The_challanger Posted December 11, 2015 Posted December 11, 2015 Hello everyone; So I wanted to make a fake access point using airbase-ng; So I types airbase-ng -a bssid --essid "essid" -c # interface The rogue ip started but I cant log on it and said its taking too long Ps: I have tp-link 722 wifi adapter Quote
cooper Posted December 11, 2015 Posted December 11, 2015 There are 2 sides talking here, the AP and the client. Which side is saying it's taking too long and what is the other side saying? If the logs are insufficient in showing the cause of the problem, try running Wireshark on the wireless interface and look at the traffic. Quote
The_challanger Posted December 11, 2015 Author Posted December 11, 2015 Thnx for the quick reply mr cooper, the client when trying to connect to the fake AP gets a message saying its taking too long to connect Quote
The_challanger Posted December 11, 2015 Author Posted December 11, 2015 Access point with BSSID started Client ############ associated (unencrypted) to ESSID "WIFI NAME" And MY android phone keep saying getting ip address Quote
cooper Posted December 11, 2015 Posted December 11, 2015 Is a DHCP server active on the server (I know *nothing* about aircrack and friends)? Quote
The_challanger Posted December 12, 2015 Author Posted December 12, 2015 Sorry for the delay I only had 3 posts yesterday, im not running any server, just created a faje ap after running airodump-ng and then airbase-ng with same mac adress and network name of my home network. .. what I noticed is when I look for my fake ap sometimes it shows the fake one and sometimes it shows the real one. Quote
AlfAlfa Posted December 12, 2015 Posted December 12, 2015 Looks like Cooper solved it again :) He's right unless you have a dhcp server running, there is nothing to assign an ip address to your client trying to connect. Configure the IP manually and it should connect. That's not good though for auto-connecting with a automatically assigned IP address so, get a DHCP server up and running. This excript taken from ubuntu forums but I think kali also will work to grab this one: -> Open up a terminal and type: sudo apt-get install isc-dhcp-server There are two main files /etc/default/isc-dhcp-server and /etc/dhcp/dhcpd.conf which we will need to configure so lets take the first. Open up a terminal and using your favorite text editor type: sudo vim /etc/default/isc-dhcp-server You should get the following: #Defaults for dhcp initscript#sourced by /etc/init.d/dhcp#installed at /etc/default/isc-dhcp-server by the maintainer scripts##This is a POSIX shell fragment##On what interfaces should the DHCP server (dhcpd) serve DHCP requests"#Separate multiple interfaces with spaces, e.g. “eth0 eth1".INTERFACES="eth0" Replace eth0 above with the name of your network interface that you want the server to lease addresses on. Onto the next file. Open up a terminal and type: sudo vim /etc/dhcp/dhcpd.conf which should give you the output below. ##Sample configuration file for ISC dhcpd for Debian##Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as#configuration file instead of this file.##....option domain-name “example.org”;option domain-name-servers ns1.example.org, ns2.example.org;option domain-name “comtech.com”;default-lease-time 600;max-lease-time 7200;log-facility local7;subnet 10.0.0.0 netmask 255.255.255.0 {range 10.0.0.150 10.0.0.253;option routers 10.0.0.2;option subnet-mask 255.255.255.0;option broadcast-address 10.0.0.254;option domain-name-servers 10.0.0.1, 10.0.0.2;option ntp-servers 10.0.0.1;option netbios-name-servers 10.0.0.1;option netbios-node-type 8; ......} This needs a little bit of explaining. Adjust your settings according to your network requirements. The option domain name is your dns zone name. For example mine is set to comtech.com. Range should be the range of ip addresses that you want the server to give out to clients. Now restart the dhcp service by typing: sudo service isc-dhcp-server restart Thats it!! Your dhcp server should be running Quote
digip Posted December 12, 2015 Posted December 12, 2015 (edited) Airbase-ng documentation specifies you need to serve DHCP and DNS for a valid interface that has internet access, or at least, the DHCP needs to work. What you serve as the internet is up to you though.http://www.aircrack-ng.org/doku.php?id=airbase-ng#softap Edited December 12, 2015 by digip Quote
The_challanger Posted December 23, 2015 Author Posted December 23, 2015 thank you guys, i followed alfa alfa's Tutorial with no success then i tried many methods to set up a dhcp server and failed, so can you guys help me out here and explain everything about this to me. Quote
