Create Rogue Networks on the WiFi Pineapple (PineAP KARMA Attacks)
Ғылым және технология
On this episode of HakByte, @AlexLynd demonstrates how to use the PineAP module on the WiFi Pineapple to run a KARMA WiFi Attack. This allows an attacker to trick your WiFi device into connecting to a malicious access point, by spoofing networks its connected to before.
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Buy a WiFi Pineapple: shop.hak5.org
WiFi Pineapple Docs: docs.hak5.org/wifi-pineapple
Capturing Half Handshakes: • HakByte: Capture Wi-Fi...
Alex Lynd's Twitter: / alexlynd
Alex Lynd's website: alexlynd.com
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Chapters:
Intro @AlexLynd 00:00
What is the WiFi Pineapple? 00:17
What are KARMA Attacks? 00:39
What You'll Need 00:58
Connecting your Pineapple 01:18
PineAP Interface 02:01
How PineAP Works 03:12
Using the Scanners 03:51
KARMA Attack Requirements 06:45
Broadcasting Open Networks 07:14
Setting up Filters 08:44
Deauthing our Victim 09:37
KARMA Attack Demo 10:18
MITM & WiFi Radios 10:53
Attack Implications 11:45
Mitigating KARMA 12:14
Outro 12:38
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → hakshop.myshopify.com/
Subscribe → kzread.info...
Support → / threatwire
Contact Us → / hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
Пікірлер: 75
THANKS A LOT Alex, I requested a fresh PineAP tutorial several times on both channels, nice to see that you finally found some time... you guys are always great at answering questions live and from this comments, plus here you covered few other topics at once, like a practical use for those probe requests and a quick overall view of the mark7, Once again killing it with this content...
I love that “SMC” is on your network list!!! Go Corsairs!
Great video, i hace a pineapple and id love if you can make more videos about it!! Thanks a lot
Clear and Concise. Good job. Like a 3rd date... lots of crack (hopefully)
Very nice , Mine just arrived last week so this helps
fantastic presentation. You are doing grate!!!!!
thanks man this is great. I will need to update my pineapple and give it a shot.
thank you from Vietnam with love
An arp spoof option would be nice 👍
Thanks Alex.
Great video
Anyway you can show yourself catching a handshake because once I press the capture handshake nothing happens but when I run it through the CMD line it works .and any reason why I get kicked off the manage AP
Can you do the same demo but from the C2 framework? Or if that's out there and I just missed it, give me the link? Thanks! Great video by the way...
Do a video on how to use the geolocation packagr
I’d like to see a video of you successfully using dns spoof to spoof Facebook to any user on an iPhone connected to a pineapple that has ever been logged into Facebook on that device before (which is everybody)
knowing the mdp of the wifi, is it possible to force client to wifipineapple without clicking?
Why is it when I plug my pineapple into an AC power source, I'm never able to access the login portal. Not from my laptop, VM , or cellphone. I let the boot up process do it's thing, and the light is solid blue
I don't understand the marketing or target customer, please advise. This is LEA or just a straight phish? 😮 It's interesting for sure. Good luck with whatever
How does the pineapples throughput speed lend itself to mass packet forwarding?
Also hot tip for all of you: deny your own devices or devices your connecting to or using in an engagement. I’ve ran into some speed bumps where my phone or tablet to control the pineapple is joining a blank fake network while the connection to the real pineapple manage,ent network is being dropped, essentially locking me out and adding precious time to an engagement by fixing the issue.
Could this be possible for the rpi 4?
I think the description is missing the "link to Cody's video" mentioned in the outro.
@hak5
2 жыл бұрын
Oh no! I linked it as a card in the outro, but I'll also paste in the description :)
can you please explain how you blurred your wifi and MAC address ? thank you
Phones change their MAC now to avoid being tracked, usually every time they connect. I am making an anti-stalking suite that uses a beacon swarm to get cellphone MAC addr, among other measures like correlating BT traffic. Any ideas on how to get a unique identifier from wifi traffic?
@sotecluxan4221
2 жыл бұрын
Just guessing, IP, make, machine, OS type, location.....
@weirdsciencetv4999
2 жыл бұрын
@@sotecluxan4221 good guess. But remember, the beacon swarm is just getting probes from phones thinking it’s a previously associated AP. I might sniff the probe request, then instantiate a AP, with the SSID the phone probed, let it connect and provide it actual internet off my mobile hotspot, do some kind of evil mitm stuff.
@Pidot31415
Жыл бұрын
@@weirdsciencetv4999 how'd it go
@weirdsciencetv4999
Жыл бұрын
@@Pidot31415 it works pretty well, but expanded it to look for a host of personal electronics, including bluetooth. Iphones do change their MACs by default now, so it the technique doesnt work in isolation.
