Jump to content
sbb

Should have had a client by now..?

Recommended Posts

I received my Nano a few days ago and watched several videos on the site to make sure I was up to speed when it arrived.

I got it all set up and installed a few modules.

From here, I ran recon and saw all of the results in my area.

Many of them were my own but there were a couple in range from neighbors, one of which agreed to let me "audit" him.

 

After adding all of the MAC addresses associated with his SSID to the "Allow Mode" client filtering, I waited...

I have about 20 MAC addresses in my filter, a dozen SSID's in the Pine AP Pool (including his) as well as all of the options checked in the Pine AP section.

When I view the near by wireless networks on my own phone, I see all of these Access Points being sent out as "Open" with the same names as the ones in the pool which is expected.

 

With an up time of 29 hours, I have yet to have a single client connect to any of the AP's (other than myself as a test).

I have restarted it several times as well as re-flashing the firmware today.

 

Many of the SSID's in recon are Mixed WPA, WPA, and WPA2. From what I have read, this would only work with WPA due to the handshake?

To make sure it wasn't just an issue with my friends SSID, I added several of the nearby ones to the pool (the clients connected to them).

I have tried running Deauth through the scan results as well as the Deauth module.

 

Am I doing something wrong here? I feel like the only way this will end up working is if some one in the area connects to one of the SSID's that are being emulated vs getting any existing connections to my AP.

Just trying to see where I have went wrong here.

 

Thanks for any info you can provide!

Share this post


Link to post
Share on other sites
5 hours ago, sbb said:

I feel like the only way this will end up working is if some one in the area connects to one of the SSID's that are being emulated vs getting any existing connections to my AP

you pretty much came to the conclusion by yourself :)

Forcing clients off of a secured network isnt the real strength of the pineapples - not saying its not possible but in most cases the client devices prefer a secured network over an open one and have a stronger signal to them than your pineapple  - your options are a deauth attack in the hope to harass a user enough to click connect to an open network. Or you can attempt a WPS attack (if WPS is enabled on network) or a more traditional handshake capture and take the successful capture and run a password brute force attack against it.

Where the pineapples come into there own is around unassociated clients looking for known networks. - such as personal devices at a work office location. The real vulnerable clients are the ones who have associated with an open network in the past (these will mostly be picked up by the pineapple like a sponge soaking up water) Or you could try making a new network that a client might be looking for such as an open guest network in a lobby area of a corporation that actually has no guest wifi.

Keep it legal :)

Edited by Just_a_User
  • Upvote 1

Share this post


Link to post
Share on other sites

I had a similar problem when first setting up mine, until I realised that the network that Darren used in his starter video was open. I went to a shopping center the other day, and at one point I managed to get around 15 clients connected to me, through 5 different networks. Obviously, the only reason this had worked, was because all of the networks the devices were connecting to were open, but beside that, it worked like a charm... :happy:

Share this post


Link to post
Share on other sites
21 minutes ago, drowZ said:

I had a similar problem when first setting up mine, until I realised that the network that Darren used in his starter video was open. I went to a shopping center the other day, and at one point I managed to get around 15 clients connected to me, through 5 different networks. Obviously, the only reason this had worked, was because all of the networks the devices were connecting to were open, but beside that, it worked like a charm... :happy:

Awesome, I assumed that a public location or a de-auth would be the best way to do it. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...