mrgray Posted March 12, 2013 Share Posted March 12, 2013 So i'm needing to know how would a "Hacker" get away with DNS spoofing and other things that the Mark IV Pineapple do? Can they trace it back to you and etc? I think there should be a (Pined) thread about this on how a "Hacker" would get away and not get caught. The Does and Don'ts you know. Quote Link to comment Share on other sites More sharing options...
inTheDMZ Posted March 12, 2013 Share Posted March 12, 2013 I'm going to attack this question from the point of view of someone who is trying to catch people to use Wifi Pineapples, as no-one on these forums are going to condone someone using these tools in the wrong way. The most prominent identifying mark of a pineapple is the MAC address, set-up a kismet Wireless server and write a script to parse logs for MAC addresses matching Alfa networks unique identifier. Secondly the pineapple will change its broadcasted SSID frequently in a short space of time, kismet has a build in option to alert to these constant changes. Kismet will also let you set known MAC addresses for ligitimate access points, if a access point appears with the same name but without a registered MAC address it can alert the user. Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted March 12, 2013 Share Posted March 12, 2013 I'm going to attack this question from the point of view of someone who is trying to catch people to use Wifi Pineapples, as no-one on these forums are going to condone someone using these tools in the wrong way. The most prominent identifying mark of a pineapple is the MAC address, set-up a kismet Wireless server and write a script to parse logs for MAC addresses matching Alfa networks unique identifier. Secondly the pineapple will change its broadcasted SSID frequently in a short space of time, kismet has a build in option to alert to these constant changes. Kismet will also let you set known MAC addresses for ligitimate access points, if a access point appears with the same name but without a registered MAC address it can alert the user. However, If you do a little recon, You can spoof the pineapples MAC Address to one that is whitelisted. And on a pen test scheduled right, If the company got new wifi equipment, you could set up a pineapple and the sys admin would see it as a legit AP from the beginning :) -Foxtrot Quote Link to comment Share on other sites More sharing options...
inTheDMZ Posted March 12, 2013 Share Posted March 12, 2013 Yea, thats very true, built a Wireless IDS for a university project, found that was one way to evade it, although the frequent change in SSID should flag it still. Depends on your specific needs when you are using the pineapple. Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted March 12, 2013 Share Posted March 12, 2013 Yea, thats very true, built a Wireless IDS for a university project, found that was one way to evade it, although the frequent change in SSID should flag it still. Depends on your specific needs when you are using the pineapple. Yeah, I guess if you was using a pineapple for the MITM use only (Without karma) You could setup an interceptor and then connect. -Foxtrot Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted March 12, 2013 Share Posted March 12, 2013 But there is something imprortant, if I´m a pineapples victim, when I connect to it, I can see the Ip of the ICS, and with that you can get busted. or Not? Quote Link to comment Share on other sites More sharing options...
shutin Posted March 13, 2013 Share Posted March 13, 2013 But there is something imprortant, if I´m a pineapples victim, when I connect to it, I can see the Ip of the ICS, and with that you can get busted. or Not? Totally. That is how I'd figure things out. I mean, if you are connecting to a open wifi point and even moderately interested in computer security, you'd probably goto www.wimi.com (what is my ip.com) and then reverse scan the AP just to see what else is open. Then boom, you have the person's external, paid-for IP which you could submit to abuse-* and get them busted. How could you avoid this as the pineappler? Have the pineapple VPN'd to china where they don't care? Is there a cheaper option? Quote Link to comment Share on other sites More sharing options...
thesugarat Posted March 14, 2013 Share Posted March 14, 2013 The internet access a hacker might proivde via a device like the pineapple doesn't have to come from them or something they've paid for. My local airport has free wifi in the lobby so they could take that free wifi and share it to anyone connecting to the pineapple with internal ICS. Therefore if the victime checked the external IP it's going to show up as the airports owned system or a neighbors wifi or a prepaid cell data card (burner). If you have a pineapple and you're playing MITM by sharing your own internet, be prepared for the consequences if found out. Or use a VPN... Quote Link to comment Share on other sites More sharing options...
condor Posted March 15, 2013 Share Posted March 15, 2013 Errmm, uhh. Hmmmm. Study the underlying technologies/exploits and look for markers. I assume you are a teacher, Mr. Gray,lol. Very good, RHETORICAL question. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted March 15, 2013 Share Posted March 15, 2013 Not getting "caught" as a "hacker". Don't do illegal activities. Have a contract. Don't violate the contract. Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted March 15, 2013 Share Posted March 15, 2013 It´s in my opinion a valid question. Quote Link to comment Share on other sites More sharing options...
tarxvf Posted March 15, 2013 Share Posted March 15, 2013 It´s in my opinion a valid question. Could of been formatted differently though.... "When I'm on a pentest, how do I prevent being caught? (by IDS' etc.)" Or how do I use the pineapple 'passively' and then the differences between modes and best practices to secure the identity of the ICS and other distinguishing features. Quote Link to comment Share on other sites More sharing options...
shutin Posted March 16, 2013 Share Posted March 16, 2013 This kind of brings up an interesting point though. Let's say I am at home experimenting with my pineapple. I set it up so Karma is disabled and it's just got an open wifi point. My moocher neighbors connect to it hoping for free internet access. Isn't connecting to an AP that you don't have permission to access a legally grey area? More so that me simply monitoring the activity that flows through that AP? Do I need to set up MAC filtering to only permit my personal devices to connect? Mind you, I am not planning on running phishing pages or DNS spoofing. But I still feel that whatever flows through my personal AP I have a right to monitor. I'm sure these laws very from state to state.. I'm in CA. Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted March 16, 2013 Share Posted March 16, 2013 If your neighbors coonedt to the pineapple ssid, there is no problem, but if they connect to the pineapple via karma, there is a problem legally speaking. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.