Jump to content

Help - First Time User


Recommended Posts

Hi All

I recently purchased a pineapple to use in some upcoming red team assessments and have spent the day setting up and exploring. I have ICS working with OS X and the latest firmware but i'm a little confused about a few things. Its probably best I start by explaining what exactly I would like to do!

Aim: to demonstrate to clients that they shouldn't enable wifi on devices as its easy to impersonate a legitimate access point and start intercepting even SSL traffic

I believe to impersonate a legitimate access point I would use PineAP + Karma + Harvester.

Question 1: is the above correct and if so, will the client devices not complain that the AP they are connecting to are unprotected instead of WPA2?

Assuming they are now connected to my AP...

Question 2: How can I understand who is connected? I see a client count in the web interface top right corner but don't see how I can find out anymore info?

Also, I have found that after installing and enabling SSLStrip, I am not getting any output at all. It seems to be started but not stripping anything

Question 3: Why after turning on SSLStrip and visiting a https page on my laptop connected to the fake AP am I not being stripped and nothing is showing in the logs?

I think I once read about an infusion that would actually show you a list of the access points and the clients connected to each of these access points. I can't seem to find this again, the closest I have found is Site Survey

Question 4: How can I find a list of which clients are connected to which AP's

Finally, i notice that there is also a WLAN 1, which isn't started.

Question 5: What is that typically used for? ICS without using the ethernet cable?

Thanks in advance

Mike

Link to post
Share on other sites

Question 1: is the above correct and if so, will the client devices not complain that the AP they are connecting to are unprotected instead of WPA2?

Yes, use PineAP. Some devices will complain. When testing this on my home network my computers would come up with a message saying the last time it was connected to the AP it was secure and now it isn't. You may not find this in all devices so it's still worth a shot.

Assuming they are now connected to my AP...

Question 2: How can I understand who is connected? I see a client count in the web interface top right corner but don't see how I can find out anymore info?

You can use the connected clients infusion. I've used it but it doesn't refresh well. A lot of times I'll have a client off the Pineapple for over an hour, I'll manually refresh the interface, and it still tells me the client is connected. It give you their IP, MAC address, and hostname though.

Also, I have found that after installing and enabling SSLStrip, I am not getting any output at all. It seems to be started but not stripping anything

Question 3: Why after turning on SSLStrip and visiting a https page on my laptop connected to the fake AP am I not being stripped and nothing is showing in the logs?

HSTS is your enemy and the reason why you aren't able to successfully strip the SSL data. Almost all modern browsers support HSTS.

I think I once read about an infusion that would actually show you a list of the access points and the clients connected to each of these access points. I can't seem to find this again, the closest I have found is Site Survey

Question 4: How can I find a list of which clients are connected to which AP's

You may be thinking of the built in scanner on the Pineapple. Go to the top left in the interface and click infusions. You should see Recon mode there. You can scan for both AP and clients.

Finally, i notice that there is also a WLAN 1, which isn't started.

Question 5: What is that typically used for? ICS without using the ethernet cable?

Wlan1 is used to connect to another AP in client mode. This way you can provide internet access to all the users that connect to your Pineapple. You will be a man-in-the-middle without needing to share the internet connection from your Mac.

Link to post
Share on other sites

Wow, thats some really useful answers thank you sud0Nick :smile:

Question 3: i understand that only Internet Explorer doesn't support HSTS, so will give this a shot.

Question 5: Is there a short guide I can read to set this up? or a few simple pointers would be helpful

Link to post
Share on other sites

Question 3: i understand that only Internet Explorer doesn't support HSTS, so will give this a shot.

I don't know about that. I would research it first because I think all modern browsers support HSTS but I could be wrong.

Question 5: Is there a short guide I can read to set this up? or a few simple pointers would be helpful

Just go to the Network infusion. Click on the Client Mode tab and connect to an AP. It's just like setting up a computer on an AP.

Link to post
Share on other sites

DNSSpoof won't help you in stripping SSL data.

You can look into this project: sslstrip-hsts. I haven't tried it nor have I seen an implementation of it on the Pineapple but it may work for you.

DNSSpoof can definitely help you in your pentest just don't expect to strip SSL data with it. If the company uses a captive portal you can look into my infusion Portal Auth for cloning and authenticating the Pineapple with it and Evil Portal II to display the captive portal yourself. It's one extra step to trick the users into thinking they are on the actual access point.

Link to post
Share on other sites

Yes. Either one of those options is fine. My recommendation is to use the USB device (wlan2) so your Pineapple isn't relying on your Macbook.

I thought this too but as I told/asked in https://forums.hak5.org/index.php?/topic/33488-got-pineapnot-pineapple-questions-let-me-answer-them/page-5#entry256968 , it seems that there's a problem or even a bug: When I connect an external USB WIFI (what I bought at Hak5 with my Pineapple) it appears in the GUI as WLAN2. I enable WLAN0, WLAN1 and WLAN2 and put WLAN2 in client mode. After connecting it, WLAN1 and WLAN2 are disabled and the client connection is established with WLAN0!

Do you have perhaps other (more promising) experiences with an external wlan2?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...