Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #125162
    Joro94
    Participant

    Hello zSecurity Team,

    Your courses are amazing, currently studying the Captive Portals section from the “Network Hacking Continued – Intermediate to Advanced” course, but I am stuck for a few days now on this.

    Description of what I’ve done so far:

    1) Configured both hostapd and dnsmasq config files.
    2) Created a basic “index.html” page that prompts users to submit username and password.
    3) Created a “success.html” page that displays a successful login message. The page has a “Continue” button with a hyperlink to Google. Users are redirected to this page if logged in successfully.
    4) Created a css file, so the pages are not looking very basic.
    5) Created a login.php file in which I tried to implement logic that:
    5.1) Checks if the user has provided correct login credentials in “index.html” and redirects them to “success.html”
    5.2) Check if a user is already authenticated, so the captive portal is not getting triggered.
    5.3) Dynamically overwrites the address directive in dnsmasq.conf (address=/#/IP) to stop redirecting users to the captive portal after successful login.
    6) Edited the apache2 configuration file and added the <Directory> tag with all rewrite rules from the lecture.

    The issue that I have is that the target client – Windows 10 machine connects to the fake AP, the captive portal opens us, I type in the correct credentials, then getting redirected to “success.html”, clicking on the Continue button to try to open Google, but the Windows 10 machine has no internet connection. When clicking on the wifi icon in the system tray, it says “No internet, open”, so it doesn’t have a properly working connection.

    I’ve been stuck on this for days, trying to get it to work. Researched online and also used ChatGPT but unfortunately, no improvement.

    Could you please provide guidance on this?

    Also, could you please send me your captive portal files on my email, if possible? I will then put the files in the /var/www/html directory and try again from the beginning.

    Hopefully it will work.

    Thank you for your time reading this. Looking forward to your response.

    Kind regards,
    George

    #125409
    Diego PérezDiego Pérez
    Moderator

    Hi!
    The behavior of the captive portal is expected, it is not meant to provide internet connection but to steal credentials. So if that part is working then you got it successfully!
    Sorry but the file of the captive portal in the lesson are not available.

    Greetings!
    Diego

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.