julhocesar
Regular Member
- Joined
- Jan 2, 2024
- Posts
- 7
- Reaction score
- 0
- Status
- Offline
- Last Seen
Step one: Make sure you have everything.
To prepare for our evil twin access point attack, we'll need to run Kali Linux or another supported distribution. A variety of distributions are supported, and you can learn more about which ones on the Airgeddon GitHub page. This can be done using a Raspberry Pi running Kali Linux and a wireless network adapter.
Finally, you'll need a reliable wireless network adapter for this. During our testing, I discovered that the TP-Link WN722N v1 and Panda Wireless PAU07 cards performed well against these attacks. More information can be found on Google by searching for the best EXT WiFi Adapter for Hacking.
Step 2: Install Airgeddon.
To begin using the Airgeddon wireless attack framework, we will need to download Airgeddon and any required programs. The developer also suggests downloading and installing CCZE to make the output more understandable. You can do this by entering apt-get install ccze into a terminal window. Next, we'll run the following commands to install Airgeddon, change directories, and start it.
shellCopy code
git clone https://github.com/v1s1t0r1sh3r3/airgeddon
cd airgeddon
sudo bash./airgeddon.sh
If you see the alien spaceship, you know you're prepared to hack.
Step 3: Configure Airgeddon.
Press enter to see which tools the Airgeddon framework relies on. If you're missing any, open a new terminal window and enter apt-get install tool, replacing "tool" with the name of the missing tool. If that does not work, you can also use sudo pip install tool.
When you've collected all of the necessary tools, press return to move on to the next step. Otherwise, you may run into problems during your attack, particularly if you are missing dnsspoof.
Next, the script will check for internet access so that it can update itself if a newer version is available. When finished, press enter to choose the network adapter to use.
After selecting our wireless network adapter, we'll move on to the main attack menu.
Press 2 to put your wireless card into monitor mode. Next, select option 7 from the "Evil Twin attacks" menu, and the submenu for this attack module will appear.
Step 4: Select the Target.
Now that we're in the attack module, choose option 9: "Evil Twin AP attack with a captive portal." We'll need to look for targets, so press enter. A window will appear, displaying a list of all detected networks. You will need to wait a few moments for a list of all nearby networks to appear.
Step 5 - Gather the Handshake.
Now, we'll choose the type of de-authentication attack we'll use to remove the user from their trusted network. I recommend the second option, "Deauth aireplay attack," but different attacks may perform better depending on the network.
Once you've made your selection, press enter. You'll be asked if you want to enable DoS pursuit mode, which allows you to track the AP as it moves to another channel. You can choose yes (Y) or no (N) based on your preference, and then press enter. Finally, choose N to use an interface with internet access. We won't need to for this attack, and not having to rely on an internet connection will make it more portable.
Then it will ask if you want to spoof your MAC address during the attack. In this case, I selected N for "no."
If we don't already have a handshake for this network, we'll need to get one now. Be very careful not to select Y for "Do you already have a captured Handshake file?" if you don't have one. If you make this mistake, there is no clear way to return to the script without restarting it.
We don't have a handshake yet, so type N for no and press enter to start capturing.
Once the capture process begins, a window with red text sending deauth packets and a window with white text waiting for handshakes will appear. Wait until you see "WPA Handshake:" followed by your target network's BSSID address. In the example below, we are still waiting for a handshake.
Once you've received the handshake, you can close the Capturing Handshake window. When the script asks if you received the handshake, select Y and save the handshake file. Next, select a location to write the stolen password, and you'll be ready to proceed to the final step of configuring the phishing page.
Step 6: Set the Phishing Page.
The final step before launching the attack is to configure the language of the phishing page. The page provided by Airgeddon is adequate for testing out this type of attack. In this example, we will choose one for English. When you've made your selection, press enter, and the attack will begin, with six windows opening to perform various attack functions at the same time.
Step 7: Capture Network Credentials
With the attack underway, the victim should be kicked off their network, leaving our fake one as the only seemingly familiar option. Be patient and pay attention to the network status in the top right window. This will notify you when a device joins the network, allowing you to view any password attempts made when they are routed to the captive portal.
When the victim joins your network, you will notice a flurry of activity, as shown in the image below. Any failed password attempts will be displayed in the top-right corner and compared to the handshake we gathered. This will continue until the victim enters the correct password, at which point all of their internet requests (as indicated by the green text box) will fail.
When the victim finally gives in and enters the correct password, all windows except the top-right one will close. The fake network will vanish, leaving the victim free to reconnect to their trusted wireless network.
The credentials should be displayed in the top-right corner of the screen, and you should copy and paste the password into a file to save it in case the script fails to save it properly. This happens occasionally, so don't skip this step or you'll lose the password you just captured.
After that, you can close the window and the tool by pressing Ctrl +C. If we receive a valid credential in this step, our attack was successful, and we obtained the Wi-Fi password by tricking the user into submitting it to our fake AP's phishing page!
To prepare for our evil twin access point attack, we'll need to run Kali Linux or another supported distribution. A variety of distributions are supported, and you can learn more about which ones on the Airgeddon GitHub page. This can be done using a Raspberry Pi running Kali Linux and a wireless network adapter.
Finally, you'll need a reliable wireless network adapter for this. During our testing, I discovered that the TP-Link WN722N v1 and Panda Wireless PAU07 cards performed well against these attacks. More information can be found on Google by searching for the best EXT WiFi Adapter for Hacking.
Step 2: Install Airgeddon.
To begin using the Airgeddon wireless attack framework, we will need to download Airgeddon and any required programs. The developer also suggests downloading and installing CCZE to make the output more understandable. You can do this by entering apt-get install ccze into a terminal window. Next, we'll run the following commands to install Airgeddon, change directories, and start it.
shellCopy code
git clone https://github.com/v1s1t0r1sh3r3/airgeddon
cd airgeddon
sudo bash./airgeddon.sh
If you see the alien spaceship, you know you're prepared to hack.
Step 3: Configure Airgeddon.
Press enter to see which tools the Airgeddon framework relies on. If you're missing any, open a new terminal window and enter apt-get install tool, replacing "tool" with the name of the missing tool. If that does not work, you can also use sudo pip install tool.
When you've collected all of the necessary tools, press return to move on to the next step. Otherwise, you may run into problems during your attack, particularly if you are missing dnsspoof.
Next, the script will check for internet access so that it can update itself if a newer version is available. When finished, press enter to choose the network adapter to use.
After selecting our wireless network adapter, we'll move on to the main attack menu.
Press 2 to put your wireless card into monitor mode. Next, select option 7 from the "Evil Twin attacks" menu, and the submenu for this attack module will appear.
Step 4: Select the Target.
Now that we're in the attack module, choose option 9: "Evil Twin AP attack with a captive portal." We'll need to look for targets, so press enter. A window will appear, displaying a list of all detected networks. You will need to wait a few moments for a list of all nearby networks to appear.
Step 5 - Gather the Handshake.
Now, we'll choose the type of de-authentication attack we'll use to remove the user from their trusted network. I recommend the second option, "Deauth aireplay attack," but different attacks may perform better depending on the network.
Once you've made your selection, press enter. You'll be asked if you want to enable DoS pursuit mode, which allows you to track the AP as it moves to another channel. You can choose yes (Y) or no (N) based on your preference, and then press enter. Finally, choose N to use an interface with internet access. We won't need to for this attack, and not having to rely on an internet connection will make it more portable.
Then it will ask if you want to spoof your MAC address during the attack. In this case, I selected N for "no."
If we don't already have a handshake for this network, we'll need to get one now. Be very careful not to select Y for "Do you already have a captured Handshake file?" if you don't have one. If you make this mistake, there is no clear way to return to the script without restarting it.
We don't have a handshake yet, so type N for no and press enter to start capturing.
Once the capture process begins, a window with red text sending deauth packets and a window with white text waiting for handshakes will appear. Wait until you see "WPA Handshake:" followed by your target network's BSSID address. In the example below, we are still waiting for a handshake.
Once you've received the handshake, you can close the Capturing Handshake window. When the script asks if you received the handshake, select Y and save the handshake file. Next, select a location to write the stolen password, and you'll be ready to proceed to the final step of configuring the phishing page.
Step 6: Set the Phishing Page.
The final step before launching the attack is to configure the language of the phishing page. The page provided by Airgeddon is adequate for testing out this type of attack. In this example, we will choose one for English. When you've made your selection, press enter, and the attack will begin, with six windows opening to perform various attack functions at the same time.
Step 7: Capture Network Credentials
With the attack underway, the victim should be kicked off their network, leaving our fake one as the only seemingly familiar option. Be patient and pay attention to the network status in the top right window. This will notify you when a device joins the network, allowing you to view any password attempts made when they are routed to the captive portal.
When the victim joins your network, you will notice a flurry of activity, as shown in the image below. Any failed password attempts will be displayed in the top-right corner and compared to the handshake we gathered. This will continue until the victim enters the correct password, at which point all of their internet requests (as indicated by the green text box) will fail.
When the victim finally gives in and enters the correct password, all windows except the top-right one will close. The fake network will vanish, leaving the victim free to reconnect to their trusted wireless network.
The credentials should be displayed in the top-right corner of the screen, and you should copy and paste the password into a file to save it in case the script fails to save it properly. This happens occasionally, so don't skip this step or you'll lose the password you just captured.
After that, you can close the window and the tool by pressing Ctrl +C. If we receive a valid credential in this step, our attack was successful, and we obtained the Wi-Fi password by tricking the user into submitting it to our fake AP's phishing page!