Hello everyone ! Holà :D

Hope you're all fine ! I'll try to let my first post on this forum interesting :D

I wanted to present to you a rare method to hack every WPA/WPA2 key

We are going to learn how to use it now, it's named THE EVIL TWIN AP attack

It's simple, we create a fake Acess Point (AP) that copys everything from the original one (Channel / ESSID...)
We try to disconnect all the users from their real access point (MDK3 attack)
They find themselves unable to connect to their AP, so their PC switches to our fake AP
When they try to open an internet webpage... They are redirected to our fake Router page that is explaining that there is an important update bla.bla... and that they must enter their WPA/WPA2 to confirm.
(Note : In this tutorial, i'll be only giving a LINKSYS Cisco. fake authentification page, you'll have to look for others on the net)
Once they press Update, the WPA passphrase will be sent to a Mysql database created by... Guess who ? US !! And we'll be able to see the new password.

I am writing a script to make everything easy but i didn't finish it yet

But whatever, how does it works ?

Steps : (if something is not clear enough, please let a comment here)

1) First of all you'll need the new KALI LINUX (go ahaid and google it :D)

2) Then you'll need two wireless adaptors... One to connect to the Internet, and the other to diffuse the fake AP

3) Connect the first one to the internet

4) Update DHCP
For that open a console and type :

Mostrar/Ocultar

5) Change the DHCP Config
For that, after the update is over, in the same console

Mostrar/Ocultar

After that, in the new window, copy/paste this

Mostrar/Ocultar

Then, save with CTRL +X and press ENTER

6) Download the LINSKSYS Cisco. fake webpage, for that open a new console and write in it

Mostrar/Ocultar

Note : You must press ENTER at the end of each line, and wait when it's downloading

7) Let's start it
For that in the console continue by putting

Mostrar/Ocultar

8) Start the MySQL Database and create a place where the pass could be stored
Open a new console

Mostrar/Ocultar

(NOTE : Keep this window open untill the end, you'll use it later - let's call it WINDOW A)
(NOTE2 : Press enter at the end of each line)

9) To see our wieless IP, in a new console, type and keep it opened to use it later, let's call it WINDOW B
You can already see your wireless adapter that is connected to the Internet (let's suppose it's called WLAN1 and the wireless IP (let's suppose it's 192.168.1.14 )
NOTE : You must change every red sentence by what you have in your computer according to ip route window

10 ) Search for the victim's AP and create an evil twin !
New console

Mostrar/Ocultar

(NOTE : Wlan2 is the interface you'll use to create the fake AP, you can see it name with the first command "airmon-ng")
(NOTE 2 : You must put the same Channel and ESSID as the real AP)
(NOTE 3 : You must let this window opened, when you close it, you'll stop emitting the fake AP)

11) Configure the redirection
For that, open a new console (yes, that's a lot of consoles )

Mostrar/Ocultar

(NOTE : For the red sentences, look at window A to change them to your configuration)
(NOTE 2 : Copy line by line and confirm with ENTER at each line)

12) Desauth the clients ! ALL OF THEEEEM

Mostrar/Ocultar

(NOTE : press ENTER at the end of each line)
(NOTE 2 : BSSID and CHANNEL are the real AP's victim Mac adress and channel, you can find it when you are looking for the victim's ESSID with airodump-ng)

13) SIT BACK AND WAIT (or dance )
Once someone switches to your Evil Twin, you'll see a new line appearing in the airbase window (you left open earlier)

14) When someone enters something in the WPA fields in your fake router page, you'll receive it to your database
to browse it, return to the SQL page tou left open earlier
and type in it

Mostrar/Ocultar

(NOTE : Press enter at the end of each line)

Now if they entered their key, it'll magicly appears to you

That is it ! Hope my first tutorial wasn't that bad, waiting for your replys

No hablo mucho español , pero puedo entender y hablar... Espero sus respuestas
Nice tutorial bro, but I think that is more easiest if you use PHP and save the password in a simply txt file, thank you for post your knowleged
Responder

Volver a “Seguridad Wireless”