Tataboutlamin Posted October 17, 2012 Share Posted October 17, 2012 Hi! The only things that I have with this device are "KARMA: Probe Request from bla bla bla" but no connections... I just read a topic that said "The pineapple will only successfully connect open wifi networks" So.... If I am on a router with password like at home or at school or at MANY PLACES in the world, my pinapple wifi router is useless? Please tell me there's something to do with that! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 17, 2012 Share Posted October 17, 2012 Karma will only get clients to connect if the saved access point, set to auto connect, on the client is open, unecrypted, no auth. You may want to look through http://hakshop.myshopify.com/products/wifi-pineapple-booklet Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted October 17, 2012 Share Posted October 17, 2012 Hi! The only things that I have with this device are "KARMA: Probe Request from bla bla bla" but no connections... I just read a topic that said "The pineapple will only successfully connect open wifi networks" So.... If I am on a router with password like at home or at school or at MANY PLACES in the world, my pinapple wifi router is useless? Please tell me there's something to do with that! To be honest, all the information about how the Pineapple works and what it can and can't do is available from the stores website. If things aren't clear there, there are multiple threads and discussions on this matter. If you bought a pineapple for reasons such as grabbing clients off of encrypted networks, well, Jasager won't help you much with that. The pineapple however is much more than just the Jasager. It has a full set of penetration testing tools and modules. Calling it nothing is a bit inappropriate I think. I do understand your frustration. See if you don't like the things the pineapple has to offer. You will notice it is a very useful tool. Quote Link to comment Share on other sites More sharing options...
metalayer Posted October 17, 2012 Share Posted October 17, 2012 You don't have to use Karma to run MITM attacks. The pineapple can pretend to be a secured ap with the same bssid and WPA key (if you know it) as a popular secure ap and get victims. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted October 17, 2012 Share Posted October 17, 2012 You don't have to use Karma to run MITM attacks. The pineapple can pretend to be a secured ap with the same bssid and WPA key (if you know it) as a popular secure ap and get victims. Exactly. Enable the deauth module and kick people from their APs. Chances are, they will connect back. There is a thread on the forums here about exactly this. Quote Link to comment Share on other sites More sharing options...
Tataboutlamin Posted October 17, 2012 Author Share Posted October 17, 2012 Sorry Sebkinne about calling that "nothing".... you're right it's a powerful tool they did... I was not thinking before writing... Yeah I'll take a look about the "death module" you spoke about. What if I was on a network that each person has his own ID with his own personnal password? Should I use mine to connect my pineapple wifi to the real router and let people connecting to my pineapple wifi and using MY secured connection? Or there is an another way? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted October 17, 2012 Share Posted October 17, 2012 Sorry Sebkinne about calling that "nothing".... you're right it's a powerful tool they did... I was not thinking before writing... Yeah I'll take a look about the "death module" you spoke about. What if I was on a network that each person has his own ID with his own personnal password? Should I use mine to connect my pineapple wifi to the real router and let people connecting to my pineapple wifi and using MY secured connection? Or there is an another way? That is what we designed it for. To do more than just capture clients ;) Anyway, if on a pentest, I would try to harvest a clients connection information. ie their own personal ID and password. You could do that by setting up a phishing page or similar. Then you can use that information to connect to the AP and from there share to victims. Just make sure you don't deauth yourself ;) Standard Disclaimer: Remember to get permission to use the pineapple beforehand. PS: Make sure to upgrade your firmware in case it isn't 2.7.0 yet. If your firmware is below 2.6.4 you will need to go to this page: http://172.16.42.1:1471 instead of the old http://172.16.42.1/pineapple/. We keep introducing new features and it will hopefully be even more to your liking ;) Quote Link to comment Share on other sites More sharing options...
GoAxe32 Posted October 17, 2012 Share Posted October 17, 2012 @newfylox What works to your advantage, is the fact that almost EVERYONE's phone, or laptop has an open access point saved and ready to auto-connect when in range. Even if you're in a place, such as school, with an encrypted network nearby, your target's phone can still connect to 'MyHome' even though they aren't home, as the pineapple will automatically impersonate this, or any other open network saved in their device. What's even better, is you can use any number of methods to 'steer' targets to your pineapple, such as deauthing them from other valid networks near you. If you're a beginner, take a look at Hak5 episodes 1122, 1123 and 1124. Darren does a good job breaking down how wifi fundamentally works, and where the pineapple jumps in to take advantage of its weaknesses. Quote Link to comment Share on other sites More sharing options...
