Professional Documents
Culture Documents
This user's manual provides instructions on how to conduct a penetration test on the
Wireless Local Area Network (WLAN) of the College of Engineering and Architecture
Department. The manual guides users on the devices required for the pen-testing, including
a wireless network adapter, laptop with appropriate tools and software, and a wireless
access point, and how to set them up for pen-testing. The manual also includes step-by-step
Reconnaissance involves scanning the WLAN to identify active hosts, open ports, and
other information that can be used to gain access to the network. Infiltration involves
attempting to gain access to the network using various methods such as exploiting
When users have completed this guidebook, they should be able to:
186
TABLE OF CONTENTS
Page
USER’s MANUAL OVERVIEW ......................................................................... 186
MODULE LEARNING OBJECTIVES ................................................................ 186
TABLE OF CONTENTS ...................................................................................... 187
LIST OF TABLES ................................................................................................ 191
LIST OF FIGURES .............................................................................................. 191
LEARNING CONTENTS..................................................................................... 197
Introduction to the Alfa AWUS036NHA USB Wi-Fi Adapter
Overview of the Product ................................................................................ 198
Features .................................................................................................... 198
LED Status ............................................................................................... 198
Installation Guide .......................................................................................... 199
Hardware Installation ............................................................................... 199
Software Installation ................................................................................ 199
Reconnaissance Phase Using Alfa AWUS036NHA USB Wi-Fi Adapter
Step-by-Step Procedure of the Reconnaissance Phase ................................ 203
Summary of the Scanned Result in Monitor Mode ..................................... 209
Introduction to the Wi-Fi Pineapple Mark VII + AC Tactical
Connecting and powering the Wi-Fi Pineapple ........................................... 210
Connect the Wi-Fi Antenna .................................................................... 210
Connecting via PC or Laptop .................................................................. 211
Powering from External Adapters .......................................................... 211
Setting-up the Wi-Fi Pineapple ..................................................................... 213
Getting the latest firmware via Over-The-Air .............................................. 214
User Interface Overview of the Wi-Fi Pineapple
Logging In ..................................................................................................... 223
Navigating the User Interface ....................................................................... 225
Notifications .................................................................................................. 226
Informational Messages ................................................................................ 227
Web Terminal ............................................................................................... 227
Sidebar .......................................................................................................... 228
Campaigns ..................................................................................................... 228
Manage .................................................................................................... 228
Review .................................................................................................... 229
PineAP .......................................................................................................... 229
PineAP Settings ...................................................................................... 230
Open SSID .............................................................................................. 231
187
Evil WPA ................................................................................................ 232
Evil Enterprise ........................................................................................ 233
Impersonation ......................................................................................... 234
Clients ..................................................................................................... 235
Filtering ................................................................................................... 235
Reconnaissance ............................................................................................. 236
Scanning .................................................................................................. 236
Security Information ............................................................................... 238
Handshakes ................................................................................................... 239
Automatic Handshake Capture ............................................................... 239
Direct Handshake Capture ...................................................................... 239
Wi-Fi Pineapple Modules ............................................................................. 240
Installed Modules .................................................................................... 240
Available Modules .................................................................................. 241
Packages .................................................................................................. 242
General Setting ........................................................................................ 242
Networking ............................................................................................. 243
Management Network ............................................................................. 243
LED Configuration ................................................................................. 244
Advanced Settings .................................................................................. 245
Help ......................................................................................................... 246
Introduction of the Wi-Fi Pineapple Recon to Gain Access
Reconnaissance in Computer Engineering Department ............................... 248
Scanning .................................................................................................. 248
Capturing Handshakes ............................................................................ 251
Deauthenticating Clients ......................................................................... 251
Downloading the Captured Handshakes ................................................. 252
Reconnaissance in Mechanical Engineering Department ............................. 253
Scanning .................................................................................................. 253
Capturing Handshakes ............................................................................ 255
Deauthenticating Clients ......................................................................... 255
Downloading the Captured Handshakes ................................................. 256
Reconnaissance in Architecture Department ................................................ 257
Scanning .................................................................................................. 257
Capturing Handshakes ............................................................................ 258
Deauthenticating Clients ......................................................................... 258
Downloading the Captured Handshakes ................................................. 259
Reconnaissance in Civil Engineering Department ....................................... 260
Scanning .................................................................................................. 260
Capturing Handshakes ............................................................................ 261
188
Reconnaissance in Electrical Engineering Department ................................ 262
Scanning .................................................................................................. 262
Capturing Handshakes ............................................................................ 262
Deauthenticating Clients ......................................................................... 263
Capture Handshakes in College of Engineering and Architecture ............... 264
Fake Access Point Attack
Fake Access Point Attack using Clone WPA/2 ............................................ 264
Configuration of the Fake Access Point ....................................................... 265
Fake Access Point Attack Using Evil WPA ................................................. 266
Manually Entered Configuration of the Fake Access Point .......................... 266
Saving the Configuration .............................................................................. 267
Captured Handshake of the Fake Access Point ............................................ 268
Beacon Flooding
MDK4 Module .............................................................................................. 270
Setting Attack Mode ..................................................................................... 270
Setting Attack Options................................................................................... 271
Output of the Beacon Flooding Attack.......................................................... 271
Client’s POV in Beacon Flooding................................................................. 272
Credential Harvester
Wi-Fi Pineapple’s Module............................................................................. 273
Getting the Available Modules ..................................................................... 274
Installation of Evil Portal Module.................................................................. 275
User Interface of Evil Portal ......................................................................... 275
User Interface of FileZilla.............................................................................. 276
Site Manager in FileZilla............................................................................... 276
Managing the FTP files in Site Manager....................................................... 277
Configuring the FTP Connections ................................................................ 278
Connected to the Remote Server.................................................................... 278
Local Machine and the Remote Server in FileZilla ...................................... 279
Files in the Local Machine............................................................................. 279