cooper Posted December 23, 2015 Posted December 23, 2015 explain everything I think you'll find the answer to that is a resounding 'no'. People here are more than happy to help, but if you run into a snag don't ask for someone to "explain everything". Instead, find out where in the process you're following things to sideways. Think long and hard about why that might be. Try a ton of variations to this - alternate parameters to programs, config file changes, that sort of thing. Google the CRAP out of it. Still can't get it to work? Ask about that specific part of the process. You'll get a lot better responses that way. Quote
The_challanger Posted December 23, 2015 Author Posted December 23, 2015 I meant explaining every step in the process ( i guess i was asking for too much)..."google"...What is that?!!! i read almost every article i found on google. this is the only forum i signed for hoping to learn new stuff. Quote
cooper Posted December 23, 2015 Posted December 23, 2015 And you can. But my experience is that you learn by doing first and asking when you get stuck. And when you get stuck halfway through something, don't assume everything you've done up until that point was for naught. Ask about that specific part by explaining what you see happening, what you expected to be happening instead, why you think those two things are different and what you've tried to fix it. People here are more than happy to help, but you've got to show you've been doing some legwork yourself too. Quote
The_challanger Posted December 24, 2015 Author Posted December 24, 2015 ok here is my /etc/dhcpd.conf authoritative;default-lease-time 600;max-lease-time 7200;subnet 192.168.1.128 netmask 255.255.255.128 {option subnet-mask 255.255.255.128;option broadcast-address 192.168.1.255;option routers 192.168.1.129;option domain-name-servers 8.8.8.8;range 192.168.1.130 192.168.1.140;} and then i typed this root@kali:~# ifconfif at0 192.168.1.129 netmask 255.255.255.128bash: ifconfif: command not foundroot@kali:~# route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.129root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forwardroot@kali:~# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADEroot@kali:~# iptables --append FORWARD --in-interface at0 -j ACCEPTroot@kali:~# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.246.128:80root@kali:~# iptables -t nat -A POSTROUTING -j MASQUERADEroot@kali:~# dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0 so i got this; Internet Systems Consortium DHCP Server 4.3.3Copyright 2004-2015 Internet Systems Consortium.All rights reserved.For info, please visit https://www.isc.org/software/dhcp/Config file: /etc/dhcpd.confDatabase file: /var/lib/dhcp/dhcpd.leasesPID file: /var/run/dhcpd.pidlease 192.168.1.100: no subnet.lease 192.168.1.100: no subnet.lease 192.168.1.100: no subnet.Wrote 0 leases to leases file.Listening on LPF/at0/c4:e9:84:0c:91:e6/192.168.1.128/25Sending on LPF/at0/c4:e9:84:0c:91:e6/192.168.1.128/25and then i typed this: /etc/init.d/isc-dhcp-server start this is what got [....] Starting isc-dhcp-server (via systemctl): isc-dhcp-server.serviceJob for isc-dhcp-server.service failed. See 'systemctl status isc-dhcp-server.service' and 'journalctl -xn' for details. failed! Quote
cooper Posted December 24, 2015 Posted December 24, 2015 Here's a really stupid thought: How's about you do what the error message tells you? You know, running "systemctl status isc-dhcp-server.service" and "journalctl -xn". Rumor has it doing that will result in some details. Oooh, I think I just heard someone yell "google". I wonder why... Quote
The_challanger Posted December 25, 2015 Author Posted December 25, 2015 root@kali:~# journalctl -xn-- Logs begin at Thu 2015-12-24 04:45:32 EST, end at Thu 2015-12-24 13:04:34 EST. --Dec 24 13:04:15 kali isc-dhcp-server[42588]: ^Dec 24 13:04:15 kali isc-dhcp-server[42588]: Configuration file errors encountered -- exitingDec 24 13:04:15 kali isc-dhcp-server[42588]: If you think you have received this message due to a bug ratherDec 24 13:04:15 kali isc-dhcp-server[42588]: than a configuration issue please read the section on submittingDec 24 13:04:15 kali isc-dhcp-server[42588]: bugs on either our web page at www.isc.org or in the README fileDec 24 13:04:15 kali isc-dhcp-server[42588]: before submitting a bug. These pages explain the properDec 24 13:04:15 kali isc-dhcp-server[42588]: process and the information we find helpful for debugging..Dec 24 13:04:15 kali isc-dhcp-server[42588]: exiting.Dec 24 13:04:26 kali dhclient[24972]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 8Dec 24 13:04:34 kali dhclient[24972]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 12 Quote
