The HAK5 Guide To The Top WiFi Hacking Toolkit. Darren Kitchen Sebastian Kinne Shannon Morse - PDF
WiFi Pineappling The HAK5 Guide To The Top WiFi Hacking Toolkit Darren Kitchen About the Author Darren Kitchen is the founder of Hak5. technology. Shannon Morse is Hak5's host. producer. promovare-site.info https://sebkinne. .. in that they enable the relationship between client and access point to form. this is. On August 14, Darren Kitchen, Hak5 co-host announced in IRC that Revision3 has agreed Shannon Morse a.k.a. "Snubs" – Currently a co-host of hak5. Hak5 hosted by Darren Kitchen and Shannon Morse. Skeptics Guide to the Universe with Steven Novella & the SGU team. Star Talk with Neil.
The reaction in comments was much more negative. Most of the negativity was about either my looks or my education. It showed me that people subconsciously or maybe consciously make a bias towards you based on what they think you should wear. The negativity had nothing to do with my segment at all! While the gamer shirt was positivity about the content. Then in real life, they treat the pretty gamer girl terribly.
The internet just made it easier for them to display their prickidity. Or when the cute girl wears the hipster glasses and thinks that it magically makes her a nerd. People would bully you, even worse than they bullied everyone else. Then nerd became cool.
I blame superhero movies for that. Shannon Yes, when I was in school it was hard for me too. I used to draw a lot of anime characters back in middle school, and was treated as an outcast because of it. But I found a core few other kids that liked the same thing as me and we stuck together. There were different groups. But I like computers. We could each be geeky about our thing, and were generally accepted. To outsiders, we were all the same. I think it was the moment that I realized that I am a voice in the industry.
A year or two ago I started being asked to take part in other podcasts and events as an influencer. So other podcasters and InfoSec persons started inviting me to come on their shows as an expert in the industry or as their guest. That for me, was big for me. I do think that I still have a lot of time to grow and learn though. There were the so called script kiddies, and the guys on watch lists.
Hak5 - The Full Wiki
You help people to learn, while being one of us. I have such a passion for what I do now. I love my job. Do you write your own scripts? Shannon I am in charge of the shows. We have a HakShop manager who handles logistics for vending at conventions and the online store, and Darren and Seb [Sebastian Kinne] are the Masters behind the products.
Shannon My job is ensuring everything goes out on time, managing social aspects, working with sponsors and networks, outreach. The hardware continues to grow as the user experience is refined and components are updated to respond to the ever changing wireless landscape. The firmware is engineered alongside the hardware to fully exploit protocols. Comprising both the embedded Linux base as well as the web-based user interface, it s in continuous development with free updates delivered over the air.
Modules extend the functionality by providing additional tools and exploits to take advantage of the platform. They can be downloaded and installed over the air from the web interface. In fact, every WiFi Pineapple component is a module which can be updated from the web interface. Being a versatile Linux-based wireless auditing platform in development sinceit does many things.
That said, it is best known for it s ability to passively gather intelligence, target and track WiFi enabled devices and effectively deploy a rogue access point for man-in-the-middle attacks.
The WiFi Pineapple can be deployed as an extremely effective rogue access point. This is done by thoroughly mimicking the preferred wireless networks of client devices such as laptops, phones and tablets. For convenience, modern WiFi enabled devices automatically connect to networks for which they have previously joined.Hak5 1122.1, WiFi Hacking Workshop Part 1.1
Over the years the ways in which devices connect to these preferred networks has changed, and throughout the WiFi Pineapple has stayed effective at capturing these clients using its custom PineAP suite. As an example, this means that a targeted laptop which has previously connected to an airport WiFi network may automatically connect to the penetration testers WiFi Pineapple 12 Pineapple What?
Once the targeted device joins the WiFi Pineapple network as a client, it poises the auditor in the position as the man-in-the-middle. Network connections are made up of many nodes. When you browse the web from home, for instance, your traffic goes through many hops.
From your laptop to your wireless access point, your modem and numerous routers between your ISP and the web server of the site you re accessing - your traffic in the form of packets is handed off to a variety of equipment down the chain. Any node between you and the destination can be considered a man-in-the-middle, in a way, but the term itself generally refers to an attack. This is where an untrusted third party is poised in such a way as to eavesdrop on the connection.
An attacker setup as a man-in-the-middle can both monitor and manipulate the traffic down the line. It s a powerful place to be as a penetration tester. The closer you can get in-line to the target, the more successful your attack may become.
With the WiFi Pineapple deployed as a rogue access point targeting the individual of interest in an audit, this poises you, the auditor, as the first hop in the chain. With an emphasis on responsible auditing within the scope of engagement, the WiFi Pineapple can be used to passively gather intelligence, as well as actively capture clients in order to monitor and manipulate traffic.
Modules such as Evil Portal can be deployed to effectively harvest credentials or inject malware onto targeted devices. When used in conjunction with typical tools of the trade, the WiFi Pineapple can easily integrate into your pentest workflow. The focus shifts from breaking into the network to becoming the network.
