Sunday, October 16, 2016

WI-FI PT / 2 - ATTACKS AGAINST INFRASTRUCTURE / 2.9 - Automating the creation of a honeypot

2.9 - Automating the creation of a honeypot

- Gerix Wifi Cracker is a software tool designed to automate attacks against Wi-Fi networks. Due to the fact that a Graphical User Guide (GUI) is available, the easiness of use is improved in comparison with command shell:

- For starting Gerix from the "kali" command shell:

- Gerix is launched:

- On the Configuration tab, and selecting wlan0 interface, clicking Enable/Disable Monitor Mode puts wlan0 in promiscuous/monitoring mode:

- The virtual interface mon0 is created. To change the MAC address, so that it cannot be recognized, Set random MAC address tab is clicked:

- Now, both mon0 and wlan0 have changed their MAC address numbers. It is important to write down the MAC address 58:6D:BC:54:58:C9, because it will be the MAC associated to the fake AP "honeypot":

Clicking the tab Fake AP, the honeypot is created without any authentication. Of course, in a real environmente, an attacker would use a less suspicious network name like "honeypot":

- Gerix announces the creation of the honeypot. Actually, it can be checked that the real command shell is airbase-ng, working behind the Gerix GUI:

- Now, "kali" detects its owned created fake AP, wich ESSID is "honeypot", and MAC address 58:6D:BC:54:58:C9. So far, no client is associated to "honeypot":

- From "roch", Vistumbler detects "honeypot" with all its features:

- Now, it is time to connect the victim "roch" to the network:

- The association is succesful:

- Gerix announces that a client with MAC 28:C6:86:63:15:6B ("roch"s MAC address) has associated to the network whose ESSID is "honeypot":

- Also, airodump-ng detects "roch" connected to "honeypot":

- So, the deception to the victim has been a success. The same attack could have been done using another AP's legitimate name.