Jump to content

Help on a few attacks


DrDinosaur
 Share

Recommended Posts

Hi, I'm testing some attacks with the pineapple.

How would I perform a "Evil Twin" attack? Just copy the BSSID and SSID of the target network? Could you provide the exact commands or instructions because I've had some issues with the pineapple.

I was having issues testing Karma. Does it not work on most devices now, or is there some technical glitch or misconfiguration in my testing? I turned on Karma on the pineapple. I forgot all networks on the devices except one open previously connected network. I turned Wi-Fi on the devices and many of them did not automatically connect to the pineapple (though a couple devices may have automatically). I only saw the probe requests on my Nexus 7. What's the correct way to test this?

Say there is a network with WPA2 encryption. I know the key of that network. How can I set everything up so that I can deauth the AP or a client on that AP and have all or just that one client(s) connect to my evil AP? I couldn't get wlan0 to have an encrypted network so that the devices that just got deauthed could connect automatically with the same key. Again, specific instructions would be great because I don't want to say it doesn't work when it actually does.

Lastly, what's a simple way to showcase code injection on HTTP? I know there is a module for that, so what's a good, simple script to showcase the injection? SSLstrip has issues on the web interface, so doing this with Kali or through SSH on the pineapple would be fine. Any details would be highly appreciated.

Thank you!

Link to comment
Share on other sites

For Karma, in my case, when you look at the device that looks for an AP, it sees the previously connected AP (even though they are not there) and it is not encrypted. so the user connects manually.

it does not auto connect in my case. maybe because the "ask before connecting" option in most devices are always ON

Link to comment
Share on other sites

For Karma, in my case, when you look at the device that looks for an AP, it sees the previously connected AP (even though they are not there) and it is not encrypted. so the user connects manually.

it does not auto connect in my case. maybe because the "ask before connecting" option in most devices are always ON

Not quite sure what you mean at the end of the first part. If anyone could help soon, that would really be great. Not sure why no one else has responded...

Link to comment
Share on other sites

How would I perform a "Evil Twin" attack? Just copy the BSSID and SSID of the target network? Could you provide the exact commands or instructions because I've had some issues with the pineapple.

You could use WinSCP and edit your /etc/config/wireless file. Add the encryption lines.

Example:

config 'wifi-iface'

option 'device' 'wl0'

option 'network' 'lan'

option 'mode' 'ap'

option 'ssid' 'MyWifiAP'

option 'encryption' 'psk2' <----add this

option 'key' 'secret passphrase' <----add this

Good link

http://wiki.openwrt.org/doc/uci/wireless

Your wlan0 is far weaker than wlan1 and would have a relatively hard time overpowering your 'good twin'. You would have to be in better proximity to your victim client. You would then deauth the 'good twin' using wlan1. You would need to provide internet to your victim through a usb wifi (alfa), Ethernet, or a usb 3g modem.

I was having issues testing Karma. Does it not work on most devices now, or is there some technical glitch or misconfiguration in my testing? I turned on Karma on the pineapple. I forgot all networks on the devices except one open previously connected network. I turned Wi-Fi on the devices and many of them did not automatically connect to the pineapple (though a couple devices may have automatically). I only saw the probe requests on my Nexus 7. What's the correct way to test this?

Newer devices have a way of not falling into this trap. I name my wlan0 ssid 'attwifi' and I get a whole lot of connections. I'm not sure if it is with the way karma works but I'll get a connection through my wlan0 ssid 'attwifi' but not the karma version of 'attwifi' a lot of the time. You can probably recreate this by naming a router to attwifi, connect to it so it stores in your device. Shut off the router. Turn on the pineapple with karma. You may not automatically connect to it. Name your wlan0 to attwifi. You will probably autoconnect to that. At least that's my experience.

Say there is a network with WPA2 encryption. I know the key of that network. How can I set everything up so that I can deauth the AP or a client on that AP and have all or just that one client(s) connect to my evil AP? I couldn't get wlan0 to have an encrypted network so that the devices that just got deauthed could connect automatically with the same key. Again, specific instructions would be great because I don't want to say it doesn't work when it actually does.

1st answer
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...