LexMichdeappel Posted December 3, 2012 Share Posted December 3, 2012 I just got my Mark IV in the mail and I got it running. I'm a big n00b, but still I am at a stage that the thing has Karma turned on and it shows me a few connecting devices. Only that isn't really why I turned it on, because I want to check if my own phone is vulnerable for these attacks. What bothers me is, why isn't my phone coming up in the logs? Is it safe to leave my phone in 'WIFI ON' state or am I doing something wrong and is this a false feeling of security? When I use 'airodump-ng' on a Backtrack machine, my Galaxy Nexus shows a lot of probing! So I can't believe I'm safe... Also I don't see passwords that the other devices use to log into the fake SSID's generated by Karma. Is that something that just isn't possible or is that also leaking from phones and should I be careful with my own info's? I hope someone can help me testing my equipment, please keep in mind I'm actually a big n00b, but adventurous enough to have come this far. Quote Link to comment Share on other sites More sharing options...
stealthkit Posted December 3, 2012 Share Posted December 3, 2012 You need to read up about the pineapple and understand what it can do along with what it can't, just for future reference. Pentesting is 90% research and 10% actually implementing the attack/exploit. Karma works based on if the client has ever connected to an open wireless ssid. So that being said, if you have ever connected you phone to a wifi hotspot or someones network without encryption, then you would be vulnerable. Most people have gone to an open ssid but not everyone. No, the passwords will not show up on the pineapple. Wireless uses a handshake, where only part of the password is exposed until it know the other side is authentic then the password is encrypted and check against the client. This is a general idea and not exact because it depends on what encryption is used as to how the machine authenticates. *Hint* You could always use "mdk3" and deauthenticate everyone except the mac address of your home wifi and the pineapples mac. This way they are forced to reconnect and since everything is deauthenticating then will go further down the probe list hopefully landing on and open ssid which the pineapple will clone. Hope this helps -Stealthkit Quote Link to comment Share on other sites More sharing options...
LexMichdeappel Posted December 3, 2012 Author Share Posted December 3, 2012 (edited) Ah. So if I understand correctly, you can only 'fool' devices that try to connect to unsecured wifi routers. And 'payload' only comes from information submitted by the connections that are made to 'internet-stuff'. The only routerconnection-info I'm transmitting to the pineapple when I walk down the street is a routername I have stored in my phone and it must be unencrypted, no passwords are collected. You were indeed pretty helpful, thanks! And afaik my Galaxy Nexus has several unsecure routerconnections saved. It's strange why it doesn't connect automatically through my pineapple, because I can clearly see it probe like a mad-man in 'airodump-ng'. At the moment I don't have an internet connection I can share to the pineapple, but I will be coming back with more questions as soon as I had the chance to play some more! Edited December 3, 2012 by LexMichdeappel Quote Link to comment Share on other sites More sharing options...
stealthkit Posted December 3, 2012 Share Posted December 3, 2012 No Problem... I also have a Galaxy Nexus that I have use and karma is able to trick it into connecting. Are you sure that you are looking at probes in airodump-ng and not beacons? You will usually see a probes at the bottom of airodump-ng. It usually just shows one probe per ssid for me. Let me know if you have any other questions ;) -Stealthkit Quote Link to comment Share on other sites More sharing options...
LexMichdeappel Posted December 4, 2012 Author Share Posted December 4, 2012 No Problem... I also have a Galaxy Nexus that I have use and karma is able to trick it into connecting. Are you sure that you are looking at probes in airodump-ng and not beacons? You will usually see a probes at the bottom of airodump-ng. It usually just shows one probe per ssid for me. Let me know if you have any other questions ;) -Stealthkit Yes, it shows up in the bottom list of airodump-ng. Maybe I'm not seeing it in the pineapple, I'm still figuring out all kinds of stuff. Just got it upgraded to 2.7.0 and figured out I had to change login-ip/port. Installed a few modules that were available in the Pineapple Bar tab. Will post if there's more to ask. For now I'll take your word for it that my G_N is vulnerable ;) . Better safe then sorry! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.