Page 12 of 14 FirstFirst ... 21011121314 LastLast
Results 111 to 120 of 137

Thread: Rogue Accesspoint + MitM Sniffing tutorial

  1. #111
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    10

    Default

    Quote Originally Posted by cybrsnpr View Post
    Some sites block ICMP. If you can ping other sites, you have connectivity. What is the problem?
    Well ... i wanna know why i dont have acces to all site ^^


    As i thinking, i don't know if that can help but !

    With my laptop ''the bridge between the wireless and the Eth0 (internet) i have acces to hotmail.com
    but with my desktop, i don't ...


    and (out of subjet) into the shell were i have run the bash file, i've got this, and i really don't know what it is

    X Error: BadWindow (invalid Window parameter) 3
    Major opcode: 20
    Minor opcode: 0
    Resource id: 0x3000007

    That dosen't seem to affect anything but ... sometimes with and error we can do bunch of think

  2. #112
    Junior Member
    Join Date
    Jun 2008
    Posts
    39

    Default

    I have read this whole thread about ten times and I am still not getting something right. My /etc/dhcpd.conf matches the one in the first post and I am using BadKarma's script.

    the command I am using is

    Code:
    ./mitmap.sh -m apa -i wifi0 -o eth0 -s testnet -d /etc/dhcpd.conf
    The following is then posted.

    Code:
    Master Mode: ath0
    Current MAC: 06:c0:aa:02:c4:6f (unknown)
    Faked MAC:   00:40:62:92:af:84 (E-systems, Inc./garland Div.)
    Starting Atheros Card in Karma Mode Succesful
    DHCPD started succesfully
    Starting Packet capture to /root/apmitm-Jan-20-09-021240.cap
    
    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
    
    Listening on wifi0... (802.11)
    
    Privileges dropped to UID 0 GID 0...
    
      28 plugins
      39 protocol dissectors
      53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    
    Starting Unified sniffing...
    
    
    Text only Interface activated...
    Hit 'h' for inline help
    Everything looks good right? Well then I go to my other laptop (sitting about 15 feet away) boot up vista and then wireless assistant pops up finding "testnet" I try to connect, it takes awhile then spits back "this is taking longer than expected" then fails. I then open a command prompt and issue a "ipconfig /all" and the wireless card has a 169 address which is APIPA. Which was issued by the computer and not the DHCP server. At this point I cannot ping 10.0.0.1, nor can I access the internet. I did have wireshark running on at0 (10.0.0.1) and everything looks normal, there are some malformed packets but not all of them are. I would post the dump from wireshark but pastebin doesnt seem to like the size or format. To me it seems like dhcpd isnt giving out ip addresses.

    I am not sure what to do from here, could someone help?

    Also when i try running
    Code:
    ./mitmap.sh -m ap -i wifi0 -o eth0 -s testnet -d /etc/dhcpd.conf
    I dont get any errors but the ap is not viewable by the vista laptop.

    I know this is long but I hope the more information I give the easier it will be for someone to help me. Also spec on my setup are, MacBook running a hard drive install of bt3.

  3. #113

    Default

    the apa mode is only for atheros cards, so you would use it with ath0, if your card is not atheros and it is supported for injection use the ap mode. to test if injection is supported run aireplay-ng -9 <wifi card>
    you can download the latest version here
    http://www.darkoperator.com/mitmap.tar.gz

  4. #114
    Junior Member
    Join Date
    Jun 2008
    Posts
    39

    Default

    Quote Originally Posted by BadKarmaPR View Post
    the apa mode is only for atheros cards, so you would use it with ath0, if your card is not atheros and it is supported for injection use the ap mode. to test if injection is supported run aireplay-ng -9 <wifi card>
    you can download the latest version here
    http://www.darkoperator.com/mitmap.tar.gz
    See that part was sort of confusing me because with kismet it uses wifi0, but then in spoonwep2 and spoonWPA I select ath0 with atheros drivers. With my current drive set (madwifi-ng) ath0's parent is wifi0.

    Has there been an update to your script recently?

  5. #115

    Default

    I updated it for my self but did not post the update.

  6. #116
    Junior Member
    Join Date
    Jun 2008
    Posts
    39

    Default

    Quote Originally Posted by BadKarmaPR View Post
    I updated it for my self but did not post the update.
    Well I downloaded you new one and executed a

    Code:
    ./mitmap.sh -m apa -i ath0 -o eth0 -s FreeWifi -d /etc/dhcpd.conf
    and recieved

    Code:
    Master Mode: ath0
    Current MAC: 06:c0:aa:02:c4:6f (unknown)
    Faked MAC:   00:01:5a:e7:fe:24 (Digital Video Broadcasting)
    Starting Atheros Card in Karma Mode Succesful
    DHCPD started succesfully
    Starting Packet capture to /root/apmitm-Jan-20-09-030825.cap
    
    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
    
    Listening on ath0... (Ethernet)
    
      ath0 ->       00:01:5A:E7:FE:24          10.0.0.1     255.255.255.0
    
    Privileges dropped to UID 0 GID 0...
    
      28 plugins
      39 protocol dissectors
      53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    
    Starting Unified sniffing...
    
    
    Text only Interface activated...
    Hit 'h' for inline help
    
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    DHCP: [00:15:AF:CE:AE:E0] DISCOVER
    Still only an APIPA address on the client trying to connect. Looks like my issues is with the dhcp server...

  7. #117

    Default

    for my script in that mode make sure the dhcpd.conf file has as the interface to give out the addresses ath0 and not at0

  8. #118
    Junior Member FrankFruter's Avatar
    Join Date
    Dec 2008
    Posts
    29

    Default

    Well I downloaded you new one and executed a
    and recieved
    Still only an APIPA address on the client trying to connect. Looks like my issues is with the dhcp server...



    Check out my post on page 8 of this thread!

  9. #119
    Junior Member
    Join Date
    Jun 2008
    Posts
    39

    Default

    Quote Originally Posted by BadKarmaPR View Post
    for my script in that mode make sure the dhcpd.conf file has as the interface to give out the addresses ath0 and not at0
    so i tried

    Code:
    ./mitmap.sh -m apa -i ath0 -o eth0 -s testnet
    and it works without a problem. client connects and everything, I guess the issue occurred then I was specifying the -d /etc/dhcpd.conf . It doesnt make much sense to me but it works now so I wont complain. Thanks for the help!

  10. #120
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    8

    Default

    Wich sniffers are you guys using on your Rogue AP box?
    I've got everything to work, the Rogue Ap works fine, no dns error, It is visible and all that.

    So my question is. Is there any better program to us than urlsnarf? If someone simply surtf to hotmail.com i'll get a massive spam with tons of different url's. Not just 'hotmail.com'

    If i want to sniff ssh, i've tried Ettercap, and it work well. But my question is. What will Ettercap sniff if i simply run sniff with it, nothing more. Not dhcp spoofing, arp poisoning etc?

    To sniff ssh i need to activare arp poisoning, but why? Is that needed? Or can i do it another way? Since the traffic is already going through my own 'Rogue AP'?

    I need more tip on wich sniffers to use.

    Edit: I have 2 different Wireless cards/adapters. one Atheros one and The ALFA 500mw adapter. I can setup a rogueAP with the Atheros card withoout any trouble at all. Problem here is that this signal is not as wide and wont go as far as the alfa one. So i try to setup this Alfa 500mw as Rogue AP. airbase starts the faked AP, i can see probes and everything runs just fine. but the ap wont show up. I is not visible. I am running the same command line as i use with the other card.
    I've tried different lines, e.g airbase-ng -e "essid" -v ath0/wlan0 (depending on wich one i use) or airbase-ng -e "essid" -P -C -c <channel> -v ath0/wlan0
    and so on. Nothing will make the rogueAP on my Alfa adapter to show. Why is that? What is making the ap not showing?

Page 12 of 14 FirstFirst ... 21011121314 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •