Jump to content
Nytro

Setup a Fake Access Point With BackTrack5

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Setup a Fake Access Point With BackTrack5

Posted Nov 6 2011 by NightRanger

Recently I needed to setup a fake access point for a presentation, I fired up my Backtrack5 VM, Connected my Alfa AWUS036H USB adapter and started to configure the Fake AP.

There are a lot of Tutorials and Scripts for setting up a Fake AP, The “Gerix” tool also have an option to auto set a Fake AP (for some reason this tool never worked for me).

I started to setup my fake AP and had run into some trouble for a strange reason.

I decided to put my experience here hopefully you’ll find it useful.

Started by putting my Wlan interface in monitor mode

root@Blackbox:~/fakeap# airmon-ng start wlan1
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1558    dhclient
Interface       Chipset         Driver
wlan1           Realtek RTL8187L        rtl8187 - [phy1]SIOCSIFFLAGS: Unknown error 132
                                (monitor mode enabled on mon0)

I noticed the following error: “Unknown error 132?

Tried using airodump-ng to see what happens…

root@Blackbox:~/fakeap# airodump-ng mon0
ioctl(SIOCSIFFLAGS) failed: Unknown error 132

Got the same error.

The solution was simply to unload the RTL8187 and Load the R8187 driver instead as follows:

root@Blackbox:~/fakeap# rmmod rtl8187
root@Blackbox:~/fakeap# modprobe r8187

Tried putting wlan In monitor mode again

root@Blackbox:~/fakeap# airmon-ng start wlan1
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1558    dhclient
Interface       Chipset         Driver
wlan1           RTL8187         r8187 (monitor mode enabled)

Well, that fixed the problem

root@Blackbox:~/fakeap# iwconfig
lo        no wireless extensions.
eth3      no wireless extensions.
wlan1     802.11b/g  Mode:Monitor  Channel=10  Bit Rate=11 Mb/s
          Tx-Power=5 dBm
          Retry:on   Fragment thr:off
          Link Quality=0/100  Signal level=50 dBm  Noise level=-156 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Now we can proceed to the fake ap setup process

1. Install a DHCP Server

apt-get install dhcp3-server

2. Edit “/etc/dhcp3/dhcpd.conf” as follows (You can change ip address, pool and dns server as needed):

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.254;
option domain-name-servers 8.8.8.8;
range 10.0.0.1 10.0.0.140;
}

3. Put your wlan in monitor mode

airmon-ng start wlan1

4. Start airbase-ng, you will need to specify the AP SSID and channel number

airbase-ng -e FreeWifi -c 11 -v wlan1 &

5. Airbase will create a new adapter “at0? you will need to enable it and assign it with an ip address and subnet mask, the ip address you assign to this interface will be the default gateway that you specified in the dhcpd.conf file.

ifconfig at0 up
ifconfig at0 10.0.0.254 netmask 255.255.255.0

6. Add a route

route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254

7. Setup ip tables

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT

• Eth3 is my external interface which is connected to the internet change it to whatever yours is

iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE

8. Clear dhcp leases

echo > '/var/lib/dhcp3/dhcpd.leases'

9. Create a symlink to dhcpd.pid (skipping this may cause an error when starting dhcp server)

ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid

10. Start the DHCP server

dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

11. Don’t forget to enable IP forwarding

echo "1" > /proc/sys/net/ipv4/ip_forward

That’s All Folks!

I have created a simple bash script to automate this process you will just need to change it to suit your configuration.

#!/bin/bash

echo "Killing Airbase-ng..."
pkill airbase-ng
sleep 2;
echo "Killing DHCP..."
pkill dhcpd3
sleep 5;

echo "Putting Wlan In Monitor Mode..."
airmon-ng stop wlan1 # Change to your wlan interface
sleep 5;
airmon-ng start wlan1 # Change to your wlan interface
sleep 5;
echo "Starting Fake AP..."
airbase-ng -e FreeWifi -c 11 -v wlan1 & # Change essid, channel and interface
sleep 5;

ifconfig at0 up
ifconfig at0 10.0.0.254 netmask 255.255.255.0 # Change IP addresses as configured in your dhcpd.conf
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254

sleep 5;

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE # Change eth3 to your internet facing interface

echo > '/var/lib/dhcp3/dhcpd.leases'
ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

sleep 5;
echo

Sursa: http://exploit.co.il/hacking/set-fake-access-point-backtrack5/

luceafaru Newbie

luceafaru

Posted
Posted

You can do all that, or you could just use SET (Social Engineer Toolkit) choosing option 1) Social-Engineering Attacks -> 8) Wireless Access Point Attack Vector.

