Jump to content

DeAuth Question / Problem


Recommended Posts

Hi everyone...

I was hoping that maybe someone with a bit more experience with the Pineapple could shed some light on a DeAuth (what appears to be), a problem. (Since I'm a "Noob" to the Pineapple)

1) SCENARIO: I'm "DeAuth'ing" at home from my home Access Point & home devices, (i.e Laptops, iPhones / iPads, etc...)
No matter how many DeAuth Frames I send, the client devices don't "DeAuth" from my home Access Point & associate to the Pineapple. (and show up in the Dashboard as connected clients) - Nothing happens ! - NOT EVEN A MOMENTARY DISASSOCIATION on the Client device... (Curious indeed !)

2) PINEAPPLE CONFIGURATION:

  • The Pineapple is using the AC Adapter.
  • The Pineapple has been reset to Factory Defaults.
  • I am running v1.1.2 firmware.
  • The Pineapple is connected to my Kali Linux Laptop via the supplied USB Y-Cable.
  • I have run the wp6.sh script.
  • I have tested Internet connectivity on the Pineapple (fetching "bulletins" & listing of Modules) and everything works. 
  • I have enabled PineAP and have all options in PineAP enabled and saved. (It's capturing SSIDs & putting them in the pool as Probe Requests come in...)
  • I have validated that the laptop I want to DeAuth is indeed connected to my home Access Point !
  • The Management AP "IS NOT" disabled. and the Open AP SSID IS NOT Hidden.

3) HOME ACCESS-POINT CONFIGURATION / Clients

  • Linksys WRT54G
  • Authentication: WPA2 Personal
  • Home Access Point is located about 15ft from Client devices (Windows 7 Laptops & Apple iPads & Apple iPhones, etc...)
    (Home Access-Point is down stairs, Laptop I'm DeAuthing... up stairs - about 15ft away)

4) PROCEEDURE:

  • I ran a 10min RECON Scan for both 2.4 & 5GHz. I see my Home Access Point (2.4GHz) with all associated Clients mentioned above.
  • From the Scan results page, using the Drop-Down Menu & added the Client MACs to the PineAP Filter & switched the MAC's in "Allow" Mode (So ONLY those MACs can associate)
  • From the Scan results page, using the Drop-Down Menu, I clicked the "DeAuth" Button (using Various DeAuth Multipliers) on the verified Laptop that was connected to my Home Access Point.

5) RESULT:

No device "DeAuth'd" and associated with the Pineapple. (including other devices (Apple iPads & Apple iPhones) - that were also in the PineAP Filter Allow list.

6) OBSERVATIONS:

  • If I physically turn off the Wireless card on the Laptop I want to DeAuth and wait until the connection is cleared the Home Access Point, then turn it on again, I see (2) SSIDs of the home Access Point appearing on the Laptop (One secured, the other unsecured) - which I believe is expected behavior.... but none-the-less, it doesn't associate with the Pineapple, just to the home Access Point.

I'm wondering if the fact that the home Access Point is in range and is a secure connection that the Client will first associate to a secure vs. unsecured connection first???
OR
the very fact that the home Access Point is present. Vs. not present - at say a Starbucks....then could I expect the desired result?
(I believe it all has to do with request probes)

Any information or help anyone could provide, would be of great appreciation !!

Thanks all !!

Link to post
Share on other sites
5 hours ago, highxenburg said:

I'm wondering if the fact that the home Access Point is in range and is a secure connection that the Client will first associate to a secure vs. unsecured connection first???
OR
the very fact that the home Access Point is present. Vs. not present - at say a Starbucks....then could I expect the desired result?
(I believe it all has to do with request probes)

Any information or help anyone could provide, would be of great appreciation !!

Thanks all !!

You Just answered your own question. :)  The fact that your home network is most likely on the top of the list for all your devices means that even when deauthed they will still go for those first because they are the first on the list and secured.  most devices today will let you connect to open AP's but some will give you a warning saying its an open ap.  your devices want security when available.  Now say your at starbucks and you do the same thing, your devices will not have that secure AP to connect to so it will go to the next best wifi option.  If that happens to be an open ap then it will connect.  the pineapple works off clients that have saved open ap's saved on the device.   

So with that being said Ive knocked my sister off my stepmoms wifi and got her to connect to the pineapple, because even though it was a secure network, she had open ap's save in here iphone that were technically in line before my stepmoms, so automatically connected to the pineapple through a bestbuy open ap saved in her phone before my stepmoms secure network..... does this make sense?

  • Upvote 1
Link to post
Share on other sites

Thanks b0N3z...,

Kinda what I thought. I also found that my Source Address in PineAP was 00:00:00:00:00:00 (instead of the MAC of wlan0...).
(But I don't know that it had anything to do with it)....

However, when I changed the source to wlan0 MAC, I was able to DeAuth Clients off my home Access Point.
(But the clients didn't try to reconnect back to the Pineapple automatically)....If I did it manually, I then saw them in the Dashboard.

Is that expected operation? (I suppose it has to do with how the client device behaves by default....)?

I suppose if you were at say .....a Starbucks ....., and DeAuth'd a client, the person with the device, would just try and reconnect manually to the spoofed SSID.... YES?

 

Link to post
Share on other sites

I totally forgot about that, yes the tetra is funny when you first set it up and has 00:00:00:00:00:00 as the source mac, kinda weird.  and yes

Link to post
Share on other sites
  • 3 weeks later...

Please can you just shed a little light on this for me.

I too am having the exact same problem with my nano and tetra... no matter how many times I deauth... Nobody gets deauthed off my router... I mean i have the clients in the filter list set to enabled (all the clients on my router) - I also add the SSID to the pool.... I have deamon set with all the tick boxes... But no matter what I do, nobody gets deauthed and i never capture any clients???

Link to post
Share on other sites
On 7/14/2017 at 4:15 PM, highxenburg said:

By default, the Source Address in PineAP is 00:00:00:00:00:00 (instead of the MAC of wlan0...).

Once I set Source Address in PineAP to wlan0, everything starting working as desired operation.
I would check that first.

Ok I will try this thank you

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...