Full Transcript

Hak5 Wifi Pineapple MK7 WPA Enterprise hacking Part 1

5:44583 words · ~3 min readEnglishTranscribed May 8, 2026

AI Summary

This tutorial demonstrates how to configure the WiFi Pineapple MK7 for WPA Enterprise credential harvesting by spoofing a corporate access point and tricking users into trusting a self-signed certificate.

WPA Enterprise is often viewed as highly secure, but this video illustrates how easily an attacker can capture usernames and challenge/response hashes if users blindly trust digital certificates.

Section summaries

0:00-1:00

Introduction and UI Navigation

optional

Brief intro to the MK7 interface and navigating to the Enterprise tab.

1:00-3:00

Certificate Generation and Theory

watch

Crucial explanation of how certificates are used to deceive the victim.

3:00-4:00

AP Configuration Settings

watch

Shows specific settings like pass-through and SSID configuration necessary for the attack.

4:00-5:00

Victim Connection and Data Capture

watch

Demonstrates the successful capture of the username and challenge/response.

Key points

WPA Enterprise Credential Harvesting — Unlike standard WPA-PSK which uses a shared password, WPA-Enterprise (802.1X) requires unique credentials; the Pineapple mimics an Enterprise AP to intercept the EAP-MSCHAPv2 handshake.
Certificate Spoofing and Trust — The attack relies on the client (e.g., an iPhone) being presented with a fake certificate that the user must manually 'Trust' to proceed.
Configuration Persistence — Generating certificates and saving Enterprise AP settings on the MK7 often causes temporary reboots or connection drops for the operator.

“the moment the client presses trust they're in and it's done we're successful” — Sergeant Foose

“we did get the challenge and we did get the response and we do have the username” — Sergeant Foose

AI-generated from the transcript. May contain errors.

Language

0:01

good morning youtube my name is sergeant

0:02

foose and today we're going to discuss

0:04

the hack 5

0:06

wi-fi pineapple mark 7 again and today

0:08

we're going to talk about enterprise wpa

0:12

hacking

0:13

so

0:15

this is a very difficult video for me to

0:17

record because i i don't have a

0:19

professional studio i'm just

0:22

hooking stuff up all together

0:24

and i'm going to show you

0:27

bits of pieces

0:29

so i'm using an iphone to connect to an

0:31

apple tv and i'm gonna see if i can put

0:35

that into obs studio and show you guys

0:37

how it works

0:39

so by going into the

0:41

pineapple you see i'm running on version

0:43

1.1.1

0:46

and so

0:46

on the left side click ap

0:49

and then in the top you have a button

0:50

called enterprise

0:53

so

0:55

in here you need to fill out all your

0:57

details so in my case it's amsterdam

1:00

the province north holland the country

1:02

code nl for the netherlands

1:05

and then the email

1:07

so this could be like a tech

1:15

and then company name and organization

1:18

so to give you an id

1:21

where this belongs to is that the moment

1:24

you

1:25

log login

1:26

you will be presented by a certificate

1:30

and a certificate looks like this

1:33

so the moment the client presses trust

1:36

they're in and it's done

1:39

we're successful

1:41

but

1:42

it's going to be more tricky when they

1:43

click more details and if they do

1:46

they

1:47

they will find out

1:51

yeah they might be full so

1:54

so generating the certificate might take

1:57

up to four or five minutes

2:05

so we'll wait for that

2:34

in the meantime i'm starting to share my

2:37

screen

2:40

it does help sometimes to jump out and

2:43

in

2:46

oh just lost my connection

2:53

because i think when you generate the

2:55

certificate it's going to reboot in the

2:57

back i'm not sure

3:00

ah here we are

3:03

so in the top there's an enable button

3:06

which of course needs to be enabled

3:07

there's a pass through button

3:09

if you click this

3:11

the internet access it has a pass

3:12

through

3:14

this is where you enter all your stuff

3:18

and this of course needs to match the

3:19

target

3:20

the company name

3:23

the mac address

3:25

which for now is not important

3:27

and there is

3:29

are a few options so wpa

3:32

or pa2

3:37

and we can

3:38

generate if we'd like to

3:42

but we're not going to touch that for

3:44

now so press

3:45

the save button

3:52

and we should be good to go

3:55

so as you can see here

3:57

here is the new ssid

4:06

so we're gonna enter some random stuff

4:08

one two three four five

4:12

and we're gonna say join

4:19

now we just lost of course because i

4:21

changed wi-fi we lost the screen capture

4:25

but where

4:28

successfully back now

4:31

and this is what the phone will show

4:33

the moment you

4:35

connect

4:37

and the moment

4:38

the client presses the trust button

4:42

in here we're gonna find

4:44

a bunch of stuff

4:51

see now my now it's rebooted so now i

4:53

need to connect back to it and this

4:55

happens quite often so

4:57

unfortunately

5:04

you might think hey this is this is not

5:06

right on the screen

5:11

that's because you lost xs

5:16

and here we go

5:19

so we did get the challenge and we did

5:21

get the

5:22

response and we do have the username

5:27

so in a real live environment this would

5:29

be an email address in most cases

5:36

so that was part one of the video and

5:38

we're gonna see you in part two

5:40

thank you very much

More transcripts

Explore other videos transcribed with YouTLDR.

Get the TLDR of any YouTube video

Transcribe, summarize, and repurpose videos in 125+ languages — free, no signup required.

Try YouTLDR Free