The_challanger Posted December 25, 2015 Author Posted December 25, 2015 root@kali:~# systemctl status● kali State: degraded Jobs: 0 queued Failed: 5 units Since: Thu 2015-12-24 04:45:28 EST; 8h ago CGroup: / ├─1 /sbin/init ├─system.slice │ ├─avahi-daemon.service │ │ ├─826 avahi-daemon: running [kali.local │ │ └─827 avahi-daemon: chroot helpe │ ├─inetd.service │ │ └─516 /usr/sbin/inetd -i │ ├─dbus.service │ │ └─536 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation │ ├─ModemManager.service │ │ └─509 /usr/sbin/ModemManager │ ├─cron.service │ │ └─513 /usr/sbin/cron -f │ ├─wpa_supplicant.service │ │ └─24903 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant │ ├─accounts-daemon.service │ │ └─507 /usr/lib/accountsservice/accounts-daemon │ ├─colord.service │ │ └─719 /usr/lib/colord/colord │ ├─atd.service │ │ └─511 /usr/sbin/atd -f │ ├─systemd-journald.service │ │ └─189 /lib/systemd/systemd-journald │ ├─udisks2.service │ │ └─1053 /usr/lib/udisks2/udisksd --no-debug │ ├─upower.service │ │ └─706 /usr/lib/upower/upowerd │ ├─packagekit.service │ │ └─838 /usr/lib/packagekit/packagekitd │ ├─systemd-logind.service │ │ └─522 /lib/systemd/systemd-logind Quote
fugu Posted December 25, 2015 Posted December 25, 2015 (edited) I know Im late to the discussion, but there is a good demo of this software, somewhere on securitytube. I think it might be here: WLAN Security Megaprimer 10 from Vivek Ramachandran http://www.securitytube.net/video/1780 https://player.vimeo.com/video/22832760 Edited December 25, 2015 by fugu Quote
cooper Posted December 26, 2015 Posted December 26, 2015 isc-dhcp-server[42588]: Configuration file errors encountered Dude, seriously.... Quote
The_challanger Posted December 26, 2015 Author Posted December 26, 2015 Dude, seriously.... oops I think i got into the wrong forum... Quote
AlfAlfa Posted December 26, 2015 Posted December 26, 2015 oops I think i got into the wrong forum... Not so fast! I decided to set up my own hosted AP to show you how it's done! (and I've been meaning to get this going anyway) I figured it out, and made my own guide, try this one it'll work this time :) Hint: use hostapd not airbase Your main problem is your config file(s) with incorrect input, or placed in the wrong place... Follow along with this closely and get it right, substituting your proper interface, etc, where it needs to go. Prerequisites: apt-get install hostapd udhcpd udhcpc hostapd - which will use your desired and compatible interface to enable "master" mode/AP mode udhcpd will be your dhcp server daemon (for giving ips to devices connecting to your AP) udhcpc will be your dhcp client (for getting an ip address from your internet connected interface) Instructions: After installing the required daemons and dhcp client, first lets create your hostapd config file... These commands should be run as root I'm using wlan0 as my access point and using wlan1 has the internet access with which to share with devices connected to my AP! (on wlan0) :) 1. nano /etc/hostapd/hostapd.conf shift+insert this default config and customize it (change interface, ssid, and wpa_passphrase, leave other options unless you run into issues) interface=wlan0 driver=nl80211 ssid=MySuperAwesomeHomemadeAP hw_mode=g channel=7 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=3 wpa_passphrase=starwars wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP Ok so now you have that saved as /etc/hostapd/hostapd.conf hostapd should work now, but NetworkManager conflicts with it, more specifically wpa_supplicant does. This is because when the network manager is managing your interfaces it automatically keeps your interfaces in managed mode (or whatever mode its using) which will interrupt the process of starting the access point. Let's make sure hostapd works real fast before we continue. You may need to specify the proper driver name for you if yours is different than nl80211 or wext. (I'm already assuming you know your device is capable of AP mode) Do: (to stop the confliciting network manager and wpa_supplicant) systemctl stop NetworkManager systemctl stop wpa_supplicant Then: (start hostapd in the background and -d for more verbose output {in case things don't work out, you can see more of what could've gone wrong}) hostapd -d -B /etc/hostapd/hostapd.conf If you see something like this at the end: "wlan0: interface state UNINITIALIZED->ENABLED wlan0: AP-ENABLED wlan0: Setup of interface done." Now you should see it visible and popup in network scans! If you try to connect though there isn't any DHCP server running to give you one. 2.Now let's get your DHCP server working... nano /etc/dhcp/dhcpd.conf configuration to use 10.0.0.1 as your gateway IP for your AP, which gives IP addresses from 10.0.0.2 - 10.0.0.254 and gives them openDNS directly as their DNS. (let's just make sure it works we can force them to use our own dns server later) :D ddns-update-style none; ignore client-updates; authoritative; subnet 10.0.0.0 netmask 255.255.255.0 { # --- default gateway option routers 10.0.0.1; # --- Netmask option subnet-mask 255.255.255.0; # --- Broadcast Address option broadcast-address 10.0.0.255; # --- Domain name servers, tells the clients which DNS servers to use. option domain-name-servers 10.0.0.1, 208.67.222.222, 208.67.220.220; option time-offset 0; range 10.0.0.2 10.0.0.254; default-lease-time 1209600; max-lease-time 1814400; } With that config saved, running these next two commands should work: ifconfig wlan0 10.0.0.1 netmask 255.255.255.0 dhcpd wlan0 First we make sure we have wlan0 with the same IP we put for default gateway in the dhcpd.conf, then run the dhcp daemon for wlan0. If all went well you should now be able to connect to your access point and automatically get assigned an IP address from our dhcp daemon we launched and will stay running in the background giving out IP addresses as needed. 