Jump to content

How many devices are vulnerable to Pineapple?


Newusersz
 Share

Recommended Posts

I am really unsure if I want to buy this. So many stuff are getting patched, for example SSLstrip and SSLsplit. I know we have alternatives for these methods (Phising and fake certificate), but I am wondering how many devices are actually vulnerable to the different attacks of the Pineapple?

For example, can we for example deauthenticate all kinds of devices? (I know there are some cisco firewall that has management frame protection).

The probe requests that gets sent out by different devices, can the Pineapple force these devices to connect to them by "telling" them that this is a trusted network they have connected to before? (For example home network). Or are there limitations to this?

The whole point of this thread is the downsides of the WIFI Pineapple. I am ending up spending $400 on all of the equipment for the Pineapple, so I want to make sure there are no major downsides of this product.

When I bought the rubber ducky I was really disappointing because of the driver installation time, sometimes it took over 5 minutes, and this was not the kind of information that was available anywhere. I don't want to be disappointed in the Pineapple and waste $400 if there are lower rate of success because things are getting patched daily.

Link to comment
Share on other sites

Vulnerabilities are patched every single day, but new ones are discovered every single day.

So to answer your question, how long is a piece of string? This question doesn't have an exact answer. But as long as devices use wifi and continue to work as they do, they can be de-authed and forced to connect.

But let me put it this way, your overall attitude to what this is and what it can be used for should inform you more than what the device is in and of itself. If you don't want to give it a try, don't.

Link to comment
Share on other sites

Most successful attacks come from the user's laziness. People don't keep their systems up to date like they should nor do they harden their systems. People will install anything and everything that they want, opening ports without even knowing, and not pay attention to the risks. You know there are still many organizations running Windows XP right? There are a lot of people that just don't want to change their system because it is familiar. You won't get everyone but you will get some. When performing a pentest on an organization you will most likely trick a few people.

Edited by sud0nick
Link to comment
Share on other sites

Most successful attacks come from the user's laziness. People don't keep their systems up to date like they should nor do they harden their systems. People will install anything and everything that they want, opening ports without even knowing, and not pay attention to the risks. You know there are still many organizations running Windows XP right? There are a lot of people that out there that just don't want to change their system because it is familiar. You won't get everyone but you will get some. When performing a pentest on an organization you will most likely trick a few people.

"Most successful attacks come from the user's laziness"

Yes & yes.

Edited by Armaal
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...