PHP not executing on Rogue AP webpage

apache
mysql
php

(Joshep) #1

Continuing discussion from: Evil Twin Attack [A Step by Step Guide] (Updated 2018)


The command dnsspoof -i at0 didn’t redirected victim(me) to the fake AP page.
Also i went manually in the browser
when i enter password on the fake AP page
It showed me the text inside the dbconnect.php file instead of taking me to the upgrading.html page.


Evil Twin Attack [A Step by Step Guide] (Updated 2018)
(Hardeep Singh) #2
sudo apt update
sudo apt install php php-mysql

I gotta update this article. I missed some minor details.

By the way which website you are trying to open for automatic redirection?


(Joshep) #3

Also When i enter

mysql -u root -p

it tells me
Enter password:
what should i type?
i entered random word and it took me to the MariaDB.


(Hardeep Singh) #4

mariaDB is a variant of MySQL. so there’s no issue.
I guess the default password for mariaDB is toor. or root

try both and see what works.


(Joshep) #5

As your guide on mysql
Should i need to enter the same command one by one on MariaDB?
php and php-mysql are already the latest versions.


(Hardeep Singh) #6

Yes. commands will be the same. no changes required.

is apache running?

sudo service apache start
sudo service php7.0-fpm start

(Joshep) #7

Yes both apache2 and mysql is running.
what will php7.0-fpm will do?
When i typed command i got
Failed to start php7.0-fpm.service: Unit php7.0-fpm.service not found.


(Joshep) #8
mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 34
Server version: 10.1.35-MariaDB-1 Debian unstable

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create user fakeap@localhost identified by 'fakeap';
ERROR 1396 (HY000): Operation CREATE USER failed for 'fakeap'@'localhost'
MariaDB [(none)]> create database rogue_AP;
ERROR 1007 (HY000): Can't create database 'rogue_AP'; database exists
MariaDB [(none)]> use rogue_AP;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [rogue_AP]> create table wpa_keys(password1 varchar(32), password2 varchar(32));
ERROR 1050 (42S01): Table 'wpa_keys' already exists
MariaDB [rogue_AP]> grant all privileges on rogue_AP.* to 'fakeap'@'localhost';
Query OK, 0 rows affected (0.00 sec)

MariaDB [rogue_AP]> MariaDB -u fakeap -p
    -> use rogue_AP;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'MariaDB -u fakeap -p
use rogue_AP' at line 1
MariaDB [rogue_AP]> insert into wpa_keys(password1, password2) values ("testpass", "testpass");
Query OK, 1 row affected (0.13 sec)

MariaDB [rogue_AP]> select * from wpa_keys;
+-----------+-----------+
| password1 | password2 |
+-----------+-----------+
| testpass  | testpass  |
| testpass  | testpass  |
| testpass  | testpass  |
+-----------+-----------+
3 rows in set (0.00 sec)

MariaDB [rogue_AP]>

This is what i get
Would you mind figuring out some error?


(Hardeep Singh) #9

You ran the following command once but the table shows 3 values. Which means either you inserted the values earlier or it is being written by the fake AP webpage.

Command: insert into wpa_keys(password1, password2) values ("testpass", "testpass");


Enable PHP module:

Enable PHP module in apache and restart the service

sudo a2enmod php7  
sudo service apache restart

(Joshep) #10

sudo a2enmod php7
ERROR: Module php7 does not exist!

Yes i entered three times but how do i delete it?
does it matter if three columns are entered?


(Hardeep Singh) #11

Install PHP module for apache: sudo apt-get install libapache2-mod-php7.0

Make sure PHP is version 7 and not 5. Check PHP version: php -v


(Joshep) #12
PHP 7.2.9-1 (cli) (built: Aug 19 2018 06:56:13) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.9-1, Copyright (c) 1999-2018, by Zend Technologies

So what will be the command replace for
sudo a2enmod php7


(Hardeep Singh) #13

No replacement. You just need to have the PHP module enabled.

This is PHP installed, but not the support module in apache. So install that with the following command

sudo apt-get install libapache2-mod-php7.0

and then enable the module with

sudo a2enmod php7 && sudo service apache restart

(Joshep) #14
sudo apt-get install libapache2-mod-php7.0
Reading package lists... Done
Building dependency tree       
Reading state information... Done
libapache2-mod-php7.0 is already the newest version (7.0.31-1).
The following packages were automatically installed and are no longer required:
  gconf-service gconf2-common gedit-plugin-dashboard gir1.2-rb-3.0
  gir1.2-zeitgeist-2.0 icoutils libbind9-160 libcomerr2:i386 libdns1102
  libgconf-2-4 libgpod-common libgpod4 libgsoap-2.8.60 libieee1284-3:i386
  libirs160 libisc169 libisccc160 libisccfg160 liblwres160 libmbedcrypto1
  libplacebo5 libprotobuf-lite10 libprotobuf10 libradare2-2.9
  librhythmbox-core10 libsane:i386 libsane-extras:i386 libsgutils2-2
  libunbound2 libvncserver1 libx264-152 libx264-152:i386 libx265-160
  libx265-160:i386 linux-headers-4.17.0-kali3-amd64
  linux-headers-4.17.0-kali3-common linux-image-4.17.0-kali3-amd64
  linux-kbuild-4.17 python-backports-abc python-concurrent.futures
  python-pbkdf2 python-pyric python-roguehostapd python-singledispatch
  python-tornado python3-mako python3-markupsafe rhythmbox-data
  ruby-terminal-table ruby-unicode-display-width virtualbox-dkms
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 59 not upgraded.

