Skip to content
Wifi MitM/Snooping Demo
HTML PHP Hack Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
files
group_vars
host_vars
roles
.gitignore
README.md
hosts
router.conf
run.sh
site.yml
test

README.md

Disclaimer

Do not run this on campus without having spoken with the Information Security Office! Use of these tools can result in an Acceptable Use Policy violation (which is bad).

There are plaintext passwords in this file and in the Ansible files. This is not good! Don't use this for any test or production system, these VMs are isolated and only in existence for a short period of time for the demo.

Infrastructure Setup

Setup Instructions

  1. Setup the VMs as shown below using VBox or VMware
  2. Install sshpass
    • Should be in your repos
    • Mac: brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb
    • Debian/Ubuntu and its derivatives: sudo apt install sshpass
    • RedHat/CentOS: yum install sshpass
    • Windows: You can't use sshpass on Windows
  3. Update the host vars file with the appropriate MAC addresses (TBD)
  4. Make sure it all works: ansible -i hosts all -m ping
  5. Run the Ansible playbook: ansible-playbook -i hosts site.yml

Physical Systems

  • Control System (not shown to attendee)
    • Can be virtualized if host system is running Windows (Ansible control system can't be run on Windows).
  • Attacker System
  • Victim System
  • WiFi Access Point
    • This repo contains a file that can be used to restore settings to a Belkin N600.

Attacker VM has to be on the Attacker System, Victim VM has to be on Victim System, and the other two VMs can be on either of those systems. The Control System is not used to run VMs, only for orchestration via the wired network.

Configure the following settings on the WiFi AP:

  • SSID: OSUSEC-Demo
  • Use WPA2
    • PSK: hackdatboi
  • Address: 172.16.10.254
  • Mask: 255.255.255.0 Optionally, you can just restore the settings in router.conf to a N600.

Virtual Machines

This demo requires 4 VMs.

Base VM config (unless otherwise noted):

  • Ubuntu 18.04 Server
  • 1 vCPU
  • 2 GB RAM
  • 20 GB disk (thin alloc is fine)
  • 2 NICs:
    1. Bridged over WiFi host NIC
      • Subnet mask: /24 (255.255.255.0)
      • Gateway IP: 172.16.10.1
    2. Bridged over wired host NIC
      • Subnet mask: /24 (255.255.255.0)
      • Gateway IP: 172.20.10.1
  • Install Python after install finishes:
    • sudo apt -y install python

Specific VM configs:

  • Webserver
    • WiFi IP: 172.16.10.30
    • Wired IP: 172.20.10.30
    • Username: webuser
    • Password: ultrasecure
  • VPN Server
    • WiFi IP: 172.16.10.40
    • Wired IP: 172.20.10.40
    • Username: vpnuser
    • Password: cantsniffthis
  • Attacker
    • 2 vCPU
    • WiFi IP: 172.16.10.50
    • Wired IP: 172.20.10.50
    • Username: badguy
    • Password: gimmedamoney
    • USB Passthrough the Alfa NIC to this VM
  • Victm
    • Ubuntu 18.04 Desktop
    • 2 vCPU
    • 4 GB RAM
    • WiFi IP: 172.16.10.60
    • Wired IP: 172.20.10.60
    • Username: demouser
    • Password: ilikecookies
  • MitM box
  • WiFi IP: 172.16.10.70
  • Wired IP: 172.20.10.70
  • Username: mitmuser
  • Password: istoleyourpass
You can’t perform that action at this time.