Analysis of easy-creds in FAKE_AP mode

Easy-creds is a spoofing sniffer-based attack scripting tool that has ARP poisoning, DNS poisoning, and other sniffer attack patterns. The brightest part of it is its fakeap function. It is more stable than the fake AP, which is usually built on its own. It also contains the attack mode for 802.1x, this article mainly describes its fake AP mode.

(1). First, the tool is placed inside the BACKTRACK5

If you're not used to BT5, use a different version of Linux or Kali and download it on GitHub. GitHub Project Address: https://github.com/brav0hax/easy-creds

(2). The installation method is very simple, take Kali as an example, after downloading

Run "./installer.sh"

The script gives the hint that we are installing Kali, which is based on Debian, so choose 1. If you're redhat, it's 2.

After the carriage return, appeared, this prompt, which is let you fill in the installation path, I direct ' enter ' default. Start the installation.

There may be some ' Error ' information in the middle, but it doesn't matter, the basic appearance of happy hunting can be used. The ' error ' that appears is basically a failure to install what script

For example, I have this error, I did not connect the Kali network, causing the installation freeradius-wpe failed. If we use this feature, we just need to install a freeradius-wpe. However, if you are too troublesome, you can directly use the tools inside the Bt5,kali many have been castrated, BT5, and some are still relatively whole.

(3) Open easy-creds

We choose (3) "Pseudo AP Attack"

then select (1)

BTW, the network card to support injection mode, we want to change into a listening mode. Network card chip preferred 8187:

Then he needs permission, we enter the password: Toor.

The option to appear, whether the meaning of this sentence is to choose hijack attack, I chose Y

Then fill in the local NIC interface, usually eth0.

then you need to choose, the wireless Card interface name: W0  (can be arbitrary) need to forge the AP Ssid:admin channel selection, I chose "5" Channel input Listening Mode interface name: Mon0 whether to modify the MAC address of the listening network card, I choose the N, if you feel the need to forge, you can also y. At0 is a tunnel interface whether to use dhcpd.conf file, here I choose N Set a AT0 interface network range:192.168. 1.0/DNS server settings:192.168. 6.105

4) When all is set, Enter:

We have seen the various services that have been launched, including sniffing and sslstrip.

(5) Then we use the mobile phone to search Wi-Fi hotspots:

Found this SSID as: admin of the forgery hotspot. After the connection, found that the Internet is also possible. (Some fake AP after the connection is unstable, easy to appear even not the Internet, even the internet for pseudo-APS will be meaningless, easy-creds solve the problem)

At this time we try to log 163来 to see.

in the Airbase window we can see the AP hotspot SSID of our Kai: Adminettercap window hijacked to 163 of the account password. (may not be very clear about this picture, forgive me.) The OMESG window shows the system and IP address of the connected device, which I show here as IP address:192.168. 1.101 The device is: Android.  if you want to grab packet analysis, after opening Wireshark, set the listening window to at0! Don't use Mon0. If you want to listen to 192. 168.1 192.168. 1.101

(6) If the client and the legitimate AP are not disconnected, then we can use the Deauth method to attack the legitimate client, forcing them to kick off the downline. then our APs are guaranteed to connect to our APS because they don't have the strongest password and signal. There are many ways to use Deauth, Aircrack kit comes with the Aireplay function, but after testing, the effect is far less than MDK3 Dafa good, wide range, choose more.

MDK3 is like a fool tool, simple and rough, you can also choose a high flexibility airdrop. Here take MDK3 as an example. MKD3 can also attack 802.1X authentication at the enterprise wireless level.

Command: MDK3 Interface name D mode-S package rate-C Select channel where the channel can be multi-choice, intermediate, separated is good

(7) We can also sniff their pictures, so that the role now is similar to the sheep wall.

Filter under the OICQ protocol, we can also sniff QQ account, date no data, there is data is encrypted. cannot be solved. (At least I can't get rid of ^_^)

Generally speaking, there is no difficulty at all, but it is good

First: Stable  second: function set full, use up quickly.

Want to be interested in everyone can play, learn from each other.

Analysis of easy-creds in FAKE_AP mode