brook Posted April 28, 2014 Posted April 28, 2014 So Karama can not used on encrypted AP ? even with the pass ? Quote
brook Posted April 28, 2014 Author Posted April 28, 2014 (edited) Ok cool , cheers - really makes karma limited then :-( Edited April 28, 2014 by brook Quote
barry99705 Posted April 29, 2014 Posted April 29, 2014 Unique wifi networks in DB: 134,416,539 Unique networks w/ location: 132,748,862 Unique wifi locations in DB: 2,147,483,647 Networks with WPA2: 51,884,201 (38.5%) Networks with WPA: 14,531,452 (10.8%) Networks with WEP: 24,478,931 (18.2%) Networks without crypto: 89,527,723 (66.6%) Networks crypto unknown: 20,301,486 (15.1%) Networks with default SSID: 4,543,738 (3.3%) You're right, 66% of all networks found in Wigle is pretty limited. Quote
pdb1977 Posted April 29, 2014 Posted April 29, 2014 There are also others clever way to get devices to connect to your Pineapple - There's not just KARMA! Quote
nabs Posted April 29, 2014 Posted April 29, 2014 There are also others clever way to get devices to connect to your Pineapple - There's not just KARMA! A newbie isn't much with a cryptic sentence. If you want to help hem explain what you mean. Quote
pdb1977 Posted April 29, 2014 Posted April 29, 2014 The guys behind the Pineapple have done an outstanding job with the MKV. Seeing someone make a silly comment that the MKV is limited is a bit insulting. Lets be honest you should really do your homework before buying something and not knowing what its capable of. Some people who have purchased a Pineapple have probably seen a YouTube video or heard someone talking about it, and have no knowledge of Linux or penetration testing just bought one and expect it to 'JUST WORK'! I am by far no where near as clever or knowledgable as most people on here about the pineapple, but I do have an idea what it is and how it works before I bought it. My initial reply wasn't meant to be cryptic, rude or sarcastic! And if it was taken that way then I apologise. Although KARMA is the main feature there are other inventive ways to get people to connect to you, starting with the obvious - Changing the AP name to something people will connect to e.g. FREE_WIFI or COFFEE_SHOP. There are plenty more commands you can you if you SSH into the MKV. I ask a lot of questions, I mean a lot, some maybe stupid or silly, but if you don't ask you don't get. Quote
barry99705 Posted April 29, 2014 Posted April 29, 2014 A newbie isn't much with a cryptic sentence. If you want to help hem explain what you mean. Change the ssid to linksys, att-wifi, guest-wifi, crap like that. Quote
Prometheus-2486 Posted April 29, 2014 Posted April 29, 2014 Saying the pineapple is limited seems to be jumping to conclusions. Yes, it doesn't support WPA, but its capabilities are very diverse. It was created as a way to lure in clients in public, target rich environments where public un-protected wifi is available. Just need to know how to use it, and the way to do that is to start tinkering every chance you get. Stick with it a while before writing it off as limited. Quote
Darren Kitchen Posted April 29, 2014 Posted April 29, 2014 It'll support WPA -- you can totally spoof WPA protected access points. All you have to do is change the SSID to that of the WPA protected network you're mimicking and set your MK5 up with the same password* * it's this last bit that's could be an issue. Check with your client and see if they'll authorize a release of the PSK for your pentest. ** Reaver may be useful in figuring out the PSK if your client doesn't have it handy. *** Of course only for use in an authorized audit. Quote
overwraith Posted April 29, 2014 Posted April 29, 2014 While we are on the topic of changing the SSID, are there any lists out there for default values of routers? Quote
xrad Posted April 29, 2014 Posted April 29, 2014 While we are on the topic of changing the SSID, are there any lists out there for default values of routers? Like this: https://wikidevi.com/wiki/Special:Ask?title=Special%3AAsk&q=%5B%5BCategory%3AWireless+embedded+system%5D%5D+%5B%5BDefault+SSID%3A%3A~*%5D%5D&po=%3FDefault+SSID%0D%0A%3FDefault+SSID+regex%0D%0A%3FOUI&sort%5B0%5D=&order%5B0%5D=ASC&sort_num=&order_num=ASC&eq=yes&p%5Bformat%5D=broadtable&p%5Blimit%5D=500&p%5Boffset%5D=0&p%5Bheaders%5D=show&p%5Bmainlabel%5D=&p%5Blink%5D=all&p%5Bintro%5D=&p%5Boutro%5D=&p%5Bdefault%5D=&eq=yes Quote
brook Posted April 30, 2014 Author Posted April 30, 2014 It'll support WPA -- you can totally spoof WPA protected access points. All you have to do is change the SSID to that of the WPA protected network you're mimicking and set your MK5 up with the same password* * it's this last bit that's could be an issue. Check with your client and see if they'll authorize a release of the PSK for your pentest. ** Reaver may be useful in figuring out the PSK if your client doesn't have it handy. *** Of course only for use in an authorized audit. Thanks Darren thats the answer that i was looking for :-) I was looking for a more targeted approach to attack an WPA AP - then just fishing an open AP Cool Quote
thesugarat Posted April 30, 2014 Posted April 30, 2014 Darren, When you say "It'll support WPA" you're talking about the pineapple and not Karma correct? Of course you can setup an evil twin but you don't use Karma to pull in uers to that. You just be a hotter AP and throw in some jamming to disconnect clients and bingo. Quote
nabs Posted April 30, 2014 Posted April 30, 2014 Got a few more questions: - how do you see if a person manualy connected to the pineapple or that karma answerd the probe request? - I only see my own laptop in the intelligence report but on the second screen in karma I see 10 clients. - Where can I find Karma log's? Does it log traffic or do I use another infusion for that? - I see on the third page of karma: auth attempt 1/3 2/3 3/3 ... does this mean it's trying to authorise the probe request but it doesn't succeed? Thx Quote
overwraith Posted April 30, 2014 Posted April 30, 2014 (edited) For seeing connections in general, the arp table is one method, use an SSH connection: arp I think nmap is another option, but I am still learning, so others might have more insight into this. Also, I asked a similar question in this forum: https://forums.hak5.org/index.php?/topic/32474-how-do-i-watch-karma-output-with-terminal-connection/ The answer was to use a command somewhat like this in an ssh connection: tail -f /sd/karma-phy0.log | grep 'pass\|AP-STA-DISCONNECTED\|Successful' My karma log ended up being in a different location though. I think it was the var folder. Edited April 30, 2014 by overwraith Quote
Darren Kitchen Posted May 1, 2014 Posted May 1, 2014 You can specify the location of the Karma log in configuration. You can tail that in the command line or watch the output from the Karma tile. Click the tab heading to refresh. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.