November 30, 2020

GHR 114 – Wireless Hacking

Wifi Pineapple Setup

  • You need an attack laptop to be the Man-In-The-Middle and to share it’s connection with the wifi pineapple.  The internet traffic flows thru the attack laptop effectively becoming the WAN router.
  • You need a HAK5 Wifi Pineapple
  • Wiki.wifipineapple.com
  • Update Firmware to 1.1.2
  • Get the connection sharing script, wp6.sh, with wget
    • root@attack1:~# wget wifipineapple.com/wp6.sh
  • Make wp6 executable
    • root@attack1:~# chmod +x ./wp6.sh
  • Execute wp6
    •  root@attack1:~# ./wp6.sh
  • If I only use the USB cables (a.k.a. in the hack truck with no power), the attack laptop will being missing the DHCP address on eth0.  To perform a release/renew go to the terminal and type:
    • sudo dhclient -r eth0
    • sudo dhclient eth0

Actions on the Objective

  1. On the Attack LAPTOP, connect UBS wireless adapter.
  2. Power up the Attack LAPTOP.
  3. On the Attack LAPTOP, after it boots, log in as usual.
  4. In the BROWSER, Verify you have an Internet connection via wireless or tethering through your mobile phone, by going to any .com of your choosing.
  5. In the TERMINAL, watch ifconfig
  6. Connect The ‘Y’ cable on the WifiPineapple to the Attack laptop to power it up and provide connectivity to it.
  7. Watch for eth0 to get an address in the 172.16.42.0/24 subnet after the WifiPineApple has finish booting (solid blue center LED).
    1. T-Shooting, if it doesn’t get an IPv4 address, type sudo dhclient eth0 in another terminal window.
  8. In the TERMINAL, turn on connection sharing.
    1. Type ./wp6.sh in the terminal.
    2. If this is the first time on target, type G for Guided Setup.  If you’ve been here before and no where else afterwards then just type C for Connect using saved settings.
  9. In the BROWSER, go to http://172.16.42.1:1741 and log in with root and the password.
  10. In the BROWSER, verify the WifiPineapple can get to the internet.
    1. Click the Dashboard link on the left to verify you are on the main page.
    2. Go to the Bulletins section.
    3. Click the Load Bulletins from WifiPineapple.com button.
    4. If you see a bunch of news clipping, then the Wifi Pineapple can reach the Internet.
  11.  In the BROWSER, it’s time to recon
    1. Click the Recon side tab
    2. Scan setting to Both and 1 Minute
    3. Click Scan
    4. After the scan is complete, you should see a table of results
      1. SSID, is obviously the access points SSID
      2. MAC, shows you the MAC address of the access point or client depending on which row you are looking at.  If the SSID is populated that MAC address is for it.  If the SSID is blank, then it’s the MAC of the client associated to that access point.
      3. Security, shows you Open, Mixed WPA, WPA2, etc. depending on the strength of the network.
      4. WPS, yes or no.
      5. Channel, the numeric value of which channel the access point is operating on.
      6. Signal, the strength of the signal that is reaching the Wifi Pineapple.  I use this to range how far away the access points are.
    5. (draft continue from here)