Jump to content

First Time MK5 User. I have a lot of questions. Thanks in advance.


Infamise
 Share

Recommended Posts

Hey guys I apologize but I am very disoriented with the Pineapple. I've been trying to read up on lots of information but still don't know how to proceed successfully performing a MITM attack at my home.

As well, if you have the time and patience, the ability to explain it like I'm 5 years old with be greatly, greatly appreciated.

1.) Why do I need a port number when accessing the Pineapple via web browser and not when I SSH into the device?

The main purpose of the Pineapple is to perform MITM attacks. PineAP is the source of performing these MITM attacks. That being said

2.) Does Karma throw out the de-authentication attack? Does this just kick the clients off the current network so it can re-establish them with the spoofed networks? Does it keep the authentic network in a suspended state? Can you still see or connect to the network when it is in a suspended state?

3.) When I've tried to use Karma, I still see both wireless networks. The legitimate one and the spoofed one. How in the scenario of a MITM attack would the client connect to the spoofed network, instead of the legitimate one?

3A) Is there any way to only broadcast one specific spoofed AP? For example, the Karma module collects all the probe requests, and sets up spoofed networks. How could this work well if the devices in the area are all connecting to different networks? I realize they are all routed back to the pineapple. However, if a client were to check their WIFI and see all their networks they may be overwhelmed and or suspicious.

4.) If PineAP is the suite for the MITM attack, how come I can individually select PineAP? And why doesn't this start all the modules in the PineAP suite?

5.) What is the difference between Dogma and Karma? Is Dogma contingent upon Karma? They sound very similar and sound like they are doing the same task.

6.) What is the difference between Beacon Response and Karma? Is Beacon response contingent on Karma?

7.) Does Harvester need to run when Karma is running?

8.) Under the "Network" infusion What is the difference between Open Access Point, and Secure Management Access Point. What would they be used for?

9.) Why does by default, pineapple broadcast a hidden ESSID? What is the purpose? It says "during an audit (does audit mean attack?), the tester may wish to un-hide the Open Access Point and specify an ESSID similar to the contracting clients network." Would this be used for MITM? How would this function?

10.) Once you are able to have clients connected to your Pineapple. How are you able to serve them internet access? I know that the wlan0 is the interface used for clients to connect to, but through which interface then are clients being forced to connect to the Pineapple, and what interface is being used to offer them internet access? How do you set this up? When I've tried the AP suite, I am able to force a device to connect to it, but no internet connection is available to them.

I found this comment, "Yes, the Mk V has two antennas because one (wlan1) is used as a client and the other (wlan0) is used as an access point. This allows the Pineapple to connect to a wireless network while simultaneously hosting an access point. It also allows the Pineapple to share its internet connection from wlan1 to the clients connected to wlan0. The Mk IV was only able to do one or the other without adding a USB network adapter. "

But it doesn't tell me how to accomplish serving your clients internet access.

11.) What is wlan0-1? I found this comment on the forums. "Actually, it is the secured AP on the pineapple, wlan0 and wlan0-1 are the Access points, 0 being the open / hidden. 0-1 being the secured management interface."

But I do not know what it means.

11A.) What is br-lan?

12.) When I enable monitor mode, it shows it as an interface. Is this a logical interface?

13.) When I click on the PineAP configuration, what is under General "Source" and "Target"? What would they be used for and how?

14.) Under Karma configuration, What is Client MAC Blacklisting for?

14A.) Under Karma configuration, What is SSID Black/White Listing? What is the difference? Why would you need to use them?

Thank you, thank you for your time. I will be trying to look up this answers on my own. It is just frustrating owning the Pineapple and not being able to really put it to use because I am so distraught with all the options and steps necessary. I feel a bit silly because the whole point of the Pineapple is to be able to perform MITM attacks with ease as compared to executing this all via CLI. I am also new to linux based distros, and I am using my Pineapple in Kali. Needless to say it is a lot of information to take in at once. I love you all, and keep on being awesome.

Link to comment
Share on other sites

1 .) Why do I need a port number when accessing the Pineapple via web browser and not when I SSH into the device?

the webgui is hosted on Port 1471.

Ssh is by defult 22.

I would anwser more. buy I dont have the time.

Though I recommend going to pineapple university section of the forum and watching all of the videos the answers to most of your questions are in there

https://forums.hak5.org/index.php?/forum/80-wifi-pineapple-university/

just search wifi pinesapple

There is quite a learning curve.

I recommend you read everything with the word wifi pineapple in it watch as many videos as you can, and remember to always get permission before penetration testing begins get permission in writing

Sent pm

Edited by m40295
Link to comment
Share on other sites

I'll answer what I can before I have to leave for work.

Hey guys I apologize but I am very disoriented with the Pineapple. I've been trying to read up on lots of information but still don't know how to proceed successfully performing a MITM attack at my home.

As well, if you have the time and patience, the ability to explain it like I'm 5 years old with be greatly, greatly appreciated.

