Hak5 WiFi Pineapple Preconfiguration Command Injection 2
Posted by deepcore on October 19, 2016 – 9:48 pm
This Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to configuration. Additionally if default credentials fail, you can enable a brute force solver for the proof-of-ownership challenge. This will reset the password to a known password if successful and may interrupt the user experience. These devices may typically be identified by their SSID beacons of ‘Pineapple5_….’; details derived from the TospoVirus, a WiFi Pineapple infecting worm.
Post a reply
You must be logged in to post a comment.