Karama

[brook]

So Karama can not used on encrypted AP ? even with the pass ?

[Foxtrot]

Its karma* and no, not currently.

[brook]

Ok cool , cheers - really makes karma limited then :-(

Edited April 28, 2014 by brook

[barry99705]

Unique wifi networks in DB:	134,416,539
Unique networks w/ location:	132,748,862
Unique wifi locations in DB:	2,147,483,647
Networks with WPA2:	        51,884,201 (38.5%)
Networks with WPA:	        14,531,452 (10.8%)
Networks with WEP:	        24,478,931 (18.2%)
Networks without crypto:	89,527,723 (66.6%)
Networks crypto unknown:	20,301,486 (15.1%)
Networks with default SSID:	4,543,738 (3.3%)

You're right, 66% of all networks found in Wigle is pretty limited.

[pabo2uk]

There are also others clever way to get devices to connect to your Pineapple - There's not just KARMA!

[nabs]

There are also others clever way to get devices to connect to your Pineapple - There's not just KARMA!

A newbie isn't much with a cryptic sentence. If you want to help hem explain what you mean.

[pabo2uk]

The guys behind the Pineapple have done an outstanding job with the MKV. Seeing someone make a silly comment that the MKV is limited is a bit insulting. Lets be honest you should really do your homework before buying something and not knowing what its capable of. Some people who have purchased a Pineapple have probably seen a YouTube video or heard someone talking about it, and have no knowledge of Linux or penetration testing just bought one and expect it to 'JUST WORK'! I am by far no where near as clever or knowledgable as most people on here about the pineapple, but I do have an idea what it is and how it works before I bought it.

My initial reply wasn't meant to be cryptic, rude or sarcastic! And if it was taken that way then I apologise. Although KARMA is the main feature there are other inventive ways to get people to connect to you, starting with the obvious - Changing the AP name to something people will connect to e.g. FREE_WIFI or COFFEE_SHOP. There are plenty more commands you can you if you SSH into the MKV.

I ask a lot of questions, I mean a lot, some maybe stupid or silly, but if you don't ask you don't get.

[barry99705]

A newbie isn't much with a cryptic sentence. If you want to help hem explain what you mean.

Change the ssid to linksys, att-wifi, guest-wifi, crap like that.

[Prometheus-2486]

Saying the pineapple is limited seems to be jumping to conclusions. Yes, it doesn't support WPA, but its capabilities are very diverse. It was created as a way to lure in clients in public, target rich environments where public un-protected wifi is available. Just need to know how to use it, and the way to do that is to start tinkering every chance you get. Stick with it a while before writing it off as limited.

[Darren Kitchen]

It'll support WPA -- you can totally spoof WPA protected access points. All you have to do is change the SSID to that of the WPA protected network you're mimicking and set your MK5 up with the same password*

* it's this last bit that's could be an issue. Check with your client and see if they'll authorize a release of the PSK for your pentest.

** Reaver may be useful in figuring out the PSK if your client doesn't have it handy.

*** Of course only for use in an authorized audit.

[overwraith]

While we are on the topic of changing the SSID, are there any lists out there for default values of routers?

[xrad]

While we are on the topic of changing the SSID, are there any lists out there for default values of routers?

Like this:

https://wikidevi.com/wiki/Special:Ask?title=Special%3AAsk&q=%5B%5BCategory%3AWireless+embedded+system%5D%5D+%5B%5BDefault+SSID%3A%3A~*%5D%5D&po=%3FDefault+SSID%0D%0A%3FDefault+SSID+regex%0D%0A%3FOUI&sort%5B0%5D=&order%5B0%5D=ASC&sort_num=&order_num=ASC&eq=yes&p%5Bformat%5D=broadtable&p%5Blimit%5D=500&p%5Boffset%5D=0&p%5Bheaders%5D=show&p%5Bmainlabel%5D=&p%5Blink%5D=all&p%5Bintro%5D=&p%5Boutro%5D=&p%5Bdefault%5D=&eq=yes

[brook]

It'll support WPA -- you can totally spoof WPA protected access points. All you have to do is change the SSID to that of the WPA protected network you're mimicking and set your MK5 up with the same password*

* it's this last bit that's could be an issue. Check with your client and see if they'll authorize a release of the PSK for your pentest.

** Reaver may be useful in figuring out the PSK if your client doesn't have it handy.

*** Of course only for use in an authorized audit.

Thanks Darren

thats the answer that i was looking for :-)

I was looking for a more targeted approach to attack an WPA AP - then just fishing an open AP

Cool

[thesugarat]

Darren,

When you say "It'll support WPA" you're talking about the pineapple and not Karma correct? Of course you can setup an evil twin but you don't use Karma to pull in uers to that. You just be a hotter AP and throw in some jamming to disconnect clients and bingo.

[nabs]

Got a few more questions:

- how do you see if a person manualy connected to the pineapple or that karma answerd the probe request?

- I only see my own laptop in the intelligence report but on the second screen in karma I see 10 clients.

- Where can I find Karma log's? Does it log traffic or do I use another infusion for that?

- I see on the third page of karma: auth attempt 1/3 2/3 3/3 ... does this mean it's trying to authorise the probe request but it doesn't succeed?

Thx

[overwraith]

For seeing connections in general, the arp table is one method, use an SSH connection:

arp

I think nmap is another option, but I am still learning, so others might have more insight into this.

Also, I asked a similar question in this forum:

https://forums.hak5.org/index.php?/topic/32474-how-do-i-watch-karma-output-with-terminal-connection/

The answer was to use a command somewhat like this in an ssh connection:

tail -f /sd/karma-phy0.log | grep 'pass\|AP-STA-DISCONNECTED\|Successful'

My karma log ended up being in a different location though. I think it was the var folder.

Edited April 30, 2014 by overwraith

[Darren Kitchen]

You can specify the location of the Karma log in configuration. You can tail that in the command line or watch the output from the Karma tile. Click the tab heading to refresh.