Fake Webpages File....................................................................................... 280
Transferring Files from Local Machine to Remote Server............................ 280
Loading of the portals in Portal Library ....................................................... 281
Starting the Web Server................................................................................. 283
Activating a Portal in Portal Library.............................................................. 283
Start the Execution of the Fake Webpage...................................................... 284
Client’s POV in Credential Harvester............................................................ 284
Captured Credentials of the Client................................................................. 286
HTTP Traffic Analysis
HTTPeek Module........................................................................................... 288
189
Enabling the Sniffer....................................................................................... 288
Start the Capturing of HTTP Traffic.............................................................. 289
Client’s POV when Visiting Unsecured Sites............................................... 289
Captured Credentials of the Client................................................................. 291
190
LIST OF TABLES
Table #
1 LED Status of the Wi-Fi Adapter ...................….198
2 Scanned Result in Monitor Mode...................….209
LIST OF FIGURES
Figure #
1 Alfa AWUSO36NHA USB Wi-Fi Adapter.......................................197
2 Update the Device UB91C ...............................................................199
3 Update Drivers..................................................................................200
4 Properties of UB91C.........................................................................200
5 Update Drivers for UB91C...............................................................201
6 Optional Updates...............................................................................201
7 Network Adapters.............................................................................202
8 Plug the Alfa AWUS036NHA into the USB port of Laptop............203
9 Terminal Window in Kali Linux.......................................................203
10 Checking the Wireless Configuration of the Device .......................204
11 Monitoring mode .............................................................................204
12 Checking if the device is in monitoring mode .................................205
13 Scanning process .............................................................................205
14 Monitoring the network of Computer Engineering .........................206
15 Computer Engineering’s network being scanned in
monitor mode .................................................................................206
16 Monitoring the network of Architecture ..........................................206
17 Architecture Department’s network being scanned in
monitor mode .................................................................................207
18 Monitoring the network of Civil Engineering .................................207
19 Civil Engineering’s network being scanned in
monitor mode .................................................................................207
20 Monitoring the network of Electrical Engineering ..........................207
21 Electrical Engineering’s network being scanned in
monitor mode .................................................................................208
22 Monitoring the network of Mechanical Engineering .......................208
23 Mechanical Engineering’s network being scanned in
monitor mode .................................................................................208
24 Connecting the Antennas of the Wi-Fi Pineapple............................210
191
25 Connecting via PC or Laptop...........................................................211
26 Powering from External Adapters ...................................................212
27 Connecting to the SSID of the Access Point....................................213
28 Accessing the Graphical User Interface (GUI)
of Wi-Fi Pineapple............................................................................214
29 Setting-up the Wi-Fi Pineapple over Wi-Fi......................................214
30 Entering the Access Point’s Credential............................................215
31 Connecting to a Wi-Fi Network.......................................................215
32 Downloading and Verifying Firmware.............................................215
33 Updating Firmware .........................................................................216
34 Welcome Page of the Wi-Fi Pineapple.............................................217
35 Verifying your Device......................................................................218
36 Latest Version of the Wi-Fi Pineapple Firmware.............................218
37 General Setup....................................................................................219
38 Networking Setup ......................................................................220
39 Client Filter Setup.............................................................................220
40 SSID Filter Setup .........................................................................221
41 User Interface Theme ......................................................................221
42 Term of Services & License Agreement .........................................222
43 Completing the Setup.......................................................................223
44 Connecting to the Management SSID..............................................223
45 Accessing the Web Interface............................................................224
46 Login Page of the Wi-Fi Pineapple..................................................224
47 Ways on how to connect to the Internet...........................................225
48 Dashboard.........................................................................................226
49 Wi-Fi Pineapple’s Title Bar..............................................................226
50 Notifications .................................................................................226
51 Informational Messages....................................................................227
52 Web Shell ........................................................................................227
53 Sidebar ............................................................................................228
54 Managing the Campaigns.................................................................229
55 Campaign Reports............................................................................229
56 PineAP Settings .........................................................................231
57 Configuration of the Open Access Point..........................................232
58 Evil WPA Configuration..................................................................233
59 Enterprise Certificate Generation.....................................................233
60 SSID Impersonation Pool.................................................................234
61 Connected Clients .........................................................................235
62 Client and SSID Filter......................................................................236
63 Wireless Reconnaissance..................................................................237
192
64 How to Highlight Active Devices.....................................................237
65 Details of the Scanned Access Point................................................238
66 Security Information of a Network...................................................238
67 Handshake Collection Card..............................................................239
68 Capturing Handshake from a Network.............................................240
69 List of Installed Modules..................................................................241
70 Available Modules............................................................................241
71 Package Settings...............................................................................242
72 Configuration of the General Setting of the Wi-Fi Pineapple...........243
73 Network Configuration.....................................................................243
74 Wi-Fi Management Network Configuration....................................244
75 LED Configuration...........................................................................245
76 Advanced Settings............................................................................245
77 Help Tab...........................................................................................246
78 Reconnaissance Page .......................................................................248
79 Amount of Time in Scanning Process..............................................249
80 Scanning the Networks of Pangasinan State University...................249
81 Scanned Network of Computer Engineering....................................250
82 Expanding the Computer Engineering’s Network............................250
83 Computer Engineering’s Network and its Connected Clients..........250
84 Start the Handshake Capture in Computer
Engineering’s Network ....................................................................251
85 Selecting a target client in Computer Engineering’s Network
and Deauthenticate it........................................................................252
86 Notification of the Captured Handshake in
Computer Engineering’s Network....................................................252
87 Download the Captured Handshakes in
Computer Engineering’s Network....................................................252
88 Stop the Handshake Capture in Computer
Engineering’s Network.....................................................................253
89 Scanned Network of Mechanical Engineering.................................254
90 Expanding the Mechanical Engineering’s Network.........................254
91 Mechanical Engineering’s Network and its Connected Clients.......254
92 Start the Handshake Capture in Mechanical
Engineering’s Network ....................................................................255
93 Selecting a target client in Mechanical Engineering’s Network
and Deauthenticate it........................................................................256
94 Notification of the Captured Handshake in Mechanical
Engineering’s Network....................................................................256
95 Download the Captured Handshakes in Mechanical
193
Engineering’s Network.....................................................................256
96 Stop the Handshake Capture in Mechanical
Engineering’s Network.....................................................................257
97 Scanned Network of Architecture....................................................257
