crystal Posted October 29, 2017 Share Posted October 29, 2017 Hi everyone. Devices that connect to the an open AP (from PineAP SSID Pool) can browse to the management page (172.16.42.1:1471). I guess that access is supposed to be allowed only for devices connected on Management AP. The error persist even after a firmware reset. Does anybody know to fix it? Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted October 29, 2017 Share Posted October 29, 2017 21 minutes ago, crystal said: Hi everyone. Devices that connect to the an open AP (from PineAP SSID Pool) can browse to the management page (172.16.42.1:1471). I guess that access is supposed to be allowed only for devices connected on Management AP. The error persist even after a firmware reset. Does anybody know to fix it? Yeah, if this is happening, this should be more like a bug, not a feature request to be able to turn off. I think the management of the device should not be available from the open spoofed wifi. Was there a Blackhat talk showing a screenshot of a p0wned Pineapple used at a defcon with a nice message for the owner? Wonder if this was how it was p0wned? Link to comment Share on other sites More sharing options...
crystal Posted October 29, 2017 Author Share Posted October 29, 2017 10 minutes ago, PoSHMagiC0de said: Yeah, if this is happening, this should be more like a bug, not a feature request to be able to turn off. I think the management of the device should not be available from the open spoofed wifi. Was there a Blackhat talk showing a screenshot of a p0wned Pineapple used at a defcon with a nice message for the owner? Wonder if this was how it was p0wned? The Def Con you mentioned was held in 2014, before NANO was released (news link). According to the news, Hak5 fixed the bug used by the attacker. Don't think it's related to the one I mentioned in this thread. Link to comment Share on other sites More sharing options...
b0N3z Posted October 29, 2017 Share Posted October 29, 2017 the bug on the mark5 is different from this. I have noticed this also but remember that wlan0 (OpenAP for Pineap) and wlan0-1 are run off the same radio. wlan0-1 is a virtual interface for the management AP which is why I think you can access it from both AP's. With that said, and I know this doesnt fix anything, but how many people do you know that will know the port number 1471 and try to access that from the openap. also even if they get there they still need the password to access it. That doesnt mean they couldnt try to bruteforce the password and get access if your password is weak. Link to comment Share on other sites More sharing options...
JediMasterX Posted November 3, 2017 Share Posted November 3, 2017 No need to crack or anything... but you could be hunted down easly by a sys admin etc who look for his wifi network. And thats enough to say bye bye to your assesment JMX Link to comment Share on other sites More sharing options...
BeNe Posted November 4, 2017 Share Posted November 4, 2017 Just a quick brainstorming...with or without sense What a about a .htaccess file to protect the Login, nobody know´s what´s behind change webserver config to allow only some IP´s to the Login for the admin folder seperate IP range for clients or a smaller netmask so you can route Client´s separate Own network interface for clients or a VLAN Link to comment Share on other sites More sharing options...
Foxtrot Posted November 4, 2017 Share Posted November 4, 2017 Thanks for reporting this :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.