Demo here

Your work is admirable Nytro, and you deserve an A+ for writing this tutorial and the bash script, but realy, it's like reinventing the whell, it has been done before (much easier).

Pugna Newbie

Pugna

Posted
Posted

Your work is admirable Nytro, and you deserve an A+ for writing this tutorial and the bash script, but realy, it's like reinventing the whell, it has been done before (much easier).

Idiotule, Nytro a oferit sursa si autorul, iar metoda prezentata e eleganta, nu click-click ca in SET, si pe langa asta nu vad rostul pentru care trebuie sa te dai rotund cu limba ta engleza.

luceafaru Newbie

luceafaru

Posted
Posted (edited)

Controleaza-ti limbajul copil stresat. Cat despre click-click... de ce sa-ti ingreunezi munca cand poti face acelasi lucru usor (click - click)? Cat despre limba engleza, draga copil stresat psihic, din cate vad eu, suntem la sectiunea de tutoriale in engleza, dar stai linistit, ca pentru cei ca tine s-a inventat Google Translate.

iar metoda prezentata e eleganta

Oare ce-i mai elegant... sa te pierzi in comenzi prin terminal sau sa dai click-click?

Si o mica recomandare pt tine, mai iesi prin lume, mai socializeaza, fa-ti o prietena daca este posibil, munceste, distreza-te, nu sta toata ziua pe net ca te strica de cap, cum deja se vede ca a facut-o, te face sa te crezi hacker, ca scrii 100 de comenzi aiurea, pe cand altii dau 2 click-uri (vb ta, ca tare-mi place) si fac acelasi lucru. Dar deaia esti hacker ha? Sa scrii pana tampesti :) Nu e nici lame si nu esti nici script kidie doar pt ca folosesti un tool (SET) realizat de un pentester adevarat, care apare pe la conferinte alaturi de Kevin Mitnik (presupunand ca stii cine e).

Hai, fa pasi.

Edited by luceafaru
luceafaru Newbie

luceafaru

Posted
Posted (edited)

Am citit mai multe tutoriale de-a lui Nytro pe site (unele facute de el, altele din diverse surse - ca cel de mai sus), iar, cum am spus si in primul post, munca lui este admirabila.

Pacat insa ca exista utilizatori ai forumului, ca dl. de mai sus, care, cand li se prezinta o alternativa, incep a jigni datorita faptului (cred eu) ca creierul lor nu poate procesa atata informatie ori nu poate accepta ca faptul exista un tool care face asta deja.

Edited by luceafaru
aelius Grand Master

aelius

Posted
Posted (edited)
Cat despre click-click... de ce sa-ti ingreunezi munca cand poti face acelasi lucru usor (click - click)?

In general, este mai bine sa eviti folosirea tool-urilor si scripturile gata facute pentru ca folosesti munca altuia si nu iti pune creierul deloc la contributie. Toate problemele ce pot aparea in timpul configuratiilor manuale nu fac decat sa te ajute sa intelegi cum functioneaza mai exact. Un bun exemplu este ubuntu: Daca tot ce ai nevoie le faci 'over click', posibilitatea de a invata ceva nou este nula.

Cel mai elegant este sa-ti faci tu ce vrei, nu sa folosesti ceva facut de altul. Iti ajuta creierul sa nu se atrofieze si sa devina un fel de pateu de porc, in plus, este vorba si de multumirea ta sufleteasca, atunci cand stii ca un lucru este facut de tine. Lasati lenea si faceti ceva util.

Limba engleza este ok pentru ca este sectiunea de tutoriale in engleza.

@luceafaru: De curiozitate, cunosti pe cineva care a tampit in urma scrisului si cititului ?

Va rog sa vorbiti frumos in sectiunea de tutoriale, este singurul loc relativ curat ce ne-a mai ramas in urma invaziei de idioti.

Multumesc

Edited by aelius
luceafaru Newbie

luceafaru

Posted
Posted

De e acord cu tine tex, cunosc aceasta metoda de atac cum se face si prin linie comanda, iar exact principiul de mai sus il foloseste si SET, tool-ul despre care vorbeam. Odata ce stiu cum se face, si am si un tool, nu vad pentru ce as scrie N randuri, cand poti sa scriu 1, return, 2 return si gata. La urma urmei, la orice lucru, nu conteaza metoda, ci rezultatul.

Cat despre atrofierea creierului, sa fim seriosi, exista mai multe modalitati de stimulare decat terminalul din linux.

Sanatate

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...