Wifi pineapple field guide pdf download

As guidelines they provide insight into respon- sible best practices. The goal may be to harvest credentials from the client using a phishing page tailored to the organization, either by DNS poisoning attack or captive portal. It may be to deploy malware such as a reverse shell. Or perhaps its simply to passively monitor client traffic. Depending on the client device, you may even want it connected to your WiFi Pineapple network in order to attempt a remote exploit.

In any case, the typical strategy is to snare a specific target - that is to get the client device of interest to connect to your WiFi Pineapple so that a payload may be delivered. Pre-Engagement Interactions A crucial first step is to determine the scope and rules of engagement. This is extremely important since youll be using a shared spectrum, and ensuring zero collateral damage is key.

The more you can obtain up front from the organization about their wireless network and any key targets, the better. Determine how many wireless networks are in operation and whether there is a guest network. Moreover youll want to familiarize yourself with any bring your own device BYOD policy. For instance, say the organization employs software engineers with high level access to the company infrastructure.

Intelligence Gathering The more you can learn about the organizations facilities and its employees, the higher the likelihood of success. Re- member, its not just the companys network infrastructure were interested in as much as it is the associated staff. What wireless devices do they use? To what other networks do they connect?

Do they travel? Do they use guest networks at client sites? It provides the auditor with a big picture of the WiFi landscape, with hooks to the PineAP suite to execute on actionable intelligence. Vulnerability Analysis Once initial intelligence has been gathered, one must ana- lyze vulnerabilities.

Identify potentially vulnerable targets within the scope of engagement. Are these client devices transmitting probe requests? Are they general or directed at a specific access point?

What SSIDs can you determine from their preferred network list? Are they associated to an access point? Are they susceptible to a deauth attack? Once vulnerabilities have been identified they can be val- idated.

Add the in-scope targets to the allow filter and test them against the available PineAP attacks. Do they connect to your WiFi Pineapple? Do they stay connected? Exploitation With in-scope targets identified and validated, the auditor can proceed to exploitation. This will vary greatly depend- ing on the goal of the attack. If it is to capture network traffic for analysis, the tcpdump module may be most appropriate. If it is to harvest credentials from a captive portal using social engineering techniques, the Evil Portal module may be your best bet.

In any case, exploitation comes down to setting up the attack, testing the attack, then finally executing it on the given targets. It is in this phase that careful consideration is put towards tailoring the attack to the targeted individuals and ensuring proper filtering to limit collateral damage. Now what? Depending on the engagement you may wish to set up persistent remote access in order to maintain a connection with these clients.

Or you may have obtained credentials useful in pivoting your attack into the organizations network. By integrating with other popular penetration testing frameworks, the WiFi Pineapple may play the important a role of maintaining your layer 3 network access to these clients throughout the course of the audit. Reporting At the conclusion of the WiFi audit the organization will most likely require a report.

While the executive level report regarding business impact and bottom line will require a human touch, the technical aspects of this report may be generated by the WiFi Pineapple reporting module. Further the PineAP reports may be analyzed using scripts to deter- mine trends within the organization and its workforce. In an ongoing WiFi audit, the reporting module may be configured to continuously provide the penetration tester with reports by email at set intervals.

The procedures followed with regards to the WiFi Pineapple may look like the following:. Recon - Gather actionable intelligence about the wireless landscape. Filter - Limiting the scope of engagement is key to a suc- cessful audit.

Nobody wants collateral damage, so CYA and ensure that only permitted client devices are acquired. Log - A plethora of actionable intelligence can be passively acquired by logging client device probe requests and associ- ations. Logging is key to successful analysis. Analyze - What in-scope targets are associated? Which are transmitting probe requests? General or directed? Can you determine the client devices preferred network list? Capture - A pool of preferred network names are captured, either automatically from nearby probe requests or manual- ly, to the SSID pool.

A well curated and targeted SSID pool can be thought of as the sweet, sweet honey of the hot-spot honey-pot. Prepare - Will you be passively collecting data for analysis?

Setup the tcpdump module. Will you be social engineering with a captive portal? Develop the tailored phishing page. Prepare the attack before executing. Test - Does the attack work as expected? What interaction is required by the client? Test with your own devices before executing. Broadcast - Advertising the SSID pool to either all nearby devices or specifically targeted devices is an active way of attracting a potential client.

Associate - Finally with filters set for specific targets and a tailored attacked prepared you are ready to allow associations. Deauthenticate - When permitted, a well placed deau- thentication frame may encourage a device to disconnect from their currently associated network and join the WiFi Pineapple.

Ensure first that this technique is within the rules of engagement. Set the appropriate modules to log. Manipulating traffic? This is where it pays to get creative with captive portals, DNS spoofing and the like. Report - What was vulnerable? What wasnt? The PineAP log will show.

Further analysis will highlight trends. Com- pile these for the technical aspects of your report. Conclusion A thoughtfully planned and executed WiFi audit is possible by using a number of modules available to the WiFi Pine- apple. When used in conjunction with popular penetration testing frameworks the audit will have the largest impact.

