Jump to content

N00B question about Karma


nobody:nobody
 Share

Recommended Posts

Hi all. I am new here and considering buying myself a wifi pineapple. I just had a question about karma. It is probably a really dumb question but I could not find the answer anywhere. In all the demonstrations of karma on youtube, they always "spoof" a open wifi that has been saved on the target device. Is it possible to spoof a protected wifi network? So the device will attempt to connect to the wifi pineapple with a wpa2 password which will result in me getting the password? Thanks.

Link to comment
Share on other sites

Simple answer, no.

Longer answer, you would get the initial association but then the 4 way handshake which is the authorisation part of the setup would fail as you on the server side wouldn't be able to prove your identity to the client as you don't know the key.

Link to comment
Share on other sites

Pineapple does have wpa2 pin cracking tho, as of which will give you the AP's pin so you can get/change the password. Think they have reaver,bully and pixiewps on the pineapple to so that should solve your wpa2 password issue hopefully.

Link to comment
Share on other sites

Ok. Thanks. One more question. I know this is technically possible, but I want to know if the Karma software supports it. What if I know the password? For example, I know the password to my school's wifi (I was in the right place at the right time.) So could I save that wifi network/ssid onto the pineapple(If I decide to get one over a MyLittlePwny) so that when I take it to school the teachers will try to connect and get the (Pwn)pi(napple) instead? It is a WPA2-PSK network. Does the Pineapple/PwnPi software support that?

Link to comment
Share on other sites

As primz mentioned, trying to hack your school, not a good idea. You are heading down the wrong path and you'll find yourself in trouble at some point with nothing good to come from it.

To answer your question, if you know a password to another network, can you impersonate them? Yes, but you can do this with ANY wireless router. Any AP you control and can change the SSID and Password for would do the same thing, bring all devices to you - if you have the strongest signal. Your device will be competing with other devices on a network using the same SSID, so whoever is closer and has better signal, that device will eventually have the clients connect to them as this is how wireless works by design and as intended. Exploiting this flaw is commonplace. Also, there are things you can do, which will force them off one AP in order to find another, but unless you have permission or defending your own network, you would most likely be breaking the law in most places around the world. Not to mention this is frowned upon by the hacking community as an unethical move on your part, also known as being a dick.

Things to understand, the pineapple is for pentesters and hobbyists working on/defending their own networks or ones they were hired to test against. Beyond that, you do what you want at your own risk. I would encourage you not to deliberately go after your school network though as that seems like your intent is more malicious than helpful or about learning.

Link to comment
Share on other sites

  • 2 weeks later...

Maybe I should give some context. I am in a Christian school where no one knows anything about computers or networking. My plan was to make a honeypot network named "Free Student WiFi" or something like that which leeches off the staff wifi(which I know the password for) and make every website redirect to zombo.com or Rick Astley.

Link to comment
Share on other sites

Maybe I should give some context. I am in a Christian school where no one knows anything about computers or networking. My plan was to make a honeypot network named "Free Student WiFi" or something like that which leeches off the staff wifi(which I know the password for) and make every website redirect to zombo.com or Rick Astley.

It doesn't matter if it's a Christian School, Satanist school, public school, McDonalds.

If you don't have permission to conduct such activities your an inviting an awful lot of trouble on yourself.

In short, don't do it.

Link to comment
Share on other sites

I'll just add that people have been tracked back from forum posts like this to the places they were trying to hack and then reported. I know a Canadian student who got kicked off his course after asking us to help him hack the grade system.

You've reused your Twitter handle so we already know a lot about you.

Link to comment
Share on other sites

As a prevoius computer/net tech for a very large school district, and a current part time tech for another, I highly recommend against this. We've tracked down rogue access points in the past, it's been the cause of disciplinary actions against students and teachers.

Link to comment
Share on other sites

Lol. Against teachers? Now there's a story I'm looking forward to hearing.

As someone who works in multiple schools do not be surprised at how stupid anyone can be at time. We had one teacher who thought it was fine to bring their Apple TV into the school and started complaining when it would not work on the network. As the school was quite strict on BYOD (ie you don't) I took the Apple TV away and wrote them up for breaking the rules.

Link to comment
Share on other sites

Lol. Against teachers? Now there's a story I'm looking forward to hearing.

. Teacher kept complaining about poor WiFi reception in her classroom. We told her the WiFi was scheduled to be upgraded during summer break and to plug her laptop into the network jack that is right beside her desk. She goes to the local box store and buys her own access point(router). It proceeds do do its thing and starts pushing out its own dhcp addresses. My boss tell me to go out and find it. When I do track it down I walk into the room, pick it up and walk out. When I got to the end of the cables I just yank them out of the wall. She starts yelling at me that it's her property, I tell her it will be in the superintendent's office for her to pick up. I had to go back on the weekend to repunch the network jack I ripped out of the wall, but it was worth it.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...