Evil Twin Attack [A Step by Step Guide] (Updated 2018)


(Joshep) #4

I succesfully created a fake ap but
when i try to connect it throught my phone ,it just tells obtaining ip address but never gets connected?

(Hardeep Singh) #5

This is not the captive portal guide. That is yet to come.

(Hardeep Singh) #6

Did you allocated IP to the fake ap interface before running dnsmasq?

ifconfig wlan0 up

(Joshep) #8

I have two wireless adapter wlan0 and wlan1.
I am setting up a fake ap through wlan1
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
in this above command , should eth0 have internet acess? or can i use wlan0?

(Joshep) #9

yes, i allocated ip using
ifconfig at0 up
but still can’t connect to the fake ap.

(Hardeep Singh) #10

No. The eth0 here is for the ethernet. You are using wlan0 as your internet facing interface so use that instead.

iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE

(Joshep) #11

Do i need to turn my wlan1 adapter into monitor mode before i create fake ap?

(Hardeep Singh) #12

Since you are using airbase-ng, card is already in monitor mode.
But that’s not necessary. If you use hostapd to create the AP you go with the card in managed mode.

(Joshep) #13

I still can’t connect to the fake ap by
ifconfig at0 up command
It just tells obtaining ip address but can’t connect

(Hardeep Singh) #14

Let me repro the steps and get back. meanwhile you can read the article I posted. It focused on your configuration i.e using 2 wireless cards for fake AP.

Let me know if that causes any trouble.

(Hardeep Singh) split this topic #15

10 posts were split to a new topic: PHP not executing on Rogue AP webpage

(Joshep) #17

when i type google.com,youtube.com,etc it stucks
but when i open adbjhds.com,sbuys.com, etc just these random sites then i get the fake AP page where i can enter the password.
I entered the random password but It showed me the text inside the dbconnect.php file instead of taking me to the upgrading.html page.

(Hardeep Singh) #19

That is because of HSTS header implementation.
I explained you the same here. looks like you skipped it by mistake. have a read here: Network Manager doesn't show Wireless Interface wlan1

browser is displaying source code because PHP is not installed on your kali machine. hence not being processed.

Install PHP and php-mysql package on Kali

sudo apt update
sudo apt install php php-mysql

(Joshep) #20

Can you explain me this ?
These lines are from you Evil Twin Attack guide.

Create a new user fakeap and password fakeap

As you cannot execute MySQL queries from PHP being a root user since version 5.7

mysql> create user fakeap@localhost identified by 'fakeap';

When i type the command i got this output

mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 33
Server version: 10.1.35-MariaDB-1 Debian unstable

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create user fakeap@localhost identified by 'fakeap';
ERROR 1396 (HY000): Operation CREATE USER failed for 'fakeap'@'localhost'

(Hardeep Singh) #21

Well, it seems to work absolutely fine on my end.

(Joshep) #22

What password did you entered?

(Joshep) #23

Have you tried Evil Twin Attack by yourself?

(Hardeep Singh) #24

Right now, I only tried to reproduce the MySQL error by using the same command you pasted above. But didn’t get any error as you can see in the screenshot.

(Joshep) #25

so how do i manage it ?
create user fakeap@localhost identified by ‘fakeap’;
without the use of this command , will it work fine?

MariaDB [(none)]> drop user fakeap@localhost;
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create user fakeap@localhost identified by 'fakeap';
Query OK, 0 rows affected (0.00 sec)

There wasn’t any error. :slight_smile:

(Hardeep Singh) #26

Script won’t work since it needs a user named fakeap.

Maybe you’ve already created this user, so the error.

Check if MySQL user exists

select user, host from MySQL.user;

If you see the user in the list then delete it, drop it’s privileges and create again.

drop user fakeap@localhost;
flush privileges;
create user fakeap@localhost identified by 'fakeap';