NOOB HELP!

[arcangelny]

Can someone point me to where I an read about specifically what is involved with hacking wifi access using the Pineapple MK IV. I am a net engineer and work daily with WIFI but new to security hacking.

Besides the Pineapple, what else would I need? Are there any docs, blogs or forums I might benefit from?

Any speific infusions I would need (and/or could reead up on)?

Is there possibly a set of step by step instructions around?

Thanks.

[thesugarat]

There's a ReadMe post in here. There's also the Pineapple manual PDF to download or actual printed one from the hack shop. There are several YouTube videos out there, just search WiFi Pineapple. There aren't to many tutorials or instructions for a lot of the infusions because there's already lots of info out there to research and read. Usually it's in the forums or help files/wikis associated with those programs. Unfortunately, for a tool aimed at security professionals there seem to be quite a lot of folks who buy a pineapple and expect folks here to teach them the basics of networking and Linux. The best I can tell you is to learn the basics on your own by trial and error. Same with using the pineapple. A lot of it is just exploring the pineapple and turning things on and off. Experiment and put some time in behind the keyboard. Don't forget to have fun while learning and you'll have it worked out in no time. Welcome!

[arcangelny]

Well... It's kinda funny... Have been an IT professional since the mainframe days... I remmeber 75 baud modems and testing lines by licj=kin nmy fingers and touching the leads to "test" for current. Life was simnpler. Data comm was all point to point. I even ran a Salt Air BBS at home with 4 direct dialk lines (before the days of internet. Security was confined to safeguarding passwords. War dialers and brute force attacks were high tech.

I have a perfunctory understanding of Unix (via being an admin to some HP mini's running SCO UNix a few years ago and some Linux server experience). I must admit that the "hacking:" is a somewhat perplexing concept. It's a whole new world "playing on the other side of the fence" so to speak. I have toyed with reaver and airmon.

Would most out here suggest I just get a pineapple and dive in? I also have a background in Cisco and checkpoint, but they really don't explain in depth how people get in where they're not supposed to be, just what the accepted procedures to keep most out are.

Can anyone estimate how much time it would take a fairly computer literate tech to get a pinapple up and operational?

As for youtube... I viewed a number of videos but none were really "step by step". If someone knows of something that corresponds to what I am doing I would love the URL.

My main interest would be corporate network security and wifi provided for visiting or transient users. Saw mostly "phishing videos for collecting passwords to EMail and Social Networking sites, Don't know how or if that's relevant to what I am looking to accomplish.

[thesugarat]

You being an IT guy is definately going to help with the learning curve. You might want to look into the Back Track linux distro. It's free and it's main focus is penetration testing. You could just purchase a pineapple and dive right in but it might not be what you're looking for. If you're looking into this for more of a corporate environment, you may want to look at the pineapple to educate your users about wireless security. Run the pineapple with Karma engaged and use DNS Spoof to send them to an internal warning page about the dangers of open WiFi... Make sure you're using proper wireless settings... i.e. no WPS turned on because of Reaver, use WPA not WEP... use a VPN if your on an open WiFi network at a hotel or Coffee shop. Keep an eye out for rouge hotspots. Essentially your corporate environment, since you're using WiFi, is exactly where I'd use a pineapple... I could use phising pages to try to get usernames and logons to your real corporate systems.

[arcangelny]

Actually it's management I need to educate. They have several offices throughout several buildings in a corporate park. They were paying a local telco a fortune to ride their network between the various buildings. It iused a number of circuits for redundancy all of which incurred monthly circuit fees, plus equipment. I set up several line of sight wireless links between buildings using boosters and Yagi antennas. All equipment was purchased outright.

In addition, I setup several hotspots for visiting employees. The business has hundreds of work at home and field service employees. Again they saved a considerable amount by allowing ermployees toi w3ork at home and not have to provide special accomodations when the employees are required to work on site (average 3-4 times a month)

After saving all this money... You would think they would be willing to spend a few dollars tom beef up security... Nope. Some "expert" told themn all they needed was to set up MAC address filtering on the hotspots and their worries woiuld be over. Moreover he stated that the Government used MAC filtering ton secure there networks. Well I check with my son, who is in an army specialm forces unit and is often used to do some coputer work in the field (he used to work for me when he was a teen and made the mistake of telling his superiors he knew something about IT). He did confirm that they do indeed use MAC filtering, as well as several other safeguards. After researching I found several methods to discover and spoof MAC addresses. After dislosing this to mmanagerment, they decided thta the risk was minimal, anyway... How did they get to be in charge?

I have a BackTrack Live R5 CD. It seems to take a while to produce. IOt may be me but I have had limited success with it. I may be wrong but it seems like the Pineapple will produce quicker results with less effort. Again I am just stating what I think i understand.

In any event. i think I will be ordering a Pineapple, at least to teach myself. It would be fun to write my bosses password on a piece of paper and hand it to him... One way to make a case for more security dollars in the budget.

[thesugarat]

I can't speak for specific Special Forces units but the greater majority of US Armed Forces do not use WiFi. Yes they tend to use several different layers of security on the networks like Port Security. You are correct that spoofing wifi mac addresses is very easy. Does your boss use the wireless hotspots that have been setup? If he does you can try to find his MAC address and use a Black/White filter so that only his machine logs onto your rouge hotspot (pineapple). Once that happens you control everything he sees... Use DNS Spoofing to send him to any website you want. He types in www.google.com and gets redirected to www.myspace.com as an example... replace google with a corporate website and you've just created a Denial of Sevice or an opportunity to create a fake page and Phish his logon information. Just some thoughts.