cheeto Posted June 30, 2014 Share Posted June 30, 2014 Hey guys, I'm trying to hack my friend´s AP. (with his permission) Here's the breakdown: Must I 1st set my MKV's ssid to the victim's ssid? Victim´s ssid: HACKME MKV´s ssid: HACKME My idea is to deauth the victim with a netbook And start Evil portal with a fake AP update message. (asking the victim to enter his wifi password) see below: Am missing something? Must i use KARMA for this too? Many thanks guys! cheeto Quote Link to comment Share on other sites More sharing options...
raz0r Posted June 30, 2014 Share Posted June 30, 2014 Be nice to see this working in the Pineapple. http://foro.seguridadwireless.net/aplicaciones-y-diccionarios-linux/linset-0-10-wpa2-hack-sin-fuerza-bruta/ Regards Raz0r Quote Link to comment Share on other sites More sharing options...
cheeto Posted June 30, 2014 Author Share Posted June 30, 2014 Hey Razor, That is a very nice page. I learned a lot from there. Regarding the infusion, it's my understanding that the plugin must be available for openwrt in order to get it on the Pineapple. Crossing my fingers. Cheers!! Quote Link to comment Share on other sites More sharing options...
fringes Posted July 1, 2014 Share Posted July 1, 2014 Be nice to see this working in the Pineapple. http://foro.seguridadwireless.net/aplicaciones-y-diccionarios-linux/linset-0-10-wpa2-hack-sin-fuerza-bruta/ Regards Raz0r And for those of us that are language challenged: http://crackmywifi.blogspot.com/2014/01/linset-010-wpa-2-brute-force-hack.html Quote Link to comment Share on other sites More sharing options...
Swamppifi Posted July 1, 2014 Share Posted July 1, 2014 Interesting idea..... My only concern is that general you would enter you passphase via a dialog box on the operating system Not by the browser, if I started being asked for the passphase in the browser, I would be concerned... But the concept of deauth attack and the evil portal asking for your passphase try to pass of as the AP is a good one. Quote Link to comment Share on other sites More sharing options...
cheeto Posted July 1, 2014 Author Share Posted July 1, 2014 Nice share Fringes! Finally some information in English. Quote Link to comment Share on other sites More sharing options...
cheeto Posted July 1, 2014 Author Share Posted July 1, 2014 I think I messed up in the diagram above. Shouldn't I also copy the victim's AP mac and copy it onto my MKV? So it would look like this> VICTIM SSID: HACKME VICTIME MAC: XX:XX:XX:XX MKV SSID: HACKME MKV MAC: XX:XX:XX:XX But the problem I see here, and please correct me, is if I clone the victim's mac+ssid and attempt to Deauth the victim, won't I also be Deauthing my MKV as well? (since I have the same mac+ssid on the MKV)?? I assume that Karma would not be needed in this kind of attack since it doesn't work on protected AP's. Your feedback is more than welcomed. Cheers guys Quote Link to comment Share on other sites More sharing options...
Swamppifi Posted July 1, 2014 Share Posted July 1, 2014 (edited) Been thinking on this... If you made the captive portal mimic an web error page, then have a pop up in the bottom corner like the network window asking for the passphase, you could pass it off, and wouldn't raise much concern. If you had kama running you ,you may chance hooking it after the deauth of the real ssid Or you could continue deauth the real ssid, and have the pineapple set on another channel But for protected AP and not using kama I don't have an answer on that Edited July 1, 2014 by Swamppifi Quote Link to comment Share on other sites More sharing options...
