Jump to content

Client in AP open connected to the management network (172.16.42.x)


Recommended Posts

Hi, i Have a question for tetra

When a victim connects to the WiFi Pinapple network the user is assigned an ip address inside the network 172.16.42.x.

A user more familiar with these attacks may browse to the management interface and potentially identify this attack.

How can I change the SUBNET of the AP preventing the victim from accessing the console? or how can I make the console inaccessible
Link to comment
Share on other sites

There is at least some degree of built in "security by obscurity" in the use of port 1471, i.e. a user won't accidentally land on the web admin GUI just by loading and some active port scan is needed to get hold of the port in use.

You could alter the configuration of nginx to limit the client IP address(es) that can access the web server on the Pineapple. Use a static IP address outside of the DHCP scope and allow only that IP address to access the web admin GUI on port 1471. It's not at all bullet proof though since someone might test each address outside of the DHCP scope and find the one that works. Not very likely, but totally possible. And... most important, doing this might mess up some vital WiFi Pineapple functionality. This "method" affects both the open AP and the management AP of the Pineapple since they use the same IP range.

So, after the disclaimer of doing this at your own risk, this is how you could do if it suits your needs (not that a high risk though since it's easy to revert using an SSH session).

Make a copy of the original/current nginx configuration file
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org

Edit the nginx configuration file
nano /etc/nginx/nginx.conf

Scroll down to the server segment specifying the listen port 1471

Below the line "listen       1471;" add
            deny all;

The "allow" address should be within the range but not within the DHCP scope, is just an example address

Save the nginx configuration file and exit nano

Restart nginx
/etc/init.d/nginx restart

Then use the static IP for the PC (or whatever device) that is supposed to be allowed to access the web GUI according to the nginx configuration file

Link to comment
Share on other sites

Thanks 1000 for the information. Now at least it is not possible to see the GUI page from the open AP. Honestly, at first I thought that a controller cannot be discovered that easily .. but with this solution the doubt is resolved.
Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...