|
|||||||
| Wireless Specific topics related to the attack & defense of wireless systems |
 |
|
|
LinkBack | Thread Tools | Display Modes |
10-11-2009, 08:53 PM
|
||||
|
||||
How to: E-Z setup a Multi Mode WLAN based on a Fake AP
Hello BT community.
19/11/2009 download links updated Download links: Download wlan_0.8.1a.tar.bz2 from Mediafire.com or Download wlan_0.8.1a.tar.bz2 from Uploadingit.com Extract Code:
tar xjf wlan_0.8.1a.tar.bz2 wlan_nick.sh README CHANGELOG airchat.tar.bz2 You don't have to extract the airchat.tar.bz2. Just leave it in the same place with wlan_nick.sh. The script will extract it to the right place. and run Code:
sh wlan_nick.sh The 1st time that you will run the script it will create backup-working folders (default is /root/wlan_nick/), it will download any programs that they are missing (usually dnsmasg,squid3,sarg) and it will create backups (iptables, conf files etc) so we can restore them, if we want, the next time that we will run this scripts. After downloading,installing,backup you will prompted to configure sarg. (language, date format and full urls).Choose as you want. After this you will prompted to enter the interface that you are connected to the Internet.This could be point-to-point (ex ppp0), ethernet (ex eth0) or wirelessly (ex wlan0). After that you must enter the wireless interface that we will use for the creation of the fake AP. This could be any card that can support injection. If that card is a Atheros based card then you will prompted to download and install madwifi-ng drivers (revision 4073) patched for injection, so we can use them to create a : "master mode" AP (very high speeds) or a "monitor mode + airbase-ng" AP (also high speeds). To see if your card supports master mode please check this link: Compatibility - madwifi-project.org - Trac It is highly recommended to install madwifi-ng ( you will be able to uninstall them the next time that you will run this script) even if your card can't support master mode. But if it supports, then you can consider your self as a lucky one. If you don't want to install them just continue and it will use ath5k or ath9k kernel modules. Note that if you don't own a Atheros card you will not be prompted to install-use madwifi-ng. Next, the script will bring up a monitor mode interface and you must enter that when you will prompted. After that you will be prompted to enter optional inputs: a) ESSID : [You must enter the ESSID] Can be any printable, up to 31, characters long (except space and "\") b) MAC address : [Optional] Can be any HEX character. Excact 12 characters long c) Channel : [optional] Can be any number from 1 to 13. d) Encryption: d1) Blank for OPEN (No encryption) d2) ASCII password: 5 or 13 characters ASCII (ex aaaaa or aaaaaaaaaaaaa) d3) HEX password : 10 or 26 characters HEX (ex ab:cd:ef:01:23 or ab:ab:ab:ab:ab:ab:cd:ef:01:23:45:56:67) Please follow this link for exxtra info: How to: E-Z setup a Multi Mode WLAN based on a Fake AP After that you must choose one of the following modes: Quote:
1. There is nothing to say. Your clients will be connected to the Internet. 2. Your clients will be transparently proxyed and connected to the Internet. (you can use sarg) 3. Your clients will be transparently SSLstripped and connected to the Internet. 4. Your clients will be transparently proxyed & SSLstripped and connected to the Internet (you can use sarg) In this mode reports from sarg doesn't show domain names (only IPs) because traffic comes from sslstrip. 5. Your clients browser images will be Upside Down or Blured or Swirled. Check this link for further information: Upside-Down-Ternet 6. In this mode our clients are forced to download ,when they ask to, our files. The script it will create four zero byte files in /tmp/bad_files/ folder. These files are : test.exe, test.rar, test.zip and test.doc. When a client tries to download a exe or rar or zip or doc file from any site then the script will serve to them one of the above files.(Matching the extesion of it) [Mode 6 example: Let's say we want our client to execute a keyloger file. That file is called keylog.exe. All we have to do is to rename the keylog.exe to test.exe and copy it to /tmp/bad_file/. Now when a client tries to download a exe file ,let's say acrobat_reader.exe ,it will be forced to download every time our keylog.exe wich will be renamed to acrobat_reader.exe and the download location will be the original ]  7. When a client tries to connect to a web site, he will be forced to chat with your box via web browsers. 