Tetra PineAP attack issues

[mr_shades]

I've been following the video from Hak5 regarding using recon and PineAP to deauth and then capture clients in the pineapple tetra but cannot seem to actually capture any clients. The pineapple works well otherwise and the access point also works as intended. The landing page works when connecting to the access point from a client as well. I've been testing this on my home network to become more familiar with my pineapple and have been using an open 2.4GHz connection for the tests. In recon mode I can find my target and the MAC address, follow along in the video and everything else seems to work fine, but upon using the Deauth feature in recon the device simple reconnects after a few seconds and not to the pineapple. This is with the proper address in my filters and the allow setting turned on as well. Has anyone run into this issue or know of a fix? I do know the video is well over a year old so there may be some changes since then or something I'm missing but so far my searches have yielded little information that I've been able to use.

[Just_a_User]

 

4 hours ago, mr_shades said:

Has anyone run into this issue or know of a fix?

Are you trying to attack an open or wpa2/wpa/wep encrytped network?

[Cyberfox_DK]

AFAIK it will only work on clients already connected to "open networks". If a client is connected to a WAP* Secured network, it wont connect to a rouge AP with the same SSID.

The user has to explicit choose to connect the the "open" rouge SSID...    In my view, this is not likely to happen.

One solution is to install the module "site survey" and capture enough "IV's" to crack the WPA* hash...    (recommend onlinehashcrack.com - under 8 caracters its free)
(Take a look at this video)

Once you have cracked the WPA hash, set up a rouge AP, as a secured network, using the cracked key.
This should now make your targets (the wifi clients) connect to your AP if the signal is stronger.

Whats missing.:  I would like this option built ind to the Wifipineapple, so its not a manual process...   as far as i can tell (correct me if I'm missing somthing here) it is not possible to set a WPA key on the secondary WLAN adapter on the wifipineapple...   only on the management part.
This is in my oppinion, a critical function - hope it will come in the near future. 

[Just_a_User]

46 minutes ago, Cyberfox_DK said:

AFAIK it will only work on clients already connected to "open networks". If a client is connected to a WAP* Secured network, it wont connect to a rouge AP with the same SSID.

Thats what I was hinting at to the original poster. Its true for the devices I have tested but I have heard of a small number of devices that will still connect but im yet to see this with my own eyes.

46 minutes ago, Cyberfox_DK said:

One solution is to install the module "site survey" and capture enough "IV's" to crack the WPA* hash

Yep, another would be WPS attack but its mainly older routers that are vulnerable. Its actually surprising what WPS attacks sometimes works on still, like printers & IP cameras etc.

46 minutes ago, Cyberfox_DK said:

Once you have cracked the WPA hash, set up a rouge AP, as a secured network, using the cracked key.

This would be an EvilTwin attack and can be done with a module/modification called Networking plus

 

Edited August 23, 2017 by Just_a_User

[Cyberfox_DK]

Great - thanks for the advice !
Will take a look at the NetworkingPlus module