Mar 27, 2012

[Tutorial] The Way I USED To Get Hotspot User Credentials Using Wireless Router!!

Well, This is a tutorial/article I wrote about a year ago for hackcommunity.com, and thought of sharing it here too,Please bear with it until my new Tutorials come...

Its really basic way ( Before I learnt proper methods).  My Tutorial on Phishing Page is better than this. Also, problems , i had faced, written here have been already solved.So here it comes:

*********************
Half of the credit goes to enc0de for his tutorial of mass destruction using mdk3... it helped me a lot to save time.. other wise i had to keep on waiting or deauth clients one by one.

This May be simple and most of you may have done it with better ways.
But my hotspot has client isolation and i am unable to sniff anything using ettercap and other tools. If anyone knows how to do it please share.

My method:
**connect to hotspot and save the login page using "save complete" addon of firefox. it works better than the default save option.

**save the page in localhost.

**Set essid of the ap same as that of hotspot. and connect to the machine. I dont prefer airbase-ng because i have seen that i am never able to connect to fake ap by airbase using linux machine. not sure why.

**start redirecting all request to the ap to the localhost of the machine.
I used <dnsspoof -i wlan0> or dns_spoof plugin of ettercap.

**start mdk3 to disconnect all the clients connected to the real hotspot. Many clients will surely connect to my AP.

I have connected a 10 dbi omnidirectional antenna to my AP. I got it for free...lucky me.

start sniffing tools, i prefer ettercap. No need of MITM, just normal sniffing is enough for me.

Now whoever connects to the AP will be redirected to my localhost with hotspot login page no matter what they request, like the real hostpot.
But the thing is, i dont have internet connection so to make it look less suspicious what i have done is, after they hit login button... they will again be redirected to the same login page with blank username and password field. in this way i gathered a lot of username and passwords..

I have only one problem here.. the dns spoofing is not stable... sometimes it works..sometimes it doesnt..... if anyone has solution to this.. please share.

Also please tell me if there are other better ways.. or anything i can do to make it more accurate.

**********************************

END

The  problem of dnsspoofing written here has been already solved. Check my dnsspoofing tutorial.
If you want to try this method and have any queries please feel free to ask.

Also, better ideas are always welcomed, my current strategies are phishing page or using ettercap directly in the hotspot itself.

P.S, combine this method with  php script from my Phishing Page Tutorial in your localhost for easier gain.

No comments:

Post a Comment