@jamiepaterson1590
11 ай бұрын
as I understood it, doesn't the MAC randomisation per-network rather than per-connection? that is, each network gets its own MAC rather than each instance of connection to that network
Great video mate, always enjoy your content, I have a pineapple on the way! Is there a built in function to DNS spoof or serve up captive portal/ fake login pages like face book where it stores the credentials through the pineapple, like what wifiphisher does ? Or would I have to set one up through Kali and use my laptop or a rasp pi to achieve that ?
@drskizz
2 жыл бұрын
Yes there an evil portal module but may need updated prior to using it with the Beta 2 pineapple firmware. Modules are community driven and need the author to update.
@jadenewton366
2 жыл бұрын
@@drskizz thank you brother , appreciate the response, I am in Australia so got a month to wait till it arrives anyway hopefully it's updated by then ^_^
Sadly deauthenication doesn't work on my devices somehow. Also my phone warns me that the network is suspicious if it's trying to connect to a pineapple AP . All in all I never made a successful attack in my own environment, which is kinda disappointing
@shadowbrother24
2 жыл бұрын
@McGregor Emmanuel neat workaround, but to be honest. If it gets advertised so hard and the product is kind of expensive for it's capabilities, it should simply work.
@nusibusi4728
Жыл бұрын
@McGregor Emmanuel How it's work, when he said that he was unsuccessful in his own environment.
Can yo do this with the new GUI?
On my desktop I can't see the SSID Pool window on the right, all I see is Status!?
I dont understand. How can you disable the management access point but still interact with GUI
My neighbour hacked my network with this. What can I do against it ? Can I counter attack ?
@michaelisit6025
2 жыл бұрын
You call the authorities lol
@lmfao69420
Жыл бұрын
DDoS their printer as payback!
@cybertalkwithdevin
Жыл бұрын
@@lmfao69420 lmao
@lmfao69420
Жыл бұрын
@@cybertalkwithdevin They should just hack into their neighbor's printer, remotely control it, and make it print pictures of Rick Astley until it runs out of paper. Or something more devious perhaps ;)
@davorfister
11 ай бұрын
Yes! Throw a rock trough his window as and act of self deffense.
Have you a link for the beta v2 firmware, as its not on the site or do i download using my pineapple
@drskizz
2 жыл бұрын
You have to put it on the beta update channel in Settings -> Advanced -> Alternative Updates.
@Steve_be
2 жыл бұрын
Thanks i just see it
Anyone else notice 4:20 when Alex opened his phone browser? Nice.
My tetra wont factory reset. is there any solution?
Great video! But how would you create a rouge AP that is password protected, but you know the password?
@itspoffy
9 ай бұрын
Same. I used Evil AP and it connects but won't route internet traffic to my client ap so I can capture packets.
@Gabbaa
8 ай бұрын
Have you connected the pineapple to the legit wifi?
Where is the Link for the firmware you said you would link???
What’s the point of the video if your blurring out the SSIDs we are suppose to see
yes pineapples!!!!!!!!!!!!!!!!!!!!
More In-Depth Videos would be nice, not much info in the way of using Pineapple MK7.. * But my question is.. WHY can't u use like SSLStrip to downgrade the connection & serve Fake router login pages based on OUI? * Or.. How come you cant use a name like "Linksys" in PineAP.. then anyone whose connected to it will reconnect... and when they connect to it.. if it's password protected, why cant we serve them Fake router login pages based on OUI? you just said you cant.. but not WHY ? there HAS to be a way.. Karma has been around for a LONG time..
@syedshirazi95
Жыл бұрын
you can do this, you just have to disconnect them and create a fake login page.
Karma Points +50
i dont see ssid pool
what is the point of this? if a person connect to your mobile router wifi or a pineapple .. so what? people connect to cafes and hotels all the time.. just connecting does not really do anything... what after they connected? do you have full access to all content in their smart phone then? I like to know how I can get full access to a smart phone and so go in and see all chat forums, social media accounts , photo albums in someone else phone... what tools would one need for that type of hacking? is pineapple wifi really useful for this or is there another HAK5 tool useful for distance hacking into someone' s phone??
@waveril5167
2 ай бұрын
that's highly illegal dude
any hackers on here? i need yalls service hmu
What do you call it when a linux server has a virus? Answer: A terminal illness 😆
Imagine having a acab sticker on your laptop but your teaching people how to brute force people’s personal info like you have the moral high ground 🤦🏻♂️
This video is good to learn hacking
Karma? Are you still in 2014? Lol
You have a boyfriend? Wow inteligent man 😳😳🤔 how are you?
@fotografm
2 жыл бұрын
Is it true ? This would be a dream come true. For someone !
this guy its sooo cute hooly gyyat how old r u