Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,100 --> 00:00:07,990 Right so now we prepared our system we installed DNS mask and host APD and we connected our wireless 2 00:00:07,990 --> 00:00:14,260 adapter we stopped the network manager we cleared any rules that might end that might interfere with 3 00:00:14,260 --> 00:00:17,320 creating fake access point in the sector. 4 00:00:17,320 --> 00:00:24,250 I'm going to show you how to configure dnsmasq so we can use it as a DNS server on a server and I'm 5 00:00:24,250 --> 00:00:29,980 going to show you how to configure host APD so we can start the fake access point and allow people to 6 00:00:29,980 --> 00:00:31,430 connect to it. 7 00:00:31,450 --> 00:00:37,780 Now let's go to the first step and let's try to start our DCP server. 8 00:00:37,900 --> 00:00:41,410 And that's also going to act as our DNS server. 9 00:00:41,410 --> 00:00:46,700 Like I said because we're using DNS mosque which can be used to handle both tasks. 10 00:00:47,290 --> 00:00:51,340 So to use the n as Mosque you need a configuration file. 11 00:00:51,430 --> 00:00:56,170 I'm going to include this in the resources but before I just run it I actually want to explain to you 12 00:00:56,170 --> 00:00:58,390 what's inside it because it's very simple. 13 00:00:58,390 --> 00:01:03,580 And like I said I want you to understand what's going on inside these configuration files so that you 14 00:01:03,580 --> 00:01:06,410 can adapt it to your own scenario. 15 00:01:06,910 --> 00:01:11,920 So I'm going to right click this and I'm just going to open it with Jeanie so I can zoom in. 16 00:01:12,210 --> 00:01:19,450 It's it's a normal text so you can open it with any text editor and I've added comments here to tell 17 00:01:19,450 --> 00:01:22,080 you what each of these lines does. 18 00:01:22,480 --> 00:01:26,040 So anything that's proceeded with the hash tag here means it's a comment. 19 00:01:26,080 --> 00:01:31,030 It's not going to be read by the program it's just something it's just a way for me to tell you what's 20 00:01:31,030 --> 00:01:32,020 this going to do. 21 00:01:33,630 --> 00:01:37,040 So you can see the first line here sets the interface. 22 00:01:37,260 --> 00:01:40,880 So I have that set two lines zero that's the name of my interface in here. 23 00:01:40,890 --> 00:01:43,590 As you can see the name of my wireless interface 24 00:01:48,680 --> 00:01:56,630 then we send the IP range that we can give to our clients and you can see that said from 10 0 0 or 10 25 00:01:56,870 --> 00:01:59,370 to 10 0 0 or 100. 26 00:01:59,590 --> 00:02:03,620 And each of these IPs can last for eight hours. 27 00:02:04,010 --> 00:02:06,950 Then we said the IP of the gateway. 28 00:02:07,070 --> 00:02:13,160 So that's going to be the IP of my land zero after I start the fake access point and that's going to 29 00:02:13,160 --> 00:02:15,950 be set to 10 001. 30 00:02:15,950 --> 00:02:22,830 And as you might know we usually use the first IP for the gateway or for the router then we set the 31 00:02:22,830 --> 00:02:24,680 IP for the DNS server. 32 00:02:24,930 --> 00:02:32,700 And again that's sent to 10 001 which is the IP of my computer the IP of the router in this fake access 33 00:02:32,700 --> 00:02:33,870 point. 34 00:02:34,530 --> 00:02:41,830 The last line here is very important and this will redirect any request that anyone makes on this fake 35 00:02:41,850 --> 00:02:46,990 access point to the IP of the router to 10 001. 36 00:02:47,000 --> 00:02:52,920 So we're redirecting we're using the hash tag here which means that we're redirecting any requests to 37 00:02:52,950 --> 00:02:57,210 any web page to the IP of my computer. 38 00:02:57,210 --> 00:03:02,640 Now if you look at the result of if Conficker right now you'll see that I still don't have an IP address 39 00:03:02,880 --> 00:03:09,280 but once I start the network I'm going to configure it to have an IP of 10 0 0 1. 40 00:03:09,290 --> 00:03:16,580 Now this is very similar to do an idea as spoofing attack but instead of using another tool to do that 41 00:03:16,760 --> 00:03:21,800 we can just do it through the DNS server right here because we're going to be already the man in the 42 00:03:21,800 --> 00:03:30,070 middle because we're already the people that's broadcast and the signal that's making the access point. 43 00:03:30,140 --> 00:03:34,320 So I'm going to close it and I'm going to start DNS Musk. 44 00:03:34,370 --> 00:03:44,030 So first in here I'm just going to clear this and then I'm going to do dnsmasq and then I'm going to 45 00:03:44,030 --> 00:03:50,360 do dicy to specify the location where I have my configuration file. 46 00:03:50,720 --> 00:03:56,190 And as you can see in here my configuration file is in home downloads fake AP. 47 00:03:56,360 --> 00:04:05,060 So it's going to be a root cause in Cali home is set to route and it's downloads fake AP and the name 48 00:04:05,060 --> 00:04:08,200 of my file is called DNS mosque dot com. 49 00:04:08,960 --> 00:04:18,180 So we're doing dnsmasq dicy the location where we have our configuration file OK. 50 00:04:18,200 --> 00:04:20,340 Now that got executed with no errors. 