plub Posted October 17, 2016 Share Posted October 17, 2016 I've borrowed my friend's Pineapple Nano. I was going to buy the Tetra but now I'm in doubt. My laptop is connected to my own encrypted AC. My Pineapple is getting access to the internet through my laptop. I've done a recon and found all the "target" devices I own and which is connected to my encrypted AC. I then spoof my own AC (unencrypted). And successfully deauth all my target devices, but none of them reconnects to my spoofed AC. Even if I shutdown my encrypted AC, none of the devices connect to my spoofed AC. What am I missing? :( I know the AC is encrypted, but shouldn't that be irrelevant since the Pineapple is already connected to that AC? Quote Link to comment Share on other sites More sharing options...
Houdini77 Posted October 17, 2016 Share Posted October 17, 2016 I thought that most modern devices understand the difference between an encrypted AC and a non encrypted one and will not automatically connect to an unencrypted one. I'll let the more experienced experts comment, but I thought that's the way they behave. Quote Link to comment Share on other sites More sharing options...
plub Posted October 17, 2016 Author Share Posted October 17, 2016 23 minutes ago, Houdini77 said: I thought that most modern devices understand the difference between an encrypted AC and a non encrypted one and will not automatically connect to an unencrypted one. I'll let the more experienced experts comment, but I thought that's the way they behave. You're probably right. What a shame, I was hoping to MITM my family without messing with my router settings or physically getting my hand on their devices. At work though, we have an open AC. When we connect, we are presented a landing page where we have to input credentials before being able to surf... I guess I will be able to MITM my colleagues :-) Will try tomorrow. Quote Link to comment Share on other sites More sharing options...
bored369 Posted October 17, 2016 Share Posted October 17, 2016 I believe it is correct you can't force most devices to connect to an open wifi point with the same name of an encrypted one they are expecting. If they have an open wifi they have connected to in the past and your signal is stronger than the one they are connected to they should automatically connect you first (normally, may need some deauthing and various things about ensuring your signal is stronger than the one they were previously connected to) You can however use the pineapple to capture the handshake and then setup an encrypted AP with the same password and work magic from there. Quote Link to comment Share on other sites More sharing options...
Rainman_34 Posted October 17, 2016 Share Posted October 17, 2016 you can't force them to join if they are only looking for an encrypted network. When the device and router talk the device says where is XXX. The router says I am XXX and then the device says it wants to join XXX. If it is an encrypted network the router will then ask for the password. If the device is expected to be asked for a password and it is not asked for a password then it will tell the router it found the wrong XXX and not connect. However if the device is looking for an open network then the connection will happen. P.S. - in this case XXX is the network SSID. Quote Link to comment Share on other sites More sharing options...
plub Posted October 17, 2016 Author Share Posted October 17, 2016 I've been using the 4 hours ago, bored369 said: You can however use the pineapple to capture the handshake and then setup an encrypted AP with the same password and work magic from there. I'm using the module "Site Survey" to capture handshakes, in order to fetch the password hash and then crack it using hashcat with a number of different dictionaries... My problem is that "Site Survey" hasn't been able to capture a single WPA2 handshake, even though I've been deauthing and manually reconnecting my devices like a madman... I guess I'll just use kali to capture handshakes, since pineapple doesn't make it easy :( 1 Quote Link to comment Share on other sites More sharing options...
bored369 Posted October 18, 2016 Share Posted October 18, 2016 4 hours ago, plub said: I've been using the I'm using the module "Site Survey" to capture handshakes I guess I'll just use kali to capture handshakes, since pineapple doesn't make it easy :( I've captured a few handshakes with site survey. I don't have to reconnect anything. I normally go Capture on->Deauth on->once i see clients have dropped (since i'm doing a test lab and can see the clients drop)->Deauth off If it doesn't capture a handshake when i see them reconnect I leave the capture on and start again from Deauth on->-> I haven't not gotten a handshake yet. Seems pretty easy. Plus you can always SSH in and do the same airbase-ng suite commands you can do on kali (you can even install wifite if you want to go that route) Quote Link to comment Share on other sites More sharing options...
dutybr Posted November 22, 2016 Share Posted November 22, 2016 On 10/17/2016 at 10:25 PM, bored369 said: I've captured a few handshakes with site survey. I don't have to reconnect anything. I normally go Capture on->Deauth on->once i see clients have dropped (since i'm doing a test lab and can see the clients drop)->Deauth off If it doesn't capture a handshake when i see them reconnect I leave the capture on and start again from Deauth on->-> I haven't not gotten a handshake yet. Seems pretty easy. Plus you can always SSH in and do the same airbase-ng suite commands you can do on kali (you can even install wifite if you want to go that route) Thanks! 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.