Forum Replies Created
- Posts
Hi!
The captive portal attack will not provide internet connection, it is just used to steal the credentials, are you being redirected to the login portal once you try to navigate to any site in victim device? First try with http sites as showed in the course.Let me know.
DiegoHi!
It looks like it should work fine, have you tested it in the virtual lab? is it working?let’s try it in a simplest scenarion first.
Let me know.
DiegoHi!
No, that will just persists for the current session, there’s a lecture about persistence but you’ll need to migrate to a less suspicious process anyway.
Greetings!
DiegoHi!
Did you add the card to the USB list as shown in lecture 11? If you did, then make sure that you don’t physically connect the card to the computer until Kali is fully booted, connect the card, then go to the devices menu (beside the file menu) >> USB >> Click your device.
If you’ve already done the above, then please try the following suggestions:– Experiment with connecting the adapter before and after Kali fully loads, and after you log in as root.
– Experiment with setting the adapter to use USB 2 and USB 3 in VirtualBox’s USB settings.
– Make sure you connect the adapter directly to the computer, don’t use a hub or an extension.
– And experiment with connecting the adapter to different USB ports.Greetings!
DiegoHi!
You can ask your ISP for a static ip, depending on the ISP it might have an extra cost but it should be possible.
Because even if you use a tunneling service most of the will change the ip address or domain name given when you restart the service, the only one that will give you a fixed doamin name is portmap.io, but you can use only 1 tunnel in the free version.
Check this articles and video:
Greetings!
DiegoHi!
Cool, thanks for the suggestion.Yeah, it’s not possible to fool the browser into thinking it’s using an https connection, even sslstrip has an option to display a lock icon, I think it’s -f, you can run –help to get all the options sslstrip has, but you need the ico file, check the sslstrip github repo. Haven’t tried that option for a long time so don’t know if it works or not, may be give it a try.
Greetings!
DiegoHi!
No, using sslstrip is still working, not for all the sites but many of them will be downgraded. The Ethical Hacking course shows how to do it with bettercap and the Network Advanced course shows how to do it with mitmproxy, so you can enroll in such courses and test that solutions as well. With bettercap there’s a workaround for hsts sites too. But yeah, some sites are implemeting some kind of protection like preventing logging in from an http connection. Another possible solution will be to get access to the target machine, via backdoor, trojan or similar, and then force the use of a proxy like Burp (I mean kali’s Burp) which can be used to sniff data, this has the advantage that the victim can still have it’s https connection but as we are a proxy server we can intercept https traffic and read it in plain text. This requires many steps and it’s not so staright forward, but it’s a cool attack. Maybe I’ll do some post about it in the futere, need to work more on it.Greetings!
DiegoHi!
That scapy version doesn’t work as expected anymore as the offical scapy library now supports python3, So run:pip3 unistall scapy
pip3 unistall scapy-pyhton3
pip unistall scapy
pip unistall scapy-pyhton3pip install scapy
pip3 install scapyIf any of the unistall commands throw an error saying it couldn’t unistall because there’s no such package just ignore it.
Let me know how it goes!
DiegoHi!
What exactly do you mean by original machine, can you elaborate? So is the adapter working fine now?Let me know.
DiegoHi!
Are you sure you are using the latest custom kali image provided by Zaid? It’s important! If so, why did you installed the drivers? It already has them.
What have you done to install them? Can you elaborate?Let me know.
DiegoHi!
There’s no need to use () in for element in answered_list():, answered_list is a variable not a function. Please watch the lecture again and pay attention to the proper syntax.Greetings!
Diego
