Gh0stRunner Posted October 24, 2018 Posted October 24, 2018 can the Pineapple Nano be used to crack a VPN connection? say you are in the parking lot at Starbucks and a user inside is connecting via VPN to his corporate networks. Since you capture the user's credentials before they connect to the VPN server (as they connect to Starbucks's hotspot) would that ultimately allow you as the Pineapple user to also gain access to the VPN server and thus the corporate network? what about someone doing online banking via VPN at a Starbucks? Is there a payload that can essentially allow you to capture VPN encapsulations and decipher them to access credentials? Just curios ?
Dice Posted October 25, 2018 Posted October 25, 2018 2 hours ago, m40295 said: Simple answer no A longer answer : no, because The connection for a VPN (userid / password / token) is totally encrypted and therefore not accessible for you to see/snoop or capture; all you see is a datastream. In theory : if you can set up a reverse shell from the targets computer to your computer and he connects to another source you could access that ... if the connecton is available.
Gh0stRunner Posted October 28, 2018 Author Posted October 28, 2018 On 10/25/2018 at 6:05 AM, Dice said: A longer answer : no, because The connection for a VPN (userid / password / token) is totally encrypted and therefore not accessible for you to see/snoop or capture; all you see is a datastream. In theory : if you can set up a reverse shell from the targets computer to your computer and he connects to another source you could access that ... if the connecton is available. for the reverse shell you got the Bash Bunny to the rescue if you can insert it into the user's machine so this would make for a killer combo with the Pineapple and Bunny
Dice Posted October 29, 2018 Posted October 29, 2018 On 10/28/2018 at 3:53 AM, LivingL393nd said: for the reverse shell you got the Bash Bunny to the rescue if you can insert it into the user's machine so this would make for a killer combo with the Pineapple and Bunny However true, that was not your question.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.