cheeto Posted July 1, 2014 Author Share Posted July 1, 2014 It should work, but i'm not sure if Karma will have a role in this. I think the victim's computer will automatically try to reconnect to the AP. In this case thet MKV. The problem is, how do I avoid getting Deauthed from my netbook? (remember the MKV will have the same ssid,mac and channel as the victim's AP) Chris Harlson made a fantastic video on how to do this on Kali. Check it out: https://www.youtube.com/watch?v=LwEjYL6Eoro&list=TLquOCAKSeRAcRvPcQJ7RvC9-7K2VR2v4G He also made a nice fake Linksys firmware update message where the user has to enter the wifi password: http://hackthistv.com/eviltwin.zip It would be nice if we could adapt Chris' eviltwin portal script to the MKV. Cheers Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 1, 2014 Share Posted July 1, 2014 It should work, but i'm not sure if Karma will have a role in this. I think the victim's computer will automatically try to reconnect to the AP. In this case thet MKV. The problem is, how do I avoid getting Deauthed from my netbook? (remember the MKV will have the same ssid,mac and channel as the victim's AP) Chris Harlson made a fantastic video on how to do this on Kali. Check it out: He also made a nice fake Linksys firmware update message where the user has to enter the wifi password: http://hackthistv.com/eviltwin.zip It would be nice if we could adapt Chris' eviltwin portal script to the MKV. Cheers That's what whitelists are for. Quote Link to comment Share on other sites More sharing options...
cheeto Posted July 1, 2014 Author Share Posted July 1, 2014 Hey guys, here´s my AP´s information: AP Name: HACKME MAC XX:XX:XX:XX:XX: CHANNEL 1 I copied the same information to my MKV I did the deauth with KALI. The results were not as i expected. The deauth process is not only jamming both access points. but MKV is overshadowed by my AP. as soon as i unplug my AP the MKV becomes visible. Any ideas? The problem I see here is that as soon as i copy my AP information and dump it onto my MKV it blocks my mkv out. (without even jamming it) BTW. regarding the whitelist, are you referring to Karma´s white/black list? The Deauth infusion can´t tell the difference between my MKV and MY AP. (for this reason I´m not using the Deauth infusion) Any ideas would be more than welcomed. cheers!! Quote Link to comment Share on other sites More sharing options...
Swamppifi Posted July 1, 2014 Share Posted July 1, 2014 I am reading into your post that you connecting to the pineapple by wireless, what about using the lan to connect to the pineapple, so you won't be effected by the deauth. Quote Link to comment Share on other sites More sharing options...
cheeto Posted July 1, 2014 Author Share Posted July 1, 2014 Hello, If I connect with LAN, I don´t beleive that there will be a difference. Wlan0 is where the victim's connect to my MKV. Wlan0 is has the same mac,ssid & channel as my AP. Therefore Wlan0 is getting shutdown by the Deauth (using KALI on my netbook) Perhaps I´m too close to the my AP and my MKV? In all honesty, I don't know how to solve this. I would hope that someone has pulld this off before. Cheers!! Quote Link to comment Share on other sites More sharing options...
Swamppifi Posted July 2, 2014 Share Posted July 2, 2014 Hello Cheeto sorry mate , I hadn't understood what you was trying to do. I has a look at chris video and demo files for the fake router update pages, very clever. I can't see why a cut down version couldn't work on a pineapple. I may have a play with it this weekend myself, Quote Link to comment Share on other sites More sharing options...
cheeto Posted July 2, 2014 Author Share Posted July 2, 2014 Hi Swamppifi, What I'm trying to do is: Deauth a victim's pc from his AP (to do this, I'm using Kali) Have the victim connect to MKV (Victim would think that he's reconnecting to his AP) Victim will log into Mkv's Evil Portal and be instructed to re-enter his wifi password The Password is recorded in a php script. (special thanks to Newbi3 for this) Problems: If I spoof my MKV with the same info as the Victims AP (ssid,mac and channel), then the MKV gets deauthed. (Which seems logical) Solution? Maybe play around with Karma? Perhaps the Black and white list. Doubts: If I understand correctly, the Karma's blacklist is the victim's mac and the whitelist is my MKV and my AP. Would it be possible to blacklist the victim's machine mac? Or must it be the Victim's AP? Is it necessary to change my MKV's ssid, mac & channel? Or will Karma take care of that for me? Thanks for reading BTW. The victim's AP is a spare AP I have. So the signal strength is not an issue here. I'm just 3 feet away from the victim's AP. Quote Link to comment Share on other sites More sharing options...
cheeto Posted July 3, 2014 Author Share Posted July 3, 2014 (edited) Hey guys, Still unable to figure it out. I tried messing around with Karma (black and white list) but i can't seem to lure the victim onto the MKV. I know that Karma is designed for open access AP's. Any suggustions? Check out this video: Cheers! Edited July 3, 2014 by cheeto Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.