Connect power to the Pineapple by using either a direct ...



Modified Man-in-the-Middle AttackTeam IotaElizabeth BartelsRussell BrickCatherine CatersonMarcos HernandezRyan MooreKevin O’ConnorJosh ShtatmanTable of ContentsDisclaimer and Implications……………………………………………………………………………………………...Page 3Hardware and Software Used…………………………………………………………………………………………...Page 4Performing the Attack……………………………………………………………………………………………………….Page 5Sources...................................................................................................................................Page 9Disclaimer and ImplicationsThis video is for a class project and you should not attempt this on your own; it could result in severe consequences. The wi-fi Pineapple – a modified Fonera Router - is a special tool designed to aid penetration testers in vulnerability assessments when permission to do so has been granted. No one other than the members of our group were involved or affected by this demonstration. Depending on the circumstances, you could face:FinesIncarcerationA private lawsuitBeing banned from ISPs or email providersDifficulty finding employment if convictedBeing fired from your current employmentLaws you could potentially be breaking include, but are not limited to:Invasion of privacy lawsIdentity theft lawsTheft of trade secrets (if getting information from a business machine)Economic espionage act (if you obtain corporate/government information and try to pass it on to a foreign entity)State laws (each state has their own laws dealing with computer related crimes)Computer Fraud and Abuse ActHardware and Software UsedWe used multiple tools to complete this project. Below is a brief description of what they do.BackTrack Linux - The software we will be using runs on Linux, and this is the flavor we used.Aircrack-ng – This is a Linux-based program which will be used to initiate our deauthentication attack. Specifically we use the Airmon-ng and Aireplay-ng tools.Jasager - This is the firmware installed on our dual-network interface card portable router. Jasager is the program used to initiate the handshake which will cause users to automatically connect to us. It installs on the open-source router firmware, OpenWRT, using the Karma installation interface. This allows for a man-in-the-middle attack.Wireshark - Wireshark is a packet capture program. It will allow us to monitor, capture, and log all packets being sent across the network.Fonera router - The Fon router contains two NICs allowing for two independent networks to be bridged. This will be used to conduct our man-in-the-middle attack by having users connect to us through one interface card while we make a bridge to serve as a middle-man to the Internet through the second interface card.Hak5 Pineapple device - This device will be used to create our fake access point, it’s a prefabricated Fonera router running Open-WRT, Karma, and JasagerGTKDesktop Record – a desktop recording application for use with Linux based operating systems. iMovie – a video editing application available through Mac OS. This was used to create the documents companion walkthrough video. Performing the AttackJasager SetupThis will outline how to setup the Pineapple network penetration device. It details how to setup the modified Fon router that will run the OpenWrt firmware, and how to use the Jasager device. It also describes how to force connections of new clients searching for wireless network access to connect to our own network.Take your Fon powered Wi-Fi Pinapple or other Fonera router running Jasager.Connect power to the Pineapple by using either a direct wall-outlet connection or a battery pack.Using an Ethernet cable, connect the Pineapple to your machine’s NIC card.Open up Internet Explorer, Firefox, Google Chrome, or any other GUI based browser. You can also connect using a text based browser; however, this guide only covers the GUI interface.In your browser’s address bar type in 192.168.1.1, this will connect you to X-Wrt, which is the end-uUser graphical extension for OpenWrt (the open-source firmware powering the Fon router).You will be prompted for login information; by default the username is “admin” and the password is “pineapplesareyummy”.Figure SEQ Figure \* ARABIC 1: Login Prompt for X-WrtBy default wireless functionality on the router is disabled, enable it by going to the “Network” tabSelect the sub-tab “Wireless”.Enable the wireless radio by selecting the “On” option on the “Radio” line under the first heading “Wireless Adapter wifi0 Configuration”.Figure SEQ Figure \* ARABIC 2: Enabling the wireless radioIncrease “Tx Power” to 11dbm; this will increase the power output to the wireless antenna, which increases the Wi-Fi signal strength. This will improve connections and speeds.Create an ESSID; we used “PineappleWiFi”.Set “Encryption Type” to “Disabled”.Select the “Save Changes” button located on the bottom right of the page.Select “Apply Changes” on the bottom of the page, wait for the device to apply the settings.In your browser’s address bar type in 192.168.1.1:1471Connect to Jasager using your Pineapple’s username and passwordNote by default the username is “admin” and password “pineapplesareyummy”By default Karma, the back-end program powering Jasager’s functionality, is turned off. Enable it by selecting the “Change button” next to the line labeled “Karma is current: On/Off”Jasager will now begin to automatically scan for computers looking for familiar wireless networks and initiate a connection with them. On the