Airsnarf-The Rogue Access-Point(BackTrack 3 As Fake AP)

Posted: Saturday,July 19, 2008 in Wifi-Hacking
Tags: , , , , , , ,

Most probably you people wont be trsuting the point that a Linux machine can act as a Access-point but its true.Atheros chipset based cards can act as Access-point or Master mode.for checking that your card support to act as an AP.I have tested it on Backtrack3 final.Using Netgear WG311T A/G/N AR 2414 Chipset
(patched madwifi-ng drivers) with 7 dbi Antenna & Linksys WUSB54GC (RT73 chipset).Netgear PCI Card I made as Rogue AP & Through my other card I Scanned the avaliable AP and got the Rogue Ap Working in OPN Authentication mode.voila
use this command to verify your card about Airsnarf specifications:-

wlanconfig ath0 create wlandev wifi0 wlanmode master/ap    #use either master or ap

this command makes an WIRELSS NIC acting as AP.

I have attached a custom coded file which makes airsnarf a truly immersive Legitimate looking AP.download it and Unzip it.DOWNLOAD

#replace  the file  airsnarf.cfg with /pentest/wireless/airsnarf-0.2/cfg/airsnarf.cfg

#For wireless interace I would recommend Atheros Chipset based cards as the airsnarf
tries to make NIC card as Access point which is possible using MADWIFI-NG drivers only
and those are atheros based chipset.

#place dhcpd.src /pentest/wireless/airsnarf-0.2/bin

#replace airsnarf.cgi with /pentest/wireless/airsnarf-0.2/cfg/cgi-bin/airsnarf.cgi

#replace my index.html in path /pentest/wireless/airsnarf-0.2/cfg/html & /var/www/htdocs

#replace airsnarf.jpg with my airsnarf.jpg in /pentest/wireless/airsnarf-0.2/cfg/html & /var/www/htdocs

#copy apache_pb22_ani.gif from /var/www/htdocs & paste in /pentest/wireless/airsnarf-0.2/cfg/html.

#that is all we have done.made a legally looking webpage for login.

#cd /pentest/wireless/airsnarf-0.2 airsnarf0.2
#./airsnarf
(paswords will be store in /tmp/airsnarf_pwds.txt)

Setting the ROGUE AP name as Wifi0wn & DHCP Network ID And Router IP.

Starting the Airsnarf Script to Work As Rogue AP.Great tool for showing the vulnerabilites in Windows Connection manager.

With my another USB Wireless NIC linksys WUSB54GC I am scanning the avaliable network.where I can see my fake AP is Also getting work by name wifi0wn with open authentication,54 Mbps and on channel 1.

now with my other card I am trying to get an IP from wifi0wn and connect without any key.

You can see that ath0 is working as an Access-point having random MAC ID and my rausb0/linksys adapter got connected with Rogue AP.

In ifconfig we can see that rausb0 got IP address from the ROGUE DHCP Server of Airsnarf

Now when you will surf you will get such login-page which is totally legitimate look.thanks to me to code it and redirecting it.

Redirection of url after hacking username & Password.

Default location of password is /tmp/airsnarf_pwds.txt.

List of username along with passwords

This tool is still in progress.I am making it to work more worsely like redirecting to some website,XSS.use it for social-engineering and vulnerability assessment test.now you can show that anaware user can connect to fakeAP without their knowledge and which can leads to compromise their data.once connecting with AP now you can run the Nmap Scan along with Metapsloit Framework,sniffers like wireshark for getting HTTP,HTTPS,FTP,TELNET Passwords & Many more sofisticated attacks.(USE FOR PT & VA Only)

Advertisements
Comments
  1. aping says:

    hoi…thanx for your tutorial..

    i’m so much like this…so cool..

    i want to ask u why if i write a command

    wlanmode ath0 create wlandev wifi0 wlnamode master/

    and error is up:
    command not found..

    what happen with me..

    i’m use ipw2100 and PCMCIA TPLink…

    ipw 2100 as eth1
    and TP link as wifi 0 and ath0

    plies reply to my email…i;m so much hope to u..

    i’m sorry if my english is so bad…

  2. aping says:

    hi its me again…..

    im so sorry to disturb u again…

    do u ever reply message to me…?

    in my inbox i dont have u message…plies help me…

    if u ever really message me…im scared your message go to my bulk…and i’m always empty my bulk….because that many junk in my inbox..

    plies reply my message..i’m so very much say thanx to you…

    i want to use airsnarf for my final test in univ..

    thanx…sorry to disturb you

  3. […] Airsnarf-The Rogue Access-Point(BackTrack 3 As Fake AP) « All Your Wireless Belongs To Us (tags: wireless backtrack rogue rogue-ap rouge-ap airsnarf security) […]

  4. […] Airsnarf-The Rogue Access-Point(BackTrack 3 As Fake AP) July 2008 3 comments 4 […]

  5. jose says:

    could you post the link?
    would be very grateful not find it anywhere.
    Thanks

  6. علاء غزلان says:

    Can you reload link?
    http://www.4shared.com/file/55837022/a13e601c/Airsnarf_files.html is down
    More Thanks.

  7. Paige says:

    Aw, this was an incredibly nice post. Spending some time and actual effort to create a really good article… but what can I say… I
    procrastinate a lot and don’t manage to get nearly anything done.

  8. I am truly pleased to read this webpage posts which consists of plenty of
    helpful facts, thanks for providing these kinds of information.

  9. I pay a visit everyday a few web sites and websites to read content, but this webpage offers feature based articles.

  10. jasa seo semarang says:

    I always was concerned in this subject and stock still am, appreciate it for posting.

  11. Donia says:

    I like looking through a post that will make people think.
    Also, thank you for permitting me to comment!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s