Posts

wifi-pumkin create a wrog access point

Image
Now that we’ve learnt about social engineering , let’s put our new knowledge to work. In this tutorial, we’ll create a phishing page that’ll be served from a rogue Wi-Fi access point. If a victim then enters their details in this page, they will be delivered directly to you. We’re going to be using WiFi-Pumpkin and Kali (You can also use ParrotSec or even plain Ubuntu). We’ll also need an external Wi-Fi adapter. Why is that? Say you’re trying to set up this phishing page in a McDonald’s or a Starbucks. Your laptop’s internal network controller will be connected to McDonald’s Wi-Fi and your external Wi-Fi adapter will be turned into a rogue access point. The external adapter will be our man in the middle and will actually serve the phishing page into which our victim’s can then enter their details. (I strongly recommend the WN722N . It’s small and powerful, practically tailor-made for hacking and it supports every kind of WiFi attack that we’ll learn about in the next...

Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher

Image
Do you need to get a Wi-Fi password but don't have the time to  crack it ? In previous tutorials, I have shown how to crack  WEP ,  WPA2 , and  WPS , but some people have complained that cracking WPA2 takes too long and that not all access points have WPS enabled (even though quite a few do). To help out in these situations, I present to you an almost surefire way to get a Wi-Fi password without cracking— Wifiphisher . Steps in the Wifiphisher Strategy The idea here is to create an  evil twin AP , then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing. Brilliant! To sum up, Wifiphisher takes the following steps: De-authenticate the user from their legiti...