KingOfPine@pples Posted July 4, 2015 Share Posted July 4, 2015 What are some effective attacks using the pineapple against encrypted networks where the passphrase is already known? Let's assume you only get to use the pineapple, so no kali or laptops or anything like that. One method I can think is for an attacker to respond to beacon requests with an encrypted, spoofed AP using the known passphrase, but I don't think that is possible using the pineapple. I realize that may be a convoluted, ill-thought up method, but is that even possible at all? I understand a bit about handshakes etc, but would it be possible if the pineapple had a little different hardware or software? Just curious about that one really. Would most of you just use ssl-strip and ettercap or something? Thanks for your time. Quote Link to comment Share on other sites More sharing options...
phpsystems Posted July 4, 2015 Share Posted July 4, 2015 If you want to set the pineapple up as a rogue access point, that would be possible. The attack is called "Evil twin". You could then setup a pineapple as a repeater, while deauthing connections to the main AP. As to what I would run, that would depend on the engagement. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 4, 2015 Share Posted July 4, 2015 If you know the passphrase, then it's not an encrypted network. Quote Link to comment Share on other sites More sharing options...
KingOfPine@pples Posted July 4, 2015 Author Share Posted July 4, 2015 (edited) So how do you set up an eviltwin on the Pineapple? The nodogsplash module? As far as I can tell the Pineapple has no capibilities to spoof a WEP, WPA, or WPA2 network, even when the password is known. Barry, can you provide some helpful information on how an adversary would execute an attack on a WPA2 or otherwise "protected" network that he already knows the passphrase to? Let's say the attacker is trying to sniff out password or emails or something like that. Just general hackery. I know this has been asked before, but I want to be clear. It it possible for the Pineapple to spoof a WPA2 AP with an evil WPA2 AP when the password is already known by the Pineapple user? If a Pineapple attacker has the password to a WPA2 AP, how would he go about monitoring for passwords, email etc.? Haven't had much luck with ettercap. Thanks for the replies Edited July 4, 2015 by KingOfPine@pples Quote Link to comment Share on other sites More sharing options...
DataHead Posted July 4, 2015 Share Posted July 4, 2015 (edited) I'm pretty sure this can all be set up by editing the wireless configuration file stemming from /etc ( I'll check soon ) If you edit the pineapples wlan0 ( open network ) to have the password of that of the target, all ap's spoofed from pineAP will require that password. That is at least true a few firmware revisions ago. And then you can add the network name to the list AP's to spoof, then you should be good. Edit: Okay, yeah the wireless file is in /etc/config And is called "wireless" Edited July 4, 2015 by DataHead Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 5, 2015 Share Posted July 5, 2015 If you know the passphrase, just set up the essid with the correct passphrase on the pineapple. No infusions needed. After that, you're going to need to deauth the real ap to get the clients to connect to you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.