dclay Posted March 24, 2015 Share Posted March 24, 2015 with a normal WPA2 security ap you have a pop up asking for the password.........can someone point to me to a technique that mimics that?? Quote Link to comment Share on other sites More sharing options...
J5x86 Posted March 24, 2015 Share Posted March 24, 2015 This is a pretty good tutorial for what you want. http://www.hackinsight.org/news,38.html Also check out WiFiphisher. Just make sure you are doing this on your own network :) or have permission! Quote Link to comment Share on other sites More sharing options...
dclay Posted March 24, 2015 Author Share Posted March 24, 2015 thank you for your reply....i'm familiar with this video and wifi phisher but what im looking for is a technique to bring up a pop up like an authentic access point......is it possible?? all assumming im using this in a legal way Quote Link to comment Share on other sites More sharing options...
fringes Posted March 24, 2015 Share Posted March 24, 2015 (edited) I re-read your post and I think I understand. I believe you want to mimic a WPA2 AP such that a user that connects is challenged by their own OS software for the key. But you want to capture that key at the AP. No, for the user to get that challenge, it must be a real WPA/WPA2 AP. I suppose there might be some way to capture the key they entered, although the handshake would fail. This would take some research though. I would never say there's no way to do it because breaking security is what we do. However, I believe this would be a hard nut to crack. So I believe a simpler question would be: Is there any facility for the WiFi pineapple (or any AP) to capture invalid keys? Almost certainly not, and if you capture the hash, you still have to crack it. (A deauth attack is easier.) The above video and WiFiphisher both use social engineering attacks to capture the WPA2 key, because that's the easy (perhaps only) way other than capturing the handshake and performing a brute-force password attack. Edited March 24, 2015 by fringes Quote Link to comment Share on other sites More sharing options...
dclay Posted March 24, 2015 Author Share Posted March 24, 2015 the question is what is the difference between the pineapple and a real access point to the degree that it cannot issue a challenge to the host os for a wpa2 pw? follow up: can the difference be emulated? Quote Link to comment Share on other sites More sharing options...
fringes Posted March 24, 2015 Share Posted March 24, 2015 (edited) I think you missed my point. The pineapple does create a real acccess point. And if it's WPA or WPA2, the user will be challenged (by his own software) when he attempts to connect. I think WPA2 is pretty solid for now. The known attacks are well documented. Edit: Are you asking if PineAP can throw up WPA2 APs? Edited March 24, 2015 by fringes Quote Link to comment Share on other sites More sharing options...
fugu Posted March 24, 2015 Share Posted March 24, 2015 are you looking for an independent executable, when run looks like an authentication request for the WPA/2 password? Quote Link to comment Share on other sites More sharing options...
dclay Posted March 24, 2015 Author Share Posted March 24, 2015 yes to both of you and btw thank you both for answering me and helping me out.............now i want very simply to make the pineapple act more real than it already does. So, in effect, i would like to make an wpa2 access point and when the user is challenged with the wpa2 key it would be sent/saved so i can read it (sql, or txt/log)...i have been researching php and i wanted to know if i could use a cropped php page and make it work with $POST??? Quote Link to comment Share on other sites More sharing options...
dclay Posted March 24, 2015 Author Share Posted March 24, 2015 currently we depend on a level of stupidty for our attacks to work, so to enhance our effectiveness I'm trying to learn how to close that gap......no one else has tried full WPA2 access point emulation?? i know im not the first to think of it. Quote Link to comment Share on other sites More sharing options...
fringes Posted March 24, 2015 Share Posted March 24, 2015 For your client/victim to be challenged, you would have to provide an WPA2 AP. If you do that, the password they enter will be hashed before being returned to AP. A deauth attack would be easier. For the user to receive your fake challenge, you already would have your own malware on the victim's machine. If you can do that, you don't need to capture just an AP password; you'd already own their box. The WPA2 handshake is network, not web related. A practical and effective way to capture the AP password is with the SE attacks described above by J5x86. Quote Link to comment Share on other sites More sharing options...
DataHead Posted March 24, 2015 Share Posted March 24, 2015 The problem wpa2 emulation with a different password than what the real wpa2 network has, it will still be encrypted packets. You can however successfully clone a wpa2 network if you know the real wpa2 networks password, and use the same mac address, channell etc. But makes it pointless because we would have to already know the password. I think the best we will get for this kind of information gathering, would be with Linset. Its not quite what you are wanting, but it works great Quote Link to comment Share on other sites More sharing options...
DataHead Posted March 24, 2015 Share Posted March 24, 2015 Seems me and fringes posted at the same time lol Quote Link to comment Share on other sites More sharing options...
fringes Posted March 24, 2015 Share Posted March 24, 2015 Linset is interesting, but it's still in Spanish. Does it create a WPA/WPA2 AP, or is it just doing a deauth (capture handshake) attack and putting up an unprotected twin? Quote Link to comment Share on other sites More sharing options...
dclay Posted March 24, 2015 Author Share Posted March 24, 2015 you both are awesome and thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.