Tag Archives: ether

Weaponizing the Nokia N900 – Part 3.6 – Portable Rogue AP Point

With continuing the series of weaponizing the N900 and hoping that Infosec Island will continue with their series as well, I have successfully setup my N900 as a rogue AP point.

Firstly, to effectively deploy it you want to make sure your cell phone service (3G for the N900) is quite strong. You may even want to try pinging google or the like and see what the delay is. With a good connection, it will very for me between 70 and 90 milliseconds.

Second, you want to survey the site you’re going to deploy your portable rogue ap point. Luckily, you can run kismet on the N900. Once you have surveyed the site for other AP points, take note of the MAC addresses of each AP point that is specific to the area and also take note of the names of the AP points. With this mac address you can spoof your wlan0 interface to something that is very similar:

ifconfig wlan0 hw ether 00:XX:XX:XX:XX:XX

You will need to have the extra repos enabled to install an application called mobilehotspot. You will also need prior to this, to install the custom kernel for the N900. You will also need ettercap and sslstrip to carry out this attack. See my earlier post for notes on the two: http://zitstif.no-ip.org/?p=451

1.) Get sslstrip up and running, and make sure you have iptables. For steps on using sslstrip check out:
http://www.thoughtcrime.org/software/sslstrip

2.) Spoof your wlan0 hardware address to what is appropriate for the site.

3.) Run the mobilehotspot application.

4.) Wait for a few seconds

5.) Run ettercap by doing so (modify as needed):
ettercap -i wlan0 -q -T -p -u // //

The reason why we don’t have ettercap forward packets, is because the kernel is already doing so due to the mobilehotspot application.

That is pretty much it. You could also do dnsspoofing to send your victims to a server under your control to do drive by attacks.