Jump to content

Client in AP open connected to the management network (172.16.42.x)

fede

By fede
in WiFi Pineapple TETRA

 Share

Recommended Posts

fede Newbie

fede

Posted
Posted

Hi, i Have a question for tetra

When a victim connects to the WiFi Pinapple network the user is assigned an ip address inside the network 172.16.42.x.

A user more familiar with these attacks may browse to the 172.16.42.1 management interface and potentially identify this attack. 

How can I change the SUBNET of the AP preventing the victim from accessing the console? or how can I make the console inaccessible
Link to comment
Share on other sites
chrizree Community Regular

chrizree

Posted
Posted

There is at least some degree of built in "security by obscurity" in the use of port 1471, i.e. a user won't accidentally land on the web admin GUI just by loading 172.16.42.1 and some active port scan is needed to get hold of the port in use.

You could alter the configuration of nginx to limit the client IP address(es) that can access the web server on the Pineapple. Use a static IP address outside of the DHCP scope and allow only that IP address to access the web admin GUI on port 1471. It's not at all bullet proof though since someone might test each address outside of the DHCP scope and find the one that works. Not very likely, but totally possible. And... most important, doing this might mess up some vital WiFi Pineapple functionality. This "method" affects both the open AP and the management AP of the Pineapple since they use the same IP range.

So, after the disclaimer of doing this at your own risk, this is how you could do if it suits your needs (not that a high risk though since it's easy to revert using an SSH session).

Make a copy of the original/current nginx configuration file
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org

Edit the nginx configuration file
nano /etc/nginx/nginx.conf

Scroll down to the server segment specifying the listen port 1471

Below the line "listen       1471;" add
            allow  172.16.42.13;
            deny all;

The "allow" address should be within the 172.16.42.0/24 range but not within the DHCP scope, 172.16.42.13 is just an example address

Save the nginx configuration file and exit nano

Restart nginx
/etc/init.d/nginx restart

Then use the static IP for the PC (or whatever device) that is supposed to be allowed to access the web GUI according to the nginx configuration file

Link to comment
Share on other sites
fede Newbie

fede

Posted
  • Author
Posted 
Thanks 1000 for the information. Now at least it is not possible to see the GUI page from the open AP. Honestly, at first I thought that a controller cannot be discovered that easily .. but with this solution the doubt is resolved.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...