Today, I'd like to share my own custom linset, I've use this so long cause this is more efficient and saving time. Also this custom linset has a multi language web interfaces, until now, this customize linset supporting several languages, such as : English, Spanish, Italy, French, Portuguese, and Indonesian. I add an English and Indonesian because my region is both in English and Indonesian environment. Actually, you can customize yourselves to add more web interface languages, or another features.
If you wonder what is linset is, I think you've know this powerful tool to set an evil-twin AP attack written in bash. Linset features, support DHCP, FakeDNS server with redirect fake AP etc) it has a bunch of dependencies, and originally it’s in Spanish. But other than that, it’s pretty cool.
In this custom linset version, I mentioned above, it's more efficient cause it saving time so much, which mean that, it has a feature that it detect the dependencies, and auto install it, if you're using Kali Linux or other pentest OS's this feature will work flawlessly. Instead if it given an error output, it can be cause of the external problem, such as an incorrect repository, etc.
How Linset Work !Linset actually set a fake AP by duplicate the ESSID, BSSID, and it's channel too of the target network. You dont even need any internet connection or wordlists. Since, the Evil-Twin AP doesn't perform any bruteforce at all. Instead, again it act like an original network, without the knowing of the particular target.
- Scan the networks.
- Select network.
- Capture handshake (can be used without handshake)
- Choose one of several web interfaces
- Mounts one FakeAP imitating the original
- A DHCP server is created on FakeAP
- It creates a DNS server to redirect all requests to the Host
- The web server with the selected interface is launched
- The mechanism is launched to check the validity of the passwords that will be introduced
- It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password.
- The attack will stop after the correct password checking.
STEP 1 : Giving Permission to LinsetAfter you download this custom Linset, which the link is provided in the end of this article, and extract it. Then, you need to giving custom linset and custom airmon-ng an executable permission.
STEP 2 : Run Custom LinsetWhen you run Linset for the first time, it'll check required dependencies and install missing dependencies automatically. If all dependencies is complete, then you will be prompt in the setup session.
STEP 3 : Select The InterfaceIt's doesn't necessary to use multi interfaces, since this custom linset also has a custom airmon-ng which is the older version of aircrack-ng that support multi interface mode on one interface.
STEP 4 : Select ChannelIf you have any mind of what channel you should run, then choose all channels instead.
STEP 5 : Scan the NetworkIn this step, linset will dump all network captured around, press CTRL + C to interrupt the scan once you find your target network was captured, and make sure that on target network, there is (are) a client connected. You may need to know more about airodump-ng in .....
STEP 6 : Select TargetSelect your target, notice that if a certain network has a clients connected than linset will adding an asterisk symbol on it's number.
STEP 7 : Select Mode of Fake APThis will configure which method of linset should use to configure an Evil Twin AP. But, I recommended using Hostapd.
STEP 8 : Capture or Select Handshake fileIn this step, you gonna asked for a handshake file, usually in ***.cap file extension. If you haven't handshaked yet then just press ENTER and caputer live handshake via linset.
STEP 8 : Select Type of Checking HandshakeI recommend use strict method, but do not mean I prohibit You to use other method.
STEP 9 : Select The Deauth Clients MethodSince the handshaking need to deauth the client first to capture it handshake, then if you need to be more efficient choose option 3 to perform deauth specifies the target AP.
STEP 10 : Verify Handshake !!!Don't miss this step, You will notice the two Xterm window which each are an airodump-ng to capture the handshake and the deauth progress window. You don't need to close each window. If you noticed a WPA Handshake and followed by an BSSID mac address on the top of Airodump-ng windows then in the main window or terminal of linset input the verify and continue option. Once the handshake is verified, the airodump-ng terminal window will terminated automatically.
STEP 11 : Select Web Interface And LanguageThere is only one option that is "Neutral web interface", then select the appropriate language interface you desired.
STEP 12 : Lay down your shoulder and take a coffeeSeriously !!! This is the final step, actually, here, you need to be more patient, waiting for clients of certain target network to connect to our fake AP or Evil Twin. I will not gonna explain more on this step. just try it and have fun.
|FAKE AP INFO|
|FAKE DNS SERVER|
|Deauth using mdk3|
In Windows 7 :
On android :
|Sign in required|
|Victim was brought to fake authentication page|
When the attack Succeed !!! See the output result file :