Tataboutlamin Posted October 18, 2012 Author Share Posted October 18, 2012 That is what we designed it for. To do more than just capture clients ;) Anyway, if on a pentest, I would try to harvest a clients connection information. ie their own personal ID and password. You could do that by setting up a phishing page or similar. Then you can use that information to connect to the AP and from there share to victims. Just make sure you don't deauth yourself ;) Standard Disclaimer: Remember to get permission to use the pineapple beforehand. PS: Make sure to upgrade your firmware in case it isn't 2.7.0 yet. If your firmware is below 2.6.4 you will need to go to this page: http://172.16.42.1:1471 instead of the old http://172.16.42.1/pineapple/. We keep introducing new features and it will hopefully be even more to your liking ;) Wow thanks a lot! Of course I'm a beginner and I will have to figure out how to set all those steps but HEY, you gave me those steps so it's a gift from you and it will give me the chance to try my skill and learn. Thank you, you've been such a good help. (sorry about my english) @newfylox What works to your advantage, is the fact that almost EVERYONE's phone, or laptop has an open access point saved and ready to auto-connect when in range. Even if you're in a place, such as school, with an encrypted network nearby, your target's phone can still connect to 'MyHome' even though they aren't home, as the pineapple will automatically impersonate this, or any other open network saved in their device. What's even better, is you can use any number of methods to 'steer' targets to your pineapple, such as deauthing them from other valid networks near you. If you're a beginner, take a look at Hak5 episodes 1122, 1123 and 1124. Darren does a good job breaking down how wifi fundamentally works, and where the pineapple jumps in to take advantage of its weaknesses. WOW!!! You're right!!! I didn't think about it. As I said to Sebkinne, I'm a newbie about "hacking" or testing security and stuff like that, but I understood what you told me and I will listen those episodes you talked about. You guys are all helping me! Quote Link to comment Share on other sites More sharing options...
Tataboutlamin Posted October 18, 2012 Author Share Posted October 18, 2012 @newfylox What works to your advantage, is the fact that almost EVERYONE's phone, or laptop has an open access point saved and ready to auto-connect when in range. Even if you're in a place, such as school, with an encrypted network nearby, your target's phone can still connect to 'MyHome' even though they aren't home, as the pineapple will automatically impersonate this, or any other open network saved in their device. What's even better, is you can use any number of methods to 'steer' targets to your pineapple, such as deauthing them from other valid networks near you. If you're a beginner, take a look at Hak5 episodes 1122, 1123 and 1124. Darren does a good job breaking down how wifi fundamentally works, and where the pineapple jumps in to take advantage of its weaknesses. Hey GoAxe32... I just watched 1122 and that's cool... but after that, it becomes really technical for a newbie as me :( Is there a post somewhere That I can read to start with my new pineapple wifi? I mean, I can't go like I'm a professional hacker... I have to learn steps by steps with (maybe) module or else, trying to spy people around me at school or knowing how to make people connect to my pineapple wifi and "fake" them! thanks Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 18, 2012 Share Posted October 18, 2012 Keep in mind, advanced networking knowledge as well as linux knowledge is what will really help understand how this works. Also keep in mind. WiFi Pineapple is a wireless penetration testing toolfor use in authorized security audits where permitted. Check laws and obtain client permission before using. Hak5, LLC., Darren Kitchen, Robin Wood, Rob Fuller, Sebastian Kinne and affiliates claim no responsability for unauthorized use. Please Hack Responsibly. The Book. http://hakshop.myshopify.com/collections/accessory/products/wifi-pineapple-booklet Quote Link to comment Share on other sites More sharing options...
HoodooTheGreat Posted October 25, 2012 Share Posted October 25, 2012 For WEP\Wpa/Wpa2 encryption options for the Pineapple download the module "networkmanager" -he-he this will make your WiFi Pineapple truly UN-stoppable. Quote Link to comment Share on other sites More sharing options...
DyFukA Posted October 25, 2012 Share Posted October 25, 2012 I am very much enjoying my pineapple. $100 well spent. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.