Jump to content

Questions on how to get started with PA Mark 7


Joshy
 Share

Recommended Posts

Hello, I am new to Hak5 forums and still have to learn a lot about the Pineapple. I just started,
so please have mercy with me 🙂


Maybe someone can clarify and answer some of my (sure in your eyes silly) questions regarding the Mark 7. 😅


Recon:
=====
Settings - Time interval like 30 seconds does REFESH every given amount of time (e.g.30 sec)
and list newly connected devices AND adds or removes in-/active APs - is this correct?
Or should it only scan one time for 30 seconds and NOT refresh again (Snapshot)?
I am seeing different results. Sometimes no flickering/refresh, and sometimes it does refresh
every few seconds.

Issue:

- I deauthed a client, which came back to reconnect succesfull BUT never showed up
again on this AP's connected devices. Instead goes and stays under "unassociated clients", which is not true.

No chance to get it back from the unassociated area again (started phone again, reconnected to the AP,
did a new recon scan, disabled PineAP, checking filters, switching to another AP and back to my main AP etc.)

Even after rebooting the Pineapple or switching my phone/clientdevice to another AP (5) and back to the normal AP (2,4)
of my home router it still does not get back catched by a fresh or existing recon 😕 


PineAP & Filters:
============
If I add a specific MAC to the filter, and select "Allow List", I would expect to only monitor
and look for this client device. Same with the SSID. But still everything gets collected.
is this ment to work this way?

In my test I did enter my MAC Address like "aa:aa:aa:aa:aa:aa " (= just an exampl ehere for my phones MAC)
to the "Allow List" MAC. The SSID Pool - Filter was set to an empty "Deny List".

Still every client got collected. Am I doing it wrong there? Is it for a different use case?

Maybe I don't want to set it to "Deny List" (with no entry/ monitor everything).
How would I setup a targeted Campaign or Recon for a specific MAC or SSID ONLY?


I did try to add the Target Client MAC Address in the PineAP via "Target MAC Address".
What kind of effect does this have?
I guess the "Source MAC Address" is to spoof the FakeAP/Broadcasted SSID?


What is "PineAP Enterprise" for?


Campaigns-Reports:
===============
Why isn't there an option to delete chosen html-campaign-reports from the GUI?
Currently you can only download them, but not delete (doing it via console/webshell at the moment).


I would love to buy a Book/Guide on this awesome Mark 7 and learn more. Checked for YT videos so far.
Hopefully some questions can be answered here. Sorry again, I just started learning about this amazing area of tech.
Thank you for taking your time to guide me a it in this 🙂

 

  • Like 2
Link to comment
Share on other sites

Hi,

On 10/26/2020 at 7:22 PM, Joshy said:

Recon:
=====
Settings - Time interval like 30 seconds does REFESH every given amount of time (e.g.30 sec)
and list newly connected devices AND adds or removes in-/active APs - is this correct?
Or should it only scan one time for 30 seconds and NOT refresh again (Snapshot)?
I am seeing different results. Sometimes no flickering/refresh, and sometimes it does refresh
every few seconds.

The scan will refresh in the UI every 5 or so seconds, the scan duration is how long Recon will run for in total.

On 10/26/2020 at 7:22 PM, Joshy said:

Issue:

- I deauthed a client, which came back to reconnect succesfull BUT never showed up
again on this AP's connected devices. Instead goes and stays under "unassociated clients", which is not true.

No chance to get it back from the unassociated area again (started phone again, reconnected to the AP,
did a new recon scan, disabled PineAP, checking filters, switching to another AP and back to my main AP etc.)

Even after rebooting the Pineapple or switching my phone/clientdevice to another AP (5) and back to the normal AP (2,4)
of my home router it still does not get back catched by a fresh or existing recon 😕 

- This could be due to Recon just not seeing activity from that device at the right time since the re-association. 

On 10/26/2020 at 7:22 PM, Joshy said:

PineAP & Filters:
============
If I add a specific MAC to the filter, and select "Allow List", I would expect to only monitor
and look for this client device. Same with the SSID. But still everything gets collected.
is this ment to work this way?

In my test I did enter my MAC Address like "aa:aa:aa:aa:aa:aa " (= just an exampl ehere for my phones MAC)
to the "Allow List" MAC. The SSID Pool - Filter was set to an empty "Deny List".

Still every client got collected. Am I doing it wrong there? Is it for a different use case?

Maybe I don't want to set it to "Deny List" (with no entry/ monitor everything).
How would I setup a targeted Campaign or Recon for a specific MAC or SSID ONLY?

Your expectation is wrong here - the Filters are meant to prevent associations to the device, not to prevent devices from showing up in the Recon scans. If it worked this way, it'd be frustrating to add new devices to the filters via Recon, which isn't the workflow we are working towards.

On 10/26/2020 at 7:22 PM, Joshy said:

I did try to add the Target Client MAC Address in the PineAP via "Target MAC Address".
What kind of effect does this have?
I guess the "Source MAC Address" is to spoof the FakeAP/Broadcasted SSID?

These are settings you shouldn't mess with unless you know what you're doing. Target MAC Address and Source MAC Addresses are values used in the generation of spoofed frames.

On 10/26/2020 at 7:22 PM, Joshy said:

What is "PineAP Enterprise" for?

Evil AP attacks against WPA Enterprise access points. If you generate the certs with the setup page and then enable the AP once it's complete, you'll see it.

On 10/26/2020 at 7:22 PM, Joshy said:

Campaigns-Reports:
===============
Why isn't there an option to delete chosen html-campaign-reports from the GUI?
Currently you can only download them, but not delete (doing it via console/webshell at the moment).

This has been requested a lot, and will be added in the next update.

  • Like 2
Link to comment
Share on other sites

  • 5 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...