victim’s end it will appear as if they are connected to one of their preferred clients.Under the “Connected Clients” section of the Jasager Interface Page you will see all devices connected to the Pineapple.Figure SEQ Figure \* ARABIC 3: Example of Connected Devices on JasagerChoose a device, and under the “Commands” column select “Portscanner” from the dropdown list. Hit the “Execute” button.This will run a portscan of the client and the display the results in the log window, located in the bottom right quadrant.In the top right quadrant of the Jasager interface, “Status/Main Controls,” you can select SSIDs to exclude from Jasager’s attack list. This creates safe networks which will not be mimicked; it is useful for keeping yourself on your own network. From the “Commands” column of the “Connected Clients” quadrant, select “Add to SSID list” which will automatically add the SSID the client is connected through to the SSID whitelist. You can also enable MAC filtering by selecting the “Change” button on the line reading “MAC address filtering is currently: On/Off”. Below that you can add specific MAC addresses to the whitelist or select a connected client from the “Commands” column executing the “Kick MAC” command.Both methods whitelist a specific machine keeping it from being compromised, which is useful for keeping specific machines from being attacked.At this point clients connected to the Pineapple are on the same local network as your machine. This allows for packet sniffing clients like Wireshark to be run, as well as exploit programs like Metasploit, and other penetration testing methods.Disconnecting Devices Currently Connected to a NetworkThe above section described how to get new clients seeking wireless network access; it does not force clients already connected to a client to connect to your network. This section outlines how to use packet injection techniques to send deauthentication packets to clients. These deauthentication packets disconnect the client from the network they are currently connected to, forcing them to reconnect. At this point, the Jasager application mimics the client’s most preferred network forcing it to connect to your network on the Pineapple.Boot up Backtrack Linux Version 4 Revision 2Start the WICD-Curses interface to look for local wireless access points. Open the WICD-Curses interface by going to Start -> Software -> Networking -> WICD-CursesYou should now see a list of access points in the area as well as some clients connected to them. The access point will be identified by the MAC address of the access point which can be found in the column labeled “BSSID”, you should take note of the wireless channel the device is operating on (1, 5, 6, 11, and 12 are the most common). Place your wireless card into “monitor mode” by using Aircrack-ngType “airmon-ng start [your NIC’s name – identified with wlan0 for the rest of the tutorial] –channel of the access point you’re deauthingBegin injecting deauthentication packets to networks.Type “aireplay-ng -0 30 –a XX:XX:XX:XX:XX:XX (–c YY:YY:YY:YY:YY:YY) “interface”The -0 indicates we’re initiating a deauthentication attackThe 30 is the number of deauth packets we’re sending out, this can be any number (0 will send them out continuously)–a followed by XX:XX:XX… is the MAC address of the access point you’re trying to deauthenticate devices from, it is found in the BSSID column aboveYou may use the –c YY:YY:YY… (without the parenthesis) operator to deauthenticate specific clients from the network, useful for targeting a single machine. Leave out this operator to deauthenticate all connected clients.“interface” is where the interface name of the card you’re using for the attack goes. It can be ath0 or mon0 but may vary based on the card you’re using, - you’ll see the interfaces name listed after running airmon-ng tool.Either all clients associated with an access point or a targeted machine should now be disconnected from their current network.The clients will attempt to reconnect to their preferred networks sending out a beacon request. This sends out packets asking if “is preferred network 1 here?” The Pineapple running Jasager will respond “yes, I am preferred network 1” and force a connection.You can confirm a client’s connection by going back to the Jasager interface and checking under the “Connected Clients” section. Sources"Deauthentication [Aircrack-ng] ." Aircrack-ng. N.p., n.d. Web. 7 Feb. 2011. <, Jason. "Computer Hacking and Unauthorized Access Laws." NCSL Home. NCSL, May 2009. Web. 13 Apr. 2011. < standard for Information technology telecommunications and information exchange between systems-- local and metropolitan area networks-- specific requirements.. New York, N.Y.: Institute of Electrical and Electronics Engineers, 2003. Print.Kitchen, Darren, and Shannon Morse. "Hak5 – Episode 705 – Airport WiFi Challenge and your Ultra Software Picks." Hak5 – Technolust since 2005. Revision 3 Networks, 17 Mar. 2010. Web. 5 Feb. 2011. <;."Main Page - BackTrack Linux." BackTrack Linux – Penetration Testing Distribution. BackTrack Linux Team, n.d. Web. 5 Feb. 2011. <;."Main Page - FON Wiki Beta."Main Page - FON Wiki Beta. N.p., n.d. Web. 7 Feb. 2011. <, Thea. "What Trouble Can Computer Hacking Get You Into? | ." EHow. Web. 13 Apr. 2011. <, Robin . "Jasager | Karma on the Fon - Installation." DigiNinja. N.p., n.d. Web. 7 Feb. 2011. <;."Wireshark · Documentation." Wireshark · Go deep.. N.p., n.d. Web. 7 Feb. 2011. <;. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download