Jump to content

Archived

This topic is now archived and is closed to further replies.

combatwombat27

Jasager/karma Vs Open, Wep, Wpa

Recommended Posts

Now I only have outdated information and was seeking a bit of clarification. Is jasager/karma effective against anything other than open wireless networks? Since the pineapple doesn't know the psk for WEP and WPA networks it cannot spoof as them and be auto connected to can it? And if so, is the pineapple still really that effective especially since more and more devices just like windows 7 frown away from auto connecting to open wifi.

Share this post


Link to post
Share on other sites

Now I only have outdated information and was seeking a bit of clarification. Is jasager/karma effective against anything other than open wireless networks? Since the pineapple doesn't know the psk for WEP and WPA networks it cannot spoof as them and be auto connected to can it? And if so, is the pineapple still really that effective especially since more and more devices just like windows 7 frown away from auto connecting to open wifi.

Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web. They will connect willingly.

Share this post


Link to post
Share on other sites

Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web. They will connect willingly.

Correct, I was just discussing on IRC, I have no doubt that people will willingly connect for the free wifi but the Jasager portion of all this is getting more and more outdated. If it wasn't for the ease of use and attack tools now builtin to the pineapple it really would be on the decline in usefulness.

Share this post


Link to post
Share on other sites

Correct, I was just discussing on IRC, I have no doubt that people will willingly connect for the free wifi but the Jasager portion of all this is getting more and more outdated. If it wasn't for the ease of use and attack tools now builtin to the pineapple it really would be on the decline in usefulness.

It really depends on where you do your recon. I've used the pineapple MKIV on university campuses and public transit with great success. Sure Windows 7 is no longer auto connecting, but that doesn't mean phones aren't. (And with a typical SSID like "ATT Open WiFI" people almost always connect to it manually if they see it.

Share this post


Link to post
Share on other sites

Keep in mind, Windows 7 does have a check box to automatically connect. That "feature" is not enabled by default, but it's a check box away. And it's in plain sight when they select a network.

Share this post


Link to post
Share on other sites

Hmmm windows 7 doesn't auto connect any more? that news to me :/ did mac ever and does it still auto connect? also just out of curiosity the other day i was messing with my pineapple and my laptop, which is connected to my wpa secure wifi network, was seeing both my network (the secure one) and another network with the exact same name as mine but it was open, is this karma that is doing this? i don't fully understand it... also i noticed the singal level on the open one was low, likr one bar, but when i connected to it it was full strength...

Share this post


Link to post
Share on other sites

I also see karma'd versions of secure networks but a lot of people wouldn't realise the significance of secure wireless vs open wireless and would connect to a ssid they reconise regardless. The usefulness of been able to change the pineapples default broadcast ssid to a custom one is also underestimated, I've had many clients connect on the old mk3 without karma, purely because the default ssid looks good, something like 'campus wifi' or 'free wifi' Normally gets hipsters really excited.

Share this post


Link to post
Share on other sites

The wifi system on the WII only looks at the SSID of the network before it connects to it.

My WII is only set to connect to a my wpa-psk wifi network but it always ends up on the pineapple with the encrypted SSID name.

I think one or two older OSes would do this but it been fixed now.

Share this post


Link to post
Share on other sites

Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web/bank/email/ebay/craigslist/resume submission/etc. They will connect willingly.

Fixed 'er up for ya. :) I've seen all of the above just from a single coffee shop/cafe drop.

Depending on your expectations and target environment, Jasager/Karma is as effective now as it ever was. Sure, you may not capture a few Win7 machines, and if that's all that you're targeting, then you've got some extra work to do in order to get them to connect...limited only by your imagination.

As another poster pointed out, coupled with the ability to change the SSID, I find there is no shortage of sheeple and hipsters who will blissfully connect to our tasty, forbidden fruit, entirely unaware of the MitM. :)

Share this post


Link to post
Share on other sites

Fixed 'er up for ya. :) I've seen all of the above just from a single coffee shop/cafe drop.

Depending on your expectations and target environment, Jasager/Karma is as effective now as it ever was. Sure, you may not capture a few Win7 machines, and if that's all that you're targeting, then you've got some extra work to do in order to get them to connect...limited only by your imagination.

As another poster pointed out, coupled with the ability to change the SSID, I find there is no shortage of sheeple and hipsters who will blissfully connect to our tasty, forbidden fruit, entirely unaware of the MitM. :)

one of the best places to pentest is a busy movie theater,

I changed the ssid to ("name of theater" FREE) and was surprised that over half of the people connected used the ssid.

Share this post


Link to post
Share on other sites

Also, if you have multi wifi cards on your laptop, you can Deauth every AP's clients except your pineapple (And your ICS network adapter). That would be another way to "guide" devices to your "test setup/environment".

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...