Attack Scenario
Once the victim connects to our fake access point, we can perform various types of attacks against
him. We can either perform an ARP poisoning attack or a phishing attack or just set up a mali-
cious webserver to redirect all the traffic to our webserver, whenever the victim browses websites
such as facebook.com or google.com. This can be easily done by editing the contents of the /etc/
hosts file. Since we are in control of the access point, we can manipulate things that would be
presented to the victim.
127.0.0.1 is our home address, so we would edit the /etc/hosts file to and we would point
the hosts that we want to target say Facebook, Google, twitter etc to our Home address. So this
means that the next time when victim would enter the target url in his browser say facebook.com
310
◾
Ethical Hacking and Penetration Testing Guide
he would be redirected to our address where we could launch different types of client side attacks
(See Chapter 8). The following screenshot explains how the edits would look like:
After you have manipulated the records, whenever the victim browses his favorite websites,
say google.com, facebook.com, or yahoo.com, he will be redirected to our local IP address, where
we would host our malicious SET webserver or a phishing page. You can also use evil grade to
compromise the client side updating process.
Evil Twin Attack
An evil twin attack is a very popular type of social engineering attack against the client. The
idea behind this attack is to create an access point with a name similar to what our victim’s and
cause denial of service to the original access point. This would make our victim connect to our
fake access point thinking that it’s the original. Furthermore an attacker would also spoof the
MAC address of his interface to exactly match the MAC address of the real access point, so that it
becomes much more difficult to detect.
Let’s see how we would perform this attack in the real world:
1. We would use airodump-ng to scan for all neighboring access points.
2. We would note down the BSSID and change the MAC address of our interface to exactly
match the BSSID of the real access point.
3. Then we would launch a fake access point with the same name as the original one.
4. Finally we would perform a deauthentication attack with mk3 or aireplay.
Wireless Hacking
◾
Dostları ilə paylaş: |