8. Your clients will surf anonymously in to the web using a TOR exit node. For modes 5 and 6 please follow this link: http://forums.remote-exploit.org/wir...tml#post159198 For mode 7 please follow this link: How to: E-Z setup a Multi Mode WLAN based on a Fake AP For mode 8 please follow this link: How to: E-Z setup a Multi Mode WLAN based on a Fake AP Choose 1-6 and you are ready to go. Connect a client to your WLAN and if you choose 2, 4, 5 or 6 then open up a console and type sarg. Then go to (default) /root/wlan_nick/squid-reports/ and open index.html to see who-when-what they are visiting. If you choose 3 or 4 then a file will be created at /root/wlan_nick/output-ssl.log which is sslstrip's log. Open it up to see SSL related traffic, or you can do: Code:
cat output-ssl.log | grep 'SECURE POST' After you run it at least one time, a wlan.conf file will be created at your $HOME_DIR and it will look like this: Quote:
RESTORE_MODE yes = If you don't want to be prompted every time to restore-uninstall set it to "no" SSLSTRIP_DL no = If you want to try sslstrip 0.6 set it to yes. The next time it will download and install ver 0.6 of sslstrip. I found out that it's a little bit slow than the 0.1 that comes with BT4 SARG_RECONF no = If you want to be prompt every time to reconfigure sarg set it to yes.(for testing) ATH_PROMPT yes = If you have a Atheros based card and you don't want to be prompted to install madwifi-ng set it to no. Also if it is set to yes and you don't own a atheros card you will not be prompted. INET_WIRELESS_PROMPT yes = if you don't want to be prompted to enter every time for internet and wireless interfaces set it to no. The script will be use the following three tags INET_CONX ppp0 = How we are connected to the internet WIRELS_IFACE wlan = Our wirelles interface WIFACE_MON mon0 = Our wirelles interface in monitor mode ESID_MAC_CHAN_PROMPT yes =If you don't want to be prompted to enter every time for essid,mac,channel and encryption set it to no. The script will be use the following five tags ESSID Free_wifi = The name of the AP MC_ADDRS 00:11:22:33:44:55 = The MAC address of the AP (Could be blank) CHANNEL 7 = The channel of the AP (could be blank) ENCRYPTION = What encryption type we will use. This could be : OPEN, ASCII_40, HEX_40, ASCII_104, HEX_104 KEY = OPEN (for no encryption). Or the WEP key (40 or 104 bits) that we have entered Nbpps_USE no = If we want to change the default value for number of packets per second who transmided then we set it to "yes".If no then we use the default value 100. Nbpps_VALUE = This sets the number of packets per second transmission rate (default: 100). Available values are : 1 - 1000 MTU_MON 1400 = The MTU value of our monitor mode interface Don't forget to leave a space after the tags in wlan.conf. If you don't want to mess things leave it as it is. The script will work just fine. This script is tested with: Running on BT4PF (kernel 2.6.29.4) it should work with newer kernel. Internet from pppoA and wirelessly Wireless cards: Atheros AR5001X+ (ath5k and ath_pci) and zydas zd1211rw clients: BT4PF and windows XP SP3 EN Enjoy Nick MOD EDIT: Changed thread title based on the OP's wishes. Old title: How to: E-Z setup a Multi-Mode WLAN based on a Fake AP Credits go to Dimitra and Tatiana for text edit.
__________________
The quieter you become.... Last edited by Nick_the_Greek; 05-08-2010 at 10:59 AM. Reason: Added Air Chat 
|
|
10-12-2009, 06:37 PM
|
|||
|
|||
|
Well you certainly made a hell of a script here, nice work!
I gave it a quick look and it seems well structured and documented, I'll give it a try ASAP. I also appreciate the backups and reversibility of configurations. (You might want to check the credits names.) Thank you for sharing it, Nick. Keep it up.
|
|
10-12-2009, 07:53 PM
|
||||
|
||||
|
Thanx prowl3r for the good words. This all I need from BT community. The basic idea was to make a flexible script about Fake APs. Since the main body is finished, I will add more modes in the future. I am waiting feedbacks from users to continue. Any ideas are welcome.
BTW. Anyone who can guide me a little bit with sslsniff.... Can getting to work in BT4PF. Quote:
__________________
The quieter you become....
|
|
10-17-2009, 10:26 PM
|
||||
|
||||
|
Quote:
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 03:35 PM.
