Jump to content

(Q) How to not get caught using the Mark IV, DNS Spoofing? And so on.


mrgray
 Share

Recommended Posts

So i'm needing to know how would a "Hacker" get away with DNS spoofing and other things that the Mark IV Pineapple do?

Can they trace it back to you and etc?

I think there should be a (Pined) thread about this on how a "Hacker" would get away and not get caught. The Does and Don'ts you know.

Link to comment
Share on other sites

I'm going to attack this question from the point of view of someone who is trying to catch people to use Wifi Pineapples, as no-one on these forums are going to condone someone using these tools in the wrong way.

The most prominent identifying mark of a pineapple is the MAC address, set-up a kismet Wireless server and write a script to parse logs for MAC addresses matching Alfa networks unique identifier.

Secondly the pineapple will change its broadcasted SSID frequently in a short space of time, kismet has a build in option to alert to these constant changes.

Kismet will also let you set known MAC addresses for ligitimate access points, if a access point appears with the same name but without a registered MAC address it can alert the user.

Link to comment
Share on other sites

I'm going to attack this question from the point of view of someone who is trying to catch people to use Wifi Pineapples, as no-one on these forums are going to condone someone using these tools in the wrong way.

The most prominent identifying mark of a pineapple is the MAC address, set-up a kismet Wireless server and write a script to parse logs for MAC addresses matching Alfa networks unique identifier.

Secondly the pineapple will change its broadcasted SSID frequently in a short space of time, kismet has a build in option to alert to these constant changes.

Kismet will also let you set known MAC addresses for ligitimate access points, if a access point appears with the same name but without a registered MAC address it can alert the user.

However, If you do a little recon, You can spoof the pineapples MAC Address to one that is whitelisted. And on a pen test scheduled right, If the company got new wifi equipment, you could set up a pineapple and the sys admin would see it as a legit AP from the beginning :)

-Foxtrot

Link to comment
Share on other sites

Yea, thats very true, built a Wireless IDS for a university project, found that was one way to evade it, although the frequent change in SSID should flag it still.

Depends on your specific needs when you are using the pineapple.

Link to comment
Share on other sites

Yea, thats very true, built a Wireless IDS for a university project, found that was one way to evade it, although the frequent change in SSID should flag it still.

Depends on your specific needs when you are using the pineapple.

Yeah, I guess if you was using a pineapple for the MITM use only (Without karma) You could setup an interceptor and then connect.

-Foxtrot

Link to comment
Share on other sites

But there is something imprortant, if I´m a pineapples victim, when I connect to it, I can see the Ip of the ICS, and with that you can get busted. or Not?

Totally. That is how I'd figure things out. I mean, if you are connecting to a open wifi point and even moderately interested in computer security, you'd probably goto www.wimi.com (what is my ip.com) and then reverse scan the AP just to see what else is open. Then boom, you have the person's external, paid-for IP which you could submit to abuse-* and get them busted.

How could you avoid this as the pineappler? Have the pineapple VPN'd to china where they don't care? Is there a cheaper option?

Link to comment
Share on other sites

The internet access a hacker might proivde via a device like the pineapple doesn't have to come from them or something they've paid for. My local airport has free wifi in the lobby so they could take that free wifi and share it to anyone connecting to the pineapple with internal ICS. Therefore if the victime checked the external IP it's going to show up as the airports owned system or a neighbors wifi or a prepaid cell data card (burner). If you have a pineapple and you're playing MITM by sharing your own internet, be prepared for the consequences if found out. Or use a VPN...

Link to comment
Share on other sites

Errmm, uhh. Hmmmm. Study the underlying technologies/exploits and look for markers.

I assume you are a teacher, Mr. Gray,lol. Very good, RHETORICAL question.

Link to comment
Share on other sites

It´s in my opinion a valid question.

Could of been formatted differently though.... "When I'm on a pentest, how do I prevent being caught? (by IDS' etc.)"

Or how do I use the pineapple 'passively' and then the differences between modes and best practices to secure the identity of the ICS and other distinguishing features.

Link to comment
Share on other sites

This kind of brings up an interesting point though. Let's say I am at home experimenting with my pineapple. I set it up so Karma is disabled and it's just got an open wifi point. My moocher neighbors connect to it hoping for free internet access. Isn't connecting to an AP that you don't have permission to access a legally grey area? More so that me simply monitoring the activity that flows through that AP? Do I need to set up MAC filtering to only permit my personal devices to connect? Mind you, I am not planning on running phishing pages or DNS spoofing. But I still feel that whatever flows through my personal AP I have a right to monitor. I'm sure these laws very from state to state.. I'm in CA.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...