between your redirect page and index... simply change your index page to redirect to something like 'http://www.google.com/error.html' and everything runs fine.

Edited by JayBlack
Link to comment
Share on other sites

I have had no problems with it. The only oddity is when you try to access the pineapple folder after removing it you get an infinite loop between your redirect page and index... simply change your index page to redirect to something like 'http://www.google.com/error.html' and everything runs fine.

I made a module that uses style sheets .css and a couple other things, that would break my module, I could make my own but then It wouldn't match.

Link to comment
Share on other sites

I have had no problems with it. The only oddity is when you try to access the pineapple folder after removing it you get an infinite loop between your redirect page and index... simply change your index page to redirect to something like 'http://www.google.com/error.html' and everything runs fine.

If we do decide to implement this, it will automatically update the error page too.

As you said though, I cannot see a real issue with this. Except users somehow locking themselves out.

Then again, the reset button can be changed to also move the directory back.

Best,

Sebkinne

Link to comment
Share on other sites

If we do decide to implement this, it will automatically update the error page too.

As you said though, I cannot see a real issue with this. Except users somehow locking themselves out.

Then again, the reset button can be changed to also move the directory back.

Best,

Sebkinne

also I guess If you put the changed folder name into a file IE /etc/config/ my module could access the necessary files in /www/

Link to comment
Share on other sites

also I guess If you put the changed folder name into a file IE /etc/config/ my module could access the necessary files in /www/

Exactly ;)

Needs some thinking but shouldn't be too complicated to do.

Something that requires more thought is the implementation of localizations... oh god.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...