Beginner Looking For Somewhere To Start?

[ramus313]

Ive been into computer programming for the past 3-4 years, and know java & c++(as wella s other scriping languages) quite well, but for a while ive been wanting to jump into networking and network/wifi hacking (educational purposes). I downloaded Back Track 5 and have been messing around with it for the past week. I had gotten as far as making phishing websites from the web site cloner, and i stumbled across this website/forum. I thought you guys could point me in some direction. I am especially interested in the wifi pineapple. Ive watched the hak5 episodes covering the pineapple, but i would like some instruction from a beginners standpoint(to networking, not programming). I would like to know a little more about it before i purchase it. There is not alot of documentation on it other than that made by very experienced users(i do not understand a single thing that they are saying :/).

Thank you in advance for your help!

[ramus313]

P.S i understand the whole concept of the "yes man" thing, like how it becomes the access point for all devices trying to connect to the internet, but i mean like, what can you do once they connect to the wifi via your pineapple? thanks!

[Infiltrator]

P.S i understand the whole concept of the "yes man" thing, like how it becomes the access point for all devices trying to connect to the internet, but i mean like, what can you do once they connect to the wifi via your pineapple? thanks!

The whole purpose of the WIFI Pineapple is to make users aware of the dangers of connecting to an open/unencrypted WIFI connection. Once the victim connects to it, the attacker operating the device, can remotely do all sorts of malicious things.

For example, the attacker can monitor your traffic and in real time he can see what sites you visit, what information you enter on the websites. He could redirect your from a legit website (Facebook.com) to a fake Facebook website and harverst all your login credentials without you knowning.

All these would be happening transparently on the background. The best way to avoid being a victim, of such attack is to never connect to an unencrypted/open WIFI, always use secure connections, like HTTP(s), VPN or SSH. These will reduce the chances of the attacker sniffing your traffic.

[ramus313]

ok yea thats what i thought. Do you think the 50 page booklet on the website will cover the basics of the wifi pineapple toa point that i can understand? also, do i need the wireless card that (the one that supports packet injection, sold on their website) in order for it to work, or will it work on its own. To my understanding, the wifi card is only for the de authorization tool, which reconnects people that are already connected to the wifi to your device, and then to the wifi. But is it necessary to intercept people who are logging on when your device is already turned on?

Edited July 24, 2012 by ramus313

[Infiltrator]

do i need the wireless card that (the one that supports packet injection, sold on their website) in order for it to work, or will it work on its own.

A wireless card like the one, they sell in the Hak5 shop its not necessary in order to connect to the WIFI Pineapple, but it would be very handy to have one, because of its high gain antenna and the ability to connect to the WIFI pineapple or any other acces point from a distance of hundreds or miles away.

The WIFI Pineapple works just like a normal AP, it operates off a battery and can be placed anywhere. The attacker on the other hand, will only need to SSH or access it via its web-based interface to operate it remotely.

Edited July 25, 2012 by Infiltrator

[ramus313]

ok, thank you so much for your help. Im going to order one in the next few days. I understand and can do basic things such as DNS spoofing/ARP Poisoning.But how did you learn the more advanced things, like monitoring the websites the user logs on to? Did you learn just by messing around with the device? There isnt alot of documentation... thanks

[Infiltrator]

There are tools like Wireshark or TCPDUMP that you can use to capture the packets (information) that travels down the wire or through the wireless medium. When you arp poison the victim, the victim traffic flows through your computer, and with a program like Wireshark/TCPDump that traffic can be captured and viewed.

You can only view traffic that is not encrypted, if the victim connects to a website, that uses HTTP(s) the traffic will be encrypted, and any information that the victim enters on the website will not be in a human readable form, everything will be gibberish to you.

But you can still see what website the victim visited, the IP address of victim and so forth.

All this stuff, I've learned from watching the Hak5 videos, reading other peoples comments, researching, reading books. Also Youtube and securitytube.net have plenty of videos on this kind of attacks. Its just a matter of searching on Google.

Edited July 25, 2012 by Infiltrator

[ramus313]

could you just use the dns spoofing when they type in "https://", and redirect them to the nonsecure website?

[Life like Opossum]

Essentially, if someone has connected to your pineapple you have full control. Yes you can DNS Spoof an HTTPS as you are deciding where their traffic actually goes. If you are dealing with a technologically sound individual, they will notice the change and disconnect from the pineapple right away.

Edited July 26, 2012 by Saelani

[Infiltrator]

could you just use the dns spoofing when they type in "https://", and redirect them to the nonsecure website?

You could certainty do that, but you will have to attack someone who is a total computer illiterate. As Saelani pointed out, it would be very difficult to trick or convince someone who has a strong IT knowledge, to continue browsing an insecure website.

There is also an utility called SSLStrip, which basically strips off the (s) from the HTTP(s), making the connection insecure and giving you back the ability to sniff the traffic. However, this utility will cause the web browser to set off a warning message, stating that the website security certificate is either expired or not legit. Some users will choose to ignore the error message, whereas other users will simply stay way from the page.

You should definitely play around with these tools and get a grasp for them. Like I said, before there are plenty of tutorial videos on Youtube and securitytube to assist you. And if you are not sure about something you can always research on Google, before posting a question in the forums.

Edited July 26, 2012 by Infiltrator

[telot]

What browser(s) display a certificate error in your experience Inf? When I tested sslstrip on my pineapple with Chrome I received no errors...more testing is needed on my end apparently...

As for your ramus313 - I'd implore you to get a pineapple, they're wonderful tools that are great for gaining an understanding of the ins and outs of networking. Theres dozens/hundreds of us all at different levels of knowledge helping each other out, so be sure to hop over to the Pineapple forums if you run into any issues - we're noob and guru friendly! I have to admit that I mention this for selfish reasons too, as it's always great to have another fluent programmer in the community, so I hope to see you over there!

telot

Edited July 27, 2012 by telot

[Infiltrator]

What browser(s) display a certificate error in your experience Inf? When I tested sslstrip on my pineapple with Chrome I received no errors...more testing is needed on my end apparently...

telot

The reason I mentioned certificate errors, was because when I am in BT using SSLStrip I always get certificate errors on my victims browser, unless there is something in the SSLstrip configuration file that I am missing or overlooking.