RaspberryPi/Access Point: Difference between revisions

From charlesreid1

No edit summary
No edit summary
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<!--
Date: March 2016


The steps for configuring the Raspberry Pi as a wireless access point are:
=Configure RPi As Wireless Access Point=


Log in to the Raspberry Pi either directly or remotely.
these instructions will walk you through setting up raspberry pi as wireless access point.
Use the apt-get install command to install the software packages hostapd, udhcpd, and iw.
pi@raspberrypi ~ $ sudo apt-get install -y hostapd udhcpd iw
Reading package lists... Done
Building dependency tree     
Reading state information... Done


The following extra packages will be installed:
==Installation==
  crda wireless-regdb
The following NEW packages will be installed:
  crda hostapd iw udhcpd wireless-regdb
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/509 kB of archives.
After this operation, 1,188 kB of additional disk space will be used.
Selecting previously unselected package wireless-regdb.
(Reading database ... 88434 files and directories currently installed.)
Unpacking wireless-regdb (from .../wireless-regdb_2014.10.07-1~deb7u1_all.deb) ...
Selecting previously unselected package crda.
Unpacking crda (from .../crda_1.1.2-1_armhf.deb) ...
Selecting previously unselected package hostapd.
Unpacking hostapd (from .../hostapd_1%3a1.0-3+deb7u2_armhf.deb) ...
Selecting previously unselected package iw.
Unpacking iw (from .../archives/iw_3.4-1_armhf.deb) ...
Selecting previously unselected package udhcpd.
Unpacking udhcpd (from .../udhcpd_1%3a1.20.0-7_armhf.deb) ...
Processing triggers for man-db ...
Setting up wireless-regdb (2014.10.07-1~deb7u1) ...
Setting up crda (1.1.2-1) ...
Setting up hostapd (1:1.0-3+deb7u2) ...
Setting up iw (3.4-1) ...
Setting up udhcpd (1:1.20.0-7) ...
udhcpd: Disabled. Edit /etc/default/udhcpd to enable it.


pi@raspberrypi ~ $
start by connecting to your pi via ssh. Install some software needed to turn the RPi into a router:
The apt-get install command downloads and installs the software packages hostapd, udhcpd, and iw.
Check the wireless USB adapter.
Note
Check your wireless USB adapter for AP mode with this command:


sudo iw list | grep '* AP'
<pre>
$ apt-get install -y hostapd udhcpd iw
</pre>


If no lines are returned, the wireless adapter does not have AP mode.
Now pick out a wireless USB adapter that can act as an access point.  


Use the iw list command (filtered with grep) to see if the wireless adapter supports Access Point (AP) mode.
<pre>
pi@raspberrypi ~ $ sudo iw list | grep '^[[:blank:]]*\* A'
$ iw list | grep "* AP"
* AP
</pre>
* AP/VLAN
* AP/VLAN
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
pi@raspberrypi ~ $
Display the nameserver address.
Use the cat command to display the nameserver address stored in /etc/resolve.conf.
pi@raspberrypi ~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.2.1


pi@raspberrypi ~ $
(If no results, try a different wireless card.)
The DNS nameserver used by the Raspberry Pi is 192.168.2.1.


Configure the udhcpd server.
==Setting Up DHCP==
Use the vi editor to edit the udhcpd configuration file /etc/udhcpd.conf.
 
pi@raspberrypi ~ $ sudo vi /etc/udhcpd.conf
View the name server (DNS) address stored in <code>/etc/resolve.conf</code>
The vi editor displays the contents of the configuration file. Instructions for using the editor can be found in the vi manpages (see the recipe Reading the built-in documentation in Chapter 2,Administration).
 
Now let's configure the DHCP server, which is responsible for handing out leases.
 
Edit <code>/etc/udhcpd.conf</code>, use sample file below:
 
<pre>
# Sample udhcpd configuration file (/etc/udhcpd.conf)
# Sample udhcpd configuration file (/etc/udhcpd.conf)


# The start and end of the IP lease block
# The start and end of the IP lease block
start          192.168.0.20    #default: 192.168.0.20
start          192.168.0.20    #default: 192.168.0.20
end            192.168.0.254  #default: 192.168.0.254
end            192.168.0.254  #default: 192.168.0.254


# The interface that udhcpd will use
# The interface that udhcpd will use
interface      eth0            #default: eth0
interface      eth0            #default: eth0


"/etc/udhcpd.conf" 123 lines, 3054 characters
# Settings
Change the network interface used by udhcpd by changing the line beginning with interface to read interface wlan0.
# The interface that udhcpd will use
 
interface      wlan0
Change the example configuration of udhcpd by changing the section beginning with #Examples at the bottom of the file. Replace the example DNS address with the nameserver address used by your Raspberry Pi (192.168.2.1, from Step 5).
#Examples
opt    dns    192.168.2.1
opt    dns    192.168.2.1
option  subnet  255.255.255.0
option  subnet  255.255.255.0
Line 93: Line 45:
option  domain  local
option  domain  local
option  lease  864000
option  lease  864000
Save the file and exit the editor (:wq).
</pre>
Enable the udhcpd server.
 
pi@raspberrypi ~ $ sudo vi /etc/default/udhcpd
This assumes that the resolve.conf file contained <code>192.168.2.1</code>.
Use the vi editor to edit the udhcpd configuration file, /etc/default/udhcpd.
 
The vi editor displays the contents of the configuration file.
Now edit one more file: <code>/etc/default/udhcpd</code>
 
<pre>
# Comment the following line to enable
# Comment the following line to enable
DHCPD_ENABLED="no"
DHCPD_ENABLED="no"
Line 107: Line 61:


DHCPD_OPTS="-S"
DHCPD_OPTS="-S"
~                                                                                                                     
</pre>
~                                                                                                                     
 
"/etc/default/udhcpd" 9 lines, 164 characters
Now you're ready to enable DHCP server, simply by commenting out <code>DHCPD_ENABLED="no"</code>
Enable the udhcpd server by commenting out the line DHCP_ENABLED="no". To comment out the line, place a # at the beginning of the line.
 
# Comment the following line to enable
Change it to <code>#DHCPD_ENABLED="no"</code> and you'll be ready to go.
#DHCPD_ENABLED="no"
 
Save the file and exit the editor (:wq).
==Setting Up Hostapd==
Configure the hostapd server. Use the vi editor to create a new hostapd configuration file, /etc/hostapd/hostapd.conf.
 
pi@raspberrypi ~ $ sudo vi /etc/hostapd/hostapd.conf
Configure the hostapd server by editing the file <code>/etc/hostapd/hostapd.conf</code> and adding the following contents:
The vi editor displays the empty configuration file.
 
Add the following parameters to the hostapd configuration file:
<pre>
interface=wlan0
interface=wlan0
ssid=Raspi_AP
ssid=CIA_Surveillance_Van
wpa_passphrase=Pr0t3ct3d
wpa_passphrase=ITSASECRET
driver=nl80211
driver=nl80211
hw_mode=g
hw_mode=g
Line 131: Line 85:
wpa_pairwise=TKIP
wpa_pairwise=TKIP
rsn_pairwise=CCMP
rsn_pairwise=CCMP
Save the file and exit the editor (:wq).
</pre>
Enable the hostapd server. Use the vi editor to enable the hostapd service by editing the service default file (/etc/default/hostapd).
 
pi@raspberrypi ~ $ sudo vi /etc/default/hostapd
Now enable the hostapd service by creating a default file in <code>/etc/default/hostapd</code>
The vi editor displays the contents of the configuration file.
 
# Defaults for hostapd initscript
<pre>
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file and hostapd will be started during system boot. An example configuration
Line 168: Line 118:
# See sysctl.conf (5) for information.
# See sysctl.conf (5) for information.
#
#
</pre>
==Enable IPv4 Packet Forwarding==
To serve as a router that forwards traffic from a wireless network to a wired network connection, the Pi must be able to forward IPv4.
Edit the kernel parameters file <code>/etc/sysctl.conf</code>


"/etc/sysctl.conf" 64 lines, 2137 characters
The vi editor opens the kernel parameters file (/etc/sysctl.conf).
Uncomment the line beginning with net.ipv4.ip_forward by removing the # from the beginning of the line.
Uncomment the line beginning with net.ipv4.ip_forward by removing the # from the beginning of the line.
<pre>
# Uncomment the next line to enable packet forwarding for IPv4
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
net.ipv4.ip_forward=1
Save the file and exit the editor (:wq).
</pre>
Enable IP forwarding. Enable post forwarding by using the echo command to set the kernel parameter /proc/sys/net/ipv4/ip_forward to the value "1".
 
pi@raspberrypi ~ $ sudo bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward'
Enable post forwarding by using echo command to set kernel parameter <code>/proc/sys/net/ipv4/ip_forward</code> to 1:
pi@raspberrypi ~ $
 
Use the iptables command to set up IP forwarding rules for network address translation and port forwarding.
<pre>
pi@raspberrypi ~ $ sudo iptables -t nat -A POSTROUTING –o eth0 –j MASQUERADE
$ bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward'
</pre>
 
Now set up IP forwarding rules for postrouting, network address translation, and forwarding:
 
<pre>
$ iptables -t nat -A POSTROUTING –o eth0 –j MASQUERADE
$ iptables -A FORWARD –i eth0 –o wlan0 -m state --state RELATED,ESTABLISHED –j ACCEPT
$ iptables -A FORWARD –i wlan0 –o eth0 –j ACCEPT
</pre>
 
Next, we can save these iptables settings in a file for IPv4 NAT, and put that in the appropriate place for the system to use it next time it boots:


pi@raspberrypi ~ $ sudo iptables -A FORWARD –i eth0 –o wlan0 -m state --state RELATED,ESTABLISHED –j ACCEPT
<pre>
$ iptables-save > iptables.ipv4.nat
$ mv iptables.ipv4.nat /etc
$ chown root:root /etc/iptables.ipv4.nat
</pre>


pi@raspberrypi ~ $ sudo iptables -A FORWARD –i wlan0 –o eth0 –j ACCEPT
==Set IP==
Save the iptables configuration (iptables-save) and move the output file (iptables.ipv4.net) to the /etc configuration directory for use during system boot.
pi@raspberrypi ~ $ sudo iptables-save > iptables.ipv4.nat
pi@raspberrypi ~ $ sudo mv iptables.ipv4.nat /etc


pi@raspberrypi ~ $ sudo chown root:root /etc/iptables.ipv4.nat
Now use ifconfig to give the wireless device the IP address specified above:


pi@raspberrypi ~ $ ls -l /etc/iptables.ipv4.nat
<pre>
-rw-r--r-- 1 root root 566 Aug 13 19:30 /etc/iptables.ipv4.nat
$ ifconfig wlan0 192.168.0.1
</pre>


pi@raspberrypi ~ $
Configure the network interface configuration so that these changes will be permanent. Edit <code>/etc/network/interfaces</code>:
Give the wireless interface a static IP address. Use the ifconfig command to give the wireless network interface (wlan0) a static IP address (192.169.0.1).
pi@raspberrypi ~ $ sudo ifconfig wlan0 192.168.0.1


pi@raspberrypi ~ $
<pre>
Configure the network interface boot parameters. Use the vi editor to edit the network interface configuration file (/etc/network/interfaces).
pi@raspberrypi ~ $ sudo vi /etc/network/interfaces
The vi editor opens the network interface configuration file (/etc/network/interfaces).
Change the file so that it only contains the following:
auto lo
auto lo
iface lo inet loopback
iface lo inet loopback
Line 215: Line 179:


up iptables-restore < /etc/iptables.ipv4.nat
up iptables-restore < /etc/iptables.ipv4.nat
Save the file and exit the editor (:wq).
</pre>
Enable the wireless access point. Use the update-rc.d command to enable the hostapd and udhcpd services.
 
pi@raspberrypi ~ $ sudo update-rc.d hostapd enable
==Enable AP==
update-rc.d: using dependency based boot sequencing
 
Now you are ready to enable the AP. Use the update-rc command to enable hostapd and udhcpd services:
 
<pre>
$ update-rc.d hostapd enable
$ update-rc.d udhcp enable
</pre>


pi@raspberrypi ~ $ sudo update-rc.d udhcpd enable
One last thing is to disable WPA supplicant - since you don't want to be connecting to wireless networks while you're acting as a hot spot! Move the services definition file for WPA supplicant, which is in <code>/usr/share/dbus-1/system-services</code>, to a temporary location.
update-rc.d: using dependency based boot sequencing


pi@raspberrypi ~ $
==Last Step: Reboot==
The Raspberry Pi is now configured to start the hostapd and udhcpd services during system boot.
Disable wpa_supplicant. Use the mv command to move the service definition file for WPA Supplicant (fi.epitest.hostap.WPASupplicant.service) out of the services directory (/usr/share/dbus-1/system-services).
pi@raspberrypi ~ $ mv /usr/share/dbus-1/system-services/ fi.epitest.hostap.WPASupplicant.service ~/


pi@raspberrypi ~ $
Now, upon rebooting, your Raspberry Pi should be acting as a wireless hot spot with the details set in the hostapd configuration file.
Reboot: Reboot the system and the Raspberry Pi is a wireless access point! Look for the Raspi_AP network SSID and connect using the password (Pr0t3ct3d) that was defined in the hostapd configuration file (/etc/hostapd/hostapd.conf).


-->


=Flags=


{{KaliFlag}}


{{WirelessFlag}}


==How It Works==
{{PiFlag}}


<!--
<!--

Latest revision as of 05:08, 19 August 2020

Date: March 2016

Configure RPi As Wireless Access Point

these instructions will walk you through setting up raspberry pi as wireless access point.

Installation

start by connecting to your pi via ssh. Install some software needed to turn the RPi into a router: 

$ apt-get install -y hostapd udhcpd iw

Now pick out a wireless USB adapter that can act as an access point. 

$ iw list | grep "* AP"

(If no results, try a different wireless card.)

Setting Up DHCP

View the name server (DNS) address stored in /etc/resolve.conf

Now let's configure the DHCP server, which is responsible for handing out leases.

Edit /etc/udhcpd.conf, use sample file below: 

# Sample udhcpd configuration file (/etc/udhcpd.conf)

# The start and end of the IP lease block
start           192.168.0.20    #default: 192.168.0.20
end             192.168.0.254   #default: 192.168.0.254

# The interface that udhcpd will use
interface       eth0            #default: eth0

# Settings
opt     dns     192.168.2.1
option  subnet  255.255.255.0
opt     router  192.168.0.1
option  domain  local
option  lease   864000

This assumes that the resolve.conf file contained 192.168.2.1.

Now edit one more file: /etc/default/udhcpd 

# Comment the following line to enable
DHCPD_ENABLED="no"

# Options to pass to busybox' udhcpd.
#
# -S    Log to syslog
# -f    run in foreground

DHCPD_OPTS="-S"

Now you're ready to enable DHCP server, simply by commenting out DHCPD_ENABLED="no"

Change it to #DHCPD_ENABLED="no" and you'll be ready to go.

Setting Up Hostapd

Configure the hostapd server by editing the file /etc/hostapd/hostapd.conf and adding the following contents: 

interface=wlan0
ssid=CIA_Surveillance_Van
wpa_passphrase=ITSASECRET
driver=nl80211
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Now enable the hostapd service by creating a default file in /etc/default/hostapd 

# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
#DAEMON_CONF=""

# Additional daemon options to be appended to hostapd command:-
#       -d   show more debug messages (-dd for even more)
#       -K   include key data in debug messages
#       -t   include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""
~                                                                                                                       
"/etc/default/hostapd" 20 lines, 770 characters
Replace the line beginning with #DAEMON_CONF with the line DAEMON_CONF="/etc/hostapd/hostapd.conf".
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Save the file and exit the editor (:wq).
Configure IP forwarding. Use the vi editor to enable IP forwarding by editing the kernel parameters file, /etc/sysctl.conf.
pi@raspberrypi ~ $ sudo vi /etc/sysctl.conf
The vi editor displays the contents of the configuration file.
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additonal system variables
# See sysctl.conf (5) for information.
#

Enable IPv4 Packet Forwarding

To serve as a router that forwards traffic from a wireless network to a wired network connection, the Pi must be able to forward IPv4.

Edit the kernel parameters file /etc/sysctl.conf

Uncomment the line beginning with net.ipv4.ip_forward by removing the # from the beginning of the line. 

