Disclaimer: This video is for educational purposes only, and not intended to encourage the viewer to do cybercrime..as hacking any WiFi which you do not own, or without explicit permission from the owner is absolutely illegal.
In This tutorial, I will show a demonstration on how to use fluxion Script in wifislax 2020. Fluxion is one of the tools that hacker used in this days to exploit wifi replacing or an evolved form of linset or known as "evil-twin", But unlike linset, Fluxion offers numbers of fake login page which use to tricks the client vision to not obviously see the fake version, this simply means that fluxion folder contains HTML files that coded to imitate the original router login page... which you can see some of them within the fluxion "Select Login Page terminal", so stay tuned and watch the video up to the end to see the test result.
REQUIREMENTS:
--the First Step you need to have the latest version of wifiSlax which you can download below:
--Download wifislax 4.12 iso:
--Second, you must have a Wifi Chipset that supports both packet injection and Monitor Mode.
You can see a list of Best USB Wifi Adapter Below
Best USB Wifi Adapter That support Monitor mode and packet injection
========================================================================
TP-Link N150 TL-WN722N Atheros AR9271
https://amzn.to/2z01xkJ
Alfa AWUS036NHA Atheros AR9271
https://amzn.to/2wMI9qS
Alfa AWUS036NH Ralink RT307
https://amzn.to/2wMIbiu
Alfa AWUS1900 Realtek RTL88XX
https://amzn.to/2V9TRoG
Alfa AWUS036ACH RealtekRTL8812AU
https://amzn.to/3b9d4MS
Panda PAU06 Atheros
https://amzn.to/2RKgspY
Panda PAU09 Ralink RT5572
https://amzn.to/2z2O0ZL
ALFA AWUS036NEH Ralink RT307
https://amzn.to/2KblWWm
INSTRUCTIONS OF RUNNING WIFISLAX CORRECTLY 2020
--Reboot Your Machine and select WifiSlax to start, That is If you're using dual OS Mode like what I've done in this tutorial.
--from the console window of WifiSlax options Select the "Txtmode environment" This will fix some common error issues, Which mostly beginners are facing. Probably when selecting other types of environments like "default start-up mode" just like what I've done before, most of them will not work. It may even crash the launching process and will not take you to the Wifi-Slax Windows so you need to be careful. Type the code below to start the WifiSlax correctly
--login as "root" and type "toor" as password then finally start wifislax by typing "startx"
--run fluxion by clicking wifislax startup icon -->wpa-->fluxion
--from the "fluxion select option" select "1.)Crack Wifi" you should see now your WLAN interface card.
-- from the "select an interface" choose your WLAN interface as of mine I have "1)wlan0 Atheros AR9485 ath9k"
--from "select channel" choose "1) All channel" to scan all network around you
-- press "ctrl+c" when ready To stop scanning and select your target. Active clients are indicated with (*)Asterisk
--from the "###Select Attack Option###" choose "1) FakeAp-Hostapd(Recommended)" then press Enter
--from the "handshake check" choose "1)aircrack-ng (Miss chance)"
--from the "Capture Handshake" select "2) Deauth all [mdk3]" then wait till the WPA Handshake is captured.
--from the "Capture Handshake/Status handshake:" select "1) Check handshake"
--and from the "Select Web Interface" choose "1)Web Interface"
--finally from the "Select Login Page" choose the desired login page which you will forward to the client machine. This will allow you to monitor traffic from the fake router login page as for the video you can see there are 2 access point that has the same name one is the original and the other is fake, as you can see we can't connect to the original access point, usually, the client will force to connect to the other one that is fake... once it successfully connected they may try to browse the internet like google.com, then binggo... they will see now the fake Netgear page... notice there is no indication of "HTTPS" :) some of the clients may fall this tricks.... and give their password and if they miss-match they had to type it again until the correct one is being inputted and finally it will be forwarded directly to the fluxion temp folder of a hacking machine, as an example I type the wrong password and nothing will happen and finally when I type the correct password the result will look like below.
REQUIREMENTS:
--the First Step you need to have the latest version of wifiSlax which you can download below:
--Download wifislax 4.12 iso:
--Second, you must have a Wifi Chipset that supports both packet injection and Monitor Mode.
You can see a list of Best USB Wifi Adapter Below
Best USB Wifi Adapter That support Monitor mode and packet injection
========================================================================
TP-Link N150 TL-WN722N Atheros AR9271
https://amzn.to/2z01xkJ
Alfa AWUS036NHA Atheros AR9271
https://amzn.to/2wMI9qS
Alfa AWUS036NH Ralink RT307
https://amzn.to/2wMIbiu
Alfa AWUS1900 Realtek RTL88XX
https://amzn.to/2V9TRoG
Alfa AWUS036ACH RealtekRTL8812AU
https://amzn.to/3b9d4MS
Panda PAU06 Atheros
https://amzn.to/2RKgspY
Panda PAU09 Ralink RT5572
https://amzn.to/2z2O0ZL
ALFA AWUS036NEH Ralink RT307
https://amzn.to/2KblWWm
INSTRUCTIONS OF RUNNING WIFISLAX CORRECTLY 2020
--Reboot Your Machine and select WifiSlax to start, That is If you're using dual OS Mode like what I've done in this tutorial.
--from the console window of WifiSlax options Select the "Txtmode environment" This will fix some common error issues, Which mostly beginners are facing. Probably when selecting other types of environments like "default start-up mode" just like what I've done before, most of them will not work. It may even crash the launching process and will not take you to the Wifi-Slax Windows so you need to be careful. Type the code below to start the WifiSlax correctly
--login as "root" and type "toor" as password then finally start wifislax by typing "startx"
--run fluxion by clicking wifislax startup icon -->wpa-->fluxion
--from the "fluxion select option" select "1.)Crack Wifi" you should see now your WLAN interface card.
-- from the "select an interface" choose your WLAN interface as of mine I have "1)wlan0 Atheros AR9485 ath9k"
--from "select channel" choose "1) All channel" to scan all network around you
-- press "ctrl+c" when ready To stop scanning and select your target. Active clients are indicated with (*)Asterisk
--from the "###Select Attack Option###" choose "1) FakeAp-Hostapd(Recommended)" then press Enter
--from the "handshake check" choose "1)aircrack-ng (Miss chance)"
--from the "Capture Handshake" select "2) Deauth all [mdk3]" then wait till the WPA Handshake is captured.
--from the "Capture Handshake/Status handshake:" select "1) Check handshake"
--and from the "Select Web Interface" choose "1)Web Interface"
--finally from the "Select Login Page" choose the desired login page which you will forward to the client machine. This will allow you to monitor traffic from the fake router login page as for the video you can see there are 2 access point that has the same name one is the original and the other is fake, as you can see we can't connect to the original access point, usually, the client will force to connect to the other one that is fake... once it successfully connected they may try to browse the internet like google.com, then binggo... they will see now the fake Netgear page... notice there is no indication of "HTTPS" :) some of the clients may fall this tricks.... and give their password and if they miss-match they had to type it again until the correct one is being inputted and finally it will be forwarded directly to the fluxion temp folder of a hacking machine, as an example I type the wrong password and nothing will happen and finally when I type the correct password the result will look like below.
0 Comments