Jump to content

Autoconnect To Pineapple


C0NFUS3D
 Share

Recommended Posts

I'm having problems getting devices to "secretly connect" to the pineapple that are probing for a remembered WPA secured network that is in the area. These devices connect to the actual AP, not the pineapple. Is there anything I can do here to get these devices to connect to the pineapple instead??

Link to comment
Share on other sites

The pineapple only attracts OPEN probe requests - no wpa/wep/radius will be responded to.

telot

Link to comment
Share on other sites

if you look in the karma log in /tmp you will see that these wpa/wep requested ssids are happening but fail to fully connect, if there network is not close enough they can continue to ask the pineapple for said networks and fail

Edited by petertfm
Link to comment
Share on other sites

I think that's why you have the usb connected with the wordlist to try to crack it ... I remember darren talking about doing this in one of the shows. Having a good word list so you would be able to see if you could get in using the pineapple... That would be a good project to work on.

Link to comment
Share on other sites

Short answer, no, nothing you can do.

The reason is that the device doesn't have the keys for either WEP or WPA so can't complete the authentication phase of the connection so the clients won't connect.

If you were able to get the keys for the encryption then you could create a fake access point but at that point you wouldn't need Karma as you could just set up a normal AP with the known keys.

Link to comment
Share on other sites

  • 2 weeks later...

I've been searching for threads that might lead to others that have already configured their Pineapples to accept WPA2-Enterprise connections. I haven't had much success to this point.

My Intention is to configure the Pineapple to authenticate WPA2-Enterprise to War Radius (Freeradius-wpe) over an SSH tunnel. I have had great success with miss-configured corporate phones and workstations accepting false certificates or users blindly accepting a new certificate in the supplicant using standard access points or hostap. I would love to see if it is reasonable to build a package like Joshua Wright's freeradius-wpe (http://www.willhackforsushi.com/?s=freeradius) on the Pineapple which would make the configuration even more useful.

Are there any existing threads that I'm not finding on this or a similar subject?

Link to comment
Share on other sites

I thought that if you probed for SSID "myhomerouter", Karma would answer, non-dependent of security settings.

karma does answer, you can see in the latest firmware 2.6.1 that the log now shows all prob responses. but when the client is doing it's encryption thing right after it associats thats where it falls apart, pineapple cant do a thing because it does not know the key, regardles if its wep or wpa.

Very rarely a client will drop to no encryption.

Edited by petertfm
Link to comment
Share on other sites

That seems crazy to me. Scale - Do you know what the client was running? Any special wifi management software on it?

This whole thing has brought up an idea. I understand that karma responds to probe requests and that the authentication fails on (client) saved networks that are not open. This causes the client to not be able to associate with the pineapple. I also understand that because of the nature of WPA's 4 way handshake it is impossible to spoof authentication because the PSK is never actually exchanged. My question is this though, wouldn't it (theoretically) be possible to, if you know the PSK of a victim AP, set up the pineapple with identical encryption & PSK and then karma would work for that probe.

I understand that this would only work for a single encryption schema at a time (a single AP), but if you are trying to target a single victim, instead of the general 'wander until you find victims', this seems to be the best way. Deauthing a target would then cause them to connect to your pineapple regardless of the security of the target network.

Is this (theoretically) possible? Or is there something that prevents it within 802.11x that I am missing/do not understand?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...