I got this
and for

sudo a2enmod php7
i got this

ERROR: Module php7 does not exist!

(Hardeep Singh) #15

I guess it was sudo a2enmod php7.0

version specific. try this… does it work?


(Joshep) #16

This is the output

a2enmod php7.0
Considering dependency mpm_prefork for php7.0:
Considering conflict mpm_event for mpm_prefork:
ERROR: Module mpm_event is enabled - cannot proceed due to conflicts. It needs to be disabled first!
Considering conflict mpm_worker for mpm_prefork:
ERROR: Could not enable dependency mpm_prefork for php7.0, aborting

also for the other versions 7.2 also same is the output.

When i disable mpm_event
i can’t be able to restart apche2 , it says No MPM loaded.
and when i enable mpm_event, it works


(Joshep) #17

As i saw on apache2 folder, i saw some of the folder inside naming available,enabled,
The thing is same files are on the both folder but enabled folder has a bit less files than available folder.
What will happen if the remaining files of available folder is copied to enabled folder?


(Hardeep Singh) #18

Try disabling mpm_prefork only. It usually does the job

sudo a2dismod mpm_prefork

Both contains site configuration or modules for apache. All the files lie under *-available and the enabled ones are then moved to *-enabled. So their names.

Folder structure for:

Site/app Modules Configuration files
sites-available modules-available conf-available
sites-enabled modules-enabled conf-enabled

(Joshep) #19

This is what happened

root@hidden:~# a2dismod mpm_prefork
ERROR: The following modules depend on mpm_prefork and need to be disabled first: php7.0
root@hidden:~# a2dismod php7.0
Module php7.0 disabled.
To activate the new configuration, you need to run:
  systemctl restart apache2
root@hidden:~# systemctl restart apache2
root@hidden:~# a2dismod mpm_prefork
Module mpm_prefork disabled.
To activate the new configuration, you need to run:
  systemctl restart apache2
root@hidden:~# systemctl restart apache2
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
root@hidden:~# systemctl status apache2.service
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset:
   Active: failed (Result: exit-code) since Thu 2018-11-01 12:58:45 +0545; 13s a
  Process: 5037 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE
  Process: 5042 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILU
 Main PID: 5021 (code=exited, status=0/SUCCESS)

Nov 01 12:58:45 hidden systemd[1]: Starting The Apache HTTP Server...
Nov 01 12:58:45 hidden apachectl[5042]: AH00534: apache2: Configuration error: N
Nov 01 12:58:45 hidden apachectl[5042]: Action 'start' failed.
Nov 01 12:58:45 hidden apachectl[5042]: The Apache error log may have more infor
Nov 01 12:58:45 hidden systemd[1]: apache2.service: Control process exited, code
Nov 01 12:58:45 hidden systemd[1]: apache2.service: Failed with result 'exit-cod
Nov 01 12:58:45 hidden systemd[1]: Failed to start The Apache HTTP Server.
lines 1-14/14 (END)...skipping...
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2018-11-01 12:58:45 +0545; 13s ago
  Process: 5037 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
  Process: 5042 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
 Main PID: 5021 (code=exited, status=0/SUCCESS)

Nov 01 12:58:45 hidden systemd[1]: Starting The Apache HTTP Server...
Nov 01 12:58:45 hidden apachectl[5042]: AH00534: apache2: Configuration error: No MPM loaded.
Nov 01 12:58:45 hidden apachectl[5042]: Action 'start' failed.
Nov 01 12:58:45 hidden apachectl[5042]: The Apache error log may have more information.
Nov 01 12:58:45 hidden systemd[1]: apache2.service: Control process exited, code=exited status=1
Nov 01 12:58:45 hidden systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 01 12:58:45 hidden systemd[1]: Failed to start The Apache HTTP Server.
~

(Hardeep Singh) #20

What kind of sorcery is this :confused:

For now we know one thing, mpm_event need to be enabled all the time. So keep it that way.

and let’s use PHP FastCGI Process Manager a.k.a php-fpm for PHP processing.

sudo apt install php-fpm

keep mpm_prefork disabled. install the php-fpm package and restart apache

sudo systemctl restart php7.0-fpm apache2

It should work now! :angry: