happy chapter in Brendan and Alex's previously tumultuous relationship selfies didn't exist during the lifetime of her late husband, Inspector Morse and Perry Kitchen celebrate after defeating the Montreal Impact in an MLS .. - omarcafini.info monthly On August 14, Darren Kitchen, Hak5 co-host announced in IRC that Revision3 has agreed Shannon Morse a.k.a. "Snubs" – Currently a co-host of hak5. on "titillating" press reports of her relationship with Bond actor Daniel Craig, Ursula Shannon .. omarcafini.info nations-quizhtml Dr. Melvin Morse, 58, and his estranged wife Pauline Morse are seen in this Thorough cooking is key to avoiding food poisoning.
Over the years the ways in which devices connect to these preferred networks has changed, and throughout the WiFi Pineapple has stayed effective at capturing these clients using its custom PineAP suite. As an example, this means that a targeted laptop which has previously connected to an airport WiFi network may automatically connect to the penetration testers WiFi Pineapple 12 Pineapple What?
Once the targeted device joins the WiFi Pineapple network as a client, it poises the auditor in the position as the man-in-the-middle. Network connections are made up of many nodes. When you browse the web from home, for instance, your traffic goes through many hops.
From your laptop to your wireless access point, your modem and numerous routers between your ISP and the web server of the site you re accessing - your traffic in the form of packets is handed off to a variety of equipment down the chain.
Any node between you and the destination can be considered a man-in-the-middle, in a way, but the term itself generally refers to an attack. This is where an untrusted third party is poised in such a way as to eavesdrop on the connection. An attacker setup as a man-in-the-middle can both monitor and manipulate the traffic down the line.
It s a powerful place to be as a penetration tester. The closer you can get in-line to the target, the more successful your attack may become. With the WiFi Pineapple deployed as a rogue access point targeting the individual of interest in an audit, this poises you, the auditor, as the first hop in the chain.
With an emphasis on responsible auditing within the scope of engagement, the WiFi Pineapple can be used to passively gather intelligence, as well as actively capture clients in order to monitor and manipulate traffic. Modules such as Evil Portal can be deployed to effectively harvest credentials or inject malware onto targeted devices. When used in conjunction with typical tools of the trade, the WiFi Pineapple can easily integrate into your pentest workflow.
The focus shifts from breaking into the network to becoming the network. While every scenario differs, this basic workflow outlines the procedures most commonly followed during a WiFi audit. As guidelines they provide insight into responsible best practices.
The goal may be to harvest credentials from the client using a phishing page tailored to the organization, either by DNS poisoning attack or captive portal. It may be to deploy malware such as a reverse shell.
Or perhaps it s simply to passively monitor client traffic. Depending on the client device, you may even want it connected to your WiFi Pineapple network in order to attempt a remote exploit. In any case, the typical strategy is to snare a specific target - that is to get the client device of interest to connect to your WiFi Pineapple so that a payload may be delivered. This is extremely important since you ll be using a shared spectrum, and ensuring zero collateral damage is key.
The more you can obtain up front from the organization about their wireless network and any key targets, the better.
Determine how many wireless networks are in operation and whether there is a guest network. Moreover you ll want to familiarize yourself with any bring your own device BYOD policy. For instance, say the organization employs software engineers with high level access to the company infrastructure. Intelligence Gathering The more you can learn about the organization s facilities and its employees, the higher the likelihood of success.
Remember, it s not just the company s network infrastructure we re interested in as much as it is the associated staff. What wireless devices do they use? To what other networks do they connect?
Do they use guest networks at client sites? It provides the auditor with a big picture of the WiFi landscape, with hooks to the PineAP suite to execute on actionable intelligence. Identify potentially vulnerable targets within the scope of engagement. Are these client devices transmitting probe requests? Are they general or directed at a specific access point? What SSIDs can you determine from their preferred network list? Are they associated to an access point? Are they susceptible to a deauth attack?
Once vulnerabilities have been identified they can be validated. Add the in-scope targets to the allow filter and test them against the available PineAP attacks. Do they connect to your WiFi Pineapple? Do they stay connected? Exploitation With in-scope targets identified and validated, the auditor can proceed to exploitation. This will vary greatly depending on the goal of the attack. If it is to capture network traffic for analysis, the tcpdump module may be most appropriate.
If it is to harvest credentials from a captive portal using social engineering techniques, the Evil Portal module may be your best bet. In any case, exploitation comes down to setting up the attack, testing the attack, then finally executing it on the given targets.
It is in this phase that careful consideration is put towards tailoring the attack to the targeted individuals and ensuring proper filtering to limit collateral damage. Post Exploitation You ve successfully obtained associations from your target- 15 17 WiFi Pineappling ed individuals and executed your exploit - be it phishing, sniffing, remote exploit, etc. Depending on the engagement you may wish to set up persistent remote access in order to maintain a connection with these clients.
Or you may have obtained credentials useful in pivoting your attack into the organization s network. By integrating with other popular penetration testing frameworks, the WiFi Pineapple may play the important a role of maintaining your layer 3 network access to these clients throughout the course of the audit. Reporting At the conclusion of the WiFi audit the organization will most likely require a report.
While the executive level report regarding business impact and bottom line will require a human touch, the technical aspects of this report may be generated by the WiFi Pineapple reporting module. Further the PineAP reports may be analyzed using scripts to determine trends within the organization and its workforce. In an ongoing WiFi audit, the reporting module may be configured to continuously provide the penetration tester with reports by at set intervals.
The procedures followed with regards to the WiFi Pineapple may look like the following: Recon - Gather actionable intelligence about the wireless landscape. This module provides a dashboard for quickly 18 WiFi Audit Workflow identifying potential targets, and interfacing with the filtering and capturing capabilities of the PineAP suite.
Filter - Limiting the scope of engagement is key to a successful audit. Nobody wants collateral damage, so CYA and ensure that only permitted client devices are acquired.
Log - A plethora of actionable intelligence can be passively acquired by logging client device probe requests and associations. Logging is key to successful analysis. Analyze - What in-scope targets are associated?
Which are transmitting probe requests? Can you determine the client devices preferred network list? Capture - A pool of preferred network names are captured, either automatically from nearby probe requests or manually, to the SSID pool. A well curated and targeted SSID pool can be thought of as the sweet, sweet honey of the hot-spot honey-pot. Prepare - Will you be passively collecting data for analysis?
Setup the tcpdump module. Will you be social engineering with a captive portal? Develop the tailored phishing page. Prepare the attack before executing. Test - Does the attack work as expected? What interaction is required by the client? Test with your own devices before executing. Broadcast - Advertising the SSID pool to either all nearby devices or specifically targeted devices is an active way of attracting a potential client.
Deauthenticate - When permitted, a well placed deauthentication frame may encourage a device to disconnect from their currently associated network and join the WiFi Pineapple. Ensure first that this technique is within the rules of engagement. Set the appropriate modules to log.
This is where it pays to get creative with captive portals, DNS spoofing and the like.
The HAK5 Guide To The Top WiFi Hacking Toolkit. Darren Kitchen Sebastian Kinne Shannon Morse
Report - What was vulnerable? The PineAP log will show. Further analysis will highlight trends. Compile these for the technical aspects of your report. Conclusion A thoughtfully planned and executed WiFi audit is possible by using a number of modules available to the WiFi Pineapple. When used in conjunction with popular penetration testing frameworks the audit will have the largest impact. Like most productions, the more time spent in the planning stages the higher the likelihood of success.
Nobody wants a messy audit. Spend the time to gather intelligence and carefully plan the attack. Going in guns blazing will increase the chances of collateral damage. It cannot be emphasized enough the importance of filtering and tailoring an attack specific to in-scope targets. It s ever changing.
Just because it s free of civilians now doesn t mean it won t change mid-way through the audit. In short, don t be that guy. Armed with this knowledge you ll be equipped to execute a responsible and successful wireless audit by following our recommended wireless auditing workflow. The purpose of this section is not to be all encompassing on the low level operation of the IEEE specification lovingly known as WiFi, but rather a crash course in the absolute basics necessary for understanding the operation of PineAP and other WiFi Pineapple components.
