May 11, 2021

WiFi “Phishing”

Home Forums WiFi “Phishing”

This topic contains 1 reply, has 2 voices, and was last updated by  nucow2 2 weeks, 6 days ago.

  • Author
  • #385338


    A building I am pentesting has a peculiar WiFi system with a potential vulnerability. To log into their WiFi, you enter your company domain email and password (directly into the connection area). Not sure if they have all the valid emails and passwords saved in a database which they then check for a match when you login, or if they forward the info to their own website.

    My pentest idea is to phish credentials by:
    Configure my own fake WiFi under the name “faster [real wifi name]” and have the info automatically forward to my own website, then place the router in a popular building area.

    The problem is, I have no idea how to configure a router like this. Could anyone link me to a video on how to do this, or explain it to me? I have virtually 0 pentesting knowledge, so I do not even know is this idea is viable.

  • #385339

  • #385340


    Look up WiFi pineapple

  • #385341


    You’re talking about an evil twin attack, as others have said. You would use the same name as the existing SSID for starters as WiFi clients only care about the SSID when identifying networks. Clients will usually connect to the known network with the strongest signal, so you need to figure out how to make sure they pick your AP.

    If you have zero knowledge on pentesting then I’m sure you need to do some learning/experimenting before trying to actually perform pentesting for anyone. That’s assuming you’re telling the truth, no offence.

  • #385342

  • #385343


    It sounds like they are using WPA2 Enterprise.

You must be logged in to reply to this topic.