What is the difference between a hacker and a system administrator? Permission! What is the difference between a hacking tool and a system administration tool? In my opinion… PERMISSION! Some of the best hacking tools were written by Microsoft and come preinstalled on your OS. Conversely “Hacking tools” are not limited to nefarious activities. I often find I use “hacking” tools to deliver traditional IT services. For example, what do you do if you need to quickly setup a wireless network but don’t have an extra AP lying around? One quick solution is to use a bootable backtrack3 CD to turn an old laptop into an AP. Here is how.
First we load the “tun” kernel module so that airbase-ng can create tap interfaces.
Next we run Airbase-NG
#airbase-ng -c 9 -e “defconAP” -v rausb0
-c tells airbase what channel to use
-e lets you define the name of your BSID
-v says to be verbose
and rausb0 is our wireless interface
You’ll see that this creates a TAP interface called at0. One nice thing about this interface is that the wireless frames are already removed from the packets. All your favorite sniffers that don’t understand wireless frames (dsniff, ngrep, etc) will work GREAT with this interface.
Open up a second terminal window and lets configure that tap interface. First take a look at the dhcpd configuration file to see what IP addresses your handing out and assign one of those addresses to your tap interface. For example…
ifconfig at0 up 10.50.40.1 netmask 255.255.255.0
Then we erase the dhcpd.leases file. This file stores all the DHCP leases that the server has assigned. Erasing the file lets us start with a clean slate.
#echo > /var/state/dhcp/dhcpd.leases
And start your DHCP server.
#dhcpd -cf /etc/dhcpd.conf rausb0
Next tell the linux kernel to forward your IP packets..
#echo 1 > /proc/sys/net/ipv4/ip_forward
and configure IPTABLES to NAT the addresses of your wireless clients
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
and thats it! You’ve got a quick and easy AP! And your tap interface makes it easy to use all of your favorite tools to monitor the AP. You can easily go Defcon 2004 style by launching driftnet to monitor all the images that client on your AP access. (This is PaulDotCom after all!)
#driftnet -i at0 &