At the time of this post there is a lot of wrong information
on how to setup a fake AP on Kali Linux.
This seems to be mostly because Kali Linux uses the isc-dhcp-server
package and not dhcp3. Right now SET’s
fake AP doesn’t work due to this. I’m
sure that will be fixed soon, @dave_rel1k puts a lot of effort into that tool
which is why it is so great. But for
right now, it doesn’t work for setting up a fake AP. So if you google around you find videos about
Websploit like this one: http://www.youtube.com/watch?v=DXGj2vxdzvo
Well that doesn’t work either for the same reason. How frustrating is that? I found two tools that do work with some
setup. Easy-Creds and PwnSTAR. While both worked I decided I liked Easy-Creds
better but I’ll help you get both going now.
Easy-Creds:
Setup:
Check the github page and see if Brav0Hax added the
install.sh script there yet https://github.com/brav0hax/easy-creds. If so, download everything from github. If there is no install.sh file download the
tarball from there: http://sourceforge.net/projects/easy-creds/files/easy-creds-v3.7.3.tar.gz/download. Untar the file and run the install.sh script.
Two things will fail but that is OK. First, it tries to install and older version
of lilssl, no worries. The other is the
dhcp3 server. So manually run apt-get
install isc-dhcp-server. Now in case you
played with dhpc3 or another script that I mentioned above, make sure there is
no /etc/dhcp3 directory. If there is
delete it or things won’t work. The
directory isc-dhcp-server uses is /etc/dhcp and there is a dhcpd.conf file in
there, that is the one you will use.
Now download the current version of the easy-creds.sh script
from github https://github.com/brav0hax/easy-creds
and copy if over the version that you installed with install.sh (probably
/opt/easy-creds/easy-creds.sh).
Run updatedb one last time for good luck.
Run updatedb one last time for good luck.
The cool thing about this install script is it always setups
FreeRADIUS-WPE for you all automated, which is another whole blog post.
Note: the version
at the top is 3.8-dev. If you are
running something older things won’t work.
I found if you don’t do this the AP you setup is a bit flaky
and karmetasploit won’t work, and you want that to work now don’t you? Finally, in the Prerequisites &
Configurations menu select 5 and add at0 to the INTERFACES in the file it opens
up as so:
Remember to save the file when you exit. Now you are ready to go.
Create a Fake AP:
Simply pick FakeAP Attacks from the main menu, select the
one you want, and fill in the info it asks for.
In almost all cases its example is exactly what you want to use. It is as easy as that. The Static attack will
setup an AP with a name that you set, if you are testing it that is the easiest
to use for a test so you can connect to it and make sure everything is
working. The EvilTwin will simply
respond to whatever clients ask for, which is probably what you want to do for
real, but can be harder to test.
Brov0Hax has some good videos for this tool, here is a good
one for setting up the Static AP:
PwnSTAR:
Setup:
First, do everything I just told you to do in the setup of
Easy-Creds. That is right, that tool’s
setup automates things and it is all the same requirements. So if you skipped that tool, go back and
start from the beginning.
Next, run Eterm, select Background, Pixmap, None. Then Eterm, Save Them Settings and Save User
Settings. You may not have to do this,
but for me the Eterm pop up windows all had messed up backgrounds that made it
impossible for me to read the text. It
was crazy annoying, if that happens to you, that is how you fix it.
Download the script from here: https://code.google.com/p/pwn-star/downloads/list
I also recommend reading the README.txt as well.
Create a Fake AP:
Run the script and pick and option and go through the
menu. It is almost that easy since you
set things up for Easy-Creds:
Now there is one catch, when you see this:
You just lost your Internet connection. In another windows bring it back up and don’t
move on until you can ping google.com or things won’t work. I found I just needed to do a dhclient eth0
and everything was all fixed. I don’t
know why this happens.
Conclusion:
Both tools do slightly different things. Easy-Creds has the handy install script which
helps a lot with setting things up for both tools and it doesn’t kill your LAN
connection like PwnSTAR does. The one thing PwnSTAR does that Easy-Creds
doesn’t is it offers a “Both” option for Evil Twin where it will both broadcast
a specific SSID and respond to whatever the client ask for. I like that.
Easy-Creds looks like it is one or the other only. Other than that Easy-Creds seems cleaner and
seems to work more consistently. Overall
that is the tool I would recommend you use right now. I’m sure SET and Websploit will update their
tools as well before too long and they will start working again. Until then, you now know what to do.
No comments:
Post a Comment