iluvethreeway Posted May 20, 2014 Share Posted May 20, 2014 Hey guys so Today I brought my pineapple to the school, and saw 4 devices instantly connected, saw them in the intelligence report. What to do now? whats the next step and what are the optional things I can do? Thanks Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted May 20, 2014 Share Posted May 20, 2014 Hi iluvethreeway, First of all, I took the liberty to change the title of your post as "karma" is not a descriptive title and your question isn't really about karma. Secondly, if you take your WiFi Pineapple MKV to school, make sure you have gotten permission from the school. Not doing so is illegal (almost everywhere anyway) and can quickly get you kicked out of school / have further consequences. Now to your actual question. What to do next depends on what you are testing for. You can capture traffic, strip ssl, dnsspoof, use the WiFi Pineapple as a pivot and much more. Take a look at the WiFI Pineapple Bar and see if there are any infusions that are relevant to your use case. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
cooper Posted May 20, 2014 Share Posted May 20, 2014 The sky's the limit I suppose so the question you should ask yourself is what do you want to do. When you think about that, do consider what the other party will encounter and what your efforts will mean to them. You see, here's the rub. Some of the things you can do you will consider mighty funny. Your hapless victim will probably not agree. Since you consider what you're doing funny, there's a fair chance you'll show it to someone else eventually. A week or so later everybody will know about it and you're having a nice chat with the principal about the virtues of going to some other school in favor of harsher punishment (and no, I am NOT kidding). Your best bet is to find out who it is you've hooked, then go talk to the person and show him or her (=bonus!) what's going on, assuming there's stuff of interest. Show what can and really should be done by this individual to prevent this. In essence use your ability to prevent yourself and others from being a dick (defensive line: "Someone else could be doing this right now and NOT be telling you about it - and you'd never know"). Don't underestimate the difficulty here. Your challenge will be akin to trying to explain to a toddler why its favourite yet dangerously defective toy was recalled. If within this context you can succeed in getting the individual to understand what's going on and why that's a bad thing, you've tought yourself a skill that will pay MASSIVE dividends later on in life - the world is chock full of geniusses, but very few can explain what they're doing to a noob in their field simply because they can't relate, which makes them several orders of magnitude less useful in any project team. TL;DR: You're at a crossroads - you can be the dick or the nice, clever bloke in school. Your choice. Quote Link to comment Share on other sites More sharing options...
iluvethreeway Posted May 20, 2014 Author Share Posted May 20, 2014 Id choose grayhat. I dont want to ruin people s life. I just want to proove that its really possible to steal passwords. So my plan is just collect some data. No worry, the principal is my neighbour Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted May 20, 2014 Share Posted May 20, 2014 Id choose grayhat. I dont want to ruin people s life. I just want to proove that its really possible to steal passwords. So my plan is just collect some data. No worry, the principal is my neighbour The fact that the principal is your neighbor means exactly nothing. On this forum we have heard a few stories of people getting kicked out of their schools and / or getting banned from their school districts, making it hard to find a job. Even in cases where some staff member said it was okay. Especially when you are messing with devices which are possibly not the schools. All we are saying is be careful and get permission first. Quote Link to comment Share on other sites More sharing options...
Merlintime Posted May 20, 2014 Share Posted May 20, 2014 In my opinion, It would be best to get permission in writing before doing anything. Quote Link to comment Share on other sites More sharing options...
fringes Posted May 21, 2014 Share Posted May 21, 2014 Always... in writing!! Don't expect to get it either. Quote Link to comment Share on other sites More sharing options...
jtbith Posted May 21, 2014 Share Posted May 21, 2014 Does anyone know anywhere people like me can find tutorials on all the stuff the pineapple can do because i cannot find many for the MK5 (or any MK ) on YT and google etc. Thank you -J Quote Link to comment Share on other sites More sharing options...
iluvethreeway Posted May 22, 2014 Author Share Posted May 22, 2014 The problem is I dont have any internet connection in the school :/ WPS cant see my schools ap cuz its hidden I guess. Maybe trying to crack some school neighbours? Karma only works If I have internet connection right? Quote Link to comment Share on other sites More sharing options...
choppin32 Posted May 22, 2014 Share Posted May 22, 2014 Does anyone know anywhere people like me can find tutorials on all the stuff the pineapple can do because i cannot find many for the MK5 (or any MK ) on YT and google etc. Thank you -J keep on searching there is a lot of information out there! also try youtube it has vids on there. The problem is I dont have any internet connection in the school :/ WPS cant see my schools ap cuz its hidden I guess. Maybe trying to crack some school neighbours? Karma only works If I have internet connection right? Make sure that you have Permission to do these things with the Pineapple! If you don't it can result in you getting into Legal trouble! Quote Link to comment Share on other sites More sharing options...
Xt4xt1X Posted May 22, 2014 Share Posted May 22, 2014 Good Youtube Channels are: https://www.youtube.com/channel/UCK15ED34btB3NZznGIXQuwA (Chris Haralson) https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ (Hak5) btw. if you want to lern how the device works, better do it with your own devices and keep others out of your game. Your results will be the same if you play the victim yourself - but without legal consequences. Buying some necessary stuff will be even cheaper than holidays in jail. Quote Link to comment Share on other sites More sharing options...
xrad Posted May 22, 2014 Share Posted May 22, 2014 (edited) Good Youtube Channels are: https://www.youtube.com/channel/UCK15ED34btB3NZznGIXQuwA (Chris Haralson) https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ (Hak5) btw. if you want to lern how the device works, better do it with your own devices and keep others out of your game. Your results will be the same if you play the victim yourself - but without legal consequences. Buying some necessary stuff will be even cheaper than holidays in jail. Iluvethreeway....listen to Xt4xt1X...everyone here has warned you, no one wants you to get in trouble. Build you a lab at home, the school will not be happy with you using them as your lab. This isn't the year 2000, the old days i call them, the laws are very clear and the authorities (school, police, Feds in general) have zero tolerance nowadays. Edited May 22, 2014 by xrad Quote Link to comment Share on other sites More sharing options...
Xt4xt1X Posted May 22, 2014 Share Posted May 22, 2014 (edited) For a well suited WLAN Testlab you just need: Laptop or Desktop with internal Ethernet and Wifi Virtualbox https://www.virtualbox.org/ Alfa AWUS036H http://www.amazon.com/Alfa-AWUS036H-Wireless-Original-Screw-On/dp/B002BFMZR8/ref=sr_1_2?ie=UTF8&qid=1400792990&sr=8-2&keywords=alfa+awus WLAN Router http://www.amazon.com/D-Link-DIR-601-Wireless-N-Home-Router/dp/B002VJL0OS/ref=sr_1_8?ie=UTF8&qid=1400793080&sr=8-8&keywords=dlink+dir-600 Wifi Pineapple Cost without Pineapple and Laptop: less than $60 Setup a vitual machine as victim with Alfa card connected for WLAN access and your host as attack machine. Therewith you can create nearly any real world scenario. Edited May 22, 2014 by Xt4xt1X Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted May 23, 2014 Share Posted May 23, 2014 Might I also recommend Metasploit Minute and this thread: https://forums.hak5.org/index.php?/topic/913-hacking-where-to-begin/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.