98 Start the Handshake Capture in Architecture’s Network ................258
99 Selecting a target client in Architecture’s Network
and Deauthenticate it........................................................................259
100 Notification of the Captured Handshake in
Architecture’s Network.....................................................................259
101 Download the Captured Handshakes in
Architecture’s Network....................................................................260
102 Stop the Handshake Capture in Architecture’s Network..................260
103 Scanned Network of Civil Engineering............................................261
104 Start the Handshake Capture in Civil Engineering’s Network ........261
105 Scanned Network of Electrical Engineering.....................................262
106 Start the Handshake Capture in Electrical
Engineering’s Network ....................................................................263
107 Selecting a target client in Electrical Enginneering’s Network and
Deauthenticate it...............................................................................263
108 Captured Handshakes in College of Engineering
and Architecture ...............................................................................264
109 Fake Access Point Attack Using Clone WPA/2 AP.........................265
110 Configuration of the Fake Access Point...........................................265
111 Fake Access Point Attack
using Evil WPA................................................................................266
112 Manually Entered Configuration of the Fake Access Point.............266
113 Saving the Configuration..................................................................267
114 Notification of Captured Handshake of the Fake
Access Point .....................................................................................268
115 Handshakes Captured ......................................................................268
116 Module Page of the Wi-Fi Pineapple................................................269
117 Home Page of the MDK4 Module....................................................270
118 Setting Attack Mode to the Input and Output Interface...................270
119 Setting Attack Options for Beacon Flooding....................................271
120 Output of the Beacon Flooding Attack.............................................271
121 Result of the Beacon Flooding Attack in Client/s
Point of View....................................................................................272
122 Wi-Fi’s Pineapple Module................................................................273
123 Get Available Modules ....................................................................274
124 Install the Module Evil Portal ..........................................................274
194
125 Evil Portal being Installed................................................................275
126 User Interface of Evil Portal ............................................................275
127 User Interface of FileZilla ...............................................................276
128 Site Manager in FileZilla .................................................................276
129 Managing the FTP files in Site Manager .........................................277
130 Configuring the FTP Connections....................................................278
131 Successfully Connected to the Remote Server.................................278
132 Local Machine and the Remote Server.............................................279
133 Files in the Local Machine...............................................................279
134 Fake Webpages File..........................................................................280
135 Transferring the files from the Local Machine
to the Remote Server........................................................................280
136 Files that are being transferred to the Remote Server.......................281
137 Loading of the portals in the Portal Library ....................................281
138 All the portals containing the Fake Webpages.................................282
139 Starting the Web Server of the Evil Portal.......................................283
140 Activate the PSU-Login Portal.........................................................283
141 Start the Execution of the Fake Webpage.........................................284
142 Client Connecting to the Open Network of Wi-Fi Pineapple...........284
143 Fake Webpage...................................................................................285
144 Log-in Credentials of the Client.......................................................285
145 Notification of the Captured Handshakes in
Credential Harvester.........................................................................286
146 Viewing the Captured Credential of the Client ...............................286
147 Module Page of the Wi-Fi Pineapple................................................288
148 Enabling the Sniffer in HTTPeek ....................................................288
149 Start the Capturing of HTTP Traffic ...............................................289
150 Client is Connecting to the Open Network.......................................289
151 Unsecured Website that the Client Visited.......................................290
152 URL’s of the Website being Captured by the HTTPeek..................290
153 Unsecured Site having a Login Credential.......................................291
154 Captured Credential that Appears in Post Data................................291
155 Wi-Fi Pineapple’s Module................................................................293
156 MDK4 Interface................................................................................293
157 Choosing the Attack Mode and the Input/Output Interface..............294
158 Entering the Necessary Data for the Chosen Attack........................294
159 Starting the Attack............................................................................295
160 Devices that are being disconnected from the network....................295
161 Download the hashcat-6.2.6.............................................................296
162 Copying the hashcat-6.2.6 folder location........................................297
195
163 Command used for the cracking of password
using hashcat.....................................................................................298
164 Cracked password of the CpEDept network.....................................298
165 Command used for the cracking of password
using brute force...............................................................................299
166 Progress of cracking using brute force attack...................................300
196
LEARNING CONTENTS
There are many tools, and each one is designed to perform a particular test;
nevertheless, there is no tool that can test for everything (Kevin B., 2018) [1]. In this
research study penetration testing for Wireless Local Area Network, the Alfa
AWUS036HHA USB Wi-Fi adapter was selected to use for reconnaissance. The Alfa
AWUS036HHA USB Wi-Fi adapter is one of the best things you can use with Kali Linux
for wireless pen testing (very popular among Kali Linux users). It is different from most
of its predecessors in that it supports all six wireless modes. This is important for
monitoring mode. You can capture a valid WPA2-PSK hash, the WPA 4-way handshake,
a hidden SSID, generate ARP frames for a WEP replay attack, perform man-in-the-
197
Figure 1. Alfa AWUSO36NHA USB Wi-Fi Adapter
performance for your PC. The AWUS036NHA’s auto-sensing capability allows high
packet transfer rate of up to 150Mbps for maximum throughput. it can also interoperate
with other wireless (802.11b/g) products. The adapter supports WEP, WPA and WPA2
encryption to prevent outside intrusion and protect your personal information from
being exposed.
FEATURES
rate of up to 150Mbps
LED STATUS
198
The table below shows the LED Indications of the Wi-Fi Adapter.
INSTALLATION GUIDE
HARDWARE INSTALLATION
Connect the Adapter and your computer through the USB cable attached in
package. The LED will light up when the Adapter is installed successfully and the PC is
on. Make sure that the device is connected to the virtual machine specifically to the Kali
Linux. If the blue light is blinking, it indicates that the device is connected properly to the
Windows 8/10 not recognized by the Windows device manager, then follow the next step
SOFTWARE INSTALLATION
199
Step 1: After you plug-in the wireless adapter. Go to Device Manager. On the device
“UB91C”, make a right-click on it and select the “update driver” from the menu.
Step 2: Select Search automatically for drivers to search your computer for the available
200
Figure 3. Update Drivers for UB91C
Step 3: Right click on your selected driver. Click properties, go to General tab, and click
update driver.
Step 4: If your Windows was unable to install your UB91C, click “Search for updated
201
Figure 5. Update Drivers for UB91C
Step 5: Choose the “Driver Updates” and then select “Download and Install.”
Note: Please make Internet ready with internal wired/wireless network adapter, and select
“Driver updates” in the “Update Drivers” menu. Wait a few seconds, Windows will
202
“AR9271 Wireless Network Adapter”, and categorized to “Network
DOCUMENTATION
This documentation is for the Wi-Fi Pineapple Mark VII 2.x series firmware
203
THE ALFA AWUS036NHA USB WI-FI ADAPTER
Step 1. Plug the Alfa AWUS036NHA USB Wi-Fi Adapter into an available USB port on
Figure 8. Plug the Alfa AWUS036NHA into the USB port of Laptop
Step 2: Open a terminal window in Kali Linux by pressing "Ctrl+Alt+T" or searching for
204
Step 3: Enter the command “iwconfig” to ensure that the adapter is recognized by the
system. The output of this command should show the Alfa adapter as a recognized
Note: If it doesn't appear, you may need to install additional drivers for the adapter.
Step 4: Next, type the command “airmon-ng start wlan0” to put a wireless network
Note: If you are not a root user, you need to add “sudo” before the command.
205
Step 5: To check if it is in monitoring mode, the researchers used again the command
“iwconfig”.
Step 6: Once the wireless interface is having a port “wlan0mon” it means that it is now
in monitoring mode. Then, you can start monitoring nearby networks by typing
206
To show the clients connected on a specific network, use the command “airodump-ng
wlan0mon -d [BSSID]”. The “-d” indicates displaying the network and replace the
[BSSID] with the BSSID of the network that you want to monitor.
Step 7: For the Department of Computer Engineering, there network is having a BSSID
in Computer Engineering.
Architecture Department.
207
Figure 17 shows the captured data of the Architecture Department.
Step 9: For the Department of Civil Engineering, there network is having a BSSID of
Civil Engineering.
Step 10: For the Department of Electrical Engineering, there network is having a BSSID
in Electrical Engineering.
208
Figure 20. Monitoring the network of Electrical Engineering
Figure 21 shows the captured data of the Electrical Engineering Department having the
network of “PSUWifi.”
