Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con (2024)

Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con (1)

byMs. Smith

Opinion

11 Aug 20144 mins

Data and Information SecurityMicrosoftSecurity

Before you use a WiFi Pineapple in Vegas during a hackers' security conference, you better know what you are doing.

The WiFi Pineapple makes man-in-the-middle attacks incredibly easy, but users better know what they’re doing before trying out the Pineapple at the biggest hacker hangout in the U.S. A classic example of that wisdom can be seen via a screenshot tweeted by @JoFo after an intern deployed a Pineapple at Def Con 22.

Feel free to see it yourself in the original form, but the general gist is below…with creative asterisk spellings for words I can’t publish here. Hopefully you will be as amused by the message as I was.

Dear Lamer,

You just got popped with some 0-day s**t. Mess with the best and die like the rest. Should have just bought a t-shirt.

You’re going to mess around with someone’s Wi-Fi in Vegas at a f***ing hacker con? What the h*ll did you expect?

Your sh*t’s all wrecked now. If you really are the bad*ss you’re pretending to be, you ought to be able to fix it.

If you have no idea what is going on then I recommend you take this back to the Hak5 booth, ask for a refund, and stop sh***ing-up the Wi-Fi.

Read the f***ing code the next time you buy super elite skiddie hax0r gear. This s**t is criminally insecure.

Sincerely,

@IHuntPineapples

Apparently, @ihuntpineapples has a network at DEFCON that is popping shells on pineapples with an 0day.

— Brandon Perry (@BrandonPrry) August 8, 2014

There is a fix if it was bricked or if it needed a firmware update, but if a person wanted to know more about the Pineapple, then the Def Con 22 Wireless Village would have been a good start. For example, Hak5’s Darren Kitchen and WiFi Pineapple developer Sebastian Kinne released new firmware 2.0. But, in theory, @IHuntPineapples used a zero-day exploit on the newest Pineapple firmware 2.0.0.

Step one: take advantage of someone’s brain fart of checking authentication in the footer after all the PHP runs

— I Hunt Pineapples (@ihuntpineapples) August 9, 2014

Step 2: command inject. One possible: /components/system/karma/functions.php?client_list=true, POST remove_client=false mac=”;commands;”

— I Hunt Pineapples (@ihuntpineapples) August 9, 2014

Kinne later took to the Hak5 forum to explain that 2.0.0 fixed numerous security issues, so long as the root password isn’t known. “If you know the root password, you can inject into POST or even some GET requests. You could also just use the functions.php in the configuration tile that will execute commands for you – a built-in function of the tile. We’ll have to lock that – and other things down now.”

We cannot really fix the fact that passwords can be sniffed over the open wireless – use a cable to manage it without the password leaking into the air. Only thing we could do in that regard is put self-signed SSL certs on every Pineapple… but that would be a hassle for everyone. Nginx DOES support SSL, so feel free to set that up.

TLDR: Download 2.0.1 once it’s out, it has the logout bug fixed.

The very same day, 2.0.2 was released.

Tripwire’s Craig Young, a security researcher for its Vulnerability and Exposure Research Team, also gave a “Pineapple Abductions” talk at the Wireless Village. He talked about poor SSL implementations and showed “how a simple hack with a Pineapple WiFi can be used to abduct, stalk, spy on, or even physically harm unsuspecting victims.”

Hak5 says it sells WiFi Pineapples to anyone, which has spurred folks to claim there are no legitimate uses for the Pineapple other than nefarious activities. Hak5 host Darren Kitchen has disputed that by stating, “The claim that the device has ‘no legitimate use’ contradicts the countless government agencies and penetration testers who’ve used the WiFi Pineapple in authorized security audits.”

As if “worrying” about G-men playing around with a Pineapple isn’t bad enough, wise folks might keep an eye open for War Kitteh or for “Denial of Service Dog” that walks around with a “saddle-bag containing the WiFi Pineapple Mark V wireless network hacker tool.”

Related content

  • brandpostSponsored by FortinetHere are the top 3 causes of breaches – and how to mitigate them There is rarely a single point of failure to which teams can attribute a breach, but common factors contribute to gaps in risk management efforts and, in turn, cyber incidents.By Rob Rashotte26 Sep 20245 minsSecurity
  • events promotionAccenture forges own path to improve attack surface management By Shane O'Neill25 Sep 20246 minsSecurity
  • brandpostSponsored by FortinetThe critical importance of choosing the right data center firewall Organizations must adapt their data center security strategies to ensure their firewalls can protect critical assets in a highly scalable and ever-changing environment.By Nirav Shah25 Sep 20245 minsSecurity
  • featureWhat is pretexting? Definition, examples, and attacks Pretexting is a social engineering attack that employs a fabricated scenario and character impersonation to win trust and gain access to data and accounts under false pretexts.By Josh Fruhlinger20 Sep 202410 minsPhishingSocial EngineeringSecurity
  • PODCASTS
  • VIDEOS
  • RESOURCES
  • EVENTS

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Aron Pacocha

Last Updated:

Views: 6172

Rating: 4.8 / 5 (48 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Aron Pacocha

Birthday: 1999-08-12

Address: 3808 Moen Corner, Gorczanyport, FL 67364-2074

Phone: +393457723392

Job: Retail Consultant

Hobby: Jewelry making, Cooking, Gaming, Reading, Juggling, Cabaret, Origami

Introduction: My name is Aron Pacocha, I am a happy, tasty, innocent, proud, talented, courageous, magnificent person who loves writing and wants to share my knowledge and understanding with you.