1.) Why do I need a port number when accessing the Pineapple via web browser and not when I SSH into the device?

The main purpose of the Pineapple is to perform MITM attacks. PineAP is the source of performing these MITM attacks. That being said

2.) Does Karma throw out the de-authentication attack? Does this just kick the clients off the current network so it can re-establish them with the spoofed networks? Does it keep the authentic network in a suspended state? Can you still see or connect to the network when it is in a suspended state?

No. Karma only pretends to be other open SSIDs.

3.) When I've tried to use Karma, I still see both wireless networks. The legitimate one and the spoofed one. How in the scenario of a MITM attack would the client connect to the spoofed network, instead of the legitimate one?

In theory your access point will have a stronger signal, in which case the target should/might hop over to you. If not you have to run a deauth attack on the legitimate access point.

3A) Is there any way to only broadcast one specific spoofed AP? For example, the Karma module collects all the probe requests, and sets up spoofed networks. How could this work well if the devices in the area are all connecting to different networks? I realize they are all routed back to the pineapple. However, if a client were to check their WIFI and see all their networks they may be overwhelmed and or suspicious.

You can make it say anything you want. The default is Pineapple-XXXX, just change it to att-wifi, linksys, whatever.

4.) If PineAP is the suite for the MITM attack, how come I can individually select PineAP? And why doesn't this start all the modules in the PineAP suite?

5.) What is the difference between Dogma and Karma? Is Dogma contingent upon Karma? They sound very similar and sound like they are doing the same task.

6.) What is the difference between Beacon Response and Karma? Is Beacon response contingent on Karma?

7.) Does Harvester need to run when Karma is running?

No.

8.) Under the "Network" infusion What is the difference between Open Access Point, and Secure Management Access Point. What would they be used for?

The secure management access point is to make it so someone else can't take over your pineapple. The older firmware didn't have this capability, and it was exploited at a couple hacker cons.

9.) Why does by default, pineapple broadcast a hidden ESSID? What is the purpose? It says "during an audit (does audit mean attack?), the tester may wish to un-hide the Open Access Point and specify an ESSID similar to the contracting clients network." Would this be used for MITM? How would this function?

The reason it hides the pineapple ssid is because more people are starting to know about the pineapple, it has shown up in the news a few times now. If you were at a public space and saw a pineapple ssid, would you connect to any wifi after that? Unhiding it would be for your question #3A.

10.) Once you are able to have clients connected to your Pineapple. How are you able to serve them internet access? I know that the wlan0 is the interface used for clients to connect to, but through which interface then are clients being forced to connect to the Pineapple, and what interface is being used to offer them internet access? How do you set this up? When I've tried the AP suite, I am able to force a device to connect to it, but no internet connection is available to them.

You have to share your laptop's wired, or wireless connection to the pineapple, or the pineapple has a client mode so it can connect to a legitimate wifi access point. Don't forget to add your pineapple's mac address to the list of devices you don't want deauthed if you are running a deauth attack!

I found this comment, "Yes, the Mk V has two antennas because one (wlan1) is used as a client and the other (wlan0) is used as an access point. This allows the Pineapple to connect to a wireless network while simultaneously hosting an access point. It also allows the Pineapple to share its internet connection from wlan1 to the clients connected to wlan0. The Mk IV was only able to do one or the other without adding a USB network adapter. "

But it doesn't tell me how to accomplish serving your clients internet access.

11.) What is wlan0-1? I found this comment on the forums. "Actually, it is the secured AP on the pineapple, wlan0 and wlan0-1 are the Access points, 0 being the open / hidden. 0-1 being the secured management interface."

But I do not know what it means.

Wlan0-1 is the virtual adapter that runs your encrypted management connection. Some wireless chipsets have the ability to create virtual network adapters so they can broadcast multiple SSIDs at the same time.

11A.) What is br-lan?

Bridge-lan is the internal network on the pineapple that connects the wired and wireless networks together. This is the network that you use to see all the traffic of the people connected to your wifi.

12.) When I enable monitor mode, it shows it as an interface. Is this a logical interface?

13.) When I click on the PineAP configuration, what is under General "Source" and "Target"? What would they be used for and how?

Source is the SSID you want to clone, target is the device you want to connect to it. It's for targeted attacks.

14.) Under Karma configuration, What is Client MAC Blacklisting for?

Any mac addresses you put in the blacklist will not be given fake access points to connect to. They get ignored by the pineapple.

14A.) Under Karma configuration, What is SSID Black/White Listing? What is the difference? Why would you need to use them?

Thank you, thank you for your time. I will be trying to look up this answers on my own. It is just frustrating owning the Pineapple and not being able to really put it to use because I am so distraught with all the options and steps necessary. I feel a bit silly because the whole point of the Pineapple is to be able to perform MITM attacks with ease as compared to executing this all via CLI. I am also new to linux based distros, and I am using my Pineapple in Kali. Needless to say it is a lot of information to take in at once. I love you all, and keep on being awesome.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...