Jump to content

Spoofing not working


plub
 Share

Recommended Posts

I've borrowed my friend's Pineapple Nano. I was going to buy the Tetra but now I'm in doubt.

My laptop is connected to my own encrypted AC. My Pineapple is getting access to the internet through my laptop.

I've done a recon and found all the "target" devices I own and which is connected to my encrypted AC.

I then spoof my own AC (unencrypted). And successfully deauth all my target devices, but none of them reconnects to my spoofed AC. Even if I shutdown my encrypted AC, none of the devices connect to my spoofed AC.

What am I missing? :( I know the AC is encrypted, but shouldn't that be irrelevant since the Pineapple is already connected to that AC? 

Link to comment
Share on other sites

23 minutes ago, Houdini77 said:

I thought that most modern devices understand the difference between an encrypted AC and a non encrypted one and will not automatically connect to an unencrypted one.

 

I'll let the more experienced experts comment, but I thought that's the way they behave.

You're probably right. What a shame, I was hoping to MITM my family without messing with my router settings or physically getting my hand on their devices.

At work though, we have an open AC. When we connect, we are presented a landing page where we have to input credentials before being able to surf... I guess I will be able to MITM my colleagues :-) Will try tomorrow. 

Link to comment
Share on other sites

I believe it is correct you can't force most devices to connect to an open wifi point with the same name of an encrypted one they are expecting.  If they have an open wifi they have connected to in the past and your signal is stronger than the one they are connected to they should automatically connect you first (normally, may need some deauthing and various things about ensuring your signal is stronger than the one they were previously connected to)

You can however use the pineapple to capture the handshake and then setup an encrypted AP with the same password and work magic from there.

Link to comment
Share on other sites

you can't force them to join if they are only looking for an encrypted network.  When the device and router talk the device says where is XXX.  The router says I am XXX and then the device says it wants to join XXX.  If it is an encrypted network the router will then ask for the password.  If the device is expected to be asked for a password and it is not asked for a password then it will tell the router it found the wrong XXX and not connect.  However if the device is looking for an open network then the connection will happen. 

P.S. - in this case XXX is the network SSID.

Link to comment
Share on other sites

I've been using the 

4 hours ago, bored369 said:

You can however use the pineapple to capture the handshake and then setup an encrypted AP with the same password and work magic from there.

I'm using the module "Site Survey" to capture handshakes, in order to fetch the password hash and then crack it using hashcat with a number of different dictionaries... My problem is that "Site Survey" hasn't been able to capture a single WPA2 handshake, even though I've been deauthing and manually reconnecting my devices like a madman...

I guess I'll just use kali to capture handshakes, since pineapple doesn't make it easy :( 

  • Upvote 1
Link to comment
Share on other sites

4 hours ago, plub said:

I've been using the 

I'm using the module "Site Survey" to capture handshakes

I guess I'll just use kali to capture handshakes, since pineapple doesn't make it easy :( 

I've captured a few handshakes with site survey.  I don't have to reconnect anything.  I normally go Capture on->Deauth on->once i see clients have dropped (since i'm doing a test lab and can see the clients drop)->Deauth off

If it doesn't capture a handshake when i see them reconnect I leave the capture on and start again from Deauth on->->  I haven't not gotten a handshake yet.  Seems pretty easy.  Plus you can always SSH in and do the same airbase-ng suite commands you can do on kali (you can even install wifite if you want to go that route)

Link to comment
Share on other sites

  • 1 month later...
On 10/17/2016 at 10:25 PM, bored369 said:

I've captured a few handshakes with site survey.  I don't have to reconnect anything.  I normally go Capture on->Deauth on->once i see clients have dropped (since i'm doing a test lab and can see the clients drop)->Deauth off

If it doesn't capture a handshake when i see them reconnect I leave the capture on and start again from Deauth on->->  I haven't not gotten a handshake yet.  Seems pretty easy.  Plus you can always SSH in and do the same airbase-ng suite commands you can do on kali (you can even install wifite if you want to go that route)

Thanks!

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...