WEBVTT

00:00.930 --> 00:05.280
Hello everyone and welcome to part ten of my land ethical hacking.

00:05.280 --> 00:08.710
In this part we're going to look at creating a fake access point.

00:08.790 --> 00:15.210
So basically we're going to create a fake Wi-Fi router or hotspot that people can connect to and it

00:15.210 --> 00:20.030
will not have any password or Wi-Fi key.

00:20.100 --> 00:25.350
So when someone wants to connect to it they will connect straight to it on the Internet will in fact

00:25.350 --> 00:27.070
work.

00:27.450 --> 00:33.040
So it will look like just a free internet hotspot for them because there'll be no key.

00:33.060 --> 00:36.900
They can just connect to it and use the Internet but it's fake.

00:36.900 --> 00:43.620
So basically we will control all the packets that flow through the devices and through the Wi-Fi hotspots

00:44.700 --> 00:52.950
which enables us to actually capture sensitive packets of information and analyze them and to do this.

00:52.950 --> 00:57.980
We're going to need to download something called Munna to.

00:58.470 --> 01:03.660
It makes the process very simple for us because it will automatically create the new access point and

01:03.660 --> 01:08.970
there's options to start SSL strip file.

01:09.060 --> 01:17.400
And there's some some of it or sometimes it even attempts to bypass H S T S which is commonly used by

01:17.420 --> 01:22.890
g mail and Facebook at Manor uses three main scripts.

01:22.890 --> 01:25.320
So start no or shame.

01:25.350 --> 01:29.780
Basically this will start an access point so devices will be able to detect it.

01:29.790 --> 01:35.100
And when you click on your Wi-Fi on Windows 10 and all the Wi-Fi reads just come up and you can choose

01:35.100 --> 01:36.830
which one you want to connect to.

01:37.200 --> 01:43.260
It will appear the fake one will appear boat when you can activate there'll be no internet access so

01:43.260 --> 01:45.520
there's not much point to that.

01:45.710 --> 01:47.760
We are going to be using that simple.

01:47.760 --> 01:49.530
This one here.

01:49.530 --> 01:54.720
So it's just going to start a normal access point using an interconnection internet connection with

01:54.750 --> 01:56.240
upstream interface.

01:56.490 --> 02:04.380
But there's also another one which is not full on this one will use the extra bypass or it will use

02:04.380 --> 02:11.070
the bypasses for the security and started SSL strip SSL splits and phylum which I'll discuss later in

02:11.070 --> 02:11.490
the video.

02:13.200 --> 02:17.420
So if I go to the next slide these are the commands.

02:17.490 --> 02:25.620
So when you're on Kelly Linux you could type a P T GET UP GET install an M minor tool kit that will

02:25.620 --> 02:34.230
install manner then we need to do some modifications to the conflict files and the last script here

02:35.370 --> 02:43.130
plus command is bash and then this you are L to the not simple or the start that simple one because

02:43.130 --> 02:45.920
that's the one we're going to use in the video.

02:45.920 --> 02:52.220
So I'm just gonna go onto the color Linux machine and once I open that we'll show you how to install

02:52.220 --> 02:56.150
it modify it and actually start this fake access point.

02:56.150 --> 03:01.380
So I thought it was important for you to understand the theory behind how this is actually working.

03:01.400 --> 03:04.260
So say computer 1 in this diagram is your neighbor.

03:04.340 --> 03:09.900
They are searching for Wi-Fi connections and they see this one pop up.

03:09.950 --> 03:13.290
Now this is the fake one we have created as ball.

03:13.400 --> 03:18.950
Basically what we're doing is we're using a wireless card and we'll make it act like a Wi-Fi router

03:20.230 --> 03:25.210
so they will see this router and think oh I'll connect to it because it looks like free internet they

03:25.210 --> 03:30.910
haven't put a K on it so I'll just connect once they can actually the machine will know they've connected

03:30.910 --> 03:31.270
to it.

03:32.170 --> 03:38.200
And if they send a request to Google we'll send the request to the wireless card in this case not a

03:38.200 --> 03:39.610
real Wi-Fi router.

03:39.610 --> 03:45.280
The wireless card will then relay that back onto the hacker machine and the hacker machine will need

03:45.280 --> 03:49.830
to be connected to the Internet through a different means through different means.

