combatwombat27 Posted June 19, 2012 Share Posted June 19, 2012 Now I only have outdated information and was seeking a bit of clarification. Is jasager/karma effective against anything other than open wireless networks? Since the pineapple doesn't know the psk for WEP and WPA networks it cannot spoof as them and be auto connected to can it? And if so, is the pineapple still really that effective especially since more and more devices just like windows 7 frown away from auto connecting to open wifi. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 19, 2012 Share Posted June 19, 2012 Now I only have outdated information and was seeking a bit of clarification. Is jasager/karma effective against anything other than open wireless networks? Since the pineapple doesn't know the psk for WEP and WPA networks it cannot spoof as them and be auto connected to can it? And if so, is the pineapple still really that effective especially since more and more devices just like windows 7 frown away from auto connecting to open wifi. Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web. They will connect willingly. Quote Link to comment Share on other sites More sharing options...
combatwombat27 Posted June 19, 2012 Author Share Posted June 19, 2012 Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web. They will connect willingly. Correct, I was just discussing on IRC, I have no doubt that people will willingly connect for the free wifi but the Jasager portion of all this is getting more and more outdated. If it wasn't for the ease of use and attack tools now builtin to the pineapple it really would be on the decline in usefulness. Quote Link to comment Share on other sites More sharing options...
Splicer Posted June 19, 2012 Share Posted June 19, 2012 Correct, I was just discussing on IRC, I have no doubt that people will willingly connect for the free wifi but the Jasager portion of all this is getting more and more outdated. If it wasn't for the ease of use and attack tools now builtin to the pineapple it really would be on the decline in usefulness. It really depends on where you do your recon. I've used the pineapple MKIV on university campuses and public transit with great success. Sure Windows 7 is no longer auto connecting, but that doesn't mean phones aren't. (And with a typical SSID like "ATT Open WiFI" people almost always connect to it manually if they see it. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 19, 2012 Share Posted June 19, 2012 Keep in mind, Windows 7 does have a check box to automatically connect. That "feature" is not enabled by default, but it's a check box away. And it's in plain sight when they select a network. Quote Link to comment Share on other sites More sharing options...
Anton Posted June 19, 2012 Share Posted June 19, 2012 Hmmm windows 7 doesn't auto connect any more? that news to me :/ did mac ever and does it still auto connect? also just out of curiosity the other day i was messing with my pineapple and my laptop, which is connected to my wpa secure wifi network, was seeing both my network (the secure one) and another network with the exact same name as mine but it was open, is this karma that is doing this? i don't fully understand it... also i noticed the singal level on the open one was low, likr one bar, but when i connected to it it was full strength... Quote Link to comment Share on other sites More sharing options...
inTheDMZ Posted June 19, 2012 Share Posted June 19, 2012 I also see karma'd versions of secure networks but a lot of people wouldn't realise the significance of secure wireless vs open wireless and would connect to a ssid they reconise regardless. The usefulness of been able to change the pineapples default broadcast ssid to a custom one is also underestimated, I've had many clients connect on the old mk3 without karma, purely because the default ssid looks good, something like 'campus wifi' or 'free wifi' Normally gets hipsters really excited. Quote Link to comment Share on other sites More sharing options...
01000010 Posted June 20, 2012 Share Posted June 20, 2012 The wifi system on the WII only looks at the SSID of the network before it connects to it. My WII is only set to connect to a my wpa-psk wifi network but it always ends up on the pineapple with the encrypted SSID name. I think one or two older OSes would do this but it been fixed now. Quote Link to comment Share on other sites More sharing options...
hfam Posted June 20, 2012 Share Posted June 20, 2012 Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web/bank/email/ebay/craigslist/resume submission/etc. They will connect willingly. Fixed 'er up for ya. :) I've seen all of the above just from a single coffee shop/cafe drop. Depending on your expectations and target environment, Jasager/Karma is as effective now as it ever was. Sure, you may not capture a few Win7 machines, and if that's all that you're targeting, then you've got some extra work to do in order to get them to connect...limited only by your imagination. As another poster pointed out, coupled with the ability to change the SSID, I find there is no shortage of sheeple and hipsters who will blissfully connect to our tasty, forbidden fruit, entirely unaware of the MitM. :) Quote Link to comment Share on other sites More sharing options...
PineDominator Posted June 20, 2012 Share Posted June 20, 2012 Fixed 'er up for ya. :) I've seen all of the above just from a single coffee shop/cafe drop. Depending on your expectations and target environment, Jasager/Karma is as effective now as it ever was. Sure, you may not capture a few Win7 machines, and if that's all that you're targeting, then you've got some extra work to do in order to get them to connect...limited only by your imagination. As another poster pointed out, coupled with the ability to change the SSID, I find there is no shortage of sheeple and hipsters who will blissfully connect to our tasty, forbidden fruit, entirely unaware of the MitM. :) one of the best places to pentest is a busy movie theater, I changed the ssid to ("name of theater" FREE) and was surprised that over half of the people connected used the ssid. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 20, 2012 Share Posted June 20, 2012 Also, if you have multi wifi cards on your laptop, you can Deauth every AP's clients except your pineapple (And your ICS network adapter). That would be another way to "guide" devices to your "test setup/environment". Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.