Page 1 of 12 12311 ... LastLast
Results 1 to 10 of 112

Thread: How to: E-Z setup a Multi Mode WLAN based on a Fake AP

  1. #1
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default How to: E-Z setup a Multi Mode WLAN based on a Fake AP

    Hello BT community.

    19/11/2009 download links updated

    Download links:

    Download wlan_0.8.1a.tar.bz2 from Mediafire.com
    or
    Download wlan_0.8.1a.tar.bz2 from Uploadingit.com
    Extract
    Code:
    tar xjf wlan_0.8.1a.tar.bz2
    It will be extracted four files:
    wlan_nick.sh
    README
    CHANGELOG
    airchat.tar.bz2

    You don't have to extract the airchat.tar.bz2. Just leave it in the same place with wlan_nick.sh. The script will extract it to the right place.

    and run
    Code:
    sh wlan_nick.sh
    (You must be root and connected to the Internet to continue.)

    The 1st time that you will run the script it will create backup-working folders (default is /root/wlan_nick/), it will download any programs that they are missing (usually dnsmasg,squid3,sarg) and it will create backups (iptables, conf files etc) so we can restore them, if we want, the next time that we will run this scripts.

    After downloading,installing,backup you will prompted to configure sarg. (language, date format and full urls).Choose as you want. After this you will prompted to enter the interface that you are connected to the Internet.This could be point-to-point (ex ppp0), ethernet (ex eth0) or wirelessly (ex wlan0). After that you must enter the wireless interface that we will use for the creation of the fake AP. This could be any card that can support injection. If that card is a Atheros based card then you will prompted to download and install madwifi-ng drivers (revision 4073) patched for injection, so we can use them to create a : "master mode" AP (very high speeds) or a "monitor mode + airbase-ng" AP (also high speeds).

    To see if your card supports master mode please check this link: Compatibility - madwifi-project.org - Trac
    It is highly recommended to install madwifi-ng ( you will be able to uninstall them the next time that you will run this script) even if your card can't support master mode. But if it supports, then you can consider your self as a lucky one. If you don't want to install them just continue and it will use ath5k or ath9k kernel modules. Note that if you don't own a Atheros card you will not be prompted to install-use madwifi-ng.

    Next, the script will bring up a monitor mode interface and you must enter that when you will prompted. After that you will be prompted to enter optional inputs:
    a) ESSID : [You must enter the ESSID] Can be any printable, up to 31, characters long (except space and "\")
    b) MAC address : [Optional] Can be any HEX character. Excact 12 characters long
    c) Channel : [optional] Can be any number from 1 to 13.

    d) Encryption:
    d1) Blank for OPEN (No encryption)
    d2) ASCII password: 5 or 13 characters ASCII (ex aaaaa or aaaaaaaaaaaaa)
    d3) HEX password : 10 or 26 characters HEX (ex ab:cd:ef:01:23 or ab:ab:ab:ab:ab:ab:cd:ef:01:23:45:56:67)
    Please follow this link for exxtra info:
    http://forums.remote-exploit.org/wir...tml#post160670

    After that you must choose one of the following modes:

    1. Simple WLAN
    2. Transparent Proxy-ed WLAN
    3. Transparent SSLstriped WLAN
    4. Transparent Proxy-ed and SSLstriped WLAN
    5. Upside down, Blur, Swirl client's browser images
    6. Forced downloading files
    7. Air chat
    8. Anonymous Surfing (TOR tunnel)
    Explanation:
    1. There is nothing to say. Your clients will be connected to the Internet.
    2. Your clients will be transparently proxyed and connected to the Internet. (you can use sarg)
    3. Your clients will be transparently SSLstripped and connected to the Internet.
    4. Your clients will be transparently proxyed & SSLstripped and connected to the Internet (you can use sarg) In this mode reports from sarg doesn't show domain names (only IPs) because traffic comes from sslstrip.
    5. Your clients browser images will be Upside Down or Blured or Swirled.
    Check this link for further information: Upside-Down-Ternet
    6. In this mode our clients are forced to download ,when they ask to, our files.
    The script it will create four zero byte files in /tmp/bad_files/ folder. These files are : test.exe, test.rar, test.zip and test.doc.
    When a client tries to download a exe or rar or zip or doc file from any site then the script will serve to them one of the above files.(Matching the extesion of it)
    [Mode 6 example: Let's say we want our client to execute a keyloger file. That file is called keylog.exe. All we have to do is to rename the keylog.exe to test.exe and copy it to /tmp/bad_file/. Now when a client tries to download a exe file ,let's say acrobat_reader.exe ,it will be forced to download every time our keylog.exe wich will be renamed to acrobat_reader.exe and the download location will be the original ]
    7. When a client tries to connect to a web site, he will be forced to chat with your box via web browsers.
    8. Your clients will surf anonymously in to the web using a TOR exit node.

    For modes 5 and 6 please follow this link:
    http://forums.remote-exploit.org/wir...tml#post159198

    For mode 7 please follow this link:
    http://forums.remote-exploit.org/wir...tml#post161278

    For mode 8 please follow this link:
    http://forums.remote-exploit.org/wir...tml#post162131

    Choose 1-6 and you are ready to go. Connect a client to your WLAN and if you choose 2, 4, 5 or 6 then open up a console and type sarg. Then go to (default) /root/wlan_nick/squid-reports/ and open index.html to see who-when-what they are visiting.

    If you choose 3 or 4 then a file will be created at /root/wlan_nick/output-ssl.log which is sslstrip's log. Open it up to see SSL related traffic, or you can do:
    Code:
    cat output-ssl.log | grep 'SECURE POST'
    The second time that you will run this script you will prompt to restore files - uninstall(if installed) madwifi-ng - restore iptables. Do as you want. The followings are the same as the 1st time.