51 00:04:20,480 --> 00:04:27,920 This means that now we have a DNS server and a DTP server running in the background as a service. 52 00:04:27,920 --> 00:04:35,540 So if we go back to our slide in here we can see that we have steps two and three already done and all 53 00:04:35,540 --> 00:04:42,250 we have to do now is just create a fake access point that's going to broadcast our signal. 54 00:04:42,290 --> 00:04:49,520 So let's go back to the Kalya machine and before we start our fake access point I want to show you the 55 00:04:49,520 --> 00:04:51,850 configuration file that it uses. 56 00:04:51,860 --> 00:04:56,090 So just like dnsmasq it uses a configuration file. 57 00:04:56,090 --> 00:04:58,000 So I'm to go right click it in here again. 58 00:04:58,010 --> 00:05:03,470 I'm going to include that in the resources and I'm going to open it in junior so I can zoom in. 59 00:05:03,890 --> 00:05:08,750 And as you can see in here it's a very simple file of just a few lines. 60 00:05:08,810 --> 00:05:11,980 I have the comments here to tell you what each of these lines does. 61 00:05:12,350 --> 00:05:15,830 And you can see now the first line is the interface that we're using. 62 00:05:15,830 --> 00:05:20,630 And again I'm setting it to non-zero because that's the name of my wireless adapter. 63 00:05:20,690 --> 00:05:24,290 The second line sets the name of the network. 64 00:05:24,560 --> 00:05:30,980 So you want to send this to a name that's similar to the network that you're targeting if you're targeting 65 00:05:31,370 --> 00:05:34,990 a cap to foretell or you need to set it to the same name. 66 00:05:35,090 --> 00:05:40,040 If you're trying to target normal network with WPA encryption. 67 00:05:40,070 --> 00:05:44,930 So in my case I'm doing this against the captor for it all and the name of the cup the photo was royal 68 00:05:44,930 --> 00:05:45,760 Wi-Fi. 69 00:05:46,040 --> 00:05:51,860 So I'm going to add this to the same name and I'm just going to call it Version 2 so that when people 70 00:05:51,860 --> 00:05:58,730 get disconnected from the proper royal Wi-Fi because we're going to do the authentication attack they'll 71 00:05:58,730 --> 00:06:03,110 think that there is something wrong with that network and then they'll try to connect to this one thinking 72 00:06:03,140 --> 00:06:05,010 this is an updated version of it. 73 00:06:06,620 --> 00:06:13,270 OK I'm going to save this the next line sets the channel that this network will be broadcasting on. 74 00:06:13,270 --> 00:06:19,150 I'm going to leave it at one and the last line says the driver to be used for the interface adapter 75 00:06:19,510 --> 00:06:21,790 and I'm going to leave it now. 76 00:06:21,840 --> 00:06:22,870 Everything is done. 77 00:06:23,020 --> 00:06:31,470 Again I'm going to close this and I'm going to start the host APD network by doing host APD followed 78 00:06:31,470 --> 00:06:33,960 by the name of the configuration file. 79 00:06:33,960 --> 00:06:42,690 So it's stored in root downloads fake AP and it's called Host EPD dot com. 80 00:06:44,390 --> 00:06:50,420 And I'm also going to be to the end because usually when you run this command without the dash be it 81 00:06:50,420 --> 00:06:57,050 will run as a command in the foreground and you'll have to open a new terminal window to run commands 82 00:06:57,050 --> 00:06:57,620 from. 83 00:06:57,860 --> 00:07:03,890 So I'm doing Dasch be at the end so that if I hit enter it will be executed at the background and then 84 00:07:03,890 --> 00:07:07,340 I'll be able to run more commands in the terminal. 85 00:07:07,430 --> 00:07:13,130 Now as you can see it's telling us that the network is working and it's broadcasting under the name 86 00:07:13,310 --> 00:07:16,570 royal Wi-Fi version to. 87 00:07:16,860 --> 00:07:23,760 Now finally I'm going to configure my last year on my wireless adapter to have an IP address. 88 00:07:23,810 --> 00:07:29,620 I am going to set the IP address to 10 001 and then I'm going to said it's not mask. 89 00:07:29,940 --> 00:07:32,830 So first of all the Figes do if configured zero now. 90 00:07:34,670 --> 00:07:38,510 You'll see that it still doesn't have an IP address. 91 00:07:38,510 --> 00:07:47,230 So we're going to do if config LAN zero we're going to give it an IP address of 10 0 0 0 1. 92 00:07:47,690 --> 00:07:51,540 And I chose this IP address because this is the IP that I'm using. 93 00:07:51,720 --> 00:07:59,410 Dnsmasq configuration as the IP address of the router is the IP address of the DNS server. 94 00:07:59,480 --> 00:08:08,020 And as the IP address that all requests should go to then I'm going to do that mosque and I'm going 95 00:08:08,020 --> 00:08:13,480 to set that 2 2 5 5 2 5 5 5 5 0 which is the default. 96 00:08:13,920 --> 00:08:14,460 OK. 97 00:08:14,570 --> 00:08:21,150 So we're literally just configuring our wireless adapter to have an IP address and we're set an Ethernet 98 00:08:21,170 --> 00:08:23,540 mask as well. 99 00:08:23,540 --> 00:08:26,960 I'm going to hit enter and we're done. 100 00:08:26,960 --> 00:08:27,830 We're completely done. 101 00:08:27,830 --> 00:08:32,550 Now we have our host a PDA running broadcasting the wireless signal. 102 00:08:32,630 --> 00:08:36,650 So we have a network running with this name royal Wi-Fi version too. 103 00:08:36,680 --> 00:08:40,110 We also started our DNS server. 104 00:08:40,220 --> 00:08:44,390 So now we have any device that connects to our network. 105 00:08:44,390 --> 00:08:48,850 We'll get an IP address and they'll be able to use that network. 106 00:08:48,860 --> 00:08:55,060 Now the last thing that we need to do is start apache which is the web server that has the fake log 107 00:08:55,060 --> 00:08:56,140 in page. 108 00:08:56,240 --> 00:09:06,500 So we usually start apache by doing service Apache to start and that starts Apache for us. 109 00:09:06,500 --> 00:09:11,620 Now let's go to a Windows machine and test this network and see if it actually works. 110 00:09:12,670 --> 00:09:14,140 Now I'm going to go on Wi-Fi. 111 00:09:16,090 --> 00:09:21,010 And as you can see we have two royal Wi-Fi networks we have the original one right here. 112 00:09:21,250 --> 00:09:25,720 And we have the fake one now and proper attack scenario. 113 00:09:25,720 --> 00:09:31,360 You should be running the authentication attack against this network so that nobody can connect to it. 114 00:09:31,480 --> 00:09:35,410 And even the people connected to it will lose their connection. 115 00:09:35,410 --> 00:09:41,170 So once that happens they're going to look for Wi-Fi networks and they're going to see a network called 116 00:09:41,170 --> 00:09:46,550 Royal Wi-Fi version too and they'll just think this is an updated version of their network. 117 00:09:46,810 --> 00:09:48,760 They're going to try to connect. 118 00:09:49,610 --> 00:09:54,490 And usually when they connect they get an automatically they get a log in screen that looks similar 119 00:09:54,490 --> 00:09:55,980 to what they usually do. 120 00:09:56,260 --> 00:09:58,930 Now this is not going to happen right now and I will tell you why. 121 00:09:58,950 --> 00:10:01,310 And I'm going to fix that in the future lectures. 122 00:10:01,630 --> 00:10:08,900 But for now we're just going to connect to make sure that we can connect to this network and once we 123 00:10:08,900 --> 00:10:11,900 connect I'm going to go and open my web browser 124 00:10:15,460 --> 00:10:16,880 and just go to any web page. 125 00:10:16,880 --> 00:10:20,990 So I'm going to go to being dot com. 126 00:10:21,080 --> 00:10:28,850 Now once we do that as you can see we automatically got redirected to the logon page that looks exactly 127 00:10:29,000 --> 00:10:30,100 like the logon page. 128 00:10:30,110 --> 00:10:38,330 Our target users and they can just click English click on logon and then put their information and submit 129 00:10:38,330 --> 00:10:39,730 it. 130 00:10:39,920 --> 00:10:46,850 Now ideally we'd like this to be automatically displayed to the users as soon as they connect because 131 00:10:47,090 --> 00:10:53,900 that's the default or the usual behavior of captive portals when you connect to it on an iPhone or on 132 00:10:53,900 --> 00:10:56,180 a smartphone or even on a computer. 133 00:10:56,180 --> 00:10:59,870 The logon page automatically gets displayed to you. 134 00:10:59,870 --> 00:11:05,450 And we want our users to get the exact same experience so they don't get suspicious. 135 00:11:05,450 --> 00:11:07,060 So what we've done so far is really good. 136 00:11:07,060 --> 00:11:13,640 Now if you try to go to any Web site in here it's redirecting you to the log in page but the logon page 137 00:11:13,640 --> 00:11:16,360 is not being displayed automatically. 138 00:11:16,370 --> 00:11:23,270 Another issue if you try to go to a web page that uses hate as ts like Facebook for example the browser 139 00:11:23,270 --> 00:11:29,960 will refuse to load it because it knows that this website uses Hastey CPS and you're not access and 140 00:11:29,960 --> 00:11:31,520 it's used in Hastey CPS. 141 00:11:31,520 --> 00:11:33,310 So it's showing an error. 142 00:11:33,830 --> 00:11:36,980 That's another problem that might make people suspicious. 143 00:11:37,130 --> 00:11:41,850 So we're going to address both of these issues later on in future lectures. 144 00:11:42,050 --> 00:11:50,870 But for now as you can see we have a working network that has a name people can connect to it and anytime 145 00:11:50,900 --> 00:11:56,360 they try to go to any Web site they'll be redirected to the logon page right here. 15514