While every scenario differs, this basic workflow outlines the procedures most commonly followed during a WiFi audit. As guidelines they provide insight into responsible best practices. The goal may be to harvest credentials from the client using a phishing page tailored to the organization, either by DNS poisoning attack or captive portal. It may be to deploy malware such as a reverse shell. Or perhaps it s simply to passively monitor client traffic.
Depending on the client device, you may even want it connected to your WiFi Pineapple network in order to attempt a remote exploit. In any case, the typical strategy is to snare a specific target - that is to get the client device of interest to connect to your WiFi Pineapple so that a payload may be delivered. This is extremely important since you ll be using a shared spectrum, and ensuring zero collateral damage is key. The more you can obtain up front from the organization about their wireless network and any key targets, the better.
Determine how many wireless networks are in operation and whether there is a guest network. Moreover you ll want to familiarize yourself with any bring your own device BYOD policy. For instance, say the organization employs software engineers with high level access to the company infrastructure. Intelligence Gathering The more you can learn about the organization s facilities and its employees, the higher the likelihood of success. Remember, it s not just the company s network infrastructure we re interested in as much as it is the associated staff.
What wireless devices do they use? To what other networks do they connect? Do they use guest networks at client sites? It provides the auditor with a big picture of the WiFi landscape, with hooks to the PineAP suite to execute on actionable intelligence. Identify potentially vulnerable targets within the scope of engagement.
Are these client devices transmitting probe requests? Are they general or directed at a specific access point? What SSIDs can you determine from their preferred network list?
Are they associated to an access point? Are they susceptible to a deauth attack? Once vulnerabilities have been identified they can be validated. Add the in-scope targets to the allow filter and test them against the available PineAP attacks. Do they connect to your WiFi Pineapple?
Do they stay connected? Exploitation With in-scope targets identified and validated, the auditor can proceed to exploitation. This will vary greatly depending on the goal of the attack. If it is to capture network traffic for analysis, the tcpdump module may be most appropriate. If it is to harvest credentials from a captive portal using social engineering techniques, the Evil Portal module may be your best bet.
In any case, exploitation comes down to setting up the attack, testing the attack, then finally executing it on the given targets. It is in this phase that careful consideration is put towards tailoring the attack to the targeted individuals and ensuring proper filtering to limit collateral damage. Post Exploitation You ve successfully obtained associations from your target- 15 17 WiFi Pineappling ed individuals and executed your exploit - be it phishing, sniffing, remote exploit, etc.
Depending on the engagement you may wish to set up persistent remote access in order to maintain a connection with these clients. Or you may have obtained credentials useful in pivoting your attack into the organization s network.
By integrating with other popular penetration testing frameworks, the WiFi Pineapple may play the important a role of maintaining your layer 3 network access to these clients throughout the course of the audit.
AusCERT 2017 - You are the universal attack vector
Reporting At the conclusion of the WiFi audit the organization will most likely require a report. While the executive level report regarding business impact and bottom line will require a human touch, the technical aspects of this report may be generated by the WiFi Pineapple reporting module.
Further the PineAP reports may be analyzed using scripts to determine trends within the organization and its workforce. In an ongoing WiFi audit, the reporting module may be configured to continuously provide the penetration tester with reports by at set intervals. The procedures followed with regards to the WiFi Pineapple may look like the following: Recon - Gather actionable intelligence about the wireless landscape.
This module provides a dashboard for quickly 18 WiFi Audit Workflow identifying potential targets, and interfacing with the filtering and capturing capabilities of the PineAP suite. Filter - Limiting the scope of engagement is key to a successful audit. Nobody wants collateral damage, so CYA and ensure that only permitted client devices are acquired.
Log - A plethora of actionable intelligence can be passively acquired by logging client device probe requests and associations. Logging is key to successful analysis. Analyze - What in-scope targets are associated? Which are transmitting probe requests? Can you determine the client devices preferred network list? Capture - A pool of preferred network names are captured, either automatically from nearby probe requests or manually, to the SSID pool.
A well curated and targeted SSID pool can be thought of as the sweet, sweet honey of the hot-spot honey-pot. Prepare - Will you be passively collecting data for analysis? Setup the tcpdump module. Will you be social engineering with a captive portal? Develop the tailored phishing page.
I just decided to be myself and talk to people. Being friendly was actually a key component to my growth in Internet media. But they warn you need a thick skin to deal with some of the trolls. As luck would have it, the pair were invited to a Diggnation taping in NYC. Kitchen and Morse still produce the show themselves and it is the longest-running show on the Revision3 TV network.
In addition to writing and hosting, Morse runs the Hak5 webstore — so if you have any order problems, you know who to turn to. In the studio, the co-hosts do a quick rundown of the episode and set up the shot.
Paul Tobias — cameraman and editor — handles the technical aspects, using Panasonic cameras and a slew of wireless microphones. At TechnoBuffalo, the setup is simple. Ralph Liernas does all the filming. Rettinger does all the video editing himself with Final Cut Pro. The Nitty Gritty — Compensation So how much do these folks make?