Pen Testing 2

Posted on February 1, 2015

Tags: hacksoft

1 hostapd - Create AP

hostapd can create an accesspoint for other PCs to connect to

{bash filename=/etc/hostapd/hostapd.conf} interface=wlan0 driver=nl80211 ssid=neighborAP hw_mode=g channel=8 macaddr_acl=0 ignore_broadcast_ssid=0

2 dhcpd/dnsmasq - Assigning/Getting IPs

dnsmasq is smaller/easier to use than dhcpd

DHCP CLIENT                         DHCP SERVER                    
PC                                      ROUTER
  
----DHCP DISCOVER(Got IPs?) --------->>>>>>
<<<<<<-----DHCP OFFER(U like this IP?)-----
----DHCP REQUEST(I want this IP)----->>>>>>
<<<<<-DHCP ACK(U r now known by this IP)---

2.1 dhcpd

Client service that gets IP from dhcp server
The router’s leases it gives out are stored in /var/lib/dhcp/dhcpd.leases

2.2 dnsmasq

#Set the wifi interface
interface=wlan0mon

# Start,Stop,Mask,Lease
dhcp-range=10.0.0.32,10.0.0.248,255.255.255.0,2h

#Set the gateway IP address
dhcp-option=3,10.0.0.1

#Set DNS server address
dhcp-option=6,10.0.0.1

#Set Server
server=8.8.8.8

#logs
log-queries
log-dhcp

#Redirect all requests to 10.0.0.1
address=/#/10.0.0.1

3 IPTABLES

iptables --flush
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE #tells us 
iptables --append FORWARD --in-interface wlan0mon -j ACCEPT 
iptables -t nat -A POSTROUTING -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

4 local DNS resolver

interface=wlan0 is optional but it lets us choose which IP address our DNS server sits on. (especially if we have multiple NIC)

```{bash filename=“/etc/dnsmasq.conf”} #what this actually does is let you choose IP addr of DNS/DHCP server interface=wlan0

domain-needed bogus-priv no-resolv

#use Google DNS for upstream DNS server=8.8.8.8

cache-size=1000

#for logging log-dhcp log-queries log-facility=/tmp/dnsmasq.log


`/etc/init.d/dnsmasq restart`  

`cat /tmp/dnsmasq.log`

# Captive portal

* DNS server is used to resolve all host name to the same IP
* below forces any host to wildcard #, to localhost 127.0.0.1

```{bash filename="/etc/dnsmasq.conf"}
address=/#/127.0.0.1

sudo nano /etc/hosts
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1               raspberrypi
192.168.1.234           portal.net  <-- ADD THIS LINE

4.1 Starting hostapd

sudo hostapd -d /etc/hostapd/hostapd.conf

sudo systemctl restart dnsmasq