03:49.840 --> 03:55.450
So the hacker machine might have two wireless cards one of them's acting as the Wi-Fi router and then

03:55.450 --> 04:03.010
the other one's actually connected to a real Wi-Fi router so that way the the computer or the neighbor

04:03.010 --> 04:08.440
in this case that is connected will still got Wi-Fi connection because once they send the request to

04:08.440 --> 04:15.560
the wireless card that's acting as a Wi-Fi router and they send that sends that gets sent onto the hacker

04:15.560 --> 04:16.390
machine.

04:16.390 --> 04:23.470
The hacker machine will then send that on to the Internet through the all the connection.

04:23.950 --> 04:30.250
So you could have two wireless cards connected to your host machine or your hacker machine or you could

04:30.250 --> 04:39.880
have the wireless card and the wired connection because this you cannot connect to your actual router

04:39.940 --> 04:44.830
through this wireless call that is being used as a way if I reach it because it's just being used.

04:44.830 --> 04:48.610
You can't use it two things at once.

04:48.610 --> 04:55.480
So hopefully this does give it a basic understanding of how it works both in my case I'm using Kelly

04:55.480 --> 04:57.580
Linux on a virtual machine.

04:57.580 --> 05:01.710
So I have my wireless card connected to my host machine.

05:01.750 --> 05:07.240
Now this this wireless kind of got connected right in front of me is going to act like a Wi-Fi router.

05:08.080 --> 05:14.860
I've got an internal wireless card in my actual host machine that runs Windows 10 that gives internet

05:14.860 --> 05:19.140
connection to the Cali Linux virtual machine through a bridge.

05:19.210 --> 05:26.050
Now that is why you may see why connected is because it uses the internal connection from your host

05:26.080 --> 05:28.070
machine.

05:28.160 --> 05:33.010
But if you're on the virtual machine and you have two Wi-Fi card you can use one to connect to an actual

05:33.010 --> 05:36.070
router and then the older one has a Wi-Fi card.

05:36.340 --> 05:41.170
So hopefully that clears it up hopefully it gives you a bit more of an understanding of what we're actually

05:41.170 --> 05:42.110
doing here.

05:42.280 --> 05:45.620
And I will see you on the Kelly Linux machine.

05:45.700 --> 05:51.900
So now that you've opened up Kelly Linux we can actually install the Manitou kit now.

05:52.060 --> 05:57.940
So to do so it's just the same as the first come under shown you in the PowerPoint so it's OK to APC

05:58.330 --> 06:05.200
hyphen gets to install the minor hyphen tool kit when you click and to install it.

06:05.350 --> 06:10.690
So if you click enter now I've already installed it as you can see here it says Manitou here is already

06:10.690 --> 06:12.090
the newest version.

06:12.100 --> 06:17.170
Just give it a second fear because if it's a first time and stolen it we'll take a little or a few seconds

06:17.170 --> 06:20.820
depending on how powerful your machine is or whether you use in virtual machine.

06:20.890 --> 06:24.380
But it shouldn't take no longer than a few minutes.

06:24.910 --> 06:31.210
I can type or you'll know what it's completed installation when a new line pops up like this.

06:31.210 --> 06:38.080
Underneath all the white text then you can type clear which will wipe the terminal clean so you can

06:38.080 --> 06:46.510
start again next we need to open the details of the fake access points in the config file so to do so

06:46.510 --> 06:51.160
we're gonna type belief pad no leave pad is just a simple text.

06:51.270 --> 06:58.630
So we're telling the file to open with this application so we'll do Leif Padgett then forward slash

06:59.200 --> 07:05.540
ATC forward slash mana hyphen toolkit called less forward slash.

07:05.890 --> 07:16.930
It's I can't speak today then do host APD hyphen other then c o an F the comic click enter and it will

07:16.930 --> 07:25.420
open the config so the most important information on this conflict file is the first bit of information

07:25.420 --> 07:34.000
here which I've highlighted the interface is the card that's going to act like the Wi-Fi router it's

07:34.010 --> 07:35.960
going gonna mimic or Wi-Fi reachable.

07:35.980 --> 07:38.520
In this case it's just a wireless card.