Step 11: For the Department of Mechanical Engineering, there network is having a
Figure 23 shows the captured data of the Mechanical Engineering Department having the
network of “PSUWifi2.”
209
Figure 23. Mechanical Engineering’s network being scanned in monitor mode
The table below shows the summary of the scanned result in monitor mode of the
reconnaissance phase. The table shows the College of Engineering and Architecture
Department. The data gathered shows the WLAN security protocol, the SSID also known
as the network name, the MAC address, authentication, the equipment used, or the
210
corner of the room at the
said room. northwest
corner of the
said room.
Table 2. Scanned Result in Monitor Mode
The Wi-Fi Pineapple Mark VII is a wireless penetration testing tool that is
designed to help security professionals simulate attacks against Wi-Fi networks. It allows
them to identify vulnerabilities in wireless networks and test the effectiveness of their
security measures. The "AC Tactical" version of the Wi-Fi Pineapple Mark VII refers to a
model that includes upgraded hardware specifications, including support for the 802.11ac
Wi-Fi standard, which offers faster data transfer speeds than previous standards. This
makes it an even more powerful tool for analyzing and exploiting vulnerabilities in Wi-Fi
networks. The basic functions of the Wi-Fi Pineapple Mark VII include creating a rogue
access point, packet capturing and monitoring, man-in-the-middle attacks, and exploiting
vulnerabilities.
211
Step 1: Connect the Wi-Fi Antenna before turning on your Wi-Fi Pineapple, make sure
Note: When transmitting without an antenna connected, any radio, including the
The Wi-Fi Pineapple Mark VII is built to be powered from a wide range of today's
computer systems, either directly or through a USB-C to USB-A adaptor. The wired USB
connection is advised for setup since the Wi-Fi Pineapple will show up as an Ethernet
adapter.
212
Figure 25. Connecting via PC or Laptop
Use the provided power supply to turn the Wi-Fi Pineapple on. It can be supplied with
electricity from an external power adapter while taking into account the following:
Some USB-C-PD power adapters might not function due to the difficulties with
chosen power adapter fails to power the Wi-Fi Pineapple (no LEDs light up).
213
Not all power adapters can give the stated power with consistency. If your Wi-Fi
Pineapple starts up and runs for a short while, but then loses power, it's possible that your
USB power adapter is unable to give the necessary power continuously and is shutting
down on its own. If this occurs, it is advised to try a new brand or one with a greater
Step 4: After you plug it in, your Wi-Fi Pineapple will start to boot up. Check the device's
LEDs to determine whether it is powering on. The lights should start blinking when
the device is initializing. Once the device has finished setting up, the LEDs will stop
flashing and remain on. If the Wi-Fi Pineapple is linked to a monitor or other display
After the Wi-Fi Pineapple has fully booted up. You need to connect to the SSID of AP
which is Pineapple_XXXX, where the 'XXXX' is the last 4 characters of the devices
214
MAC address. Connect to this network as you would normally from your computer or
phone.
Once you are connected, you can now access the Wi-Fi Pineapple Stager at
http://172.16.42.1:1471.
Note: Take note of the port in the URL! The Wi-Fi Pineapple uses port 1471 instead of
the default HTTP port, you will need to include this in the URL when you connect!
To begin, make sure you're close to the Wi-Fi Pineapple. This may be done by pressing
the reset button in one of the ways shown in the image below.
215
Figure 29. Setting up the Wi-Fi Pineapple over Wi-Fi
Connect to an Access Point that you have credentials for. This will connect the Wi-Fi
Pineapple to the internet and automatically download the latest firmware. This access
Figure 30. Entering the AP’s credential Figure 31. Connecting to a Wi-Fi
Network
After you have connected to your Wi-fi Network, it will immediately download and
216
Figure 32. Downloading & Verifying Firmware
The firmware will be downloaded and flashed to your Wi-Fi Pineapple immediately upon
the setting up of a successful connection. You will be able to access the Wi-Fi Pineapple
It can take 10 to 15 minutes to flash and boot for the first time. As the Wi-Fi Pineapple
After
the
217
installation of the firmware, you'll be greeted with the welcome page of the Wi-Fi
Next, you need to verify your device. You may want to choose wired setup
method if you want to connect your device directly to the Wi-Fi Pineapple using an
Ethernet cable. On the other hand, if you choose the wireless setup method you will need
to connect your device to the Wi-Fi network created by the Wi-Fi Pineapple. Regardless
of which setup method you choose, it is important to verify your device to ensure that
only authorized devices are allowed to connect to your network and to prevent potential
security threats.
218
Figure 35. Verifying your Device
After that, you will be prompted to the welcome page of the Wi-Fi Pineapple version
219
For the General Setup, you need to set your root password in your Wi-Fi
Pineapple. It will be use to manage the device via the Web Interface and SSH. And for
the Timezone choose (GMT+8) Beijing, Perth, Singapore, Hongkong because it is the
For the Networking Setup, you need to setup both the Management AP and the
Open AP. For the reason that they are useful in different types of security testing
scenarios. Management AP mode is used to create a secure wireless network that requires
users to provide a username and password to connect. Open AP mode, on the other hand,
is used to create an unsecured wireless network that anyone can connect to.
220
Figure 38. Networking Setup
For the Client Filter Setup, select Deny List. This will allow more flexibility and
Same goes for the Setting Up of the SSID Filter, choose the deny list. This will
help to block specific SSIDs from being broadcasted. It allows for more control over the
network and can reduce the risk of unauthorized access to the network.
221
Figure 40. SSID Filter Setup
For the User Interface theme, select a theme that suits your preference. You can choose
222
Next, is the Terms of Service & License Agreement, you need to accept both the
Terms of Service and the License Agreement. By accepting these you consent to abide by
the terms and conditions stated by the provider of the product or service by accepting
these agreements. By ensuring that everyone is aware of their rights and duties when
using the good or service, this serves to safeguard both you and the supplier. Then, click
finish.
And at last, you’ll be greeted with the “Setup Complete” page. You can now
access the management interface of the Wi-Fi Pineapple. Users may access and modify a
variety of functions and settings here, including networking, wireless access points,
security settings, and more. The precise name of the web interface may change based on
223
Figure 43. Completing the Setup
LOGGING IN
First, you must connect to your Management SSID configured during Networking Set
Up.
224
Figure 44. Connecting to the Management SSID
Once you are connected, you can now access the Wi-Fi Pineapple Stager at
http://172.16.42.1:1471.
Upon redirected to the User Web-based Interface, you'll be greeted with the login page of
the Wi-Fi Pineapple. The default username is root, while the password is the one you set
during Setup.
225
There are 3 ways you can choose if you want to be connected to the internet.
Whether you want to connect wirelessly, via internet connection sharing, and/or through
USB Ethernet Adapter. If not then click close, if yes click the network settings to
configure.
