Kali 2016-03-13
From charlesreid1
CTF book notes
some tools for wifi:
- iwtools
- aircrack suite
- hostapd
- wireshark
- dnschef
- crunch
if your wifi adapter is compatible with injection drivers, you should be ok. airmon-ng start interface should go smoothly if you are compatible with injection drivers.
can create a wep network and fake traffic, with airbase, python, and iptables.
wep network setup
Aircrack suite has a tool called airbase that allows you to create a base station using the airbase utility:
airbase-ng -w <wep-key> -c <channel> -e <name> <interface>
This will create an AP and a network, but it won't handle any input from devices. To make it a functioning ap, i.e., to forward client traffic from wlan0 to eth0, do tihs:
ifconfig at0 up ifconfig at0 10.0.0.1 netmask 255.255.255.0 route add –net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 iptables –P FORWARD ACCEPT iptables –t nat –A POSTROUTING –o wlan0 –j MASQUERADE echo '1' /opt/proc/sys/net/ipv4/ip_foward
Usually you would need to handle DHCP services, but if it is a test/experiment you can manually set IPs on clients/hosts.
On the client, set up the IP address in that range. then run script.
fake traffic generation
Here is how you can continuously create connections and send traffic over a network connection:
import socket
s = socket.socket()
HOST = "192.168.1.10"
PORT = 9000
s.bind((HOST, PORT))
s.listen(5)
while True:
c, addr = s.accept()
print("incoming connection from %s"%(addr))
c.send ("bang")
Socket library gives you the nice convenient socket interaction implementation that's built into linux. Host should be the local network facing address, and not the loopback interface.
Bind creates socket on port X wikth the IP X. Listen then listens on that socket.
Whereas, on the client, the code looks like this:
import socket import time HOST = "192.168.1.10" PORT = 9000 while True: s = socket.socket() s.connect((HOST, PORT)) print s.recv(1024) s.close time.sleep(5)
This script now runs the connect, not the bind, command. This will connect to the remote port. Receive command will receive whatever the server sends to stdout, up to a max of 1024 buffer size. Close closes the connections.