sinistergeek Posted June 22, 2021 Share Posted June 22, 2021 Hlw everyone i am tryning to create rouge access point with Hostapd and dnsmasq . So i tired using #Prevent from DNS clinent running sudo ss -lp "sport = :domain" sudo systemctl stop systemd-resolved ┌─[dummie@Devil]─[/etc] └──╼ $sudo dnsmasq -C dnsmasq.conf -d dnsmasq: failed to create listening socket for port 53: Address already in use ┌─[dummie@Devil]─[~] └──╼ $sudo lsof -P -i -n | grep LIST systemd 1 root 60u IPv6 34898 0t0 TCP [::1]:2947 (LISTEN) systemd 1 root 61u IPv4 32423 0t0 TCP 127.0.0.1:2947 (LISTEN) ruby 1525 beef-xss 10u IPv4 43867 0t0 TCP 127.0.0.1:6789 (LISTEN) ruby 1525 beef-xss 13u IPv4 44999 0t0 TCP *:3000 (LISTEN) named 1527 bind 36u IPv4 40403 0t0 TCP 127.0.0.1:953 (LISTEN) named 1527 bind 41u IPv4 40373 0t0 TCP 127.0.0.1:53 (LISTEN) named 1527 bind 43u IPv4 40374 0t0 TCP 127.0.0.1:53 (LISTEN) named 1527 bind 45u IPv4 40375 0t0 TCP 127.0.0.1:53 (LISTEN) named 1527 bind 47u IPv4 40376 0t0 TCP 127.0.0.1:53 (LISTEN) named 1527 bind 61u IPv6 40389 0t0 TCP [::1]:53 (LISTEN) named 1527 bind 62u IPv6 40390 0t0 TCP [::1]:53 (LISTEN) named 1527 bind 63u IPv6 40391 0t0 TCP [::1]:53 (LISTEN) named 1527 bind 64u IPv6 40392 0t0 TCP [::1]:53 (LISTEN) named 1527 bind 69u IPv4 39635 0t0 TCP 192.168.1.6:53 (LISTEN) named 1527 bind 70u IPv4 39636 0t0 TCP 192.168.1.6:53 (LISTEN) named 1527 bind 71u IPv4 39637 0t0 TCP 192.168.1.6:53 (LISTEN) named 1527 bind 72u IPv4 39638 0t0 TCP 192.168.1.6:53 (LISTEN) named 1527 bind 73u IPv6 40404 0t0 TCP [::1]:953 (LISTEN) named 1527 bind 78u IPv4 39194 0t0 TCP 192.168.92.1:53 (LISTEN) named 1527 bind 79u IPv4 39195 0t0 TCP 192.168.92.1:53 (LISTEN) named 1527 bind 80u IPv4 39196 0t0 TCP 192.168.92.1:53 (LISTEN) named 1527 bind 81u IPv4 39197 0t0 TCP 192.168.92.1:53 (LISTEN) named 1527 bind 94u IPv4 39240 0t0 TCP 10.10.1.1:53 (LISTEN) named 1527 bind 95u IPv4 39241 0t0 TCP 10.10.1.1:53 (LISTEN) named 1527 bind 96u IPv4 39242 0t0 TCP 10.10.1.1:53 (LISTEN) named 1527 bind 97u IPv4 39243 0t0 TCP 10.10.1.1:53 (LISTEN) postgres 1681 acunetix 3u IPv6 39263 0t0 TCP [::1]:35432 (LISTEN) postgres 1681 acunetix 4u IPv4 39264 0t0 TCP 127.0.0.1:35432 (LISTEN) postgres 1718 postgres 3u IPv6 41125 0t0 TCP [::1]:5433 (LISTEN) postgres 1718 postgres 4u IPv4 41126 0t0 TCP 127.0.0.1:5433 (LISTEN) postgres 1719 postgres 3u IPv6 39310 0t0 TCP [::1]:5432 (LISTEN) postgres 1719 postgres 4u IPv4 39313 0t0 TCP 127.0.0.1:5432 (LISTEN) vmware-au 1759 root 10u IPv6 39303 0t0 TCP *:902 (LISTEN) vmware-au 1759 root 11u IPv4 39304 0t0 TCP *:902 (LISTEN) opsrv 1793 acunetix 9u IPv4 41859 0t0 TCP *:3443 (LISTEN) faraday-s 2107 root 11u IPv4 47098 0t0 TCP 127.0.0.1:5985 (LISTEN) faraday-s 2107 root 13u IPv4 47101 0t0 TCP 127.0.0.1:9000 (LISTEN) Link to comment Share on other sites More sharing options...
digininja Posted June 22, 2021 Share Posted June 22, 2021 You are listing TCP ports there, not UDP, try: ss -anup Link to comment Share on other sites More sharing options...
sinistergeek Posted June 22, 2021 Author Share Posted June 22, 2021 ok....Will let u know asap....Don't go anywhere.... Link to comment Share on other sites More sharing options...