    After you run it at least one time, a wlan.conf file will be created at your $HOME_DIR and it will look like this:
    SYSTEM_UPDATED yes
    RESTORE_MODE yes
    SSLSTRIP_DL no
    SARG_RECONF no
    ATH_PROMPT yes
    INET_WIRELESS_PROMPT yes
    INET_CONX ppp0
    WIRELS_IFACE wlan0
    WIFACE_MON mon0
    ESID_MAC_CHAN_PROMPT yes
    ESSID Free_wifi
    MC_ADDRS 00:11:22:33:44:55
    CHANNEL 7
    ENCRYPTION HEX_104
    KEY ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab
    Nbpps_USE no
    Nbpps_VALUE 200
    MTU_MON 1400
    SYSTEM_UPDATED yes = stands for apt-get update. (Don't change that)
    RESTORE_MODE yes = If you don't want to be prompted every time to restore-uninstall set it to "no"
    SSLSTRIP_DL no = If you want to try sslstrip 0.6 set it to yes. The next time it will download and install ver 0.6 of sslstrip. I found out that it's a little bit slow than the 0.1 that comes with BT4
    SARG_RECONF no = If you want to be prompt every time to reconfigure sarg set it to yes.(for testing)
    ATH_PROMPT yes = If you have a Atheros based card and you don't want to be prompted to install madwifi-ng set it to no. Also if it is set to yes and you don't own a atheros card you will not be prompted.
    INET_WIRELESS_PROMPT yes = if you don't want to be prompted to enter every time for internet and wireless interfaces set it to no. The script will be use the following three tags
    INET_CONX ppp0 = How we are connected to the internet
    WIRELS_IFACE wlan = Our wirelles interface
    WIFACE_MON mon0 = Our wirelles interface in monitor mode
    ESID_MAC_CHAN_PROMPT yes =If you don't want to be prompted to enter every time for essid,mac,channel and encryption set it to no. The script will be use the following five tags
    ESSID Free_wifi = The name of the AP
    MC_ADDRS 00:11:22:33:44:55 = The MAC address of the AP (Could be blank)
    CHANNEL 7 = The channel of the AP (could be blank)
    ENCRYPTION = What encryption type we will use. This could be : OPEN, ASCII_40, HEX_40, ASCII_104, HEX_104
    KEY = OPEN (for no encryption). Or the WEP key (40 or 104 bits) that we have entered
    Nbpps_USE no = If we want to change the default value for number of packets per second who transmided then we set it to "yes".If no then we use the default value 100.
    Nbpps_VALUE = This sets the number of packets per second transmission rate (default: 100). Available values are : 1 - 1000
    MTU_MON 1400 = The MTU value of our monitor mode interface

    Don't forget to leave a space after the tags in wlan.conf.
    If you don't want to mess things leave it as it is. The script will work just fine.

    This script is tested with:
    Running on BT4PF (kernel 2.6.29.4) it should work with newer kernel.
    Internet from pppoA and wirelessly
    Wireless cards: Atheros AR5001X+ (ath5k and ath_pci) and zydas zd1211rw
    clients: BT4PF and windows XP SP3 EN

    Enjoy

    Nick

    MOD EDIT: Changed thread title based on the OP's wishes.
    Old title: How to: E-Z setup a Multi-Mode WLAN based on a Fake AP

  2. #2
    prowl3r
    Guest

    Default

    Well you certainly made a hell of a script here, nice work!

    I gave it a quick look and it seems well structured and documented, I'll give it a try ASAP. I also appreciate the backups and reversibility of configurations.

    (You might want to check the credits names.)

    Thank you for sharing it, Nick. Keep it up.

  3. #3
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    Thanx prowl3r for the good words. This all I need from BT community. The basic idea was to make a flexible script about Fake APs. Since the main body is finished, I will add more modes in the future. I am waiting feedbacks from users to continue. Any ideas are welcome.
    BTW. Anyone who can guide me a little bit with sslsniff.... Can getting to work in BT4PF.
    Quote Originally Posted by prowl3r View Post
    (You might want to check the credits names.)
    Fix that. URL changed.

  4. #4
    Senior Member MikeCa's Avatar
    Join Date
    Jan 2010
    Location
    DC
    Posts
    129

    Default

    Long time lurker, first time caller...

    Great script, looks well done. I will test it out soon (hopefully this weekend) in my test environment.

    Thanks again!

  5. #5
    Junior Member BT2008's Avatar
    Join Date
    May 2008
    Posts
    33

    Default https

    thx for your great script
    My connected clients can connect to http but not to https, any idea?

  6. #6
    Senior Member MikeCa's Avatar
    Join Date
    Jan 2010
    Location
    DC
    Posts
    129

    Default

    Hello, is this script designed for BT4? I ran it on BT3 and got errors relating to apt-get missing (I admit I have never used bt4, maybe that relies on apt-get).

  7. #7
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by mikec View Post
    Hello, is this script designed for BT4? I ran it on BT3 and got errors relating to apt-get missing (I admit I have never used bt4, maybe that relies on apt-get).
    bt3 is based on slackware and does not have the apt-get package manager

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    So I tried the script but it wont let me go to any https sites, I can go to google and normal http sites.

  9. #9
    Junior Member BT2008's Avatar
    Join Date
    May 2008
    Posts
    33

    Default

    Quote Originally Posted by pureh@te View Post
    So I tried the script but it wont let me go to any https sites, I can go to google and normal http sites.
    I have the same problem....posted it already

  10. #10
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by BT2008 View Post
    I have the same problem....posted it already
    Didnt see that. Guess I need to read before I post.

Page 1 of 12 12311 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •