(Q) How to not get caught using the Mark IV, DNS Spoofing? And so on.

[mrgray]

So i'm needing to know how would a "Hacker" get away with DNS spoofing and other things that the Mark IV Pineapple do?

Can they trace it back to you and etc?

I think there should be a (Pined) thread about this on how a "Hacker" would get away and not get caught. The Does and Don'ts you know.

[inTheDMZ]

I'm going to attack this question from the point of view of someone who is trying to catch people to use Wifi Pineapples, as no-one on these forums are going to condone someone using these tools in the wrong way.

The most prominent identifying mark of a pineapple is the MAC address, set-up a kismet Wireless server and write a script to parse logs for MAC addresses matching Alfa networks unique identifier.

Secondly the pineapple will change its broadcasted SSID frequently in a short space of time, kismet has a build in option to alert to these constant changes.

Kismet will also let you set known MAC addresses for ligitimate access points, if a access point appears with the same name but without a registered MAC address it can alert the user.

[Foxtrot]

I'm going to attack this question from the point of view of someone who is trying to catch people to use Wifi Pineapples, as no-one on these forums are going to condone someone using these tools in the wrong way.

The most prominent identifying mark of a pineapple is the MAC address, set-up a kismet Wireless server and write a script to parse logs for MAC addresses matching Alfa networks unique identifier.

Secondly the pineapple will change its broadcasted SSID frequently in a short space of time, kismet has a build in option to alert to these constant changes.

Kismet will also let you set known MAC addresses for ligitimate access points, if a access point appears with the same name but without a registered MAC address it can alert the user.

However, If you do a little recon, You can spoof the pineapples MAC Address to one that is whitelisted. And on a pen test scheduled right, If the company got new wifi equipment, you could set up a pineapple and the sys admin would see it as a legit AP from the beginning :)

-Foxtrot

[inTheDMZ]

Yea, thats very true, built a Wireless IDS for a university project, found that was one way to evade it, although the frequent change in SSID should flag it still.

Depends on your specific needs when you are using the pineapple.

[Foxtrot]

Yea, thats very true, built a Wireless IDS for a university project, found that was one way to evade it, although the frequent change in SSID should flag it still.

Depends on your specific needs when you are using the pineapple.

Yeah, I guess if you was using a pineapple for the MITM use only (Without karma) You could setup an interceptor and then connect.

-Foxtrot

[Boba Fett]

But there is something imprortant, if I´m a pineapples victim, when I connect to it, I can see the Ip of the ICS, and with that you can get busted. or Not?

[shutin]

But there is something imprortant, if I´m a pineapples victim, when I connect to it, I can see the Ip of the ICS, and with that you can get busted. or Not?

Totally. That is how I'd figure things out. I mean, if you are connecting to a open wifi point and even moderately interested in computer security, you'd probably goto www.wimi.com (what is my ip.com) and then reverse scan the AP just to see what else is open. Then boom, you have the person's external, paid-for IP which you could submit to abuse-* and get them busted.

How could you avoid this as the pineappler? Have the pineapple VPN'd to china where they don't care? Is there a cheaper option?

[thesugarat]

^{The internet access a hacker might proivde via a device like the pineapple doesn't have to come from them or something they've paid for. My local airport has free wifi in the lobby so they could take that free wifi and share it to anyone connecting to the pineapple with internal ICS. Therefore if the victime checked the external IP it's going to show up as the airports owned system or a neighbors wifi or a prepaid cell data card (burner). If you have a pineapple and you're playing MITM by sharing your own internet, be prepared for the consequences if found out. Or use a VPN...}

[condor]

Errmm, uhh. Hmmmm. Study the underlying technologies/exploits and look for markers.

I assume you are a teacher, Mr. Gray,lol. Very good, RHETORICAL question.

[Mr-Protocol]

Not getting "caught" as a "hacker".

Don't do illegal activities. Have a contract. Don't violate the contract.

[Boba Fett]

It´s in my opinion a valid question.

[tarxvf]

It´s in my opinion a valid question.

Could of been formatted differently though.... "When I'm on a pentest, how do I prevent being caught? (by IDS' etc.)"

Or how do I use the pineapple 'passively' and then the differences between modes and best practices to secure the identity of the ICS and other distinguishing features.

[shutin]

This kind of brings up an interesting point though. Let's say I am at home experimenting with my pineapple. I set it up so Karma is disabled and it's just got an open wifi point. My moocher neighbors connect to it hoping for free internet access. Isn't connecting to an AP that you don't have permission to access a legally grey area? More so that me simply monitoring the activity that flows through that AP? Do I need to set up MAC filtering to only permit my personal devices to connect? Mind you, I am not planning on running phishing pages or DNS spoofing. But I still feel that whatever flows through my personal AP I have a right to monitor. I'm sure these laws very from state to state.. I'm in CA.

[Boba Fett]

If your neighbors coonedt to the pineapple ssid, there is no problem, but if they connect to the pineapple via karma, there is a problem legally speaking.