Jump to content

Karama


brook
 Share

Recommended Posts

Unique wifi networks in DB:	134,416,539
Unique networks w/ location:	132,748,862
Unique wifi locations in DB:	2,147,483,647
Networks with WPA2:	        51,884,201 (38.5%)
Networks with WPA:	        14,531,452 (10.8%)
Networks with WEP:	        24,478,931 (18.2%)
Networks without crypto:	89,527,723 (66.6%)
Networks crypto unknown:	20,301,486 (15.1%)
Networks with default SSID:	4,543,738 (3.3%)

You're right, 66% of all networks found in Wigle is pretty limited.

Link to comment
Share on other sites

The guys behind the Pineapple have done an outstanding job with the MKV. Seeing someone make a silly comment that the MKV is limited is a bit insulting. Lets be honest you should really do your homework before buying something and not knowing what its capable of. Some people who have purchased a Pineapple have probably seen a YouTube video or heard someone talking about it, and have no knowledge of Linux or penetration testing just bought one and expect it to 'JUST WORK'! I am by far no where near as clever or knowledgable as most people on here about the pineapple, but I do have an idea what it is and how it works before I bought it.

My initial reply wasn't meant to be cryptic, rude or sarcastic! And if it was taken that way then I apologise. Although KARMA is the main feature there are other inventive ways to get people to connect to you, starting with the obvious - Changing the AP name to something people will connect to e.g. FREE_WIFI or COFFEE_SHOP. There are plenty more commands you can you if you SSH into the MKV.

I ask a lot of questions, I mean a lot, some maybe stupid or silly, but if you don't ask you don't get.

Link to comment
Share on other sites

Saying the pineapple is limited seems to be jumping to conclusions. Yes, it doesn't support WPA, but its capabilities are very diverse. It was created as a way to lure in clients in public, target rich environments where public un-protected wifi is available. Just need to know how to use it, and the way to do that is to start tinkering every chance you get. Stick with it a while before writing it off as limited.

Link to comment
Share on other sites

It'll support WPA -- you can totally spoof WPA protected access points. All you have to do is change the SSID to that of the WPA protected network you're mimicking and set your MK5 up with the same password*

* it's this last bit that's could be an issue. Check with your client and see if they'll authorize a release of the PSK for your pentest.

** Reaver may be useful in figuring out the PSK if your client doesn't have it handy.

*** Of course only for use in an authorized audit.

Link to comment
Share on other sites

It'll support WPA -- you can totally spoof WPA protected access points. All you have to do is change the SSID to that of the WPA protected network you're mimicking and set your MK5 up with the same password*

* it's this last bit that's could be an issue. Check with your client and see if they'll authorize a release of the PSK for your pentest.

** Reaver may be useful in figuring out the PSK if your client doesn't have it handy.

*** Of course only for use in an authorized audit.

Thanks Darren

thats the answer that i was looking for :-)

I was looking for a more targeted approach to attack an WPA AP - then just fishing an open AP

Cool

Link to comment
Share on other sites

Darren,

When you say "It'll support WPA" you're talking about the pineapple and not Karma correct? Of course you can setup an evil twin but you don't use Karma to pull in uers to that. You just be a hotter AP and throw in some jamming to disconnect clients and bingo.

Link to comment
Share on other sites

Got a few more questions:

- how do you see if a person manualy connected to the pineapple or that karma answerd the probe request?

- I only see my own laptop in the intelligence report but on the second screen in karma I see 10 clients.

- Where can I find Karma log's? Does it log traffic or do I use another infusion for that?

- I see on the third page of karma: auth attempt 1/3 2/3 3/3 ... does this mean it's trying to authorise the probe request but it doesn't succeed?

Thx

Link to comment
Share on other sites

For seeing connections in general, the arp table is one method, use an SSH connection:

arp

I think nmap is another option, but I am still learning, so others might have more insight into this.

Also, I asked a similar question in this forum:

https://forums.hak5.org/index.php?/topic/32474-how-do-i-watch-karma-output-with-terminal-connection/

The answer was to use a command somewhat like this in an ssh connection:

tail -f /sd/karma-phy0.log | grep 'pass\|AP-STA-DISCONNECTED\|Successful'

My karma log ended up being in a different location though. I think it was the var folder.

Edited by overwraith
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...