metalayer Posted October 11, 2012 Share Posted October 11, 2012 Hi, apologies for all the noob questions. Pineapple is working well now so one last one. Is this attack scenario possible? (couldn't find a definitive answer on the forum search) hack WPA key of target network -> configure pineapple to use that network's WPA key -> launch MITM attacks Thanks meta Quote Link to comment Share on other sites More sharing options...
Neworld Posted October 11, 2012 Share Posted October 11, 2012 Are you asking if we can preform a MITM if we know the WPA key?? If this is possible, I too would be very interested. Quote Link to comment Share on other sites More sharing options...
metalayer Posted October 11, 2012 Author Share Posted October 11, 2012 Are you asking if we can preform a MITM if we know the WPA key?? If this is possible, I too would be very interested. Yeah thats what I'm after. Quote Link to comment Share on other sites More sharing options...
NullNull Posted October 11, 2012 Share Posted October 11, 2012 I think interceptor is the word you are looking for ;) ... Quote Link to comment Share on other sites More sharing options...
telot Posted October 11, 2012 Share Posted October 11, 2012 No interceptor is not what you're looking for - the interceptor (and the markIV conversion to interceptor - which is not currently available but promised) is for wired MITM (ethernet). I'm not sure if the pineapple has wpa_supplicant, but it might be available in opkg. Do the following: opkg update opkg install wpa-supplicant If that works, you're golden. Hack the WPA key with reaver, then connect to the AP, then run some arpspoof (it should be part of the dsniff package - opkg install dsniff). I don't have my markIV handy, so I'm just guessing about all this stuff. Give it a try and report back here! telot Quote Link to comment Share on other sites More sharing options...
01000010 Posted October 12, 2012 Share Posted October 12, 2012 If you know the wpa key, then all you need to do is set the ssid, network key, and encryption to the same as the target. Then just deauth the target router. Quote Link to comment Share on other sites More sharing options...
telot Posted October 12, 2012 Share Posted October 12, 2012 I'm not really sure what you mean leapole. If you're saying that you can setup the ssid of the pineapple to be the same as the wpa-encrypted access point, then somehow "set the network key" the same as the wpa-encrypted access point, deauth said access point and replace it with the pineapples own wpa-encrypted with the same ssid? I'd love to know how to do this, because right now the pineapple is not setup to do anything with encryption as far as I know. What I think the OP is after is this: some access point has wpa and he wants to leave his pineapple there so that it can crack the wpa (assuming via reaver), join the wpa network, then execute some MITM attacks (cap all the packets, use sslstrip, urlsnarf, what have you) on the still-working original wpa encrypted access point. telot Quote Link to comment Share on other sites More sharing options...
01000010 Posted October 12, 2012 Share Posted October 12, 2012 (edited) Ok well here let me say it this way. Get wpa key - you have to do this no matter what setup pineapple use reaver to get wpa[/CODE]Option 1 - client style attack[CODE]after getting keyConnect the target access point with network manager - be a clientrun arpspoof to become the routerStart having fun with tools[/CODE]Option Two[CODE]set the ssid, type of encryption, and wpa key to same as target - you are the Internet/AP providerdeauth target router to gain clientsstart having fun with tools[/CODE]I guess anyway you want to do it is up to you, I guess it depends on the target network setup and stuff your doing.Personally I would use option 2 - Some of the place I hang out at you can not arpspoof the network and they use mac controls and stuff.Also when using option 1 , All your traffic is on the network where an IDS, or other system and detect plus log all the stuff you have done.For option 2, They will see the ap you are using but none of the tools or other stuff because you are taking them off the target network and putting them on yours.Also its been a long time since I looked but isn't the intercepter a ethernet tap that would broadcast the traffic out to the wifi network so you can check it form afar?so it was internet in(wan port), then internet out(lanport, also mirrored to the wifi interface for no touch snooping) Edited October 12, 2012 by leapole Quote Link to comment Share on other sites More sharing options...
metalayer Posted October 12, 2012 Author Share Posted October 12, 2012 (edited) set the ssid, type of encryption, and wpa key to same as target - you are the Internet/AP provider deauth target router to gain clients start having fun with tools The above is what I am attempting. wpa_supplicant was already installed on my mk4, ill try and figure it out and report back. I've noticed the network manager module has an option to set WPA encryption, does anyone know if changing that would work? I'm hesitant to test it myself as last time I changed anything in that module I had to reflash. Edited October 12, 2012 by metalayer Quote Link to comment Share on other sites More sharing options...
metalayer Posted October 12, 2012 Author Share Posted October 12, 2012 Okay found this thread - http://forums.hak5.org/index.php?/topic/24590-using-wpa-on-the-wifi-pineapple-mk-3/ Suggests that wpa can be configured in the wireless config in /etc/config Went here - http://wiki.openwrt.org/doc/uci/wireless to find the needed settings, here is what I've got - config wifi-device radio0 option type mac80211 option channel 11 option macaddr 00:c0:ca:64:7c:d6 option hwmode 11ng option htmode HT20 list ht_capab SHORT-GI-20 list ht_capab SHORT-GI-40 list ht_capab RX-STBC1 list ht_capab DSSS_CCK-40 # REMOVE THIS LINE TO ENABLE WIFI: config wifi-iface option device radio0 option network lan option mode ap option ssid OpenWrt option encryption psk-tkip option key 1l22pcQY ----------- No luck. The pineapple is definitely reading the config as its changed the BSSID to OpenWrt but the AP is still open. Any ideas? Quote Link to comment Share on other sites More sharing options...
metalayer Posted October 12, 2012 Author Share Posted October 12, 2012 Ignore my last message, rebooted and it worked! :D WPA-PSK up and running. Quote Link to comment Share on other sites More sharing options...
NullNull Posted October 12, 2012 Share Posted October 12, 2012 Good job metalayer :D I will try this too :D Quote Link to comment Share on other sites More sharing options...
01000010 Posted October 12, 2012 Share Posted October 12, 2012 Glad to hear its working, Happy pwnage Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.