3. Lets now get our internet sharing interface (wlan1) set up to share it's access with our clients connected to our AP (wlan0) If you remember now, wait a minute, since we had to stop NetworkManager and we can't use it at the same time as hostapd how are we going to connect our wlan1 interface to get internet to share with wlan0 AP clients? Restarting the NetworkManager service won't do us any good, it will screw up your hostapd and just give you internet back on your wlan1.. So what can we do? Answer: We have to connect with wpa/wpa2 and stay connected via the command line in some way. a. manually use wpa_supplicant to authenticate, and udhcpc to get a dynamic IP address. b. configure your internet interface in /etc/network/interfaces and use "ifup wlan1" and let it handle the wpa_supplicant for you. Either way create a /etc/wpa_supplicant/wpa_supplicant.conf with credentials to your access point with internet that your going to share on your hostapd hosted AP... ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1 network={ ssid="YourInternetConnectedAP" psk="password" } for method a, do: #start wpa_supplicant in background for [interface that has internet] wpa_supplicant -B -i wlan1 -D nl80211,wext -c /etc/wpa_supplicant/wpa_supplicant.conf #obtain an ip address from dhcp server on your network that has internet access udhcpc -i wlan1 #dhclient -i wlan1 #or you could use this one You should now be connected to the internet with one interface, and simultaneously hosting an AP with the other. You still don't get internet with your clients connected to your hosted AP though until-> sysctl -w net.ipv4.ip_forward=1 #replace wlan1 with the interface that has internet iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE #replace wlan0 with the interface with your hosted AP iptables --append FORWARD --in-interface wlan0 -j ACCEPT Now you should have internet working everywhere :D Internet on your main machine, with one interface getting internet wirelessly, and a second interface hosting an access point that shares it! For method b, edit /etc/network/interfaces set to something like this # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback iface wlan1 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet static address 192.168.1.99 netmask 255.255.255.0 network 192.168.1.0 gateway 192.168.1.1 I have the IP configured manually, but you could change it to "iface wlan1 inet dhcp" and skip the other lines below it for dhcp instead of manual IP selection. Then instead of the wpa_supplicant and udhcpc/dhclient commands, just do: ifup wlan1 This way it should still connect and maintain your connection similar to what NetworkManager would do, but without using it. Now you have your very own hosted access point that shares internet from another access point! :D My Success In Action: http://webm.land/media/6EAf.webm The two scripts I ended up with to automate launching my custom pineapple (sort of) start-ap.sh #startap.sh #wlan0 will be my hosted access point, and wlan1 is the interface with internet access... systemctl stop NetworkManager systemctl stop wpa_supplicant ifconfig wlan0 up 10.0.0.1 netmask 255.255.255.0 sleep 2 #start dhcp server for [your AP interface] interface dhcpd wlan0 #start hostapd in background with specified config hostapd -d -B /etc/hostapd/hostapd.conf #bring up interface and let wpa_cli handle staying connected... ifdown --force wlan1 ifup wlan1 # edit: /etc/network/interfaces #enable internet forwarding from wlan1 to wlan0 sysctl -w net.ipv4.ip_forward=1 iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE iptables --append FORWARD --in-interface wlan0 -j ACCEPT stop-ap.sh ifdown --force wlan1 killall dhcpd killall udhcpc killall hostapd killall wpa_supplicant systemctl restart NetworkManager Surely you are able to get it working for you now :) P.S. Hey Cooper I pulled it off using two separate interfaces one for the hosted ap and the second to get internet from. Would it work if instead it was one device virtually separated into two virtual interfaces? Anyway that's how the shared ap works in Windows (called virtual wifi sharing or something like that). Although it doesn't work well and maybe because it's trying to be an AP and a client at the same time with one physical device... This works much better, so even if one device for both would also work on linux I think it's best to have one adapter dedicated to being your AP and the other dedicated to getting that signal! Quote
