drowZ Posted April 13, 2017 Posted April 13, 2017 I have recently purchased a WiFi Pineapple Nano and was wondering if it was possible to not only impersonate open WiFi networks, but also encrypted ones, by accepting whatever password is first entered. I have attempted to do some quick research about WiFi standards, but did not really find anything about that. What is stopping this from being done? Is the PSK saved on the device, rendering the pineapple useless? Quote
Just_a_User Posted April 13, 2017 Posted April 13, 2017 (edited) I recall this one being asked before, have a read of this: - Edited April 13, 2017 by Just_a_User Quote
digip Posted April 13, 2017 Posted April 13, 2017 If its WPA (not WPA2) and using TKIP, its might be possible to get at the password in the same way you would crack WEP. WPA2 requires the cracking of the password via brute force of the 4 way handshake. You cna always impersonate an AP's SSID, but if the client is expecting something like WPA2, and your an open AP, they won't send you the WPA2 password. They'd still look for the 4 way handshake to take place, but won't prevent them form connecting to your AP. You can try a downgrade attack, forcing them onto your device's open AP, but you'd have to be actively jamming their expected AP and over powering the signal, which if it's a home router, their signal is more than likely closer than you. Cafe and public wifi would be a bit different since you'd have more wiggle room to sit between the client and their expected AP, making the pineapple a much desirable way of siphoning devices actively probing for home networks and the pinapple saying yes, I am your home router or such. In recent years, WPS has been the quickest attack method for WPA/WPA2 networks without knowing the password, and the pixie dust attack combined with tools like reaver, or literally just running a single tool wifite, will make this dead simple so long as devices are vulnerable. This article explains a lot on history side of things and might help http://security.blogoverflow.com/2013/08/wifi-security-history-of-insecurities-in-wep-wpa-and-wpa2/ I believe Offsec also has a video out somewhere, that shows how to attack WPA2 Enterprise but I don't have a link handy. Quote
0phoi5 Posted April 13, 2017 Posted April 13, 2017 (edited) As 'cooper' advises, referencing digip, in the post linked by Just_a_User above... Quote As digip already said in the second post of this topic, you can emulate the real AP to the point where the target will try to connect to you, but the 4-way handshake is there to prove to the other side, in both directions, that the password is known. So the device needs to prove knowledge of the password via a hashed message and the server needs to do the same. Since your fake AP doesn't have this password the client will refuse to connect to you. Your only recourse is to brute-force the crypto which for a WPA2 device is, to put it mildly, a non-trivial challenge. If you want to clone an Access point and make stations (devices) connect to it without issue, the fake AP must; Have the same SSID Have the same encryption Have the same password (usually) Have the same MAC address Have a stronger signal than the original AP, or you can block/deauth the original AP long enough for the stations to connect to you instead. So, step 1 for you will be to find out the password for the original AP. Edited April 13, 2017 by haze1434 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.