If you re already a level 11 kung-fu WiFi guru master, feel free to skip ahead. Not every radio is created equal, however, as their capabilities may differ significantly. Software support in particular may inhibit an otherwise fine bit of silicon. In particular, modes of operation may be restricted either by hardware or software. For the most part chipsets from Atheros have excellent support, with a few RaLink and Realtek chipsets having made a name for themselves in the infosec community as well.
While lower in clock speed than their PC counterparts, they re specifically optimized for high performance networking. Multipoint-to-multipoint is where any node of the network can communicate with any other and is often called an ad-hoc, peer-to-peer or mesh network. The most common configuration is point-to-multipoint, where a central access point is host to numerous client devices.
This is also known as Infrastructure mode. An example of which might be a wireless router in your home with several laptops, phones, game consoles and the like connected. For the most part, this is the configuration we will be focusing on with the WiFi Pineapple. Modes of Operation Most commonly a WiFi radio will operate in one of three modes: Additional modes include ad-hoc, mesh and repeater and are both less common and outside the scope of this guide. Keep in mind that not all radios have each of these capabilities and a radio can only operate in one mode at a time.
Generally their differences are related to frequency aka band or spectrumdata rate aka throughput or transfer speedbandwidth, modulation and range. Bandwidth is often confused with data rate. While there is often a correlation between greater bandwidth and greater data rate, in terms of radio the bandwidth refers to the difference between the upper and lower frequencies of a given channel as measured in hertz.
For example, with the g protocol the first channel will have a lower frequency of GHz and an upper frequency of GHz for a total of 22 MHz bandwidth. An n based network using 40 MHz bandwidth will occupy nearly twice the spectrum as the 22 MHz wide g channel and similarly achieve a much faster data rate. Modulation also affects data rate, with the most common modulation type being OFDM or Orthogonal frequency-division multiplexing. In addition to being a mouthful, it s a digital encoding technique used to cram a lot of data on a small amount of spectrum.
The HAK5 Guide To The Top WiFi Hacking Toolkit. Darren Kitchen Sebastian Kinne Shannon Morse - PDF
It s the same technology used in DSL modems and 4G mobile broadband. The important takeaway is that OFDM supersedes the older DSSS modulation technique used in b a and b were the first mainstream WiFi protocols, introduced in a operates in the 5 GHz band with speeds up to 54 Mbps while b operates in the 2.
These networks are more rare to find, though when they are it s typically indicative of aging infrastructure. Nowadays g and n are more commonly found 26 Basics of WiFi Operation with data rates up to 54 Mbps and Mbps respectively. Both operate in the 2. An important thing to consider about protocols is that WiFi radios operating on newer protocols almost always contain backwards compatibility, so an access point using the g standard may be just as enticing to a client device capable of using the newer n standard.
Channels and Regions Radio spectrum is divided up into channels.
Hak5 - The Full Wiki
As described above in terms of bandwidth, the first channel in the g protocol begins at GHz and ends at GHz for a total bandwidth of 22 MHz. From there, his interest in film production grew, and he devoted more of his time to working behind the camera. He started programming computers at the age of ten in QBasicand branched out to his now favorite language, PHP.
It is revealed in Episode 3 of Season 1 that he has a cat named "Kerberos". Paul Tobias is an associate producer and technical researcher back stage and in the labs at Hak5. Tobias often hosts Linux and Macintosh related segments and can be seen running the broadcast console during live shows. She announces this month's LAN game, the Hak5 sponsors, and usually the trivia winners and the weekly hak5 contest.
She also frequently does segments such as "How to get into Windows with Kon-Boot" or "Installing homebrew on the Wii". Her website Snubsie often has the latest updates on her personal life and the newest hak5 episode. Past crew Matt Lestock — joined Hak5 in August after six years of hosting an internet adult talk show  which he hopes to continueand was a co-host.
He has posted a post on his blog about his leaving: Wess Tobler — generally hosts segments with hardware hacks and modifications. Tobler may be better known for being the creator of Evil Server or for his repeated faux physical assaults on Darren.