dhcp3 issue with airbase-ng
I have refrained from posting on this for a while, however after a lot of trial and failure.. I would appreciate some feedback.
I have been trying to simply get a fake ap (transparant) working and am trying with airbase-ng.
Following the post by hm2075.
http://forums.remote-exploit.org/wir...-commands.html
Using back|track4 Pre Final (latest 2.6.30.7)
Basically there are a couple of issues I have at the mo ;
1.
dhcp3 is failing.
Whatever I try the dhcp3 is refusing to (re)start.
Making it impossible for me to get the IPs issued.
2.
This may be OS dependant, however the fake aps are not being shown (showing up as "hidden" or "unknown" in winXP)
The code I am using is as follows ;
airbase (with mon0 being wlan0 started --> monitor mode)
Modifying the dhcp.conf file as needed;Code:airbase-ng -e "TEST_AP" -c 9 mon0
dhcp.conf file in /etc/
After having started airbase-ng as above, running iptables as below ;Code:ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.1; option subnet-mask 255.255.255.0; option domain-name "example.com"; range 10.0.0.10 10.0.0.20; }
thenCode:ifconfig lo up ifconfig at0 up ifconfig at0 10.0.0.1 netmask 255.255.255.0 ifconfig at0 mtu 1400 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 iptables -P FORWARD ACCEPT iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
I always get the ;Code:/etc/init.d/dhcp3-server restart
Code:Stopping DHCP server: dhcpd3 failed! Starting DHCP server: dhcpd3* check syslog for diagnostics. failed!
Possibly I am missing something trivial, however after a lot of reading I simply cant work it out.
As for #2; the 'mis-reading' of the ESSIDs when using airbase-ng, well interesting to find out why, but #1 my main annoyance..
Any assistance greatly appreciated.
TAPE
A stab in the dark, are you running BT4 through VMware with a 36H ALFA chipset? I could not get APs created through airbase-ng to show (I could see the AP through my iPhone, but not through Windows XP) unless I booted directly (versus hosting the OS through VMware). I do not know if the issue is related to VMware, or if its just the chipset or if its both in combination.
Thanks for the reply,Originally Posted by mikec
No I am running BT4 Pre Final off a dual boot install on a Samsung NC110.
However same issue noted on the VMware version of bt4 pf.
TAPE,
i will try to help you out.
It's called dhcpd.conf not dhcp.conf and it's located at /etc/dhcp3/ not /etc/Modifying the dhcp.conf file as needed;
dhcp.conf file in /etc/
This is probably to a wrong format of the dhcpd.conf, or you are not placing-naming correctly your dhcpd.conf file.Whatever I try the dhcp3 is refusing to (re)start.
Making it impossible for me to get the IPs issued.
This is not OS dependent. It's wifi-card - drivers - airbase-ng. Usually after some time the ESSID will came up with the right name. Give at airbase-ng some time to established. "sleep 10"This may be OS dependant, however the fake aps are not being shown (showing up as "hidden" or "unknown" in winXP)
There is nothing wrong with your code. You can do allot more with airbase.The code I am using is as follows ;
airbase (with mon0 being wlan0 started --> monitor mode)
Code:airbase-ng -e "TEST_AP" -c 9 mon0
Personally I don't like to use a class A network IPs for my wlan. I use a class C, like the following:Code:ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.1; option subnet-mask 255.255.255.0; option domain-name "example.com"; range 10.0.0.10 10.0.0.20; }
Replace DNS with the DNS server of your IP.Code:ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; subnet 192.168.2.128 netmask 255.255.255.128 { option subnet-mask 255.255.255.128; option broadcast-address 192.168.2.255; option routers 192.168.2.129; option domain-name-servers DNS; range 192.168.2.130 192.168.2.140; }
Create a file dhcpd.conf with the above and place it in /etc/dhcp3/
Alternately you can run dhcpd3 by:
So, you can see any errors that may came up.Code:dhcpd3 -cf dhcpd.conf at0
Our internal network:
Here are IPTABLES for the above networkCode:ifconfig at0 up ifconfig at0 192.168.2.129 netmask 255.255.255.128 route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
Replace INTERNET_IP with your internet IPCode:iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain echo 1 > /proc/sys/net/ipv4/ip_forward iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface at0 -j ACCEPT iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to INTERNET_IP
Maybe I missed something because I am in a hurry.
Hope I helped some.
Nick
Nick,
Thank you very much for your detailed reply, will be testing and reverting.
Thanks.
edit
----
gonna have to revert tomorrow.. thanks again though for the reply.
Hmm.. regret to say that still unable to get it to issue IP address.
After following above post and trying to start the dhcp
error message as follows ;Code:dhcpd3 -cf dhcpd.conf at0
bah..Code:Can't create PID file /var/run/dhcpd.pid: Permission denied.
Run as root
dd if=/dev/swc666 of=/dev/wyze
Probably should have mentioned that as well, I am running as root throughout.
The system can run without the PID file, but it's better not to make it.
DHCPD will drop privileges when it executes, this is standard security technique 101 for network programs that require root, so we need to ensure it can write to an otherwise restricted directory.
Someone (might have been me!) suggested you could just cheat andBut this is a not-good way of doing it (mostly because I can edit the file, change it to contain "1" and then wait for you to restart your dhcpd server - resulting in a kill of the "init" process, and partly because it's just poor form).Code:touch /var/run/dhcpd.pid && chmod 777 /var/run/dhcpd.pid
You can, however, create a directory within /var/run, and grant it access to the dhcpd daemon. Get the username it drops priv's too out of /etc/passwd (just grep for dhcp):This gives dhcpd a place to write its PID file when it boots up.Code:mkdir -p /var/run/dhcpd && chown _dhcpd /var/run/dhcpd
The second part of the two step process is to give DHCPd a new command line flag to tell it where to save the PID file - across the three systems I looked at (none of them bt4 though as that is currently proxying connections through my company firewall - don't ask), the switch was the same:Hopefully that is what you are looking for - it should both remove the Error at the end, and gives you a more "correctly secure" system than the other.Code:dhcpd -cf /etc/dhcpd3/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0
Let us know.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
More then less I am repeating what master Gitsnikalready posted.
This is what I am using in my scripts for dhcp3:
We suppose that dhcpd.conf file is also in /dhcpd3/ folder that we created.Code:mkdir dhcpd3 cat /dev/null > dhcpd3/dhcpd.pid cat /dev/null > dhcpd3/dhcpd.leases chown -R dhcpd:dhcpd dhcpd3 dhcpd3 -lf /dhcpd3/dhcpd.leases -pf /dhcpd3/dhcpd.pid -cf /dhcpd3/dhcpd.conf at0
Nick
Posting Permissions
