FluxionNetwork / fluxion

Fluxion is a remake of linset by vk496 with enhanced functionality.
https://fluxionnetwork.github.io/fluxion/
GNU General Public License v3.0
5.01k stars 1.4k forks source link

Odd issue with Server starting service after captive portal #292

Closed drjohannspector closed 6 years ago

drjohannspector commented 6 years ago

Currently I am having using the AWS036NEH (not NE) . I have never got past "server starting service" on the DHCP xterm window. Looks like there is just one more thing for it to do before the ap starts up. I always see 0 attempts and 0 connections, once in awhile I see a few things scroll across but it looks like my web traffic.

I have a AWS051NH on order, not sure if that's going to work. I have a AWS051NH on order, not sure if that's going to work. Not 100% sure new wifi adapter supports master mode, or what drivers. I should have done more research. Anyone have any input?

I ran the fakeap and checked iwconfig:

I am using Ralink Technology, Corp. RT2870/RT3070 drivers with the AWS036NEH, any ideas why its stuck at server starting service, everything else looks correct, it just sits there. (When I select my wlan1 interface, its purple [-1], still lets me start it. I ran Export FLUXIONWIKillProcess; ./fluxion.sh for the first run, haven't rebooted and I haven't had to run the command since. As long as I hit the exit command, network comes back up as it should, this version seems to be much smoother. Except for whatever issues I am having with my card. I've been at this awhile. This is a fresh install as of about an hour ago. All updated too. I also have on order a AWS051NH, I wonder if that one will make a difference.

wlan0 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on

FXan1AP IEEE 802.11 Mode:Master Tx-Power=20 dBm Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off

lo no wireless extensions.

wlan1 IEEE 802.11 Mode:Monitor Tx-Power=20 dBm Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off

http://www.alfa.com.tw/products_show.php?pc=34&ps=22

drjohannspector commented 6 years ago

If I select airbase, iwconfig output of FXan1AP shows Monitor instead of Managed, I do not get the DHCP xterm window but it shows that the AP is running, although I don't think it is, as it doesn't say master mode, I prefer not to use airbase anyway. When I run hostapd, iwconfig shows master for FXan1AP and monitor of wlan1.

MPX4132 commented 6 years ago

Yeah, airbase-ng doesn't go into master mode, it's a "hack" for older cards that don't support it, and instead uses monitor mode and packet injection, or something like that. I suggest you try to avoid it. It's a noble thing the developers did, but it's just not as good as dedicated master mode.

The fact you see your traffic in the DNS window means something's not right... I bet there's some process interfering and snatching the wireless interface, or something like that.

You shouldn't need to use the killer flag. When you have to use it, you know there's something wrong.

Try to disable network manager, if you're on Kali, or a Debian derivative, and try fluxion then:

systemctl stop network-manager.service

edit: You can bring it back up with the following, but make sure it's after you're done with fluxion.

systemctl start network-manager.service
MPX4132 commented 6 years ago

Hmm, I just read this line here "... network comes back up as it should ..." Now I'm almost 100% convinced it's the network manger screwing with you. Reboot your computer, and do what I said above about network manager, then run fluxion with no flags.

If it's wpa_supplicant, disable that too, temporarily.

MPX4132 commented 6 years ago

I'm starting to think it's a freaking naming issue (if it is in fact being snatched)... If the above fails, try running it like this:

export FLUXIONAirmonNG=1
./fluxion.sh
drjohannspector commented 6 years ago

Going to try that now, new network adapter with master mode giving me the same issue. Just checked this thread and I am going to give it a try. Will report back in a few minutes or so.

drjohannspector commented 6 years ago

[*] Select a wireless interface

[1] wlan0 [-] Ralink Technology, Corp. RT3572
[2] Repeat

This is a result of starting with export FLUXIONAirmonNG=1 ./fluxion.sh The wireless interface selected appears to be currently in use! Run "export FLUXIONWIKillProcesses=1" before FLUXION to use it.

If I disable network manager, I do not need to run the command above, WLAN0 is white and has a [+] next to it. Server still does not start, just sits at starting server service, I see a few debian.ntp.XXX scroll across here and there. Note, when I select wlan0 as an interface in captive portal, it is purple again with a [-]

I can confirm master mode starts every time. When I ran export FLUXIONAirmonNG=1 ./fluxion.sh, master mode was at the bottom of iwconfig rather than the top of the list.

root@kali:~# iwconfig wlan0 IEEE 802.11 Mode:Monitor Tx-Power=20 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off

FXan0AP IEEE 802.11 Mode:Master Tx-Power=20 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off

lo no wireless extensions.

drjohannspector commented 6 years ago

If I kill network manager and wpa supplicant, fluxion starts without export FLUXIONWIKillProcesses=1, when I run handshake snooper, wlan0 is white with a [t], when I run captive portal, it shows up as wlan0mon this time, starts everything up and still stops at server starting service on the xterm window. This seems to be almost identical output of another wifi adapter I have that supports master mode.

Currently using AWUS051NH: Bus 001 Device 003: ID 148f:3572 Ralink Technology, Corp. RT3572 Wireless Adapter

root@kali:~# dmesg | tail [ 28.285906] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 28.554043] rfkill: input handler disabled [ 38.839566] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 44.196352] wlan0: authenticate with a0:04:60:8a:33:f4 [ 44.220551] wlan0: send auth to a0:04:60:8a:33:f4 (try 1/3) [ 44.220963] wlan0: authenticated [ 44.224011] wlan0: associate with a0:04:60:8a:33:f4 (try 1/3) [ 44.224641] wlan0: RX AssocResp from a0:04:60:8a:33:f4 (capab=0x1011 status=0 aid=3) [ 44.228214] wlan0: associated [ 44.228250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready

root@kali:~# iw list Wiphy phy0 max # scan SSIDs: 4 max scan IEs length: 2257 bytes max # sched scan SSIDs: 0 max # match sets: 0 max # scan plans: 1 max scan plan interval: -1 max scan plan iterations: 0 Retry short long limit: 2 Coverage class: 0 (up to 0m) Device supports RSN-IBSS. Supported Ciphers:

I have tried all above suggestions at this point, I can get wlan0mon and FXan0APmon if I kill wpa_supplicant, otherwise captive portal interface is purple [-], it starts either way until the xterm window.

Here is the output of that xterm window for DHCP:

FLUXION AP DHCP Service Internet Systems Consortium DHCP Service 4.3.5 Copyright 2004-2016 Internet Systems Consortium All rights reserved. For info, please visit https://isc.org/software/dhcp Config file: /tmp/fluxspace/dhcpd.conf Database file: /temp/fluxspace/dhcpd.leases PID file: /var/run/dhcpd.pid Wrote 0 leases to leases file. Listening on LPF/FXan0AP/10:0d:7f:e5:ce:3a/192.168.254.0/24 Sending on LPF/FXan0AP/10:0d:7f:e5:ce:3a/192.168.254.0/24 Sending on Socket/fallback/fallback-net Server starting service.

FLUXION AP Service [hostapd] Configuration file: /tmp/fluxspace/10:0d:7f:e5:ce:3a-hostapd.conf Using interface FXan0AP with hwaddr 10:0d:7f:e5:ce:3a and ssid "XXXXX" FXan0AP: interface state UNINITIALIZED->ENABLED FXan0AP: AP-ENABLED

root@kali:~# dhcpd Internet Systems Consortium DHCP Server 4.3.5 Copyright 2004-2016 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid Can't open lease database /var/lib/dhcp/dhcpd.leases: No such file or directory -- check for failed database rewrite attempt! Please read the dhcpd.leases manual page if you don't know what to do about this.

MPX4132 commented 6 years ago

You mentioned the interface looks purple ([-]) when you select it in Captive Portal, but it still lets you select it. That’s normal, because it’s busy with fluxion, so fluxion can use it and much and it wants. If the interface was busy with anything else, it wouldn’t let you select it.

You mentioned you have two wireless adapters. Can you try using two separate wireless adapters with fluxion to check if that works?

What you need to do is disable network-manager and wpa_supplicant:

systemctl stop network-manager.service
systemctl stop wpa_supplicant.service
# once you’re finished with fluxion, undo it by changing stop to start.

Make sure not to kill either of those. You should avoid killing as much as possible. You could potentially corrupt your network configuration, or something related to to processes. Stopping them makes them gracefully stop all their operations and save their data to get ready for another start in the future.

At this point, start fluxion. Once you’re asked to select the first interface, you need to select adapter A. Make sure adapter A is capable of injection, also know this one doesn’t require master mode. Once you’re ready for the attack, start the Captive Portal attack and when prompted, select your second adapter, adapter B. As you might’ve already imagined, adapter B must be master mode capable.

Now check if things work.

drjohannspector commented 6 years ago

This is what I see when I first open Fluxion after selecting language. [*] Select a wireless interface [1] wlan0 [+] Ralink Technology, Corp. RT3572
[2] Repeat

[*] Select an interface for the captive portal. [1] wlan0 [-] Ralink Technology, Corp. RT3572
[2] Repeat
[3] Back

I tried the two commands above, If I start the captive portal on that interface, I can run iwconfig and see wlan0 monitor and FXan0AP as master. Server still wont start. Is it standard that most folks have to use two wifi adapters? I know I have two of them and they both support master mode, I am just out of USB ports heh. I don't understand why some people can get away with only using one? I just ordered the AWUS036NHA, perhaps third time is a charm. I own the AWUS036NEH, the AWUS051NH, I know all of them support master mode and the AWUS051NH even says it on the box.

Both adapters produce exactly the same results, I haven't seen anything show up differently for the duration of me using fluxion. As far as using both at the same time, I need a usb hub. Would I need to put one adapter in master mode prior to starting fluxion?

ifconfig wlan0 down iwconfig wlan0 mode master

With all my adapters, running "iwconfig wlan0 mode master" does not work. All interfaces I own produce this, when running on fluxion though, iwconfig states wlan0 monitor and FXan0AP master, I never see it as an option to select though, its always wlan0. If I force quit (control+x), while the on captive portal, when I restart fluxion, I see FXan0AP as an interface option, but it doesn't really do much.

root@kali:~# iwconfig wlan0 mode master Error for wireless request "Set Mode" (8B06) : SET failed on device wlan0 ; Invalid argument. root@kali:~#

drjohannspector commented 6 years ago

hen closing the DHCP window and copying the files from fluxspace into the directories below, I am given this output when starting DHCP manually.

root@kali:~# dhcpd Internet Systems Consortium DHCP Server 4.3.5 Copyright 2004-2016 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid Wrote 0 leases to leases file. Listening on LPF/FXan0AP/10:0d:7f:e5:ce:3a/192.168.254.0/24 Sending on LPF/FXan0AP/10:0d:7f:e5:ce:3a/192.168.254.0/24

No subnet declaration for wlan0 (no IPv4 addresses). Ignoring requests on wlan0. If this is not what you want, please write a subnet declaration in your dhcpd.conf file for the network segment to which interface wlan0 is attached.

This is what is in my dhcp.conf

authoritative;

default-lease-time 600; max-lease-time 7200;

subnet 192.168.254.0 netmask 255.255.255.0 { option broadcast-address 192.168.254.255; option routers 192.168.254.1; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.254.1;

range 192.168.254.100 192.168.254.254;

}

This is what is in dhcp.leases (note it always says wrote 0 leases in the xterm DHCP window)

The format of this file is documented in the dhcpd.leases(5) manual page.

This lease file was written by isc-dhcp-4.3.5

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;

server-duid "\000\001\000\001!\273~q\020\015\177\345\316:";

lease 192.168.254.100 { starts 4 2017/12/07 04:28:41; ends 4 2017/12/07 04:38:41; cltt 4 2017/12/07 04:28:41; binding state active; next binding state free; rewind binding state free; hardware ethernet 10:0d:7f:e5:ce:3a; client-hostname "kali"; } lease 192.168.254.100 { starts 4 2017/12/07 04:31:53; ends 4 2017/12/07 04:41:53; cltt 4 2017/12/07 04:31:53; binding state active; next binding state free; rewind binding state free; hardware ethernet 10:0d:7f:e5:ce:3a; client-hostname "kali"; }

I copied these files from tmp/fluxspace into /var/dhcp and /etc/dhcp, tried starting dhcpd on a different terminal. No luck

MPX4132 commented 6 years ago

You should never force quit fluxion. The interfaces it creates are for fluxion only, so do not use them. They’ll be removed once you either remove them manually, or reboot your system.

As for your question, nobody shouldn’t have to use two wireless adapters. I’m asking you to use two independent adapters to check if your problem is with your drivers, they might not support virtual interfaces. If that’s the case, you need two adapters because neither of them support virtual interfaces.

A virtual interface is essentially an interface that can control a device that is already being controlled by another interface. That means a device could have two virtual interfaces, and it could be doing two different things with each interface. Fluxion requires that behavior from your wireless adapter to be able to use only one.

The reason for that is that one interface is in master mode, while the other is in monitor mode, when running the Captive Portal attack.

The good news is that the card you ordered is exactly the same one I’ve been using for testing.

If it still doesn’t work with it, you’ll know you have different issues and it’s very likely fluxion isn’t your problem.

drjohannspector commented 6 years ago

root@kali:~/fluxion# dhcpd Internet Systems Consortium DHCP Server 4.3.5 Copyright 2004-2016 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid Wrote 0 leases to leases file. Listening on LPF/FXan0AP/10:0d:7f:e5:ce:3a/192.168.254.0/24 Sending on LPF/FXan0AP/10:0d:7f:e5:ce:3a/192.168.254.0/24

No subnet declaration for wlan0 (no IPv4 addresses). Ignoring requests on wlan0. If this is not what you want, please write a subnet declaration in your dhcpd.conf file for the network segment to which interface wlan0 is attached.

Sending on Socket/fallback/fallback-net root@kali:~/fluxion#

MPX4132 commented 6 years ago

@drjohannspector I don't understand what you're trying to say. You're running dhcpd with no configuration, of course it'll say what it says. Check out line 1038 of fluxion/attacks/Captive Portal/attach.sh that's where it's launched. That doesn't make a difference with your AP issue, you should be able to launch the AP service without a DHCP server.

drjohannspector commented 6 years ago

Fresh install, same issue. If I stop wpa_supplicant and network manager, run export FLUXIONWIKill Processes=1. I am left with two options for interfaces wlan0 and FXan0AP, I select wlan0 for handshake and FXan0AP for captive portal. Select automatically found handshake, recommended settings for all options, create ssl cert, selected disconnected instead of emulated.

All the xterm windows appear and the DHCP says 'server starting service. Haven't been able to get past this point yet.

I ordered the AWUS036NHA, it will arrive tomorrow, I wonder if it will make a difference for me. Any more ideas as to what could be going on? I am completely stumped, I have worked endlessly trying as many options as I can.

MPX4132 commented 6 years ago

Again, you shouldn’t have “FXan0AP” and you do because you killed fluxion. Instead of killing it, interrupt it (ctrl+c). Do not use fluxion created interfaces, they’re for fluxion use, not user use. Remove it with:

iw dev FXan0AP del

Do what you did above, but select wlan0 both times. That will probabaly still fail, though. Look, I wrote a fairly long guide a while ago on what to do when you’ve but got this issue, have you looked at it?

drjohannspector commented 6 years ago

I have looked at the guide, here are some of the results below.

root@kali:~# ip link set wlan0 down root@kali:~# iwconfig wlan0 mode monitor root@kali:~# ip link set wlan0 up Configuration file: hostapd.conf root@kali:~# hostapd hostapd.conf Configuration file: hostapd.conf nl80211: Could not configure driver mode nl80211: deinit ifname=wlan0 disabled_11b_rates=0 nl80211 driver initialization failed. wlan0: interface state UNINITIALIZED->DISABLED wlan0: AP-DISABLED hostapd_free_hapd_data: Interface wlan0 wasn't started root@kali:~#

Which is weird, websites do not load on my os, I must run the ip link set mode wlan0 up command once more. It hangs for a second, I run iwconfig and notice my wlan0 device has switched back to managed. Let me try again, reboot and this time I run systemctl stop NetworkManager.service and repeat all the commands above.

root@kali:~# systemctl stop NetworkManager.service root@kali:~# ip link set wlan0 down root@kali:~# iwconfig wlan0 mode monitor root@kali:~# ip link set wlan0 up root@kali:~# iwconfig wlan0 IEEE 802.11 Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off

lo no wireless extensions.

root@kali:~# hostapd hostapd.conf Configuration file: hostapd.conf Using interface wlan0 with hwaddr 00:c0:ca:95:7a:ea and ssid "tweedledum" wlan0: interface state UNINITIALIZED->ENABLED wlan0: AP-ENABLED

Connect my other laptop to open SSID and I see when I connect and disconnect from the fake ap.

wlan0: STA 2c:f0:ee:13:ca:da IEEE 802.11: authenticated wlan0: STA 2c:f0:ee:13:ca:da IEEE 802.11: associated (aid 1) wlan0: AP-STA-CONNECTED 2c:f0:ee:13:ca:da wlan0: STA 2c:f0:ee:13:ca:da RADIUS: starting accounting session 5A2AFA09-00000000 wlan0: AP-STA-DISCONNECTED 2c:f0:ee:13:ca:da wlan0: STA 2c:f0:ee:13:ca:da IEEE 802.11: disassociated wlan0: STA 2c:f0:ee:13:ca:da IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

Next I add wlan1 interface with: iw dev wlan0 interface add wlan1 type monitor and check iwconfig wlan0 IEEE 802.11 Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off

lo no wireless extensions.

wlan1 IEEE 802.11 Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off

Next, I go into my hostapd.conf and change wlan0 to wlan1

I then run: mdk3 wlan1 d -c 6 -b ~/Desktop/target.lst (the MAC is my the mac of my router, not my second laptop I am using as a target)

Periodically re-reading blacklist/whitelist every 3 seconds

Finally, I open a second terminal window and check iwconfig once more. Same output as above. Both devices on monitor mode. I use the same second terminal and start hostapd hostapd.conf once more.

root@kali:~# hostapd hostapd.conf Configuration file: hostapd.conf Could not set interface wlan1 flags (UP): Name not unique on network nl80211: Could not set interface 'wlan1' UP nl80211: deinit ifname=wlan1 disabled_11b_rates=0 nl80211 driver initialization failed. wlan1: interface state UNINITIALIZED->DISABLED wlan1: AP-DISABLED hostapd_free_hapd_data: Interface wlan1 wasn't started root@kali:~#

I run iwconfig, I see wlan0 and wlan1 as "Managed" so lets change both back to monitor mode. root@kali:~# ip link set wlan0 down root@kali:~# ip link set wlan1 down root@kali:~# iwconfig wlan0 mode monitor root@kali:~# iwconfig wlan1 mode monitor root@kali:~# ip link set wlan0 up root@kali:~# ip link set wlan1 up

Then, I try hostapd hostapd.conf again. Also, of course the mdk3 command is showing "Network is down"

Configuration file: hostapd.conf Using interface wlan1 with hwaddr 00:c0:ca:95:7a:ea and ssid "tweedledum" wlan1: interface state UNINITIALIZED->ENABLED wlan1: AP-ENABLED

Next, I open second terminal window again and type my deauth command

root@kali:~# mdk3 wlan1 d -c 6 -b ~/Desktop/target.lst ioctl(SIOCSIWMODE) failed: Device or resource busy

ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211, ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make sure RFMON is enabled: run 'airmon-ng start wlan1 <#>' Sysfs injection support was not found either.

The terminal window with the fakeap is now scrolling with:

handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed

I check iwconfig:

handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed handle_probe_req: send failed

I have the AWUS036NHA out for delivery right now (black one on amazon), so I will see if that one has different results. I am currently testing the AWUS051NH v2, it was an expensive purchase too.

I'm stumped.....

drjohannspector commented 6 years ago

I just tried a brand new AWUS036NHA and produced the exact same results. I seem to be able to follow everything until it says wlan1 not started. Both devices say the same thing when I try to start the AP after changing wlan0 to wlan1 in my hostapd.conf, I start the deauth on one terminal with wlan0mon and the AP says wlan1 not started.

MPX4132 commented 6 years ago

Change hardware, it's clearly a hardware problem at this point.

edit: At least I think so, you mentioned you already tried a fresh install, and still ran in to the same issues.

MPX4132 commented 6 years ago

I'm using that device to develop fluxion, there's no way it doesn't work. Connect the AWUS036NHA and run the following, then post the output:

airmon-ng

I'm particularly interested in the driver it shows for the interface.

drjohannspector commented 6 years ago

I have tried four different network adapters now, all seem to be supported. This one especially I know works, AWUS036NHA. It seems to start the fake AP, I can see it on my phone. I just don't understand what I am missing, I don't think I could get 4 wifi adapters in a row. I get different results with the test above almost every time. What wifi adapter would you recommend? I have tried have tried three different network adapters, all seem to be supported. This one especially I know works, AWUS036NHA. It seems to start the fake AP, I can see it on my phone. I just don't understand what I am missing, I don't think I could get 4 wifi adapters in a row. I have tried almost every single one that is mentioned to work on this site. I'm just getting really frustrated at this point, I don't know what to do.

MPX4132 commented 6 years ago

Wait, so you're saying you can see it on your phone. Have you tried connecting to the access point?

MPX4132 commented 6 years ago

You're not using a VM, or a Raspberry Pi, are you?

drjohannspector commented 6 years ago

It seems control+c is stopping wlan0. Could this be part of my issue while running this test?

root@kali:~# hostapd hostapd.conf Configuration file: hostapd.conf Using interface wlan0 with hwaddr 00:c0:ca:96:c5:e7 and ssid "TestAP" wlan0: interface state UNINITIALIZED->ENABLED wlan0: AP-ENABLED

control + C

^Cwlan0: interface state ENABLED->DISABLED wlan0: AP-DISABLED nl80211: deinit ifname=wlan0 disabled_11b_rates=0

MPX4132 commented 6 years ago

@drjohannspector No, that's not an issue. Control+C interrupts the access point service, that's normal. It's supposed to stop when you interrupt it. edit: Try what I said above, and post the results.

drjohannspector commented 6 years ago

I am actually running a live USB w/ persistence that I boot off a macbook. A 100% perfect test. I had to run systemctl stop NetworkManager.service beforehand or it said my interfaces were in use. The MAC address is my cell phone that I had on 4G, I saw FakeAP appear, I connected and immediately saw the output on my screen. Deauth was running the entire time

I have both running now.

root@kali:~# iwconfig wlan0 IEEE 802.11 Mode:Monitor Frequency:2.437 GHz Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off

wlan1 IEEE 802.11 Mode:Monitor Frequency:2.437 GHz Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off

lo no wireless extensions.

root@kali:~# mdk3 wlan0 d -c 1 -b ~/Desktop/target.lst

Periodically re-reading blacklist/whitelist every 3 seconds

root@kali:~# hostapd hostapd.conf Configuration file: hostapd.conf Using interface wlan1 with hwaddr 00:c0:ca:96:c5:e7 and ssid "TestAP" wlan1: interface state UNINITIALIZED->ENABLED wlan1: AP-ENABLED

I just don't understand why it's still not working. Two terminal windows and I followed the guide step by step, everything worked as it should, no errors during the test. I did not use control + c this time, I skipped that step as I knew I could run hostapd.conf on its own before trying deauth with wlan0 and hostapd with wlan1. I used the mac address of my phone, I can also see FakeAP on the ssid list of available connections.

When I connect to FakeAP on my phone, this scrolls across wlan1: STA dc:ef:ca:74:d2:cf IEEE 802.11: authenticated wlan1: STA dc:ef:ca:74:d2:cf IEEE 802.11: associated (aid 1) wlan1: AP-STA-CONNECTED dc:ef:ca:74:d2:cf wlan1: STA dc:ef:ca:74:d2:cf RADIUS: starting accounting session 5A2B6BA9-00000000

I am so confused.

MPX4132 commented 6 years ago

@drjohannspector Yeah, that looks like it has perfect compatibility. They're both running simultaneously. Are you by any chance using a USB hub?

drjohannspector commented 6 years ago

phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n phy0 wlan1 ath9k_htc Atheros Communications, Inc. AR9271 802.11n Negative. No hub My brain hurts. Could it just be my target? Or the site I am spoofing? I am selecting 46 or 49, Netgear Login - English or Netgear - English. Tried disabling SSL, choose disconnected. All seem to produce the same result. I have been using a handshake I captured earlier today. Although, I have captured many and this produces the same result, even my own. This is as far as I've ever gotten tonight though so I feel progress is being made. Driver issue perhaps? I am updated as well, apt-get update, apt-get upgrade, apt-get dist-upgrade, not connected to VPN or proxy, etc. I haven't changed any settings since this fresh install. AR9271 doesn't sound very familiar though. The AWSUS051NH v2 was what I was trying previously and that had Ralink Technology, Corp. RT3572. It also let me get this far. My dining room table looks like I could be a sales rep for Alfa Network.

MPX4132 commented 6 years ago

Yeah, it's using the good driver, it should all work.

Try this then:

 # Remove all manually created interfaces, except the original (wlan0?):
iw dev wlan1 del

# Stop anything that could mess with the interfaces
systemctl stop network-manager.service
systemctl stop wpa_supplicant.service # This one might not be installed, that's fine.

# Add a new interface from wlan0:
iw dev wlan0 interface add flux0 type managed

# Delete the original interface:
iw dev wlan0 del

# Close all terminal windows.
# Open a new window, and DO NOT set any flags.
cd fluxion # Go to fluxion's root
./fluxion.sh # execute it regularly

Check if fluxion works, but select the interface you created earlier flux0 when asked for the first interface.

drjohannspector commented 6 years ago

Same issue, no change. You mentioned when asked for the first interface. I saw flux0 as the only option available for handshake and captive portal. When I ran iwconfig when stuck on server starting server on xterm, I get this:

root@kali:~# iwconfig flux0 IEEE 802.11 Mode:Monitor Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off

lo no wireless extensions.

FXux0AP IEEE 802.11 Mode:Master Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off

root@kali:~#

MPX4132 commented 6 years ago

Does the xterm for hostapd open?

drjohannspector commented 6 years ago

Yes, it has always opened 100% of the time. I just never see anything but 0 clients connected/0 attempted and the last line is always server starting service. Nothing after. The only time I have seen any output there is when I started network manager while it was running the AP.

MPX4132 commented 6 years ago

It's probably the live USB doing something weird, or the MacBook acting up because it doesn't like not being a part of the Apple orchard. You can always try to run a virtual machine to test it. It's a bit long, but you'll know for sure if it is, or isn't the problem. I can run fluxion fine from a VM within the iMac.

Just download virtual box, install the extensions for virtual box, create a new VM for debian, save it, click it on the left-hand side bar and go to the USB section of the settings to enable USB 2.0, save that. Install Kali on the VM and check if fluxion works. edit: Wait, what? It opens!?

MPX4132 commented 6 years ago

What do you mean, can you screen shot it?

drjohannspector commented 6 years ago

I'm going to try that now, it'll be a few before I report back. I have virtual box already installed. Let me screenshot it, or take a photo with my phone. Gimme a minute or two

MPX4132 commented 6 years ago

Screen shot everything fluxion has open, including fluxion, please. Make sure to cover sensitive information.

drjohannspector commented 6 years ago

Shouldn't be anything too sensitive in there.

MPX4132 commented 6 years ago

Well, your MAC address is there... I got the links, you can take the links down from your comment if you want.

MPX4132 commented 6 years ago

Damn... we've been troubleshooting the wrong problem, man. I thought you were getting stuck at starting access point service, shit.

drjohannspector commented 6 years ago

One of those links has the photo with all the windows open, should be high enough resolution where you can zoom in. Sorry for the potato quality. Pain in the ass to screenshot linux from a mac, no print screen button

drjohannspector commented 6 years ago

Sorry, I probably didn't do the best job explaining my issue. I'm somewhat new at this. It wouldn't let me copy/paste from xterm, I think I tried a few days ago. What exactly is going on? I could never tell when reading closed issues if they were talking about xterm or ap service. I didn't mean to waste your time and I greatly appreciate you working through this with me. It's weird seeing my own traffic on the DHCP server, firefox and looks like the automatic time/date setting I have turned on.

MPX4132 commented 6 years ago

I mean, I don't mind my time. I'm more concerned with how much of your time I wasted, making you read the somewhat long guide to check for virtual interface compatibility. Well, that might've not been a bad idea, since it looks like one of your cards isn't compatible.

Yeah, your problem seems to be DHCPd, let me check something out. Give me about 5 minutes.

drjohannspector commented 6 years ago

You are a gentleman, thank you sir. I think the card I used before this one, the 051NH is also compatible. If I get this one working, I'll go back and try again.

