Security Weekly
Content

Quick and Easy AP – Driftnet Style

What is the difference between a hacker and a system administrator? Permission! What is the difference between a hacking tool and a system administration tool? In my opinion… PERMISSION! Some of the best hacking tools were written by Microsoft and come preinstalled on your OS. Conversely “Hacking tools” are not limited to nefarious activities. I often find I use “hacking” tools to deliver traditional IT services. For example, what do you do if you need to quickly setup a wireless network but don’t have an extra AP lying around? One quick solution is to use a bootable backtrack3 CD to turn an old laptop into an AP. Here is how.

First we load the “tun” kernel module so that airbase-ng can create tap interfaces.

#modprobe tun

Next we run Airbase-NG

#airbase-ng -c 9 -e “defconAP” -v rausb0

-c tells airbase what channel to use
-e lets you define the name of your BSID
-v says to be verbose
and rausb0 is our wireless interface

You’ll see that this creates a TAP interface called at0. One nice thing about this interface is that the wireless frames are already removed from the packets. All your favorite sniffers that don’t understand wireless frames (dsniff, ngrep, etc) will work GREAT with this interface.

QuickandEasyAP1.jpg

View image

Open up a second terminal window and lets configure that tap interface. First take a look at the dhcpd configuration file to see what IP addresses your handing out and assign one of those addresses to your tap interface. For example…

ifconfig at0 up 10.50.40.1 netmask 255.255.255.0


QuickandEasyAP1.jpg

View image

Then we erase the dhcpd.leases file. This file stores all the DHCP leases that the server has assigned. Erasing the file lets us start with a clean slate.

#echo > /var/state/dhcp/dhcpd.leases

And start your DHCP server.

#dhcpd -cf /etc/dhcpd.conf rausb0

Next tell the linux kernel to forward your IP packets..

#echo 1 > /proc/sys/net/ipv4/ip_forward

and configure IPTABLES to NAT the addresses of your wireless clients

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

and thats it! You’ve got a quick and easy AP! And your tap interface makes it easy to use all of your favorite tools to monitor the AP. You can easily go Defcon 2004 style by launching driftnet to monitor all the images that client on your AP access. (This is PaulDotCom after all!)

#driftnet -i at0 &


QuickandEasyAP2.jpg

View image

 

Quick and Easy AP from PaulDotCom on Vimeo.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.