Like most productions, the more time spent in the planning stages the higher the likelihood of success. Nobody wants a messy audit. Spend the time to gather intelligence and carefully plan the attack. Going in guns blazing will increase the chances of collateral damage.

It cannot be emphasized enough the importance of filtering and tailoring an attack specific to in-scope targets. While the WiFi Pineapple is capable of executing blanket attacks, be mindful of the wireless landscape. Its ever changing. Just because its free of civilians now doesnt mean it wont change mid-way through the audit. In short, dont be that guy.

Armed with this knowledge youll be equipped to execute a responsible and successful wireless audit by following our recommended wireless auditing workflow. The purpose of this section is not to be all encompassing on the low level operation of the IEEE If youre already a level 11 kung-fu WiFi guru master, feel free to skip ahead. Not every radio is created equal, however, as their capabilities may differ significantly.

Software support in particular may inhibit an otherwise fine bit of silicon. In particular, modes of opera- tion may be restricted either by hardware or software. For the most part chipsets from Atheros have excellent support, with a few RaLink and Realtek chipsets having made a name for themselves in the infosec community as well. While lower in clock speed than their PC counterparts, theyre specifically optimized for high performance networking.

Logical Configurations WiFi networks can operate in a number of configura- tions, from point-to-point, point-to-multipoint, and multipoint-to-multipoint.

Point-to-point is simply a network of two. Multi- point-to-multipoint is where any node of the network can communicate with any other and is often called an ad-hoc, peer-to-peer or mesh network.

The most common configuration is point-to-multipoint, where a central access point is host to numerous client devices. This is also known as Infrastructure mode. An example of which might be a wireless router in your home with several laptops, phones, game consoles and the like connected. For the most part, this is the configuration we will be focusing on with the WiFi Pineapple. Additional modes include ad-hoc, mesh and repeater and are both less common and outside the scope of this guide.

Keep in mind that not all radios have each of these capabili- ties and a radio can only operate in one mode at a time. Generally their differences are related to frequency aka band or spectrum , data rate aka throughput or transfer speed , bandwidth, modulation and range. Bandwidth is often confused with data rate. While there is often a correlation between greater bandwidth and greater data rate, in terms of radio the bandwidth refers to the difference between the upper and lower frequencies of a given channel as measured in hertz.

Download Now MD5: 33f5bb1ba1fef Date: Download Now MD5: e5ca1d2f5f3cf6dc82 Date: Download Now MD5: ebd6dcdd7defc24b7c Date: Download Now MD5: 2cd9f28ad0d7cfadbf Date: Download Now MD5: d9caac9fafbd38dcafee9c Date: Download Now MD5: 17ea79e7fef9cf7da34ed Date: Download Now MD5: 6ac34bda3ccd1fbfd19 Date: Download Now MD5: 8cb97dd60e1dcf0cdbb0ab Date: Download Now MD5: 8dc1ee00b5f21bbc38 Date: Download Now MD5: 0bed1be2ff Date: Download Now MD5: effe8bfb45fd3b6aba30aa Date: Download Now MD5: ae4cfc1cf65fa1 Date: Download Now MD5: d38bcb Date: Download Now MD5: f6eb8efe87ba91 Date: Download Now MD5: d87dddf89cfbadba8 Date: Download Now MD5: 7e5aeeaa2dedda8cf3 Date: Download Now MD5: fcdd13c65fcc3eef60ad1fb Date: Download Now MD5: f9db46fa5d1ee3ccade Date: Download Now MD5: dbacbccedef Date: Download Now MD5: c4ffb8fb3ecc5fe96ff5fe9c4c5c0 Date: Download Now MD5: dfa8ae4fdcbf0fc8 Date: Download Now MD5: e2dfacfca1ccb3f43e9c35b6e Date: Download Now MD5: 01f55cfbbc1deefadf Date: Download Now MD5: 9aadddc5cddf0cdc Date: Download Now MD5: 8ab94d9f72cafc1bfeaab3c68 Date: Download Now MD5: a0ec0dbeefdcde2 Date: Download Now MD5: edab8fd7bfabc4afe0 Date: Download Now MD5: d30f8fbb31d6ee7d9cec25bd7f23f Date: Download Now MD5: 4cebc2bd5c8ffaf2 Date: Download Now MD5: 2aaa74d4abbd23caa54d Date: Download Now MD5: d2b5bde80abefba27a Date: Hak5 LLC focuses on developing accessible and expandable auditing tools with incredible value.

Since the WiFi Pineapple has served penetration testers, government and law enforcement as a versatile wireless testing platform for any deployment scenario. About Us Help. General OpenWRT version is now Kernel has been updated from 4.

Fixed an issue where OpenVPN would cause a kernel panic upon establishing tunnel. Reporting Fixed an issue where emails would not be sent. Improved the user experience by automatically saving email settings when testing emails. Improved the user experience by forcing an email to send when testing, regardless of whether the "Send Email" option was checked.

This fixes the SSLSplit module. Updated Kismet package in repositories. Updated Kismet-RemoteCap package in repositories.

PineAP Fix an issue where handshake captures might fail after a timed, non-live scan. Fix an issue where starting a handshake capture when a scan is not running would result in incorrect channel hopping behaviour. Misc Work around a kernel bug causing packet filtering to fail in some tools.

