caeos Posted January 29, 2019 Share Posted January 29, 2019 I'm planning on picking up the Pineapple Nano Tactical quite soon, and was wondering a few things. Is a 4G modem basically needed for this if you're not tethered on a connection? And can you not monitor and crack networks without a connection in the first place with the Pineapple Nano? Also, does this device really make it any 'easier' to crack WiFi networks persay, or do MITM attacks much smoother, rather then using say, Evilginx? Link to comment Share on other sites More sharing options...
Just_a_User Posted January 29, 2019 Share Posted January 29, 2019 14 hours ago, caeos said: Is a 4G modem basically needed for this if you're not tethered on a connection? Depends on the targets, most modern devices check for internet connection and if not present drop it for data or another connection. Having said that the check for internet is usually a http url so could possibly be faked but ihave not looked into that in any detail so just a theory. 14 hours ago, caeos said: And can you not monitor and crack networks without a connection in the first place with the Pineapple Nano? You can run recon of the wifi landscape and grab handshakes without aninternet connection. 14 hours ago, caeos said: does this device really make it any 'easier' to crack WiFi networks persay, or do MITM attacks much smoother, rather then using say, Evilginx? The pineapples are great for collecting clients that have used an open AP in the past. if you had internet access you could combine this with a phishing page such as Evilginx+ others. But you also have other tools you could use such as running the pineapple traffic through bettercap etc. or run metasploit at pineapple clients etc. lots of options. Not forgetting you could also use a pineapple as a VPN travel router or crude pineapple detection system. Link to comment Share on other sites More sharing options...
caeos Posted January 29, 2019 Author Share Posted January 29, 2019 6 hours ago, Just_a_User said: Depends on the targets, most modern devices check for internet connection and if not present drop it for data or another connection. Having said that the check for internet is usually a http url so could possibly be faked but ihave not looked into that in any detail so just a theory. I see, so could I connect to an open network and basically 'mirror' that connection so thei internet really works on it and confuse other phones to connect to that WiFi connection that is conected to my pineapple nano? Maybe deauthenticating them? Although not sure why the phone would randomly decide to switch to my network.. unless im dosing the public one i'd assume or continually deauthenticating that specific user from the network continually (if that would work right) 6 hours ago, Just_a_User said: The pineapples are great for collecting clients that have used an open AP in the past. if you had internet access you could combine this with a phishing page such as Evilginx+ others. I see, and is a domain required for evilginx in this situation? Never used evilginx before, not sure if it even requires a domain but ive seen that in tutorials. 6 hours ago, Just_a_User said: But you also have other tools you could use such as running the pineapple traffic through bettercap etc. or run metasploit at pineapple clients etc. lots of options. Not forgetting you could also use a pineapple as a VPN travel router or crude pineapple detection system. so essentially you could do more then just stealing credentials, like infecting them with malware throughout the entire network? or am I getting this concept wrong? Also not sure what a pineapple detection system is, but sounds interesting, I will google this. Link to comment Share on other sites More sharing options...
Just_a_User Posted January 29, 2019 Share Posted January 29, 2019 9 minutes ago, caeos said: I see, so could I connect to an open network and basically 'mirror' that connection so thei internet really works on it and confuse other phones to connect to that WiFi connection that is conected to my pineapple nano? Maybe deauthenticating them? Although not sure why the phone would randomly decide to switch to my network.. unless im dosing the public one i'd assume or continually deauthenticating that specific user from the network continually (if that would work right) thats one way, you also have situations where targets have used open wifi in the past (so the device has it saved in known networks) and is currently not in range of known wifi AP's. 11 minutes ago, caeos said: I see, and is a domain required for evilginx in this situation? Never used evilginx before, not sure if it even requires a domain but ive seen that in tutorials. Depends if you want to throw the target ssl errors or not. For home lab you can do without if the browser allows it - but may be wrong. 13 minutes ago, caeos said: so essentially you could do more then just stealing credentials, like infecting them with malware throughout the entire network? or am I getting this concept wrong? it all depnds on the permitted target clients, what they are and what vulns they have. Detection - https://github.com/WiPi-Hunter https://github.com/WiPi-Hunter/PiSavar Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.