Jump to content

infusion that collects stored SSID passwords


Coroner

Recommended Posts

Hello,

so i live opposite a school and during drop off and pick up

day 1.. pineapple harvested a ton of SSID's from mobile phones probing

day 2.. had alot of connected clients connected to the SSID's pineAP made

when the mobile phones connect to the SSID would they automatically give up the WPA stored password upon login? and if so is there an infusion that will siphon the password to a log file?

they may only give up the password if wpa security is set to on.. maybe someone could make an infusion that acts like wpa is turned on and is requestiong a password while we are connected to the client and logging the information they give up

Cheers

Coroner

Link to comment
Share on other sites

In order to take in WPA clients you must already know the key, defeating the purpose of having such an infusion - if I understand correctly.

Also, I'm assuming you aren't authorised to be doing this outside of a school at peak times, and if so you should probably stop doing that.

Link to comment
Share on other sites

In order to take in WPA clients you must already know the key, defeating the purpose of having such an infusion - if I understand correctly.

when pineAP clones the SSID's that the phones are probing for, once they probe again and find the SSID made by the pineapple, i would of thought that they would hand over the SSID password fairly easily??

Link to comment
Share on other sites

when pineAP clones the SSID's that the phones are probing for, once they probe again and find the SSID made by the pineapple, i would of thought that they would hand over the SSID password fairly easily??

The devices dont just spit out the passwords in plaintext over the waves, that would completely defeat the encryption.

Link to comment
Share on other sites

when pineAP clones the SSID's that the phones are probing for, once they probe again and find the SSID made by the pineapple, i would of thought that they would hand over the SSID password fairly easily??

Nope, that's what the 4-way handshake is for.

Best regards,

Sebkinne

Link to comment
Share on other sites

when the mobile phones connect to the SSID would they automatically give up the WPA stored password upon login? and if so is there an infusion that will siphon the password to a log file?

Cheers

Coroner

I've been looking at a project called Fluxion that basically setups a fake clone AP of the target network and also captures the WPA Handshake so that when someone connects to the AP when they get sent to the fake page they will be asked to enter their wifi password and it checks to make sure it matches the password inside the cap which you capture durning the setup.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...