fede Posted October 26, 2020 Share Posted October 26, 2020 Hi, i Have a question for tetra When a victim connects to the WiFi Pinapple network the user is assigned an ip address inside the network 172.16.42.x. A user more familiar with these attacks may browse to the 172.16.42.1 management interface and potentially identify this attack. How can I change the SUBNET of the AP preventing the victim from accessing the console? or how can I make the console inaccessible Link to comment Share on other sites More sharing options...
chrizree Posted October 27, 2020 Share Posted October 27, 2020 There is at least some degree of built in "security by obscurity" in the use of port 1471, i.e. a user won't accidentally land on the web admin GUI just by loading 172.16.42.1 and some active port scan is needed to get hold of the port in use. You could alter the configuration of nginx to limit the client IP address(es) that can access the web server on the Pineapple. Use a static IP address outside of the DHCP scope and allow only that IP address to access the web admin GUI on port 1471. It's not at all bullet proof though since someone might test each address outside of the DHCP scope and find the one that works. Not very likely, but totally possible. And... most important, doing this might mess up some vital WiFi Pineapple functionality. This "method" affects both the open AP and the management AP of the Pineapple since they use the same IP range. So, after the disclaimer of doing this at your own risk, this is how you could do if it suits your needs (not that a high risk though since it's easy to revert using an SSH session). Make a copy of the original/current nginx configuration file cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org Edit the nginx configuration file nano /etc/nginx/nginx.conf Scroll down to the server segment specifying the listen port 1471 Below the line "listen 1471;" add allow 172.16.42.13; deny all; The "allow" address should be within the 172.16.42.0/24 range but not within the DHCP scope, 172.16.42.13 is just an example address Save the nginx configuration file and exit nano Restart nginx /etc/init.d/nginx restart Then use the static IP for the PC (or whatever device) that is supposed to be allowed to access the web GUI according to the nginx configuration file Link to comment Share on other sites More sharing options...
fede Posted October 27, 2020 Author Share Posted October 27, 2020 Thanks 1000 for the information. Now at least it is not possible to see the GUI page from the open AP. Honestly, at first I thought that a controller cannot be discovered that easily .. but with this solution the doubt is resolved. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.