Hak5 is packed and ready for Def Con 2011! This year, Darren, Paul, and I will be in Las Vegas all weekend- from Wednesday night through Sunday- compiling a delightful Hak5 episode for you to enjoy. We hope to get some good coverage and photos, so show off your Hak5 tshirt! If you see us, make sure to stop by and say hello!
WIFI PINEAPPLE VERSION 2 ONLY. THIS WILL NOT WORK WITH THE WIFI PINEAPPLE VERSION 3.
Whether your new to Jasager or you’ve made a configuration change you wish you hadn’t, doing a fresh WiFi Pineapple install is a breeze. This guide walks you through the steps required to flash compatible WiFi Pineapple hardware with the latest version of Robin Wood’s Jasager firmware as well as default configurations and and packages. Read more
In this segment Darren talks about Session Hijacking and demonstrates a tool from Errata Security called Hamster and Ferret that, in conjunction with a WiFi Pineapple, an ICS’d 3G connection and Tftpd32 we’re able to “sidejack” with our little man-in-the-middle setup. Lesson learned? Be suspicious of any wifi. Check for signatures of trusted networks and tunnel your traffic. Read more
So you’ve built, borrowed or bought a WiFi Pineapple and you’re new to OpenWRT and Jasager. Hopefully this guide will familiarize you with the many aspects of the the WiFi Pineapple. If you have specific questions please leave a comment or email feedback@hak5.org and we’ll try to keep this page updated.
This article will guide you through connecting to the WiFi Pineapple for the first time. For more in-depth how-to’s involving command line control, modules, using the white and black listing functions, sharing Internet access and more please consult the Jasager board on the Hak5 forums and keep an eye on the WiFi Pineapple category of the Hak5.org blog for future articles on these topics. Read more
This guide builds on the Auto-Rickroll payload for the WiFi Pineapple. Following this guide you will be able to create a self-contained WiFi Pineapple or similar OpenWRT based wireless access point serving up faux websites to capture login credentials. The purpose of this article is to point out the simplicity of a phishing attack using the dnsmasq technique of the Auto-Rickroll payload, and how you can protect yourself from similar attacks. See the mitigation section at the bottom of the article for defense advice. Read more
John Bebo’s Auto-Rickroll payload for the WiFi Pineapple is an excellent example of using Dnsmasq to forward targets to a hosted site. While this site could be malicious, perhaps hosing the Browser Exploitation Framework, Bebo’s payload is a safe and simple prank. Any web site a victim attempts to browse to brings them to a WiFi Pineapple hosted page containing Rick Astley ASCII Art and looping audio. It uses a similar technique employed by Captive Portals – something we’ll explore in more detail soon – except a lot more annoying. Read more
This segment, Shannon demonstrates some protecting from Firesheep using; BlackSheep.
In this Haktip Darren shows how to detecting ARP Cache Poison Attacks in Windows and Linux using XARP
In this haktip Shannon shows us the setup and use of the cookie steeling tool Firesheep to hijack Darren’s twitter session.
Shannon shows us how to perform arp cache poisoning attacks with ease.
Hping3 is a TCP/IP packet assembler. It’s modeled after the unix ping command