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Enable post forwarding by using echo command to set kernel parameter /proc/sys/net/ipv4/ip_forward to 1: 

$ bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward'

Now set up IP forwarding rules for postrouting, network address translation, and forwarding: 

$ iptables -t nat -A POSTROUTING –o eth0 –j MASQUERADE
$ iptables -A FORWARD –i eth0 –o wlan0 -m state --state RELATED,ESTABLISHED –j ACCEPT
$ iptables -A FORWARD –i wlan0 –o eth0 –j ACCEPT

Next, we can save these iptables settings in a file for IPv4 NAT, and put that in the appropriate place for the system to use it next time it boots: 

$ iptables-save > iptables.ipv4.nat
$ mv iptables.ipv4.nat /etc
$ chown root:root /etc/iptables.ipv4.nat

Set IP

Now use ifconfig to give the wireless device the IP address specified above: 

$ ifconfig wlan0 192.168.0.1

Configure the network interface configuration so that these changes will be permanent. Edit /etc/network/interfaces: 

auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet manual

auto wlan0
iface wlan0 inet static
    address 192.68.0.1
    netmask 255.255.255.0

up iptables-restore < /etc/iptables.ipv4.nat

Enable AP

Now you are ready to enable the AP. Use the update-rc command to enable hostapd and udhcpd services: 

$ update-rc.d hostapd enable
$ update-rc.d udhcp enable

One last thing is to disable WPA supplicant - since you don't want to be connecting to wireless networks while you're acting as a hot spot! Move the services definition file for WPA supplicant, which is in /usr/share/dbus-1/system-services, to a temporary location.

Last Step: Reboot

Now, upon rebooting, your Raspberry Pi should be acting as a wireless hot spot with the details set in the hostapd configuration file.


Flags


Defcon.png
Kali Linux
"The quieter you become, the more you are able to hear."

Penetration testing Linux distribution.


Kali  · Category:Kali

Kali/Wireless Reboot


Kali Software:

Kali Tools

Kali Top 10

Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework

Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · Commix

Dirbuster  · Valgrind


Attack Workflow:

Kali/Workflow

1 Physical Attacks: Kali/Layer 1 Attacks

2 Data/MAC Attacks: Kali/Layer 2 Attacks

3 Network Attacks: Kali/Layer 3 Attacks

4 Transport Attacks: Kali/Layer 4 Attacks

5 Session Attacks: Kali/Layer 5 Attacks

6 Presentation Attacks: Kali/Layer 6 Attacks

7 Application Attacks: Kali/Layer 7 Attacks


Red Team Blue Team

Metasploitable - Red Team

Metasploitable - Blue Team


Networking:

Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA

Kali/IPv6


Booting:

Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB


Installing:

Kali/Installing  · Kali/Post Install  · Kali/Fixes


Kali on Raspberry Pi:

Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install


Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle  · Category:Evil Twin

Flags  · Template:KaliFlag  · e






Defcon.png
Wireless
all things wireless.

Wireless  · Category:Wireless


Software:

Scapy


Flags  · Template:WirelessFlag  · e





KaliPi.jpg
Raspberry Pi
a tiny tool for performing extraordinary acts beyond good and evil - with an ARM processor.


RaspberryPi  · Category:Raspberry Pi

RaspberryPi/Installing  · RaspberryPi/First Steps  · RaspberryPi/Hello World


Basic Pi Information and Operations:

Organization/Layout of SD Card: Kali Raspberry Pi/SD Card  ·

Disable IPV6 on the Raspberry Pi: Disable IPv6 Pi


Kali Linux on Raspberry Pi:

Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Post-Install

Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Headless Walkthrough

Kali Raspberry Pi/Startup Services  · Kali Raspberry Pi/SSH  · Kali Raspberry Pi/Tcpdump


Debian Raspberry Pi:

RaspberryPi/Headless  · RaspberryPi/First Steps

RaspberryPi/SSH Stunnel  · RaspberryPi/Reverse SSH  · RaspberryPi/Reverse SSH Stunnel

RaspberryPi/Web Server

RaspberryPi3


Raspberry Pi Circuits:

RaspberryPi/Morse Code  · RaspberryPi/IoT Morse Code Keyer  · RaspberryPi/Blink

RaspberryPi/LCD Display  · RaspberryPi/Digital Modes


Raspberry Pi Timelapse Photos:

RaspberryPi/Timelapse  · RaspberryPi/Timelapse2  · RaspberryPi/Timelapse3

RaspberryPi/Weatherproof Camera Case

RaspberryPi/USB Camera  · RaspberryPi/Timelapse4



Category:Raspberry Pi  · Category:Networking  · Category:Images

Flags  · Template:PiFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=RaspberryPi/Access_Point&oldid=28516"