LogoLogo
  • 🤩Welcome!
  • Buffer overflow
    • Remote Buffer Overflow
      • Crashing the Application
      • Controlling the EIP
      • Finding Bad Characters
      • Finding a Return Address
      • Generating Shellcode
      • Getting a Shell
  • Wireless Penetration Testing
    • Wifi Pineapple - Tetra
      • Setup
      • Firmware Upgrade
      • Capturing Wireless Handshake
      • Cracking WPA2 Handshake
      • PineAP
      • Modules
  • PortSwigger Labs
    • Authentication
      • Username enumeration via different responses
      • Username enumeration via subtly different responses
      • Username enumeration via response timing
  • TryHackMe
    • 🎄Advent of Cyber 3 (2021)
      • [Day 1] Save The Gifts
      • [Day 2] Elf HR Problems
      • [Day 3] Christmas Blackout
      • [Day 4] Santa's Running Behind
      • [Day 5] Pesky Elf Forum
      • [Day 6] Patch Management Is Hard
      • [Day 7] Migration Without Security
      • [Day 8] Santa's Bag of Toys
      • [Day 9] Where Is All This Data Going
  • Google Cloud Computing
    • ☁️Cloud Computing Fundamentals
      • Getting Started with Cloud Shell and gcloud
      • Creating a Virtual Machine
      • App Engine: Qwik Start - Python
      • Cloud Functions: Qwik Start - Command Line
      • Kubernetes Engine: Qwik Start
      • Set Up Network and HTTP Load Balancers
Powered by GitBook
On this page
  • Background
  • Example
  • Live Attack
  • PineAP Setup
  • Broadcast Attack
  • Client Connect back
  • Clients

Was this helpful?

  1. Wireless Penetration Testing
  2. Wifi Pineapple - Tetra

PineAP

This section contains information on PineAP and how it can be used

PreviousCracking WPA2 HandshakeNextModules

Last updated 3 years ago

Was this helpful?

Background

PineAP is a powerful, modular rogue access point suite that helps WiFi auditors collect clients by imitating Preferred Networks. Leveraging PineAP, we are able to see what SSIDs devices are trying to look for. Using that information and PineAP's features, we are able to advertise ourselves as that SSID which the device is looking for.

Example

Let's say you were authenticated to your home network named 4pfHome . Your phone will then try to look for that same SSID when you're outside and have your WIFI on. PineAP will then see this and advertise itself as 4pfHome to your device. If connected, you will be one of Wifi 🍍's many clients, and that's not good. Let's take a look at how it's done!

Live Attack

Prior to launching the attack, the PineAP first has to be set up to listen.

PineAP Setup

Enabling the following options to be able to capture and rebroadcast SSIDs

Broadcast Attack

After letting PineAP do its thing for a while, we are able to see a couple of SSIDs in the SSID Pool .

Now on my devices, I would be able to see these SSIDs being broadcasted and unprotected. (as shown below)

Now once our "target" connects to our network, we own it :) (kind of)

Client Connect back

Clients

We can see that both the devices are connected to the Wifi 🍍 but they are connected under 2 different SSIDs. My laptop thinks it is connected to AndroidAP68A2 and my phone thinks it is connected to Linksys12765_5GHz .

The connected devices won't realize a thing as the Wifi 🍍 is connected to the internet and acts how any other router would.

Now that we have both devices connected to our bogus network, we can use Modules (which will be covered in the next section) to perform various attacks.

This is how we can make use of PineAP to trick users to connect to us.

From my testing, I wasn't able to get the devices to connect to the endpoints automatically. Thus, this attack still depends on the user to make the final decision to connect.