The_challanger Posted December 29, 2015 Author Posted December 29, 2015 Hey ALFA ALFA , big thanks for your effort, your tuttorial worked well for me in the 1st time then i wanted to edit the hostapd.conf file to change the ap name and password and then i typed: hostapd -d -B /etc/hostapd/hostapd.conf so i got this error message nl80211 could not configure driver mode...i restarted my kali linux 2.0 but i got the same. maybe the hostapd still running after restart idk. thanks again man! Quote
AlfAlfa Posted December 29, 2015 Posted December 29, 2015 (edited) Hey ALFA ALFA , big thanks for your effort, your tuttorial worked well for me in the 1st time then i wanted to edit the hostapd.conf file to change the ap name and password and then i typed: hostapd -d -B /etc/hostapd/hostapd.conf so i got this error message nl80211 could not configure driver mode...i restarted my kali linux 2.0 but i got the same. maybe the hostapd still running after restart idk. thanks again man! You can just call me Alf! Alfa is the company's name of wifi devices I like, and Alf is my name :) Cool that it worked to help you, as it did for me, since I may not have even figured out how to do it yet and you got me to "get around to it" faster! lol... As for hostapd not starting properly, after you restarted did you make sure you stopped NetworkManager AND the wpa_supplicant instance that it spawns? You can't just kill wpa_supplicant as network manager will launch it again to do what it needs to do, and you can't just kill network manager because it will leave a hanging running wpa_supplicant that it created... It is also possible that nl80211 isn't the right driver for your device, but since it worked initially I doubt that's it... Actually you could figure it out easily by seeing what the network manager or ifup runs it as... do: ps ax And if you see network manager and/or wpa_supplicant you can see the driver it passes in the -D parameter of wpa_supplicant. "wext" seems to be a generic "wireless extensions" one you could try, there are others named differently depending on device and device drivers. If you do see the network manager stop it: (or just know that it launches automatically on boot, and that you have to stop it) systemctl stop NetworkManager systemctl stop wpa_supplicant or I think even service NetworkManager stop service wpa_supplicant stop is another way to write it... Another note: if you used ifup method b. instead of manually running wpa_supplicant and dhcp client to get IP, it's better because if you lose connection it'll automatically reconnect kind of like network manager would do, whereas dhcp getting an IP wont automatically get another one if your dropped and lose the one you had. You'd have to have some code running in a loop that somehow checks to see if your not connected anymore then re-runs dhclient or udhcpc again. That's kind of a hassle to implement and so I just use ifup and ifdown as my way of not having to write that code since it's already written there, and probably better than I would do it. When doing it like that though I've noticed Network Manager can't seem to make use of the interface anymore since it relinquishes it's control to ifup, I'm pretty sure anyway. So I've mostly stopped using network manager altogether! :) Oh and a final thing I know I said skip every line after "iface wlan1 inet dhcp" if using the /etc/network/interfaces edit method (ifup and ifdown) but I think "wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf" should stay so really the lines after that is what I meant to stick with dhcp instead of manual ip config. Plus you can add multiple wpa networks to your supplicant .conf to roam networks as you leave the signal area of one access point and enter another. Edited December 29, 2015 by AlfAlfa Quote
cooper Posted December 29, 2015 Posted December 29, 2015 Woah. And people say I'm thorough in my replies... Quote
The_challanger Posted January 4, 2016 Author Posted January 4, 2016 (edited) Hey ALF how is it going; so I guess my problem was that the hostapd keep running even after i restart my kali linux, so i run "ps ax" and then kill hostapd pid (i wonder if there's a command line to do that)...anyway now i know how to create a an access point using hostapd the question now is how to create an evil twin ap using hostapd with same bssid and essid and channel of let's say my neighbor's network and its must be open so i can force him to connect to my fake ap when i deauth his network. Edited January 4, 2016 by The_challanger Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.