setup a fake ap with backtrack5

转载 2012年03月22日 09:00:21

Recently I needed to setup a fake access point for a presentation, I fired up my Backtrack5 VM, Connected my Alfa AWUS036H USB adapter and started to configure the Fake AP.

There are a lot of Tutorials and Scripts for setting up a Fake AP,  The “Gerix”  tool also have an option to auto set a Fake AP (for some reason this tool never worked for me).

I started to setup my fake AP and had run into some trouble for a strange reason.

I decided to put my experience here hopefully you’ll find it useful.

Started by putting my Wlan interface in monitor mode

root@Blackbox:~/fakeap# airmon-ng start wlan1
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1558    dhclient
Interface       Chipset         Driver
wlan1           Realtek RTL8187L        rtl8187 - [phy1]SIOCSIFFLAGS: Unknown error 132
                                (monitor mode enabled on mon0)

I noticed the following error: “Unknown error 132″
Tried using airodump-ng to see what happens…

root@Blackbox:~/fakeap# airodump-ng mon0
ioctl(SIOCSIFFLAGS) failed: Unknown error 132

Got the same error.

The solution was simply to unload the RTL8187 and Load the R8187 driver instead as follows:

root@Blackbox:~/fakeap# rmmod rtl8187
root@Blackbox:~/fakeap# modprobe r8187

Tried putting wlan In monitor mode again

root@Blackbox:~/fakeap# airmon-ng start wlan1
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1558    dhclient
Interface       Chipset         Driver
wlan1           RTL8187         r8187 (monitor mode enabled)

Well, that fixed the problem

root@Blackbox:~/fakeap# iwconfig
lo        no wireless extensions.
eth3      no wireless extensions.
wlan1     802.11b/g  Mode:Monitor  Channel=10  Bit Rate=11 Mb/s
          Tx-Power=5 dBm
          Retry:on   Fragment thr:off
          Link Quality=0/100  Signal level=50 dBm  Noise level=-156 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Now we can proceed to the fake ap setup process

1. Install a DHCP Server

apt-get install dhcp3-server

2. Edit “/etc/dhcp3/dhcpd.conf” as follows (You can change ip address, pool and dns server as needed):

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.254;
option domain-name-servers 8.8.8.8;
range 10.0.0.1 10.0.0.140;
}

3. Put your wlan in monitor mode

airmon-ng start wlan1

4. Start airbase-ng, you will need to specify the AP SSID and channel number

airbase-ng -e FreeWifi -c 11 -v wlan1 &

5. Airbase will create a new adapter “at0″ you will need to enable it and assign it with an ip address and subnet mask, the ip address you assign to this interface will be the default gateway that you specified in the dhcpd.conf file.

ifconfig at0 up
ifconfig at0 10.0.0.254 netmask 255.255.255.0

6. Add a route

route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254

7. Setup ip tables

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT

• Eth3 is my external interface which is connected to the internet change it to whatever yours is

iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE

8. Clear dhcp leases

echo > '/var/lib/dhcp3/dhcpd.leases'

9. Create a symlink to dhcpd.pid (skipping this may cause an error when starting dhcp server)

ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid

10. Start the DHCP server

dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

11. Don’t forget to enable IP forwarding

echo "1" > /proc/sys/net/ipv4/ip_forward

That’s All Folks!

I have created a simple bash script to automate this process you will just need to change it  to suit your configuration.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/bash

echo "Killing Airbase-ng..."
pkill airbase-ng
sleep 2;
echo "Killing DHCP..."
pkill dhcpd3
sleep 5;

echo "Putting Wlan In Monitor Mode..."
airmon-ng stop wlan1 # Change to your wlan interface
sleep 5;
airmon-ng start wlan1 # Change to your wlan interface
sleep 5;
echo "Starting Fake AP..."
airbase-ng -e FreeWifi -c 11 -v wlan1 & # Change essid, channel and interface
sleep 5;

ifconfig at0 up
ifconfig at0 10.0.0.254 netmask 255.255.255.0 # Change IP addresses as configured in your dhcpd.conf
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254

sleep 5;

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE # Change eth3 to your internet facing interface

echo > '/var/lib/dhcp3/dhcpd.leases'
ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

sleep 5;
echo "1" > /proc/sys/net/ipv4/ip_forward

Fake_AP模式下的Easy-Creds浅析

http://www.yunweidashi.com/view-46ffd98584de4c5283c1bb32a6561602-46e3480d90274813aa7ee51ff3d3e64e.ht...
  • ztguang
  • ztguang
  • 2016年02月01日 00:00
  • 360

VLANs with Open vSwitch Fake Bridges

Original article:http://blog.scottlowe.org/2012/10/19/vlans-with-open-vswitch-fake-bridges/ In othe...

5 Drease-and-Conquer Fake-Coin Problem(减治法求假币问题)

减治法Decrease and Conquer *Exploring the relationship between a solution to a given instance of (e.g....

BackTrack5 学习笔记三

离线攻击MSF 1.        制造离线攻击脚本 先创建一个反向连接TCP客户端(相当于木马),然后把这个.exe文件通过垃圾邮件发送给别人。/pentest/exploits/framew...

Backtrack5安装ThinkPad RTL8192ce-SE无线网卡驱动,同样适用其他Linux发行版本

是使用Unetbootin工具将Backtrack5安装到SD卡上的。但是我发识别无线网卡,网上找了好久,终于解决了这个问题,现在将处理的过程分享给大家。此方法同样可解决Linux系统下ThinkPa...

[HowTo]BackTrack5-R2上编译GCC4.7.0编译器(大家一起来学C++11)

虽然自己的简历上写着熟悉C/C++,但是之前说白了,自己也是用C++的编译器写着C代码的程序员,C++一些比较强大的语言特性并没有很好的融入到自己的代码当中.当然,写Win驱动的话,我还是喜欢比较原始...
  • gaa_ra
  • gaa_ra
  • 2012年04月08日 11:44
  • 6398

backtrack5r3信息收集之主机综合扫描工具的使用

1,tcptraceroute(路由探测)     原理:通过发送TCP/SYN数据包来代替UDP或者ICMP应答数据包,可以穿透大多数防火墙。    使用方法1:tcptraceroute 域名。(...
  • HK_5788
  • HK_5788
  • 2015年09月07日 22:00
  • 723

BackTrack5 学习笔记四

proxy代理技术 查看3proxy配置文件 代理主机IP:192.168.8.159  web服务器IP:192.168.8.167 root@bt:~# vi /pentest/backdo...

BackTrack5R3之连网

打开BT5后,用ifconfig 命令查看网络接口信息,发现没有分配IP:     原因,主机,也就是物理机,停止了虚拟机的下面服务: --------------------  ...
  • HK_5788
  • HK_5788
  • 2015年09月07日 09:47
  • 677

backtrack 5 for ARM 教程mb860

搞了三天三夜,努力努力,坚持不懈 百度,谷歌,必应,有道,轮番搜索,不知道参考了多少篇文档。             功夫不负有心人,总算有点眉目了。。准备写下来,分享一下; 鄙人文笔,自幼拙劣...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:setup a fake ap with backtrack5
举报原因:
原因补充:

(最多只允许输入30个字)