Once logged in, you will see the Dashboard, which serves as the home page for
the Wi-Fi Pineapple administrative UI and provides easy access to details about the
system and its services. The Wi-Fi Pineapple UI Dashboard gives a fast overview of the
226
Figure 48. Dashboard
The website's title bar, which also includes links to read notifications, view
informational messages, and access the web terminal, is located at the top of the page. It
also displays the firmware version that is in use at the moment. Additional, less frequent
NOTIFICATIONS
The system or modules can send notifications to users to alert them to status
Success, or Unknown—can be applied to them. The title bar briefly displays a preview of
227
INFORMATIONAL MESSAGES
Informational messages display possible Wi-Fi Pineapple setting errors and provide
alternative solutions.
WEB TERMINAL
On the Wi-Fi Pineapple, the Web Terminal provides a fully functional Bash shell
without the need for SSH. It allows you to handle the device entirely, run tools, install
packages, and perform all other operations you would anticipate from a Linux machine.
228
Figure 52. The Wi-Fi Pineapple web shell
SIDEBAR
The Sidebar is located on the left side of the page. This sidebar has quick
connections to system modules, and downloadable modules can be added to it for quick
access. By choosing the Show More button at the bottom, you may expand the sidebar
CAMPAIGNS
interaction.
MANAGE
The names, creation dates, and types of the generated campaigns are given in a
table along with their current status. Your campaigns may be edited or deleted by
229
selecting the "..." menu button once you have toggled them on or off using the
Enable/Disable button.
REVIEW
You may download and remove the reports that your campaigns have produced from the
Reports tab.
PINEAP
The Wi-Fi Pineapple's filtering, client management, and rogue access point management
PINEAP CAPABILITIES
230
Some of the Wi-Fi Pineapple's essential features are made possible by PineAP:
Evil WPA – Serve a new WPA network, or copy an existing WPA network.
PINEAP SETTINGS
1. Passive – Collect information about nearby access points, and add them to the
list of potential APs to advertise. Accept connections to the Open, WPA, and
Enterprise SSIDs (if enabled). Do not advertise other access points, and it will not
2. Active – Collect information about nearby access points. Actively advertise all
SSIDs from the Impersonated AP Pool (if enabled). Respond to all client requests
231
3. Advanced – All PineAP features can be individually configured; mix and
OPEN SSID
In addition to responding to requests for any SSID that meets the filter
requirements, the Wi-Fi Pineapple may advertise a single Open SSID, whereas the open
232
Figure 57. Wi-Fi Pineapple Open AP Configuration
Note: Any device with the network saved will still discover your Open SSID even
if you switch it from visible to hidden since it will continue to query for the name.
pool because hidden network SSIDs can still be found when a client connects.
EVIL WPA
A WPA (or WPA2) PSK network is impersonated by the Evil WPA access point.
When the PSK is unknown, it may also be used to gather incomplete handshakes for use
233
Figure 58. Evil WPA Configuration
Note: Make sure to accept your Evil WPA SSID in your filter settings, or your
EVIL ENTERPRISE
You may configure a WPA-EAP Enterprise rogue access point using the
Enterprise tab. Fill out the form to generate the EAP configuration and certificates first.
generated.
234
Figure 59. Enterprise certificate generation
IMPERSONATION
other Wi-Fi networks in order to mislead neighboring devices into joining to it. A "man-
parties in order to steal information or execute other destructive acts. The Wi-Fi
Pineapple may use the SSID Impersonation Pool to promote extra SSIDs when
"Impersonate All Networks" is turned on. Make sure "Impersonate All Networks" is
activated and that your filter settings permit connections to SSIDs from the impersonation
pool!
The Wi-Fi Pineapple may automatically compile SSIDs from client probe requests and
235
CLIENTS
The clients page provides related clients and former clients as separate views for
clients. You may check details about each connected client from the Connected Clients,
including their MAC address, IP address, and the SSID they are linked to, as well as the
FILTERING
You can customize what devices can connect to your Wi-Fi Pineapple using the
filtering page. Combining two filters—the Client Filter and the SSID Filter, each
By selecting which devices may connect, the client filter allows you to restrict the
You can choose the fake networks for which the Wi-Fi Pineapple will allow rela-
tionships using the SSID filter. Only SSIDs that are expressly stated may be asso-
236
Figure 62. Client and SSID Filter
RECONNAISSANCE
The Wi-Fi Pineapple includes an add-on called Recon for Wi-Fi landscape
scanning.
SCANNING
On the main Recon page, you can obtain a quick summary of the current wireless
environment, including a list of detected APs, all related clients, and all discovered
clients. In the Access Points or Clients cards, click the mobile card button next to the
237
Figure 63. Wireless Recon
Note: You can change Recon settings, such as scan location and displayed table columns,
by selecting the Settings gear icon on the right side of the Settings card.
Active Access Points and Clients can be highlighted automatically to make them
simpler to discover; click the gear icon to access the Recon Settings and enable
"Highlight Active Devices." Choose an activity time and a highlight color that makes
you happy!
238
Figure 64. Highlighted active devices
When you click on an AP or Client in the list, a side menu will appear on the
right. From here, you may pick device-specific features, such as collecting handshakes or
SECURITY INFORMATION
The security information panel provides a simplified overview of the network's security
choices.
239
Figure 66. Example of a security information
HANDSHAKES
of Wi-Fi communication. The Wi-Fi Pineapple can effortlessly and automatically capture
handshakes that are detected during a recon scan. The Recon panel has the option to
By selecting the network, then choosing "Capture Handshakes" from the menu, a
The Wi-Fi Pineapple stays on the same channel as the target device during di-
catching a whole handshake improves while you stay on the target channel.
You can improve your chances of capturing a handshake by utilizing the "Deau-
240
Figure 68. Capturing handshake from a network
features created by the community or to provide front ends for command line utilities.
INSTALLED MODULES
The Wi-Fi Pineapple community often contributes modules, which increase the
capabilities of the Wi-Fi Pineapple UI. Modules typically provide existing tools a
Note: Check the packages section to see if there is a command-line alternative if you
241
Figure 69. A list of installed modules
MODULES
To check updates for installed modules or to see a list of available modules that
you haven't installed, go to the Modules tab. The name, description, version, size, and
creator of the module may all be found here. Click the Install/Update button to install or
update modules.
242
Figure 70. Available Modules
PACKAGES
You may go through a range of Wi-Fi Pineapple drivers and utilities under the
packages area. These packages frequently include a command-line tool that may be used
You may configure the password, timezone, and button script from the main
Settings page. The presently mounted file systems and attached USB devices are
displayed on the second row of cards. You may update the UI theme, check for software
updates, and set up the device for Hak5 Cloud C2 on the bottom row.
