pineapple 107 Handshakes Captured and Cracked | Connected Clients All The Time and Much More...

[SpragginsDesigns]

The Pineapple Mark VII Is A Beast

by AgtShadow | Shadow Gaming

So, I have so far collected 107 handshakes and cracked a lot of them in Kali Linux. It is scary how powerful this device is. Long read, but I hope you do.

 

TL:DR: Powerful device, google drive folder with redacted screenshots included below this paragraph, how to limit long wordlists when cracking handshakes, converting them and more

 

Opening Thoughts:

 

The screenshots are too big to include here, so here are some I had captured before the update wiped everything, and the ones I took this morning (this Google Drive folder is not from my business account, so it should not ask for permission to view this folder) Google Drive Link

 

I have no plans to do anything with them after cracking them, either. I just wanted to see how powerful this device is. It seems running the Enterprise Client while making a campaign in Active Mode and having the PineAP-Open appears to provide some insane amount of data leaked and near almost constantly connected clients. I live in the suburbs of a city in California Central Valley, so the traffic is low, and the neighbors are limited, but someone getting powerful results with this.

I am working on a React.js web app to deploy by midnight tonight, so I am losing time to Kali/Pineapple to work on this, so I will resume more research on this device, as well as the Rubber Ducky and Bash Bunny Mark II, after I deploy my new website/web app.

I am a Web Designer and Developer first, penetration testing has just been this 14 month passion/hobby of mine, and watching/buying Hak5 gear has been essential, as I carry my Bash Bunny/Rubber Ducky/Work Laptop and WiFi Adapter on me everywhere I go now.

The Handshakes Captured, How and the Results:

I wanted to spend a few hours or so yesterday looking over the insanely long HTML reports, the over 100 handshakes I have had (this screenshot is after I went from beta to stable release, so it erased everything, but I downloaded everything before it being wiped from the update to stable).
I also included a screenshot of my pineapple-handshakes directory in my 6TB external HDD, where I keep all my VMs and store pictures/screenshots/downloads, etc., instead of clogging up my 1TB NVME C:\ drive. I do this with several SSDs and external SSDs as well.

All I ever do with this thing is keep it running in a pinned tab on my Windows 11 machine (64GB of RAM, Intel i9-9900K 5Ghz 8 cores, NVIDIA RTX 3060, Windows 11 Beta Insider Preview Build, etc.), keep it in active mode. From time to time run a campaign I made where it runs inactive. Reports plaintext and HTML reports, and eventually Cloud C2 once I get the time to set it up through the command line, it seems. Still, every time I open Windows Terminal through that directory, I download the Cloud C2 files or cd to it. It does not open like it does when I just double-click it, even running Windows Terminal in Admin Mode or using cmd.exe.)

Limiting the characters of the rockyou.txt file from 14m passwords to about 1m, and limiting the characters to 8-32 characters/digits/symbols, cracked them much faster.

To do this, just do this as it helped tremendously (and hopefully will help others newer to this as it took me some time to figure this out after over a year in Kali Linux):

(to see the 14 million lines of text in the rockyou.txt file:

wc -l rockyou.txt 

I then copied the rockyou.txt to my documents/pinelists directory:

cp /usr/share/wordlists/rockyou.txt rockyou.txt

 

Only keep passwords that are 8 to 34 characters in length, and make that copied rockyou.txt file to a new file, just make sure you are in that directory with the copied one, I use wpacracks1 as I have made a new one after cracking over 80 passwords from these handshakes to include into them).

sudo grep -x '.\{8,34\}' rockyou.txt > wpacracks1.txt wc -l whatevernameyouwant.txt 

You can use Hashcat, or the utility in Hashcat, or on their website here to convert the .pcap file to something hashcat can work with, or use the 22000 files as well. However, I converted my .pcap files, and I believe the pineapple provides you with .cap files, but I converted them anyway, super fast and straightforward.

 

Main Conclusion:

 

Anything else I am missing here? Or should we do better or differently? And what else can be done with these? I am 100% ethical about this stuff. I mainly use my Rubber Ducky and Bash Bunny to automate tasks at my current IT job at my college, where they have authorized me to use them to test payloads, as long as all sensitive data is destroyed upon clocking out. They never check, but they know I am an honest person that is mainly a Frontend Web Designer and Developer. So, if I check my notifications from @Darren Kitchen GitHub repos from Rubber Ducky, Bash Bunny, and Ducky Toolkit.

 

Side note, for anyone who has more available time than I or is better suited for/experienced in pentesting than I, please keep adding to and fixing these repos and payloads. Most of them I have tried on Windows/Mac/Linux desktops, laptops, tablets, phones, FireTVs, etc., from work to school (with permission). Many of them do not work or must be modified, especially the DELAY and other things, as my work uses Sophos. When I image laptops/PCs/Macs, I have removed anti-virus from them to test as well, and many still have some sort of conflicted issue I just, unfortunately, have no time for at the moment.

 

Surprisingly, the USB Rubber Ducky Deluxe works amazing, modifying the delays and they work better than my Bash Bunny Mark II somehow, and of course the 7 second boot, but I am not doing in the field social engineering tests anymore, I did with a few coworkers and it is shocking how easy it is to pop one in, either or, and get results and unplug before they notice. I of course tell them later, and show them the loot directory, with only two of them, and they thought it was cool, but those were the ones that worked.

 

I need to get back to work finishing my react web app. I am working hard to land this React Developer position soon and get an interview with them in 4 days after a phone interview, so I am really excited but incredibly overworked now doing all of this.

 

Plus finishing my Associate Degree in Web Design this fall semester as well. And my wife and kids need time with them more than ever after all this work/school/etc.

 

So, any tips, tricks, or helpful advice moving forward would be greatly appreciated as I do not have any time to work on this anymore. And the handshakes, connected clients, reports, and everything just keep flowing in, so I am leaving it in passive mode and disabling the campaign until I get back to pentesting.

 

Also, my wife and kids hate me being on my PC all day, so I spent the weekend mostly with them, but I am back to post and finish my web app and deploy it.

 

Anyway, attached are the screenshots and included here. It is already time-consuming redacting private information on these screenshots poorly, I don't even want to fire up PhotoShop, faster to load up Paint and do it dirty, but it works.

 

Windows 11 vs Windows 10 mini-rant:

 

And yes, Windows 11 for the past two weeks on my machine, in my experience, has been much smoother, faster, better, and the new interface/UI/GUI improvements, as well as WSLg. Hence, all your WSL Linux apps are standalone in Windows 11 (like setoolkit or hashcat or CherryTree, etc., can all be run as a standalone app within Windows 11, instead of firing up VMware Workstation Pro 16, Kali Linux, then opening the tools, I just Windows Key + S > <kali Linux app name>, click on it, it loads up, no terminal needed for every app within Kali Linux, Debian, Ubuntu, Git Bash, Azure, literally all the WSL subsystems I have installed on my machine that I usually would access through Windows Terminal Preview (can be downloaded and highly customized in the Windows Store, and you can get Winget, windows package manager.

 

On top of all of this, gaming has been much better, CPU/GPU utilization, the list goes on and on with why I installed Windows 11 over Windows 10. Much more beautiful (please Microsoft, tabs on Explorer.exe, and dark mode integrated into ALL Windows apps and utilities like Control Panel, etc and beautify those as well as keeping the Windows 10 skin.)

 

Sorry for the long read. I type fast and probably talk too much outside of the topic. It is a flaw I am working on.

[SpragginsDesigns]

5 minutes ago, AgtShadow said:

o, I have so far collected 107 handshakes and cracked a lot of them in Kali Linux. It is scary how powerful this device is. Long read, but I hope you do.

 

TL:DR: Powerful device, google drive folder with redacted

I also SSH into it from time to time to do:
 

opkg update && opkg upgrade <package-name>

Or, just use the web shell on the top right, and install packages, keep it up to date, and install the modules/dependencies from time to time. Keep it running healthy and strong, it is a beast!

And I have most of my neighborhood's/passerbys/neighbor's friends passwords now, and other network/device identifiers, but luckily for them, I will and never would do anything illegal, immortal or unethical to them or anyone else. I want to help make the online world safer for everyone, not less safe.

Like I said in my OP, just let me know if I am doing anything redundant, or is there more that can be done with this? If so, what?

Anyway, back to finishing this React.js web app, super excited about it. Here is a small preview: Link