No time wasted in my book, I'm learning and I enjoy troubleshooting. In the end, I'll have a greater understanding of how this works, the past couple days have forced me to do more research and experimentation that I normally wouldn't take as far as I did. All good.

drjohannspector commented 6 years ago

I plugged in the AWUS051NH v2 and ran the exact same test. Everything works, connected my phone to FakeAP when the deauth was running and the output is

root@kali:~# hostapd hostapd.conf Configuration file: hostapd.conf Using interface wlan1 with hwaddr 00:c0:ca:95:7a:ea and ssid "TestAP" wlan1: interface state UNINITIALIZED->ENABLED wlan1: AP-ENABLED wlan1: STA XX:XX:XX:XX:XX:XXIEEE 802.11: authenticated wlan1: STA XX:XX:XX:XX:XX IEEE 802.11: associated (aid 1) wlan1: AP-STA-CONNECTED XX:XX:XX:XX:XX wlan1: STA XX:XX:XX:XX:XX RADIUS: starting accounting session 5A2B7C2B-00000000 wlan1: STA XX:XX:XX:XX:XX IEEE 802.11: authenticated wlan1: STA XX:XX:XX:XX:XX IEEE 802.11: associated (aid 1) wlan1: STA XX:XX:XX:XX:XX RADIUS: starting accounting session 5A2B7C2B-000000

Did I just buy a different adapter for nothing lol? Oh well

MPX4132 commented 6 years ago

Sorry for taking way longer than I said I'd take. I was trying some things out because what I saw kinda threw me off... Check these out: Before attempting to connect (ignore the deauthenticator, something else was apparently already connected, probably my tablet lol): fullsizerender This is after attempting a connection to the network with my phone: fullsizerender-1 As you can see, it looks exactly like yours... meaning, well, it should be working... That's actually what it's supposed to look like. I ran fluxion a couple couple of times to verify it wasn't a fluke. I never did pay attention to the DHCP service window, since it always worked, but yeah, it looks like yours is normal... What happens when you try connecting your device? It doesn't connect to the fake AP or what?

By the way, my internet connection right now is ridiculously unreliable, so I apoligize for taking even longer waiting for the images to upload. I should probably just tether to my phone.

MPX4132 commented 6 years ago

@drjohannspector The "RADIUS: starting accounting idk wth" is normal, so it's okay.

drjohannspector commented 6 years ago

It connects, what should scroll through? I guess I wouldn't see anything since its not really providing a wan ip to the device its hosting correct? I have never seen the spoofed login yet though, except for running this as the test.

You know? The one thing I don't see is any output scrolling on the deauth, it always just sits at the first line. I didn't notice anything either during the test come to think about it, clients worked. Even when capturing my own handshake, how would I have gotten the .cap file though? I just noticed the 3 second check on your xterm window. Probably need to be connected to a client, eh? I'm going to try the test once more and see if there is some output. I think both cards work too, they seem to run exactly the same on the both tests.

Also, don't worry about the wait at all, its no problem, really. I am grateful for your help and taking the time. That's too funny though, I misinterpreted a lot of the DHCP issues and over thought it, I suppose. At least I have a spare. This one does 2.4 and 5g, I can also boost the tx power to 2000w which I think is 30db?

drjohannspector commented 6 years ago

Yeah, the sentence; periodically scanning.... is all I have ever seen in that window, ever. Probably why I haven't seen an attempt or connected client, they have always remained at 0.

MPX4132 commented 6 years ago

The deauthenticator will kick out anybody that's connected to the real access point. If nobody is connected to the real access point, the authenticator shows nothing.

MPX4132 commented 6 years ago

About what you should see, I'll try to make a short screencast and upload it so you can check it out.

drjohannspector commented 6 years ago

Yeah, the sentence; periodically scanning.... is all I have ever seen in that window, ever. Probably why I haven't seen an attempt or connected client, they have always remained at 0. Seems that more often than not, the only xterm window that appears is the one that shows snooping for 30 seconds, etc. At least now when trying to capture my own, let me switch back to the 036 card. Pretty weird, I was capturing handshakes fine the other day. All the windows appeared and I could see signals drop to 0. Even with this card. Hrmmm. When I was able to get handshakes, I also saw nothing scroll on those xterm windows though

This also happens with the wifi card I was trying earlier before the 036. This is after quitting fluxion.

root@kali:~/fluxion# systemctl start NetworkManager.conf Failed to start NetworkManager.conf.service: Unit NetworkManager.conf.service not found.