243
Figure 72. Configuring the General Setting of the Wi-Fi Pineapple
NETWORKING
The Networking tab displays simple to use cards for setting up a client connection
to another Access Point, choosing the interface to be used for Recon, listing the present
Client Mode
Utilizing client mode networking is the most popular way to connect the Wi-Fi
Pineapple to the Internet. In the same way as a laptop or smartphone would, the
client.
244
Recon Interfaces
The Wi-Fi Pineapple uses the recon interface to look for Wi-Fi networks and
clients as well as to deauth networks and clients. The in-built 2.4GHz Wi-Fi radio,
MANAGEMENT NETWORK
The Management Network may be reconfigured using the Wi-Fi settings panel.
LED CONFIGURATION
The Wi-Fi Pineapple Mark VII LED can be configured independently for Red, Green,
and Blue.
245
Heartbeat - The LED pulses regularly. The speed of the heartbeat is tied
to the overall system load - the higher the CPU load of the Pineapple, the
Network device - Packets seen on a network device will cause the LED to
blink.
ADVANCED SETTINGS
Changes to the current update channel for choosing to use beta firmware versions
are available under the Advanced page. You may also access experimental features from
here, like Censorship (which obscures private data in the user interface) and Cartography
246
Figure 76. Advanced Settings
HELP
There are three sub-pages under the Help tab: Help & Information, Diagnostics,
and Licenses. Links to further sites like this and Hak5 community resources may be
found on the Help & Information page. You may create a handy diagnostics file that can
be used to assist in troubleshooting any problems you might be having with your Wi-Fi
DOCUMENTATION
This documentation is for the Wi-Fi Pineapple Mark VII 2.x series firmware (Wi-
247
INTRODUCTION IN RECONNAISSANCE
In today's world, technology has become a fundamental part of our lives. With the
increasing complexity of devices and their features, it's crucial to have proper
documentation that guides users on how to use all of the device's capabilities. Proper
documentation ensures that users can utilize the full potential of the device, reducing the
need for support requests and improving customer satisfaction by giving users the
necessary tools to troubleshoot problems on their own. All of the Wi-Fi Pineapple's
capabilities will be listed in this module. It also includes all of the step-by-step process
target network. This includes the SSID or the name of the network, the BSSID or the
MAC Address of the network, the number of clients connected to the network with their
BSSID of the clients, the type of routers used and the type of devices used by the clients.
Furthermore, the reconnaissance also includes the security protocol used by the network,
the MFP or Management Frame Protection, this is to add more security to the network
which prevents attackers from deauthenticating clients to the network. Next is the WPS
or Wi-Fi Protected Setup. It is a feature of the router that was developed to make the
248
simpler. The signal of the network and last is the time of the recon. To do this, follow the
A. Scanning
B. Capturing Handshakes
Note: All of the aforementioned tasks will be carried out to the College of Engineering
Step 1: Please see the User Interface Overview of the Wi-Fi Pineapple to know how to
Log-in. See Figure 44 to connect to the Management SSID. See Figure 45 to access the
Web Interface of the Wi-Fi Pineapple. And see Figure 46 to Log-In to the Wi-Fi
Pineapple.
SCANNING
249
Step 2. On the left side bar, go to the “Recon” tab.
Step 3: The "scan" button is located at the bottom of the wireless landscape. You have to
choose how much time you would like to spend in scanning the networks in the vicinity.
Step 4: Next, to begin the scanning process, click the "scan button."
250
Figure 80. Start to Scan the Networks in PSU
Step 5: There are so many networks in PSU that it takes longer for the Wi-Fi Pineapple to
scan your specific target. Your target is the network of Computer Engineering with its
SSID “CpEDept.” In this case, you may search your target’s SSID in the search area
Step 6: Expand the network of the Computer Engineering Department by clicking the
251
Step 7: Then, it will appear all the clients that are connected to the network of Computer
Engineering Department.
Figure 83. Computer Engineering Department’s network and its scanned clients
CAPTURING HANDSHAKES
Step 8: After selecting the Department of Computer Engineering's SSID, you will be
presented with a list of available actions. Choose "Capture WPA Handshakes" and then
252
Figure 84. Start the Handshake Capture
DEAUTHENTICATING CLIENT/S:
Step 9: Choose one client on your target network and deauthenticate it. To do this,
navigate to your intended client and select it. Choose "deauthenticate client" to perform
deauthentication.
253
Step 11: To download the captured handshakes, go to the “handshakes” tab. Click the
format
Step 12: After you download the handshakes in Computer Engineering Department, you
254
RECONNAISSANCE IN MECHANICAL ENGINEERING DEPARTMENT
SCANNING
Step 1: There are so many networks in PSU that it takes longer for the Wi-Fi Pineapple to
scan your specific target. Your target is the network of Mechanical Engineering but they
are using the PSU WLAN having a SSID of “PSUWi-Fi2.” In this case, you may search
Step 2: Expand the network of the Mechanical Engineering Department by clicking the
Step 3: Then, it will appear all the clients that are connected to the network of
255
Figure 91. PSUWi-Fi2 network and its scanned clients
CAPTURING HANDSHAKES
Step 4: After selecting the Department of Mechanical Engineering's SSID, you will be
presented with a list of available actions. Instead, choose "Capture WPA Handshakes"
256
DEAUTHENTICATING CLIENT/S
Step 5: Choose one client on your target network and deauthenticate it. To do this,
navigate to your intended client and select it. Choose "deauthenticate client" to perform
deauthentication.
Step 7: To download the captured handshakes, go to the “handshakes” tab. Click the
257
Figure 95. Download the Handshakes in PCAP and Hashcat’s 22000 format
Step 8: After you download the handshakes in PSUWi-Fi2, you can now stop the
SCANNING
Step 1: There are so many networks in PSU that it takes longer for the Wi-Fi Pineapple to
scan your specific target. Your target is the network of Architecture having a SSID of
“Archi Department.” In this case, you may search your target’s SSID in the
search area Expand the network of the Architecture Department by clicking the “+” sign
before the SSID. Then, it will appear all the clients that are connected to the network of
Architecture Department.
258
Figure 97. Scanned network of Architecture
CAPTURING HANDSHAKES
Step 2: After selecting the Department of Architecture SSID, you will be presented with a
list of available actions. Instead, choose "Capture WPA Handshakes" and then click
DEAUTHENTICATING CLIENT/S
259
Step 3: Choose one client on your target network and deauthenticate it. To do this,
navigate to your intended client and select it. Choose "deauthenticate client" to perform
deauthentication.