Thank you adde88! Module Manager Dialogs are now used for Module installation and updating. Add a message about third-party modules before installation. Misc Added missing kernel modules to the Hak5 Package Repositories.

Update kernel from 3. Update HostAPd from 2. Include support for the MediaTek MT76x2 wireless chipsets. Dashboard Fix an issue where the "SSIDs collected this session" counter wouldn't reset after a reboot.

Use more reliable method of obtaining CPU usage. PineAP Fix a rare crash due to memory corruption. Greatly improve memory and CPU consumption. Fix an issue where Raw Frame Injection might hang indefinitely. Recon Ensure that previous scan dates are displayed correctly. Networking Improve Client Mode reliability.

Configuration Fix an issue where the user configured timezone would not set correctly. Misc Update Cloud C2 Client. Packages Add Kismet Package. Add Kismet Remote Capture Package. Updates to a huge variety of commonly used packages. Recon Fixed an issue where scan times would be invalid in non-Chromium web browsers. Filters Add detailed Filters information. Setup Choosing the Filter modes is now required upon Setup. Recon Fixed an issue where, in some cases, probes would not be shown in the Recon dialog.

Fixed an issue where some probes were not logged during a Recon scan. Fixed an issue where, in some cases, handshakes would not be captured. Fixed an issue where captured handshakes could not be downloaded if the capture had stopped. Fixed an issue where, in some cases, captured handshakes would have invalid frame lengths.

Previous scan dates are now translated to the browsers local time. PineAP Fixed an issue where downloading captured handshakes would not work. Fixed an issue where changing the band to scan would not update until PineAP was restarted. Fixed a firewall issue preventing Live recon results to populate in the Web UI. Recon Improved reliability of scanning.

Add throbber for deauth button. Automatically start scan after enabling PineAP. Remove misleading information message when the user started their first scan. Fixed a rare issue where multiple live Recon processes would start. Misc Fix an issue where "Unsupported Device" would incorrectly show. API Fixed an unauthenticated file disclosure bug Thanks to catatonicprime for reporting.

Allowed an attacker to download any file from the WiFi Pineapple by performing an SQL injection inside of the file download function. Recon Fixed an issue where timed recon scans would fail the first time around. Fixed an issue where the stop handshake capture button would persist after a capture had completed.

Recon Fixed an issue where performing recon scans would lock up all further PineAP actions. Fixed an issue where multicast MAC addresses were shown as clients to wireless networks. PineAP Fixed an issue where PineAP would remain running when the wlan1mon interface had been removed, causing confusion. Filters Fixed an issue where some combinations of filters did not apply correctly. Logging Fixed an issue where non-completed associations were logged as completed.

General Fixed an issue where notifications would show invalid timestamps in Firefox. Fixed an issue that prevented the timezone set during initial Setup from persisting across reboots. General Fixed an issue where the device LED did not stay illuminated after boot had finished.

The credential hashes may be exported in either hashcat or John the Ripper format. When association passthrough is enabled, clients may associate to the enterprise access point depending on vendor implementation. The clone option can be used via the new encryption dialog, which is accessed via the button in Recon scan results for access points configured with enterprise security. Clients Enterprise clients are now displayed in the clients list. Fixed an issue where client SSID would always be unavailable.

Networking Fixed an issue where the wrong interface may be incorrectly selected under client mode. PineAP Fixed an issue which caused passive information to not be collected when "Allow Associations" was disabled. Fixed an issue causing the Pineapple to respond to the wrong probes. Recon More details about encryption types and ciphers is now displayed. WiFi Direct networks are now correctly identified, instead of showing a channel of 0.

It is now possible to add all SSIDs of a running but paused scan to pool. Fixed an issue causing the wrong encryption type being shown. Fixed an issue where iPhone hotspots would show an invalidly connected client. Fixed an issue where loading recon results would only ever retrieve the latest one. Fixed an issue where the live scan checkbox would become unavailable.

Fixed an issue where the scan duration field would turn blank. Fixed an issue where logged probes would be shown on one line instead of being separated by a newline.

Fixed an issue where after stopping a live scan, it could not be started again without refreshing the interface. Fixed an issue which caused downloaded recon results to be empty files. Fixed an issue where the wrong SSID would be shown. Networking Fixed an issue where MAC addresses would not correctly randomize or be reset, causing the wireless interfaces to disappear. Configuration Fixed an issue where the timezone setting would not persist across reboots.

Added the probe count to the downloaded PineAP. Fixed an issue where removing duplicates from the PineAP log removed the wrong entries. Fixed an issue where the reporting log would show invalid content. General Fixed an issue where SSID modals would show an option to add all clients to filters, even if no clients exist.

Books Video icon An illustration of two cells of a film strip. Video Audio icon An illustration of an audio speaker. Audio Software icon An illustration of a 3. Software Images icon An illustration of two photographs. Images Donate icon An illustration of a heart shape Donate Ellipses icon An illustration of text ellipses. EMBED for wordpress. Want more? Advanced embedding details, examples, and help!

Publication date Topics GitHub , code , software , git.