Page 2 of 14 FirstFirst 123412 ... LastLast
Results 11 to 20 of 137

Thread: Rogue Accesspoint + MitM Sniffing tutorial

  1. #11
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by letmein View Post
    The paste bin containing the script is down, is the link broken?

    Really interested to try this out!!
    The link is working just fine.
    -Monkeys are like nature's humans.

  2. #12
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    pastebin is fine

    so guys anyone figured out the exact workings of airbase?


    I've been playing with it for 3 hours and still no joy, a basic wireless setup with no encryption is fine, victim connects happily, when you start using -P commands as well as -W 1, -0, the victim cannot associate, this is needed when you are targetting a specific victim, aka evil twin network type setup

    another thing - aircrack team needs to allow deauth on different channels, there is no way to do this at the moment, if airbase is set on a specific channel then deauth only works on that channel

    so guys --- any tips? or do we wait for the aircrack team to implement the -h MITM mode?

  3. #13
    Junior Member
    Join Date
    Sep 2008
    Posts
    32

    Default

    Be sure to check the open bug reports on the main aircrack page before you pull too much of your hair out.

    -- Tom

  4. #14
    Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Wonderful thread guys!!!

    Well, I followed every single line in the script and ran them myself manually. Everything seems to be working fine with the exception that at0 is not able to resolve DNS queries from the client. Every DNS query is answered with an "Unreachable Network" as showed by wireshark. There is no communication between at0 and eth0 which is the one containing internet access.

    I would like to resolve this but I'm kind of stuck and I don't know where to look. The following the wireless card I'm using for the Rogue AP:

    Code:
    14:00.0 Ethernet controller: Atheros Communications, Inc. AR5006EG 802.11 b/g Wireless PCI Express Adapter (rev 01)
    Please light me up... Thanks
    QuadCore AMD Phenon X4 9950, 2600 MHz
    8GB DDR2 800MHz
    Dual Boot System: Windows Server 2008 x64 w/ Hyper-V, Ubuntu 9.10 x64

  5. #15
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    check out the other threads regarding iptables, that may help

  6. #16
    Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Quote Originally Posted by hm2075 View Post
    check out the other threads regarding iptables, that may help
    God, five minutes later and I get it working !!! I had a misconfiguration on dhcpd.conf, for some reason I though 10.0.0.1 was the DNS resolver. Thanks to the article provided in the first post I was able to fix it. Thanks

    Note: Once I launch Ettercap, the client(IPod Touch) loses its internet access.
    QuadCore AMD Phenon X4 9950, 2600 MHz
    8GB DDR2 800MHz
    Dual Boot System: Windows Server 2008 x64 w/ Hyper-V, Ubuntu 9.10 x64

  7. #17
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Quote Originally Posted by =Tron= View Post
    When you fire up airbase-ng on your Alfa do you see the following lines?
    Code:
    14:38:12  Trying to set MTU on wlan0 to 1800
    error setting MTU on wlan0
    14:38:12  MTU on wlan0 remains at 1500
    I ran into the problem described by Revelati which basically resulted in the clients only being able to surf a few webpages correctly while most would refuse to load. Setting the MTU of the at interface to match the MTU of the Alfa interface solved this problem.

    Update: Finally got to actually try out your script and have to say that it works wonderfully, including the ettercap implementation and SSL. I did nevertheless need to modify the script to use MTU 1500 on at0, without which the previously described issue would occur. I also still seem to have problems connecting to the rogue AP when using the -P -C switches in airbase-ng. I also noticed the malformed packets in Wireshark when monitoring the wlan0 interface, this is however easily overcome by simply using the at0 interface instead, which is why I didn't notice it previously. I also seemed to be able to run mdk3 alongside airbase-ng using the same interface. I say seemed at this point as I have only confirmed that they both are able to run alongside each other without problems, but have not further investigating how well mdk3 works in this manner.
    Glad to hear you got (most of) it working . Try leaving out the -C, if your lab has an abundant amount of access points because airbase-ng will attempt to spoof every single one of them which will most likely cause the rogue ap to stop functioning, definitely what happened in my case. And yes, I get the exact same error in Airbase regarding the mtu.
    About the only few website's working, the same thing happened to me when using 1500 mtu. Kind of weird it is the opposite compared to you. But setting the mtu to 1400 as I do so in the script definitely fixed it for me. But good to know for other people troubleshooting, that MTU may be the issue, I also updated the tutorial to reflect possible MTU problems.

    Quote Originally Posted by adri_ht_ View Post
    God, five minutes later and I get it working !!! I had a misconfiguration on dhcpd.conf, for some reason I though 10.0.0.1 was the DNS resolver. Thanks to the article provided in the first post I was able to fix it. Thanks

    Note: Once I launch Ettercap, the client(IPod Touch) loses its internet access.
    Ettercap working on an at* interface took me a long time to work. If /proc/sys/net/ipv4/ip_forward is set to 1, the internet will work right until you start ettercap. Once you start ettercap /proc/sys/net/ipv4/ip_forward will still stay on 1, but the internet connection will be lost. But for some weird reason if you run echo "1" > /proc/sys/net/ipv4/ip_forward after executing ettercap on the at0 - it works. This sounds completely weird, and if you asked for an explaination, I couldn't answer. But one thing for sure, this method works! Check out the script as it shows the correct way of setting it up,(:
    - Poul Wittig

  8. #18
    Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Quote Originally Posted by Deathray View Post
    Ettercap working on an at* interface took me a long time to work. If /proc/sys/net/ipv4/ip_forward is set to 1, the internet will work right until you start ettercap. Once you start ettercap /proc/sys/net/ipv4/ip_forward will still stay on 1, but the internet connection will be lost. But for some weird reason if you run echo "1" > /proc/sys/net/ipv4/ip_forward after executing ettercap on the at0 - it works. This sounds completely weird, and if you asked for an explaination, I couldn't answer. But one thing for sure, this method works! Check out the script as it shows the correct way of setting it up,(:
    Thanks, everything led me to this

    Possible explanation taken from man ettercap:

    The kernel ip_forwarding is always disabled by ettercap. This is done to prevent to forward a packet twice (one by ettercap and one by the kernel).
    Code:
    ettercap -T -q -u -p -i at0 /10.0.0.100/ //
    Note the new "-u" parameter which prevents ettercap from disabling the kernel ip_forwarding.
    QuadCore AMD Phenon X4 9950, 2600 MHz
    8GB DDR2 800MHz
    Dual Boot System: Windows Server 2008 x64 w/ Hyper-V, Ubuntu 9.10 x64

  9. #19
    Junior Member
    Join Date
    Sep 2008
    Posts
    85

    Default

    when i run airbase-ng my computer disconnects me from the LAN i was on, and the internet

    does this require 2 interfaces? (not including at0)
    patience is appreciated =]

  10. #20
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by benzslr123 View Post
    when i run airbase-ng my computer disconnects me from the LAN i was on, and the internet

    does this require 2 interfaces? (not including at0)
    Yes. You cannot expect to use the same wireless interface to create the fake AP and keep your own connection up and running simultaneously.
    -Monkeys are like nature's humans.

Page 2 of 14 FirstFirst 123412 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •