Friday, May 23, 2014

Mak5 WifiPineapple - the basics

I've been breaking out my Hak5 Wifi Pineapple of late, and figured since I'm messing around in it, I ought to share what I've learned.

First Steps - Setting Up

The first thing I did with my Pineapple was get an open wireless LAN going. Something kinda sticky, honeypot-like... First, I logged into my Pineapple (follow the included directions to get that far), by connecting to it with my Air over wifi. This is the homescreen:


Next, I went into the "Network" bar and moved to the "Access Point" tab and gave my WLAN a better name:

Think anyone will nibble?

Network Access

A Wifi Pineapple is more fun when it is connected to the webz and can proxy unsuspecti--er, generous volunteers. So next, I connected my Pineapple to my internal network:


OK this is awesome, because now I'm proxying my communications through my WLAN to the Internet. 

Shall We Play A Game?

NOTE: there are legal ramifications to interrupting folks' wireless connectivity. I do this only when 1) I'm at home, connected to my own WLAN, and testing or 2) when clients pay me to do a wireless assessment AND I HAVE A SIGNED DOCUMENT STATING I AM AUTHORIZED.

The Pineapple is, simply put, an awesome and powerful wireless network assessment tool. What you can do is almost unlimited. For this test, though, I'm going to use the "Karma" infusion to capture open networks. Karma is basically a tool which will mimic an open network--it's a very promiscuous access point. The background on Karma is that it's a simple tool to attack any wifi-capable device.

Karma takes advantage of the completely backwards concept that your computer continuously searches for networks its previously connected to. Instead of the Starbucks wireless AP calling out "Hey I'm Starbucks - anyone wanna connect?," your device (laptop, tablet, etc.) calls out "Is anyone here the Starbucks AP?" and connecting when someone answers yes. These are called "probe requests" and they're one of a couple really stupid implementation fails on wireless. Karma... Well, Karma responds "Yes" to every request. Every request...

Want to understand how "probe requests" work? Try these sources:
  • https://scotthelme.co.uk/wifi-pineapple-karma-dnsspoof/
  • https://www.youtube.com/watch?v=avJfT9JyiiM

So 30 seconds into running Karma, here's what I have:


Somewhere within reach of my Pineapple (running the long gain antenna), devices are looking for 5 different networks. Ten minutes later, this count jumped to 12 different networks. Eventually, I even captured an association (meaning a device which had formerly connected to an open network and which was happen to get another open connection to the same network - served up by me).

Things to Know

A few things to keep in mind:
  1. Most of the tutorials say it's easier to tether over a network cable. None of my current laptops have network cables, but I'm able to tether just fine over WiFi. Don't be afraid to do it that way.
  2. USB... To do any serious logging, you need to have a USB drive connected. I do not, yet, so that'll probably be the next blog.
Happy Pineapples!


3 comments:

  1. Such a nice blog. i appreciate your efforts. The communication jammer must have a legitimate purpose, must focus on a specific person or organization and must be necessary and proportionate.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Find out more Communication Jamming Solutions at http://www.shoghi-electronic-warfare.com/

    ReplyDelete