Results 1 to 2 of 2

Thread: Hostbase my new rogue AP project

  1. #1
    Join Date
    2018-Feb
    Location
    France
    Posts
    2

    Hostbase my new rogue AP project

    I come here to present my rogue AP project :

    hostbase "reach the limit"


    What hostbase do and what is the difference between the other ? How it work ?

    In 2018 we have the most popular rogue's AP project like Fluxion, LInset, Wifiphisher etc... The first version of hostbase is born on 2016 with a bash script and it mix attacks between airbase and hostapd.Now hostbase has 2 years old, he work with ruby and a gtk2 GUI, it's a unknown project but he provide 8 attacks possible, let me explain the case of each attacks:


    - WEP: use airbase-ng hirte attack again hexadecimal wpa password in the WEP format (no phishing mode is necessary with this mode if you suspect the ISP to have a WPA hex password as same lenght as WEP key)
    - Airbase-ng: classical airbase-ng attack for user which don't have an Atheros card to work with hostapd
    - Hostapd: make an encrypted silencious AP using wpa with the wps/pbc ON to let the victim come to us
    - Airbase net access: just for fun, it make a mitm using sergio proxy
    - Hostapd multi AP : with the same ssid, it make 3 AP, 2 in WPA and 1 open
    - Freeradius auth : it make 1 AP using freeradius to get the eap challenge and work on it later.
    - Combo mode phishing hostapd: It make 2 AP with different ssid to attack 2 other ssid at same time (full experimental)
    - Combo mode WEP: the same as WEP airbase-ng hirte but to attack 2 different ssid (also full experimental)


    And or each attack a DoS track mode channel is provided to follow the target AP.Hostbase was the first script to implement this DoS mode, Airgeddon has follow this way a few moment later.

    How it work ? what is new ?



    Appart of the DoS mode tracking, hostbase can work in 2 different way, the classical way asking the key from a phishing page and the other way, my best way, asking to push the wps button on the router from a phishing page.Then if the button has been push, the key will appear on the shell.As you will see the wps_pbc probe method is new too, no other rogue AP scripts has included that yet.The other scripts make open network.. i think make a encrypted network is more silencious and more chance from the target user to connect into it.To be more powerfull hostbase work only with 2 wifi-card.


    Now another hudge problem with the rogue AP is to make a quick spoof, the browsers are working with https and if you use a self-signed SSL the user will got a warning.I worked on that too, and i can say now hostbase include a special configuration to increase the spoof speed.In fact on windows 10 if the user use chrome or IE browser the page will directly appear to it without any task to do, the same happen with android phone on a linux laptop if the user are searching for a page, the phishing page will appear in a new tab.



    Now how use hostbase ? to try it go on github: https://github.com/Koala633/hostbase...e-1.1EN.tar.gz and download it, version name: hostbase-1.1EN.tar.gz (the other version are for Spain).


    To try it you can also download the frenchpage:
    https://github.com/Koala633/hostbase...frenchpages.gz


    Then:
    - Follow the dependencies install guide on the git
    - Hostapd compilation must be the followings: (the readme provide all informations you need)

    Code:
    wget http://hostap.epitest.fi/releases/hostapd-2.6.tar.gz
    tar -zxf hostapd-2.6.tar.gz
    cd /root/hostapd-2.6/hostapd
    cp defconfig .config
    nano .config
    
    CONFIG_DRIVER_NL80211=y
    CONFIG_LIBNL32=y
    CONFIG_EAP_PWD=y
    CONFIG_WPS=y
    CONFIG_WPS_UPNP=y
    CONFIG_WPS_NFC=y
    CONFIG_RADIUS_SERVER=y
    CONFIG_IEEE80211N=y
    CONFIG_IEEE80211AC=y
    CONFIG_DEBUG_FILE=y
    CONFIG_FULL_DYNAMIC_VLAN=y
    CONFIG_TLSV11=y
    CONFIG_TAXONOMY=y

    Finaly, copy and paste the hostbase-1.1EN folder into the tmp directory and all the pages folders in frenchpages.zip into the etc directory.

    Go to /tmp/hostbase-1.1EN and launch it:
    Code:
    ruby hostbase.rb


    The guy will appear.


    How to begin ?

    You have to begin with the scan option to get the information of the networks around and like that the script stop network-manager because it can create conflict with hostapd.Don't close the airodump windows you will need it after


    Then choose the attack and if you want to use one of the hostapd attacks, enter your Atheros card into the wifi-card field.To ensure which card is the Atheros you can make a sample:
    Code:
    airmon-ng
    In the field of phishing page there is 4 possibilities, you can choose between the following phishing pages

    liveboxwps
    sfrwps
    bboxwps
    free



    So for example just write in the phishing page field : liveboxwps

    Hostbase is a French and Spanish project for the moment, if you want to adapt it to your country you will have to change the phishing page filter into "check.rb" , "checkbis.rb" "page.rb" and "combopage.rb".Hostbase has been make under kali-linux xfce


    To leave the script just do a ctrl+c on the hostbase shell (trap function).In case of problem during the execution of the script, a "helper.rb" is here to try to figure what is going wrong, just launch it in other shell in this case (this script is in the same folder as hostbase-1.1EN).


    If you want an idea of how it work with the Spanish version, just go to youtube and search "hostbase modo multi AP" on the flow daguerre account.


    (WARNING: don't download it from the link below because it's the Spanish version, the good folder to download for you is the hosbtase-1.1EN.tar.gz with the frenchpages.gz).



    As you will see , first we launch the 3 fake AP's and at the end of the video we can see on multiple device the spoof speed to arrive on the fake page.


    Automatic script not mean facility


    Hostbase has been tested by experimented users and of course by me on real environment and the basic knowledge of Debian, kali-linux, and apache2 are required to use it.This is not a script for dumb kikoolol.Other informations on the readme file.

    Im still learning programming but all the idea i have tested manually is on hostbase.You can find additional information about the origin of this script here:

    https://github.com/Koala633/hostbase...gueAPparty.pdf

    Use google translate for this (FR):

    http://www.crack-wifi.com/forum/topi...c-hostapd.html

    Use google translate for this (ES):

    https://www.wifi-libre.com/topic-756...l-espanol.html


    Remember that, hostbase is under GPLv3licenses.


    Welcome to the hostbase "Reach the limit" project"
    [/quote]
    hostbase rogue AP project, check it on github: hostbase rogue ap

    Koala @ crack-wifi.com @ wifi-libre.com @ kali-linux.fr

  2. #2
    Join Date
    2018-Feb
    Location
    France
    Posts
    2
    Now my project has his official facebook page.

    https://www.facebook.com/Rogue-ap-ho...5509138309015/

    The project is french and spanish at the moment but if some users are interested i need to find one guy for each country.This guy must know the html and css to adjust the fake page of his country.Two type of fake page are provided for each ISP, one ask the key and the other to push the WPS button.


    Let me know here if some poeple are interested.

    ++
    hostbase rogue AP project, check it on github: hostbase rogue ap

    Koala @ crack-wifi.com @ wifi-libre.com @ kali-linux.fr

Similar Threads

  1. Replies: 1
    Last Post: 2022-06-26, 15:57

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •