[Infusion idea] WiFi crack

[TheHackerNextDoor]

I have an idea for an infusion. I will begin writing it as soon as my WiFi Pineapple arrives, but I want to know more features I should add.

Here is what is does

-----------------------------------------

1. Scan networks

2. If open networks are found, connect

3. If no open networks are found, launch reaver/bully and begin cracking a vulnerable network

4. Once cracked, record login information and connect

5. Make sure it can connect to the internet

Configuration options

-----------------------------------------

Crack networks no matter what - Boolean

Stop once n networks are cracked or there are no vulnerable networks left(0 to disable, -1 for all) - Integer

Run commands once internet access is achieved - String array

Run infusions once internet access is achieved - String array

White-listing based on mac address - String array

Bully or Reaver - Radio buttons

Where to store data(Locally, remote FTP, remote MySQL, or remote secure FTP) - Radio buttons and a text box to enter remote parameters

What are your thoughts on using MySQL to store everything? Would it be worth it, or should I just use a few text documents?

Edited March 18, 2014 by TheHackerNextDoor

[Sebkinne]

Hey Laptopdude and welcome to the forums!

I suggest adding the option to choose between bully or reaver.

The reason I suggest this is because depending on the use-case bully is much more reliable than reaver is.

Best Regards,

Sebkinne

[TheHackerNextDoor]

Hey Laptopdude and welcome to the forums! I suggest adding the option to choose between bully or reaver. The reason I suggest this is because depending on the use-case bully is much more reliable than reaver is. Best Regards, Sebkinne

I've updated my post.

Edited March 13, 2014 by laptopdude90

[TheHackerNextDoor]

Coupling this with Karma, Jammer, and Autossh would be deadly!

[TheHackerNextDoor]

Hey Laptopdude and welcome to the forums!

I suggest adding the option to choose between bully or reaver.

The reason I suggest this is because depending on the use-case bully is much more reliable than reaver is.

Best Regards,

Sebkinne

Since you're one of the developers, are there any built-in APIs to communicate with the radios? It would be so much easier to run a command like getNetworks() and have it return an array, and something like setNetwork(string SSID, string PSK) to set it!

[thesugarat]

Sounds like you are going to turn wifite into an infusion.... Sounds good to me. :)

[THCMinister]

Some concerns I would have is that using MySQL is that once a connection to the net and data is uploaded to the DB, the person that runs the network could potenetially see the DB connection as well as if you were to upload the files. Caution would have to be taken in the way you choose to store/upload your data.

[TheHackerNextDoor]

Some concerns I would have is that using MySQL is that once a connection to the net and data is uploaded to the DB, the person that runs the network could potenetially see the DB connection as well as if you were to upload the files. Caution would have to be taken in the way you choose to store/upload your data.

I could have MySQL listen on localhost, and connect via localhost. Would that make it more secure?

[THCMinister]

Are you planing to deploy this in the wild? What if someone found the device. Storing the data locally could then be accessed. I would look into encrypting the data for storage as well as a secure "drop" point for the data that you want to retrieve. There are many scenarios that can play out.

[TheHackerNextDoor]

Are you planing to deploy this in the wild? What if someone found the device. Storing the data locally could then be accessed. I would look into encrypting the data for storage as well as a secure "drop" point for the data that you want to retrieve. There are many scenarios that can play out.

My idea is that this would be as universal as possible. I will update my post with the option to store data, but not config, locally, remote MySQL, remote FTP, or remote FTPS.

[TheHackerNextDoor]

Well, my pineapple hasn't come yet and I am eager to develop. If anybody would create a new infusion, zip it, and send it to me, that would be great! Then I'll be able to start even sooner!

Also, the infusion needs a name. Thoughts?

[THCMinister]

Call it AutoHack, I would like to collaboratively work on this infusion with you. Shoot me a PM and we can discuss details.

[thesugarat]

AutoHack? How about AutoCrack? As it seems to automate the Bully/Reaver WPS pin cracking techniques.

I'm just waiting for someone to use Ananas in their Infusion name one day just because...

[THCMinister]

Maybe WildAnanas?

AnanasGoneWild?

Edited March 19, 2014 by THCMinister

[cooper]

Wondering about the sensibility of using the dutch word for pineapple with english additives...

AnanasPers?

AnanasSapTap?

[TheHackerNextDoor]

I like the ones with 'ananas' is their name. Seems much more inconspicuous than 'autohack/autocrack' :P

[THCMinister]

I like the ones with 'ananas' is their name. Seems much more inconspicuous than 'autohack/autocrack' :P

Agreed.

[SymPak]

Feel free to use parts of my script that I made for the MKIV.

http://forums.hak5.org/index.php?/topic/29487-wifi-connect-script/

[nabs]

Hello,

maybe a stupid idea but why not add an option to automaticly copy the SSIDof the open/cracked SSID to the pineapple so it looks like that AP. It would make a great tool for a MITM attack. Walk into any place and you don't have to configure your pineapple just turn it on, it connects / crack and connects and pretends to be the local SSID. Block the local AP for everyone else and just allow the pineapple to connect to it.

Sorry if this is already possible...

Edited April 2, 2014 by nabs

[TheHackerNextDoor]

Hello,

maybe a stupid idea but why not add an option to automaticly copy the SSIDof the open/cracked SSID to the pineapple so it looks like that AP. It would make a great tool for a MITM attack. Walk into any place and you don't have to configure your pineapple just turn it on, it connects / crack and connects and pretends to be the local SSID. Block the local AP for everyone else and just allow the pineapple to connect to it.

Sorry if this is already possible...

Karma and the jammer would work for that. It would kill all networks, and emulate them all, too.

[nabs]

Would Karma automaticly replace the SSID name of the pineapple to the name of the connected networks SSID?

[TheHackerNextDoor]

Would Karma automaticly replace the SSID name of the pineapple to the name of the connected networks SSID?

Yes.

[Sud0x3]

Would I be right in saying this infusion will basically try to crack all available wireless networks?

I have found that WPS attacks are becoming less prevalent every day now. Even the default ISP routers have rate limiting and lockout periods now.

Maybe some kind of phishing attack using karma would yield better results than wps bruteforcing.

[TheHackerNextDoor]

Would I be right in saying this infusion will basically try to crack all available wireless networks?

I have found that WPS attacks are becoming less prevalent every day now. Even the default ISP routers have rate limiting and lockout periods now.

Maybe some kind of phishing attack using karma would yield better results than wps bruteforcing.

Cool. Maybe I'll add that. In my community, the default ISP routers are WPS crackable.

[raz0r]

@

TheHackerNextDoor

Take a look at this script i found it has the default configuration for quite a few router and works well in the UK i have found it to crack AOL and TALKTALK no problem

Had to upload it as the script is quite big

http://www.sendspace.com/file/nofrm8

Also it has to be in a folder named WPSPIN (this is important)

Kind Regards

Raz0r