sinistergeek Posted June 22, 2021 Author Share Posted June 22, 2021 ┌─[dummie@Devil]─[~] └──╼ $ss -anup | grep :53 UNCONN 0 0 192.168.1.6:53 0.0.0.0:* UNCONN 0 0 192.168.1.6:53 0.0.0.0:* UNCONN 0 0 192.168.1.6:53 0.0.0.0:* UNCONN 0 0 192.168.1.6:53 0.0.0.0:* UNCONN 0 0 10.10.1.1:53 0.0.0.0:* UNCONN 0 0 10.10.1.1:53 0.0.0.0:* UNCONN 0 0 10.10.1.1:53 0.0.0.0:* UNCONN 0 0 10.10.1.1:53 0.0.0.0:* UNCONN 0 0 192.168.92.1:53 0.0.0.0:* UNCONN 0 0 192.168.92.1:53 0.0.0.0:* UNCONN 0 0 192.168.92.1:53 0.0.0.0:* UNCONN 0 0 192.168.92.1:53 0.0.0.0:* UNCONN 0 0 127.0.0.1:53 0.0.0.0:* UNCONN 0 0 127.0.0.1:53 0.0.0.0:* UNCONN 0 0 127.0.0.1:53 0.0.0.0:* UNCONN 0 0 127.0.0.1:53 0.0.0.0:* UNCONN 0 0 [::1]:53 [::]:* UNCONN 0 0 [::1]:53 [::]:* UNCONN 0 0 [::1]:53 [::]:* UNCONN 0 0 [::1]:53 [::]:* Link to comment Share on other sites More sharing options...
chrizree Posted June 22, 2021 Share Posted June 22, 2021 Instead of that kind of output; tell about what setup you are using. Is it an "out of the box" install of Ubuntu Server, Raspberry Pi OS Lite, other...? It's easier to help knowing the setup and background/scenario. Setting up an AP with dnsmasq and hostapd (rogue or not) isn't a difficult task. Link to comment Share on other sites More sharing options...
sinistergeek Posted June 22, 2021 Author Share Posted June 22, 2021 15 minutes ago, chrizree said: Instead of that kind of output; tell about what setup you are using. Is it an "out of the box" install of Ubuntu Server, Raspberry Pi OS Lite, other...? It's easier to help knowing the setup and background/scenario. Setting up an AP with dnsmasq and hostapd (rogue or not) isn't a difficult task. My apology, i am using parrot os.... Yes i am setting up AP with hostapd ┌─[dummie@Devil]─[~/AP] └──╼ $cat hostapd2.conf interface=wlan1 driver=nl80211 ssid=JOiNed to be hacked hw_mode=g channel=11 macaddr_acl=0 ignore_broadcast_ssid=0 -------------------------------------- Tryna build dns server ┌─[dummie@Devil]─[~] └──╼ $cat /etc/dnsmasq.conf interface=wlan1 dhcp-range=192.168.0.2,192.168.0.30, 255.255.255.0, 12h dhcp-option=3, 192.168.0.1 dhcp-option=6, 8.8.8.8 server=8.8.8.8 log-queries log-dhcp listen-address=127.0.0.1 ------------------------------------------ Here, is the issue... When do sudo dnsmasq dnsmasq.conf i get port 53 already used...Later i changed it port=5353 Then it work...But i can't see traffic coming from CLIENT device. I am extremely sorry if i bother u in anyway,,,I may be simple for u for me it's lil hard.. Question? - Is it necessary to use port 53? - why does every interface use port 53 ? What will be the consequence if i stop it all.? How to stop all.. :53 Link to comment Share on other sites More sharing options...
chrizree Posted June 22, 2021 Share Posted June 22, 2021 What happens if you run dnsmasq with only the following content in /etc/dnsmasq.conf interface=wlan1 dhcp-range=192.168.0.2,192.168.0.30,255.255.255.0,12h Link to comment Share on other sites More sharing options...
digininja Posted June 22, 2021 Share Posted June 22, 2021 @chrizree It would fail if there is already a process running that has port 53 locked @sinistergeek Try running the command again as root and it will include the processes which control those ports. Link to comment Share on other sites More sharing options...
sinistergeek Posted June 22, 2021 Author Share Posted June 22, 2021 32 minutes ago, chrizree said: What happens if you run dnsmasq with only the following content in /etc/dnsmasq.conf interface=wlan1 dhcp-range=192.168.0.2,192.168.0.30,255.255.255.0,12h This is the error what i get...When i ran the deafult dnsmasq from /etc/dnsmasq.conf ┌─[✗]─[dummie@Devil]─[~] └──╼ $sudo dnsmasq -C dnsmasq.conf -d dnsmasq: failed to create listening socket for 127.0.0.1: Address already in use Link to comment Share on other sites More sharing options...
digininja Posted June 22, 2021 Share Posted June 22, 2021 You will keep getting errors till you shut down whatever is already listening on port 53 as dnsmasq can't bind to the port when it tries to start up. Check the output from ss and that will tell you what is listening, probably another copy of dnsmasq, which you can then kill to make room for your version. Link to comment Share on other sites More sharing options...
sinistergeek Posted June 25, 2021 Author Share Posted June 25, 2021 On 6/22/2021 at 1:51 PM, digininja said: You will keep getting errors till you shut down whatever is already listening on port 53 as dnsmasq can't bind to the port when it tries to start up. Check the output from ss and that will tell you what is listening, probably another copy of dnsmasq, which you can then kill to make room for your version. Yea i did managed to figured out...Thanks For the help!!! Now it's working Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.