260
Step 5: To download the captured handshakes, go to the “handshakes” tab. Click the
Figure 101. Download the Handshakes in PCAP and Hashcat’s 22000 format
Step 6: After you download the handshakes in Architecture Department, you can now
SCANNING
Step 1: There are so many networks in PSU that it takes longer for the Wi-Fi Pineapple to
scan your specific target. Your target is the network of Civil Engineering having a SSID
of “CE Department 5G.” In this case, you may search your target’s SSID in the search
area. Expand the network of the Civil Engineering Department by clicking the “+” sign
261
before the SSID. Then, it will appear all the clients that are connected to the network of
CAPTURING HANDSHAKES
Step 2: After selecting the Department of Computer Engineering's SSID, you will be
presented with a list of available actions. Instead, choose "Capture WPA Handshakes"
262
RECONNAISSANCE IN ELECTRICAL ENGINEERING NETWORK
SCANNING
Step 1: There are so many networks in PSU that it takes longer for the Wi-Fi Pineapple to
scan your specific target. Your target is the network of Electrical Engineering but they
are using the PSU WLAN having a SSID of “PSUWi-Fi.” In this case, you may search
your target’s SSID in the search area . Expand the network of the Electrical
Engineering Department by clicking the “+” sign before the SSID. Then, it will appear
all the clients that are connected to the network of Electrical Engineering Department.
CAPTURING HANDSHAKES
Step 2: After selecting the Department of Electrical Engineering's SSID, you will be
presented with a list of available actions. Instead, choose "Capture WPA Handshakes"
263
Figure 106. Start Handshake Capture
DEAUTHENTICATING CLIENT/S
Step 3: Choose one client on your target network and deauthenticate it. To do this,
navigate to your intended client and select it. You'll come across certain tasks you wish to
264
All the captured handshakes in College of Engineering and Architecture (CEA).
This is also the type of attack that can be done while on the Recon page of
the Wi-Fi Pineapple. Fake access point attack takes place when an attacker sets up a fake
Wi-Fi access point hoping that users will connect to it instead of a legitimate one. This
can be done when the fake access point will be configured as same with the target
network and will set random password. Once the attack enabled, clients will not be able
to connect to the legitimate network unless the attack disabled. To do this, follow the
265
Step 1: Click on the target network. Click on the “Clone WPA/2 AP” shown in Figure
103. It will be redirected to the configuration of the fake access point. It will
automatically copy the SSID and the BSSID of the target network.
266
Step 3: To start the attack enable the “Capture Handshakes” then click “Clone”.
Note: There is one more way to do the Fake Access Point attack. To do this, follow the
Step 3.1: Go to “PineAP” module of the Wi-Fi Pineapple. It is located just above the
267
Figure 113. Saving the Configuration
Step 3.3: Manually enter the SSID, BSSID, the random password and select the
encryption. Click the enable and capture handshakes. Then save the configuration. This is
harder than the first step because you need to input the SSID and the BSSID.
Step 4: The attacker will now deauthenticate client/s. To do this follow the steps in
Deauthentication Attack except for the capturing of handshake. Client/s will then be
Step 5: Once client/s are reconnected to the network, the attacker will be notified that the
268
Figure 114. Notification of Captured Handshake of the Fake Access Point
Step 6: To view handshake, go to recon tab handshakes tab.
269
BEACON FLOODING
Beacon flooding is a form of attack in which the attacker sends a huge number of
wireless network frames in order to overload the network and interrupt regular operation.
This attack broadcasts multiple networks either open or secured networks having random
SSIDs or one SSID only. This attack is done using the MDK4 module. See Appendix for
the full installation of MDK4 module. To do this attack, follow the step-by-step
Step 1: Click the “Module” located at the left navigation page of the Wi-Fi Pineapple.
Look for the “MDK4” module shown in Figure. The MDK4 module interface will appear
270
Figure 117. Home page of the MDK4 Module
Step 2: Click “Attack Mode” then select “Beacon Flooding”. Select “wlan3mon” for both
Note: While doing this attack, reconnaissance must be continuously scanning so that the
Figure 118. Setting Attack Mode to the Input and Output Interfaces
271
Step 3: For the “Attack Options”, attacker can specify the SSID of the networks shown in
272
CLIENT’S POV
Multiple fake networks will then appear in Client’s Wi-Fi connectivity setting.
Three networks having two secured networks and one open network. The output
refreshes every five seconds as shown in Figure but still broadcasting same SSID of the
network. They are just fake networks, so clients won’t be able to connect.
273
CREDENTIAL HARVESTER
usernames and passwords. The aim of a credential harvester is to trick people into
providing their login credentials or other sensitive information on a fake website or login
page that looks just like a legitimate one. Once the user enters their info, the credential
harvester captures it and sends it to the attacker's server. A range of unlawful activities,
such as financial fraud, identity theft, and unauthorized access to online accounts, can
then be carried out using the stolen data. Here are the step-by-step instructions on how to
Step 2: Click the modules tab, to view all the Wi-Fi Pineapple available tools. Then, click
“Get Available Modules” to load all the tools that are available.
274
Figure 123. Get Available Modules
Step 3: Find the module “Evil Portal” and click “Install.” A notification will appear if the
Step 4: Go to the Installed tab, there you can see all the modules that are installed. Find
the module “Evil Portal” that you installed a while ago and click it to open.
275
Figure 125. Evil Portal being Installed
Step 5: This is the User Interface of the Evil Portal. There is no any portal in the Portal
276
Step 6: The researchers use the “FileZilla” to import the portals containing all their
created fake webpages into the Portal Library in Evil Portal. A FileZilla is a free, open-
source FTP (File Transfer Protocol) client used for transferring files between a local
Step 7: In the upper left side of the page, go to File tab and select Site Manager.
277
Figure 128. Site Manager in FileZilla
Step 8: You can manage your File Transfer Protocol (FTP) files. Using the Site Manager,
you can add, edit, and delete FTP connections, as well as specify various options such as
the protocol to use (FTP or SFTP), the port number, the username and password, and
more.
Step 9: On the left page of the site manager, create a new site under the folder of “My
Sites.” To do that click the button “New Site” from the option list below. Then, on the
Protocols: From the drop-down list, select “SFTP – SSH File Transfer Protocol”
Port: 22
278
User: root
Password: Pineapple123 (This is the password that you configured during Set-Up)
Step 10: At the homepage of the FileZilla, you can now see that it is successfully
279
Step 11: On the left-hand panel, it displays your local site or your own computer that you
are using to connect to a remote server. On the right-hand panel, it displays the files and
“portals.”
280
Figure 133. Files in the Local Machine
Step 13: The folder “portals” contains all the fake webpages that the researchers created.
281
Step 14: Transfer all the files from the folder “portals” in your Local Machine to the
remote server by dragging and dropping them from the left-hand panel to the right-hand
panel.
Figure 135. Transferring the Files from the Local Machine to the Remote Server
Step 15: Now all the files are transferred to the remote server.
282
Figure 136. Files that being transferred to the Remote Server
Step 16: Go back to the “Evil Portal” in Wi-Fi Pineapple. The Portal Library is loading.
Step 17: Then, all the files were here in the Portal Library.
283
Figure 138. All the portals containing the Fake Webpages
Step 18: Start the Web Server so you can activate any portal that are in the library.
Step 19: Scroll a little bit and you will see the Library Portal. Then, find and activate the
“PSU-Login” portal.