07:38.680 --> 07:44.500
So if I go back to the terminal and if I open another terminal and type I don't see a conflict if I

07:44.500 --> 07:46.420
just zoom in a little bit here

07:49.240 --> 07:54.640
as you can see the W line 0 is my wireless card I've got it in managed mode so there's no messing with

07:54.640 --> 08:01.570
that monitor mode anymore because the cash in packets is that is over so make sure it's in managed and

08:01.570 --> 08:08.230
make sure is connected to your virtual machine so as you can see here it says Wi-Fi not connected what

08:08.260 --> 08:13.090
I mean by it's connected to the virtual machine is that you can actually detect networks and the virtual

08:13.090 --> 08:21.610
machine does detect that you've connected the wireless card 88 0 in this case is my wired connection

08:22.290 --> 08:29.740
or as you can see here is as wide connected so ITI hedge zero is my internal host machine's wireless

08:29.740 --> 08:37.130
card which is connected to a real router that is the bridge connection I was talking about so there's

08:37.130 --> 08:45.400
sort of like relays from the fake access point to my E.T. hedge zero which is connected to my host device

08:45.400 --> 08:53.370
which is then connected to my real Wi-Fi router now it can close out of there because if we go back

08:53.370 --> 08:57.330
to the config file you can see it appear the interface interfaces to be land zero.

08:57.330 --> 08:59.040
So this is the call that we want to use.

08:59.100 --> 08:59.900
That's correct.

08:59.910 --> 09:04.050
As you can see from that I w Compaq we can leave the B SSI do the same.

09:04.040 --> 09:05.520
That's just the Mac address.

09:05.520 --> 09:11.990
We can leave the driver the same and the ISIS I.D. or SSI D.

09:12.030 --> 09:13.680
In this case is Internet.

09:13.770 --> 09:19.950
So this is the name of the Wi-Fi connection so if I go to Y and Wi-Fi not connected and select the network

09:20.940 --> 09:30.170
the SSA I.D. is the name search you can see the first one on this less on this list is sky C 9 DDD but

09:30.210 --> 09:34.460
this fake one will just be called Internet and we're going to change it and we'll use channel 6.

09:34.590 --> 09:38.220
So I'm not really going to change anything in this conflict file but it's just important for you to

09:38.220 --> 09:44.440
know this stop in case you need to make changes so you can call this whatever you want but I'm going

09:44.440 --> 09:45.640
to leave it as Internet.

09:45.670 --> 09:56.610
So I'm just gonna close out of that and the next one we can open am let's open the will the conflict

09:56.610 --> 10:05.670
files now so if we do leave Pat them will do forward slash U S are instead of ATC and share then forward

10:05.670 --> 10:08.460
slash again manner hyphen toolkit

10:10.920 --> 10:20.910
run hyphen manner then do start hyphen not hyphen simple dot as page should I click this will click

10:20.910 --> 10:33.900
enter the upstream is the card that is basically the call giving the how can I say this 88 0 is the

10:33.900 --> 10:41.370
card that's giving the hockey machine Internet so for 88 0 or the hockey machine to actually have Internet

10:41.430 --> 10:48.390
access and these have 2 cards like I've explained so 88 0 is my host machines internal wireless card

10:48.390 --> 10:56.340
which is connected to my actual real router the fake router is my wireless card and the wireless card

10:56.340 --> 11:04.440
sends signals to the internal card that sends signals to the real router that sends a signal back this

11:04.440 --> 11:10.320
way it gives internet connection to the person connected to the fake walk access point bought all the

11:10.320 --> 11:14.860
packets flowing through the hacker machine to the Wi-Fi router and embark.

11:14.880 --> 11:20.760
So we're like the middleman between the victim computer connecting to the fake access point and the

11:20.760 --> 11:24.330
real router we're in the middle capture and all the information.

11:24.330 --> 11:31.990
Think of it like that it might make more sense however I'm going to need to change this so I'm going

11:31.990 --> 11:37.050
to keep eating the area the same because that is the breached connection or the wired connected that

11:37.050 --> 11:39.640
I'm using through my virtual machine.

11:39.720 --> 11:46.860
So think of 88 0 as my host machine internal wireless card which is connected to a real Wi-Fi router

11:47.930 --> 11:51.840
P.H. why is the wireless card.

11:51.840 --> 11:53.850
Now it's called W. Lam one here.

11:53.880 --> 12:02.520
So I'm gonna rename it it'll be land zero click file and then click save so I can close out of that.

12:02.520 --> 12:03.040
No.

12:03.210 --> 12:03.620
But you.

12:03.750 --> 12:06.420
Just like I said you just kind of make sure that your extremes correct.

12:06.420 --> 12:11.730
So if you have a second wireless card that might be called Toby line 10.

