Pineapple Mark IV Wifi

jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
I've been looking to buy this as a toy.
Has anyone played with the Pineapple Mark IV?

WiFi Pineapple Mark V Standard – HakShop



Then I saw this a little while ago...
Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con
Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****

Comments

  • Codeman6669Codeman6669 Member Posts: 227
    I havent yet, but i might be buying one soon here. Ive heard great things about them from people that have used them.
    Essentially you can do what this product does with an Alpha card and a copy of Cali Linux or BakTrak but this does make it quick and easy
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    I've been looking to buy this as a toy.
    Has anyone played with the Pineapple Mark IV?

    WiFi Pineapple Mark V Standard – HakShop



    Then I saw this a little while ago...
    Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con



    Why? Kali=free
  • LeBrokeLeBroke Member Posts: 490 ■■■■□□□□□□
    Cyberscum wrote: »
    Why? Kali=free

    I've played around with the Pineapple a bit, no time for an in depth look. But:

    1. Way better UI
    2. Still have to pay for an Alpha card (to be fair, you need to own one anyway, but..)
    3. More powerful receiver/amp on Pineapple than most promiscuous cards
    4. Easier to spoof hotspots because you can pump extra juice into the antenna.

    Best part is the UI and ease of use.

    I will openly admit, however, that it is what a guy running Metasploit is to a script kiddie, and what a script kiddie is to a proper hacker that finds/writes his own exploits.
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Haha...yeah, Pineapples were getting pwned left and right at DEFCON last year, if people were dumb enough to plug those things in at the con. As soon as you turn them on the first time, the management interface is exposed over wireless with default credentials. So it essentially becomes a race condition...can you get there first to configure it...or someone else. Obviously, listening for plugged in pineapples is an easy process to automate. Worse yet...even if you do manage to configure the device before someone else (or something else **i.e. a program**)...the mgmt interface is over HTTP, rather than HTTPS...making the credentials (and therefore access to brick the device) easily snooped in cleartext. It gets worse. Supposedly the 0-day that was the source of the pwnage at DEFCON was an un-sanitized PHP command injection flaw. Seriously...its not difficult to avoid command injection in PHP...and especially shouldn't be for a supposed "infosec" firm. As the exploit indicated...these things are "criminally insecure."

    All those things aside, these things are still worthless. I'm not biased...as I do like Hak5's Rubber Duckies.

    1. Way better UI

    Nope...the UI on this thing is TERRIBLE. Seriously bad. And very limited as to what it can do.

    2. Still have to pay for an Alpha card (to be fair, you need to own one anyway, but..)

    Yup...ALFA is pretty much the defacto for pentesters. And you are going to be able to do 100x more with it.

    3. More powerful receiver/amp on Pineapple than most promiscuous cards

    I honestly don't think this is true (as they both use the EXACT same antenna). But if it is stronger...its not by much. Still not worth the cost if you ask me...as you can easily get a better antenna for a fraction of the cost.

    4. Easier to spoof hotspots because you can pump extra juice into the antenna.

    Despite common misconceptions, you don't really need to have a stronger antenna to perform an effective evil twin attack. You just run deauth attacks, and when they can't connect to the primary AP, they connect to you. And as mentioned above, if this is a concern for you, just get a stronger antenna.
Sign In or Register to comment.