Pineapple Analysis July 15, For Educational Purposes Only

Size: px

Start display at page:

Download "Pineapple Analysis July 15, For Educational Purposes Only"

Diane O’Connor’
6 years ago
Views:

1 WELCOME TO Please hang out and socialize prior to the meeting Hungry? Fill out an order sheet located on the table and bring up to the bar - please use full name Thirsty? Head up to the bar and order a beverage

2 Pineapple Analysis July 15, 2015 For Educational Purposes Only

3 Agenda Introduce Tonight s Topic Info Sec News Upcoming Conferences Job Opportunities Upcoming Meetings Membership Benefits Communications Pineapple Analysis Discussion

4 Tonight s Topic Pineapple Analysis Tonight we will combine two previous topics: Wifi Pineapple & Wireshark Afterwards, a mini capture the flag event

5 Info Sec News Euclid Analytics And Retailers: How Stores Like Nordstrom Track You Via Your Smartphone's Wi-Fi Signal Three Politicians Hacked Using Unsecured Wi-Fi Network Hacking Team orchestrated brazen BGP hack to hijack IPs it didn t own Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con Firefox blacklists Flash player due to unpatched 0-day vulnerabilities

6 Upcoming Conferences Blackhat Las Vegas Defcon Las Vegas HTCIA Orlando Events page

7 Job Opportunities Open Discussion Job openings Companies looking to hire Anybody looking for a job?

8 Upcoming Meetings August 19, 2015 Learning Ruby for Security Professionals September 16, 2015 Automated Penetration Testing

9 Member Benefits O Reilly Discount code for books Use the UG Program discount code: DSUG Secure Larger discount for SEC.MN 2016 members. Stay tuned

10 Communications Website Meetings, slide archives, and resources Mailing List Social Media Twitter Google+ Community LinkedIn Group Facebook

11 5-Minute Break Bio Break Order Food or Drink Grab a seat if you were late Ask Patrick about his hollow leg

12 Pineapple Analysis By: Mat Wilcek

13 Topic Agenda Level Set: What is the Wifi Pineapple What is the Raspberry Pi What are some antennas you can use Personal lessons learned Some ways to use the Pineapple Use cases

14 CYA Stuff None of what you hear tonight is beneficial in your professional career Really! Tonight is for educational purposes only. Learn what others are doing around you and mitigate that risk. Unless you re a professional pen-tester with a get out of jail free card, you may get in trouble, fired, or worse.

15 Assumptions/Declarations You heard the previous talks You can use Google, Bing, Yahoo, etc. You can watch YouTube videos I won t show you how to manage your devices tonight I expect you to ask questions if I gloss over something

16 WiFi Pineapple (Marketing Blurb) From the website: The WiFi Pineapple is a unique device developed by Hak5 for the purpose of WiFi auditing and penetration testing. The WiFi Pineapple is the only hardware with dual integrated radios custom built for advanced wireless attacks. Atheros AR9331 system on a chip (SoC), includes a 400 MHz MIPS processor, 16 MB ROM and 64 MB RAM, Onboard is the infamous Realtek RTL8187 radio with monitor and injection capabilities, a Micro SD memory expansion port, a bank of configurable auto-attack mode switches, a USB 2.0 host port and 10/100 Ethernet port.

17 Raspberry Pi (Marketing Blurb) From the website: The Raspberry Pi is a low cost, credit-card sized computer that plugs into a computer monitor or TV, and uses a standard keyboard and mouse. [Allows people to] learn how to program in languages like Scratch and Python. The Raspberry Pi Foundation is a registered educational charity (registration number ) based in the UK. Our Foundation s goal is to advance the education of adults and children, particularly in the field of computers, computer science and related subjects.

18 Home Setup Raspberry Pi 2, Model B 64GB SD

19 Home Setup

20 Home Setup

21 Antennas Super Power Supply 1 x 16dBi Yagi Wireless 2.4GHz High Gain Booster Directional WiFi Antenna (SMA)

22 Antennas Alfa AWUSO36NH High Gain USB Wireless G / N Long-Rang WiFi Network Adapter ***My opinion: One of the best chipsets for Backtrack/Kali (tools for WiFi stuff)

23 Antennas NooElec NESDR Mini USB RTL-SDR & ADS-B Receiver Set, RTL2832U & R820T Tuner, MCX Input. R820T Tuner & ESD-Safe Antenna Input

24 Other Necessary Resources

25 And Finally

26 And Finally

27 Personal Lessons Learned Nano is much better than VI (shut it) Technology is hard when you make it that way If a dummy like me can do it, what s happening when the smart people are malicious? Directional means you have to point it the right way! Additionally, pay attention to SMA vs. RPSMA. Sticking to the topic while drinking Monster is hard Arguments for using Kali or Linux instead of the Pineapple Arguments that the Pineapple is insecure

28 Use Cases Messing With People Package Update Injection Airplane Monitoring MitM (packet inspection)

29 Use Cases Messing with People Specific DNS Spoofing Hello World Random Roll Karma

30 Use Cases Package Update Injection

31 Package Update CONFIGURATION / VARIABLES (example script) # [Payload Information] # Custom Windows Payload (blank will default to metasploit) windows_payload="payloads/shellcode-tcp.exe" # Custom Mac PKG Payload - can be created with "osx_payload_installer" in the resources/ directory. mac_payload="payloads/apple_macosx_update.pkg" # Port for Mac reverse shells osx_port="6446" # Port for other Windows meterpreter shells (such as windows_payload) win_port="587" # Port for Windows PowerShell shells (requires a different AutoRunScript) ps_win_port="8080" # Port for Linux reverse shells nix_port="8443" # Meterpreter AutoRunScript - Assosiated with ${windows_payload} echo -e "duplicate -r p D duplicate -r p D webcam -f -p /tmp/collected " > /tmp/autorun.rc

32 Use Cases Airplane Monitoring (not in-flight WiFi)

33 Use Cases Man in the Middle Easiest = Connect to your laptop & run Packet Capture (run the script from Hak5)

34 2 minute overview on TCP

35 2 minute overview on TCP

36 2 minute overview on TCP

37 2 minute overview on TCP

38 2 minute overview on UDP (Chad Walker Protocol) This protocol talks and doesn t care if anyone listens (or stops listening)

39 Encapsulation

40 Packet Capture FAQ s Wireshark vs. Tcpdump Duplicate ACKs Why so many broadcasts?

41 Questions? (answers cost you a beer payable to me)

42 CTF Event Download the Pcaps from Jake s laptop here: Challenges: lvl1 - Find the username and password. lvl2 - What IP is scanning a host? What ports are open? lvl3 - What reflected XSS vulnerability was successfully exploited? lvl4 - What type of wireless attack was conducted? lvl5 - What is the Make, Model, and Serial # of the access point broadcasting the SSID '.'? lvl6 - Find sensitive data in the packet capture being transferred. *hint* Not a password lvl7 - What does the voice message say in the capture?

ISDP 2018 Industry Skill Development Program In association with

ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the