Jump to content

Attacking WPA, Evil portal + Deauth


cheeto

Recommended Posts

Hey guys,

I'm trying to hack my friend´s AP. (with his permission)

Here's the breakdown:

Must I 1st set my MKV's ssid to the victim's ssid?

Victim´s ssid: HACKME

MKV´s ssid: HACKME

My idea is to deauth the victim with a netbook

And start Evil portal with a fake AP update message. (asking the victim to enter his wifi password)

see below:

strategy.jpg

Am missing something?

Must i use KARMA for this too?

Many thanks guys!

cheeto

Link to comment
Share on other sites

Hey Razor,

That is a very nice page. I learned a lot from there.

Regarding the infusion, it's my understanding that the plugin must be available for openwrt in order to get it on the Pineapple. Crossing my fingers.

Cheers!!

Link to comment
Share on other sites

Interesting idea.....

My only concern is that general you would enter you passphase via a dialog box on the operating system

Not by the browser, if I started being asked for the passphase in the browser, I would be concerned...

But the concept of deauth attack and the evil portal asking for your passphase try to pass of as the AP is a good one.

Link to comment
Share on other sites

I think I messed up in the diagram above.

Shouldn't I also copy the victim's AP mac and copy it onto my MKV?

So it would look like this>

VICTIM SSID: HACKME

VICTIME MAC: XX:XX:XX:XX

MKV SSID: HACKME

MKV MAC: XX:XX:XX:XX

But the problem I see here, and please correct me, is if I clone the victim's mac+ssid and attempt to Deauth the victim, won't I also be Deauthing my MKV as well? (since I have the same mac+ssid on the MKV)??

I assume that Karma would not be needed in this kind of attack since it doesn't work on protected AP's.

Your feedback is more than welcomed.

Cheers guys

Link to comment
Share on other sites

Been thinking on this...

If you made the captive portal mimic an web error page, then have a pop up in the bottom corner like the network window asking for the passphase, you could pass it off, and wouldn't raise much concern.

If you had kama running you ,you may chance hooking it after the deauth of the real ssid

Or you could continue deauth the real ssid, and have the pineapple set on another channel

But for protected AP and not using kama I don't have an answer on that

Edited by Swamppifi
Link to comment
Share on other sites

It should work, but i'm not sure if Karma will have a role in this. I think the victim's computer will automatically try to reconnect to the AP. In this case thet MKV. The problem is, how do I avoid getting Deauthed from my netbook? (remember the MKV will have the same ssid,mac and channel as the victim's AP)

Chris Harlson made a fantastic video on how to do this on Kali.

Check it out: https://www.youtube.com/watch?v=LwEjYL6Eoro&list=TLquOCAKSeRAcRvPcQJ7RvC9-7K2VR2v4G

He also made a nice fake Linksys firmware update message where the user has to enter the wifi password:

http://hackthistv.com/eviltwin.zip

It would be nice if we could adapt Chris' eviltwin portal script to the MKV.

Cheers

Link to comment
Share on other sites

It should work, but i'm not sure if Karma will have a role in this. I think the victim's computer will automatically try to reconnect to the AP. In this case thet MKV. The problem is, how do I avoid getting Deauthed from my netbook? (remember the MKV will have the same ssid,mac and channel as the victim's AP)

Chris Harlson made a fantastic video on how to do this on Kali.

Check it out:

He also made a nice fake Linksys firmware update message where the user has to enter the wifi password:

http://hackthistv.com/eviltwin.zip

It would be nice if we could adapt Chris' eviltwin portal script to the MKV.

Cheers

That's what whitelists are for.
Link to comment
Share on other sites

Hey guys, here´s my AP´s information:

AP Name: HACKME

MAC XX:XX:XX:XX:XX:

CHANNEL 1

I copied the same information to my MKV

I did the deauth with KALI.

The results were not as i expected. The deauth process is not only jamming both access points. but MKV is overshadowed by my AP. as soon as i unplug my AP the MKV becomes visible.

Any ideas?

The problem I see here is that as soon as i copy my AP information and dump it onto my MKV it blocks my mkv out. (without even jamming it)

BTW. regarding the whitelist, are you referring to Karma´s white/black list?

The Deauth infusion can´t tell the difference between my MKV and MY AP. (for this reason I´m not using the Deauth infusion)

Any ideas would be more than welcomed.

cheers!!

Link to comment
Share on other sites

I am reading into your post that you connecting to the pineapple by wireless, what about using the lan to connect to the pineapple, so you won't be effected by the deauth.

Link to comment
Share on other sites

Hello,


If I connect with LAN, I don´t beleive that there will be a difference.



Wlan0 is where the victim's connect to my MKV.

Wlan0 is has the same mac,ssid & channel as my AP.

Therefore Wlan0 is getting shutdown by the Deauth (using KALI on my netbook)

Perhaps I´m too close to the my AP and my MKV?


In all honesty, I don't know how to solve this. I would hope that someone has pulld this off before.


Cheers!!
Link to comment
Share on other sites

Hello Cheeto

sorry mate , I hadn't understood what you was trying to do.

I has a look at chris video and demo files for the fake router update pages, very clever.

I can't see why a cut down version couldn't work on a pineapple.

I may have a play with it this weekend myself,

Link to comment
Share on other sites

Hi Swamppifi,

What I'm trying to do is:

Deauth a victim's pc from his AP (to do this, I'm using Kali)

Have the victim connect to MKV (Victim would think that he's reconnecting to his AP)

Victim will log into Mkv's Evil Portal and be instructed to re-enter his wifi password

The Password is recorded in a php script. (special thanks to Newbi3 for this)

Problems:

If I spoof my MKV with the same info as the Victims AP (ssid,mac and channel), then the MKV gets deauthed. (Which seems logical)

Solution?

Maybe play around with Karma? Perhaps the Black and white list.

Doubts:

If I understand correctly, the Karma's blacklist is the victim's mac and the whitelist is my MKV and my AP.

Would it be possible to blacklist the victim's machine mac? Or must it be the Victim's AP?

Is it necessary to change my MKV's ssid, mac & channel? Or will Karma take care of that for me?

Thanks for reading

BTW. The victim's AP is a spare AP I have. So the signal strength is not an issue here. I'm just 3 feet away from the victim's AP.

Link to comment
Share on other sites

Hey guys,

Still unable to figure it out.

I tried messing around with Karma (black and white list) but i can't seem to lure the victim onto the MKV. I know that Karma is designed for open access AP's.

Any suggustions?

Check out this video:


Cheers!

Edited by cheeto
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...