12:11.770 --> 12:12.880
Toby line two.

12:12.950 --> 12:20.280
You could have as many as you want then you will need to change the upstream in this config file so

12:20.280 --> 12:22.790
I can close out of the click type clear.

12:22.830 --> 12:29.580
Click enter and now we can actually run this fake access point.

12:30.320 --> 12:38.630
So I'm gonna to type bash then I'm gonna do forward slash U S R forward so I share forward slash manner

12:39.220 --> 12:51.410
hyphen tool kit forward slash one hyphen manner both slash start if not even simple dot s page click

12:51.500 --> 13:06.070
enter and it's gonna start to actually begin configuring this fake access point so it's enabled my wireless

13:06.070 --> 13:13.000
card is currently acting as a wireless router or just a Wi-Fi router.

13:13.090 --> 13:22.030
Now if we it's kind of it's finding all devices that connected to my host machines connection so my

13:22.030 --> 13:29.640
host machine like I said is connected to my main Wi-Fi router which is this one here so it's it's just

13:29.640 --> 13:34.100
got all devices that are connected to it but now if I go my separate laptop.

13:34.110 --> 13:39.420
So if we think of this laptop as like a neighbor that's connecting or searching for Wi-Fi routers you

13:39.420 --> 13:42.720
will see that the Internet will pop up.

13:44.160 --> 13:51.920
So I will just show you my MacBook now and we'll see what we've actually done so now that we're on the

13:51.920 --> 13:52.750
MacBook.

13:52.790 --> 13:56.690
Think of this as like the neighbor's computer so the neighbors searching for Wi-Fi spots.

13:56.690 --> 14:01.810
And if you go up to the Wi-Fi connections you can see there's a new one here called Internet.

14:01.970 --> 14:05.450
Now that corresponds to the fake access point that we created.

14:05.450 --> 14:07.270
Remember I didn't change the name.

14:07.580 --> 14:09.080
And if we can actually

14:11.760 --> 14:15.040
so connectivity train it's just trying to connect to it.

14:15.030 --> 14:18.410
Now give it a few seconds.

14:18.420 --> 14:23.010
It's connected as you can see here the network name is exactly the same which is Internet.

14:23.520 --> 14:32.090
So now basically all the pockets are flowing through this device that are flowing through my.

14:32.400 --> 14:38.810
Basically the hacker device then through to my real router back through.

14:39.360 --> 14:45.900
So like I said it's hard to sort of grasp but just think of like the hacker as a middleman.

14:45.930 --> 14:51.050
It's Catrin only information coming from the Klein computer or the victim computer.

14:51.360 --> 14:58.550
And then it's captured all the information coming back from the real router so just approved that the

14:58.550 --> 15:00.120
Internet actually does work.

15:00.120 --> 15:04.400
Ignore OBSS just skip past it and go to the Wi-Fi.

15:04.400 --> 15:09.340
I mean the Web browser they click on Google and you can see the internet works.

15:09.510 --> 15:11.640
So get an internet connection I can.

15:12.760 --> 15:16.160
I can go on any websites I can go on I can log into anything.

15:16.160 --> 15:19.160
It's just like a real Internet connection.

15:19.160 --> 15:22.300
Now this person may be thinking Oh great you've got free internet.

15:22.340 --> 15:24.660
There's no key they must have forgotten a keyboard.

15:24.680 --> 15:31.520
Obviously they haven't realized that they've just connected to a honeypot which is a fake or like a

15:32.300 --> 15:33.480
think of it like a trap.

15:33.560 --> 15:42.410
Basically so if now this client or this neighbor goes and logs into PayPal we can do some attacks on

15:42.410 --> 15:45.820
the find out the log in information.

15:45.820 --> 15:49.430
We can do loads and loads of things.

15:49.590 --> 15:56.340
This will be explained later in the course once we go on to poisoning an actual client attacks post

15:56.340 --> 15:59.360
connection book.

15:59.510 --> 16:05.180
Hopefully this video did help maybe you learn something from it if it didn't explain it very well please

16:05.240 --> 16:06.040
leave it.

16:06.140 --> 16:11.650
Leave a comment and I'll try and explain it better or show articles that explain it better.

16:12.410 --> 16:14.510
So that was it really for this video.

16:14.510 --> 16:20.000
If it did help please leave a like comment subscribe to the latest videos and I will see you in the

16:20.000 --> 16:20.720
next video.