Jump to content

Detection of the pineapple in the wild & evasion methods


Patriot
 Share

Recommended Posts

Anyone else find it odd that the only actual solution that worked magically got removed by a mod.

I understand you don't want people posting links to warez sites or discussing illegal topics but remoing a post because someone posted a solution of how to evade detection? Really?

How is trying to evade IPS/IDS system as a pen tester using the pineapple against the forum rules?

As it stands any system administrator / law enforcement offical can simply detect the pineapple by a few lines of code regardless of whether you're in a cofee shop or they are parked outside your home.

Can the person that posted the working code repost it. Would love to simply turn on my pineapple and everytime it has a random mac address/hostname etc.. to evade detection.

Hopefully someone can shed some light on this.

Link to comment
Share on other sites

Anyone else find it odd that the only actual solution that worked magically got removed by a mod.

I understand you don't want people posting links to warez sites or discussing illegal topics but remoing a post because someone posted a solution of how to evade detection? Really?

How is trying to evade IPS/IDS system as a pen tester using the pineapple against the forum rules?

As it stands any system administrator / law enforcement offical can simply detect the pineapple by a few lines of code regardless of whether you're in a cofee shop or they are parked outside your home.

Can the person that posted the working code repost it. Would love to simply turn on my pineapple and everytime it has a random mac address/hostname etc.. to evade detection.

Hopefully someone can shed some light on this.

We removed nothing and nothing was removed / hidden. You must be mistaken.

We have absolutely nothing against scripts like that. Heck, make it into an infusion and "turn on incognito mode" or something. Look again on page 1, there is a thread by Cillian if that's the one you mean!

Best Regards,

Sebkinne

Link to comment
Share on other sites

ya I dont think anything was removed or that they would try to hide if it was they would just say not here....

back on topic!

so the wifi command does reset the mac addresses to stock so thats out

if i use "ifconfig wlan# up" it works for the the client card but does no bring the pineapples ssid back up so.... is there a command that can be issued to bring it back up with the settings already there? or is it more complicated?

Link to comment
Share on other sites

I guess I should note that simply taking wlan0 down then back up does not start the ap so i guess the question is how would i restart it? without the wifi command... :S

Edited by jjd
Link to comment
Share on other sites

ahhhh, but its only 11:30PM here, and I have tomorrow off. ok I guess ill quit screwing with this one tonight and mess with another brain teaser.

well as it turns out i couldn't sleep anyway....

so here is a script i wrote very quickly to change mac addresses. Keep in mind I am no programer! but I will probably turn it into a /etc/init.d/ script tomorrow and post the code

currently you have to run it every time you want a new mac address but it will randomize... kinda... for now it just picks a random dell mac

it does require bc to run

opkg update
opkg install bc

than make a file called macchange.sh

chmod +x macchange.sh

than use nano or something to put the code in:

see next post for update

and as you probably guessed the options are as follows

./macchange.sh change to change your mac for next boot

./macchange.sh changenow to change your mac now

./macchange.sh clean to change your mac back to stock now

as it turns out it was really easy to do its an option in /etc/config/wireless
I have not tried it with dip switches but the change now at least should work and if set on a dip switch it would change your mac every boot
ok now Im really going to sleep!
Edited by jjd
Link to comment
Share on other sites

ok i started a new thread for my solution to the problem as it does not do anything with the host name and that was a part of this original thread also i will update the code in my first post of the new thread if I make any changes

https://forums.hak5.org/index.php?/topic/30827-jjds-mac-changing-script/?p=232116

Edited by jjd
Link to comment
Share on other sites

  • 1 month later...

you must forgive me for my n00bness, as well as my racial handicap, but as much as i'm into fucking myself real good, if you go randomising your MAC address, doesn't it make you susceptible to getting penetrated by your own device re the use of MAC address blacklisting/whitelisting?

LOL! Another way to do it is to generate a poll of random macs 1-X, whitelist all of them and pull randomly from the pool and removing the current mac from the pool.

or... make a wraper for whatever the current built in mac changer script that comes w/ the mk5 which automaticaly whitelists after a change. This is probbaly the cleanest method

thats 5-10min in scripting to acomplish.

Edited by 0jf5
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...