284
Figure 140. Activate the PSU-Login Portal
Note: You cannot activate a portal if you do not start the Web Server.
Step 20: After you activate the portal, click the “Start” button to execute the attack.
CLIENT’S POV
After clicking the start button. Let us now see the point of view of the target. The
285
Figure 142. Client connecting to the Open Network of Wi-Fi Pineapple
If the Client is connected, he/she will be redirected to a webpage which asks for
As the researchers mentioned earlier all the free wi-fi in PSU has this kind of
requirement before a user can access the internet. Little did the target know that the open
286
Email address:
pyekamoana@gmail.com
Phone number:
09123456789
Password: ************
network that he/she is connected to is a malicious access point. Figure # shows that the
ATTACKER’S POV
When the target clicks the sign-up button all the information that he/she enters in
the webpage will be captured by the evil portal or the credential harvester. To see that, go
back to the evil portal in Wi-Fi Pineapple. Figure 10 shows that the attacker will be
287
Figure 146. Viewing the Captured Credential of the Client
tool, that allows you to intercept and modify HTTP traffic between clients and servers.
intercepting all HTTP requests and responses that pass through the Wi-Fi Pineapple's
network interface. One practical application of HTTPeek is that it can be used to identify
browser and a web server, you can examine the contents of requests and responses,
including cookies, headers, and other data, and look for potential security weaknesses. If
a user accesses an unsafe website, or one that does not employ HTTPS, HTTPeek can
record and show all HTTP traffic in plain text between the user's browser and the
288
website's server. Here are the step-by-step instructions on how to do gain credential using
Step 1: Click the “Module” located at the left navigation page of the Wi-fi Pineapple.
Step 2: After that you will see the interface of the HTTPeek. Click the “Enable” button to
enable the sniffer. By enabling the Sniffer feature within HTTPeek, an attacker can
collect sensitive information such as usernames, passwords, and session cookies sent over
289
Figure 148. Enabling the Sniffer in HTTPeek
Step 3: Click the “Start” button to start the capturing of HTTP traffic on the wire and
displays it in real-time.
CLIENT’S POV
The Client should be connected to the open network of the Wi-Fi Pineapple.
Note: The open network should have a SSID that familiar to the target.
290
If the client is connected to the open wireless network and he/she accidentally visited an
of unsecured site.
291
Figure 152. URLs of the Website being Captured by the HTTPeek
CLIENT’S POV
The attacker can also gain login credentials if the target carelessly visited
an unsecured site that asks for login credentials.
ATTACKER’S POV
Credentials entered by the target will appear in Post Data.
292
Figure 154. Captured credentials that appears in Post Data
DEAUTHENTICATION AND DISASSOCIATION
packets to a wireless client, causing it to disconnect from its current access point.
disconnect entirely, it causes the client to disassociate from its current access point
without completely disconnecting. MDK4 is a tool used for Wi-Fi penetration testing and
it has a feature that allows for the deauthentication and disassociation of wireless clients
from access points. A common scenario is when the attacker uses the mdk4 tool on their
access point, causing all connected devices to lose connectivity to the network. See
Appendix for the full installation of mdk4 module. To do this attack, follow the step-by-
Step 1: Click the “Module” located at the left navigation page of the Wi-fi Pineapple.
293
Figure 155. Wi-Fi Pineapple’s Module
Step 2: Click the “mdk4” module and you will see its interface.
294
Step 3: Choose “deauthentication and disassociation” as the attack mode. Select
Figure 157. Choosing the attack mode and the input/output interface
Step 4: Enter the necessary data for the chosen attack The Attack Options #1 and #2 can
be a client or a network. Number 1 are the unaffected clients or. Attack Option networks
while number 2 are the unaffected clients or networks. These files are saved under the
cabinet module. Please see Appendix # for the configuration of the cabinet module.
Attack options number 4 is the channel of the target network. Please see Appendix # on
295
Figure 158. Entering the Necessary Data for the Chosen Attack
Step 5: Start the attack. Clients will not be able to connect to the network until the attack
stops.
Step 6: Figure 6 shows the devices that are being disconnected from the network.
Figure 160. Devices that are being disconnected from the network
296
DICTIONARY ATTACK
A dictionary attack is a type of cyber-attack where an attacker uses a list of words
The idea behind the attack is that many people use common words, phrases, or
predictable patterns in their passwords, making it easier for an attacker to guess them by
simply trying a large number of possibilities until they find the correct one. Dictionary
attacks are a popular method of password cracking because they can be automated and
can quickly try many different combinations without requiring much effort on the part of
the attacker. The researchers used the hashcat tool for cracking passwords. Hashcat is a
popular password cracking tool that uses GPU acceleration to perform brute-force attacks
and dictionary attacks on hashed passwords. Take note that this attack was done without
297
Figure 161. Download the hashcat-6.2.6
Step 2: After you download the hashcat, go to the folder where you save it. Then, to
initiate the cracking process you need to access the properties of the hashcat-6.2.6 and
298
Once the attacker has accessed the properties of the hashcat-6.2.6 folder and copied its
location, they can start the cracking of passwords using the command prompt. The
researchers are using the captured handshake of the Computer Engineering Department
“CpEDept.22000 handshake” that was captured during the deauthentication attack. The
researchers are using rockyou.txt wordlist which is a common password list used in hash
cracking.
Step 3: The attacker can initiate the password cracking process using the "hashcat -m
Figure 163. Command used for the cracking of Password using hashcat
Step 4: Figure 164 shows the result of the cracked password of the network of Computer
Engineering Department.
299
BRUTE FORCE ATTACK
to guess a password or encryption key through trial and error. It is a method that hackers
use to gain access to a system or data by trying every possible combination of passwords
until the correct one is found. Brute force attacks are often automated using software
programs that can try thousands or even millions of passwords per second, depending on
the complexity of the password and the processing power of the attacker's computer.
While such attacks can be successful, they can also be time-consuming and resource
intensive.
This time the researchers used the Architecture Department for this attack. The command
300
shown in Figure below. This command has a combination of five characters with three-
Figure 165. Command used for the cracking of Password using Brute Force
Figure 164 highlights the time required to crack a password with a length of thirteen
possible combinations. It shows that cracking such a password can take up to 50 years
using an ASUS X407U Intel Core i3 7th Gen processor with 8 Gb of RAM.
301
BIBLIOGRAPHY
awus036nha-usb-wireless-adapter
3 User’s Guide AWUS036NHA 150Mbps Wireless High Gain USB Adapter. (n.d.).
https://files.alfa.com.tw/%5B1%5D%20WiFi%20USB%20adapter/
AWUS036NHA/QIG/UG-AWUS036NHA.pdf
4 WiFi Pineapple Mark VII - WiFi Pineapple Mark VII. (2022). Hak5.org. https://
docs.hak5.org/wifi-pineapple/
302
303