The next attack we would talk about is setting up a rogue or fake access point. Our goal would be to make the victim connect to it, and since we will have control of the access point, we can redirect traffic as we want. We will use the SET to raise a fake access point. Though there are other tools that can be used here, such as airbase, gerrix, etc., I found SET to be the simplest.
Step 1—From the “Social Engineering Attacks” menu, select the “Wireless Access Point attack Vector.”
Step 2—We can see from the description that we require four utilities to launch this attack
vector, namely, Air-Base-NG, AirMon-NG, DNSSpoof, and dhcp3. Except for dhcp3, the
other tools come preinstalled with BackTrack 5. Therefore, we would need to install dhcp3
in order to launch this attack vector.
vector, namely, Air-Base-NG, AirMon-NG, DNSSpoof, and dhcp3. Except for dhcp3, the
other tools come preinstalled with BackTrack 5. Therefore, we would need to install dhcp3
in order to launch this attack vector.
Step 3—We would use “apt-get install dhcp3-server” command to install dhcp3 inside of
BackTrack. It’s listed in the image, since I have already installed it. If you face any problems
while installing the dhcp3 server, I would recommend you to consult the backtrack-linux.
org forum.
BackTrack. It’s listed in the image, since I have already installed it. If you face any problems
while installing the dhcp3 server, I would recommend you to consult the backtrack-linux.
org forum.
Step 4—After you have installed the dhcp3 server, from the SET choose the first option to start setting the fake access point. Next, the SET will take you to the /etc/default/dhcp3-server file where you would need to specify the interface on which you would like the dhcp server to serve the dhcp requests. We would now add our wireless interface “wlan0” for serving dhcp requests.
Step 5—Next, it will ask you for the dhcp range to assign to the clients that would connect to our access points. I would prefer choosing 192.168.10.100-254, since it’s used more often.
Step 6—Finally, we would enter our wireless network interface, which would be wlan0; yours might be different, you can do iwconfig to check for your wireless interfaces.
Now, we are all set and done and the SET will launch our fake access point with the SSID
“linksys”, which is its name by default. It will have no encryption set.
“linksys”, which is its name by default. It will have no encryption set.
As a side note, if we would like to change the name of our wireless access point, we can do it
by modifying the value of ACCESS_POINT_SSID parameter located inside the SET config file
in the /pentest/exploits/set/config directory.
by modifying the value of ACCESS_POINT_SSID parameter located inside the SET config file
in the /pentest/exploits/set/config directory.
ATTACK SCENARIO
Once the victim connects to our fake access point, we can perform various types of attacks against him. We can either perform an ARP poisoning attack or a phishing attack or just set up a malicious webserver to redirect all the traffic to our webserver, whenever the victim browses websites such asfacebook.com or google.com. This can be easily done by editing the contents of the /etc/ hosts file. Since we are in control of the access point, we can manipulate things that would be presented to the victim.
127.0.0.1 is our home address, so we would edit the /etc/hosts file to and we would point
the hosts that we want to target say Facebook, Google, twitter etc to our Home address. So this means that the next time when victim would enter the target url in his browser say facebook.com. he would be redirected to our address where we could launch different types of client side attacks. The following screenshot explains how the edits would look like:
the hosts that we want to target say Facebook, Google, twitter etc to our Home address. So this means that the next time when victim would enter the target url in his browser say facebook.com. he would be redirected to our address where we could launch different types of client side attacks. The following screenshot explains how the edits would look like:
After you have manipulated the records, whenever the victim browses his favorite websites,
say google.com, facebook.com, or yahoo.com, he will be redirected to our local IP address, where we would host our malicious SET webserver or a phishing page.
say google.com, facebook.com, or yahoo.com, he will be redirected to our local IP address, where we would host our malicious SET webserver or a phishing page.
No comments:
Post a Comment