Jump to content

Effective Pineapple Attacks Against Encrypted Networks with Known Passphrase

Recommended Posts

What are some effective attacks using the pineapple against encrypted networks where the passphrase is already known?

Let's assume you only get to use the pineapple, so no kali or laptops or anything like that.

One method I can think is for an attacker to respond to beacon requests with an encrypted, spoofed AP using the known passphrase, but I don't think that is possible using the pineapple. I realize that may be a convoluted, ill-thought up method, but is that even possible at all? I understand a bit about handshakes etc, but would it be possible if the pineapple had a little different hardware or software? Just curious about that one really.

Would most of you just use ssl-strip and ettercap or something?

Thanks for your time.

Link to comment
Share on other sites

If you want to set the pineapple up as a rogue access point, that would be possible. The attack is called "Evil twin".

You could then setup a pineapple as a repeater, while deauthing connections to the main AP.

As to what I would run, that would depend on the engagement.

Link to comment
Share on other sites

So how do you set up an eviltwin on the Pineapple? The nodogsplash module?

As far as I can tell the Pineapple has no capibilities to spoof a WEP, WPA, or WPA2 network, even when the password is known.

Barry, can you provide some helpful information on how an adversary would execute an attack on a WPA2 or otherwise "protected" network that he already knows the passphrase to?

Let's say the attacker is trying to sniff out password or emails or something like that. Just general hackery.

I know this has been asked before, but I want to be clear.

It it possible for the Pineapple to spoof a WPA2 AP with an evil WPA2 AP when the password is already known by the Pineapple user?

If a Pineapple attacker has the password to a WPA2 AP, how would he go about monitoring for passwords, email etc.?

Haven't had much luck with ettercap.

Thanks for the replies

Edited by KingOfPine@pples
Link to comment
Share on other sites

I'm pretty sure this can all be set up by editing the wireless configuration file stemming from /etc ( I'll check soon )

If you edit the pineapples wlan0 ( open network ) to have the password of that of the target, all ap's spoofed from pineAP will require that password. That is at least true a few firmware revisions ago.

And then you can add the network name to the list AP's to spoof, then you should be good.


Okay, yeah the wireless file is in /etc/config

And is called "wireless"

Edited by DataHead
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...