Gain passwords with Evil Twin attacks

m5kro
CyberScribers
Published in
4 min readSep 27, 2022

Evil twin attacks sound exactly like what they are. The attack works by creating a fake WiFi with the same name as the target. The attack works on both open and encrypted networks (it works better if you know the password).

Disclaimer: I’m not responsible for what you do with this information.

Tools

Airgeddon — Only gets WiFi passwords

Wifiphisher — More captive portal options

Computer — needs to run Linux

Two WiFi adapters — needs to support packet injection

Airgeddon

Airgeddon logo

One of the best scripts for WiFi attacks. If you are looking for more than the WiFi password, use Wifiphisher instead. Once installed run

sudo airgeddon

In the terminal. A cute ufo animation will show up and a prompt to press enter. It then checks for dependencies and may try to auto-install missing ones depending on your distro. You will then be prompted to select a WiFi adapter. Select one of your WiFi adapters and you will get to Airgeddons main menu. On the main menu select the Evil Twin option (should be number 7).

From Airgeddon Github Page

In the Evil Twin menu select 2 to put the adapter in monitor mode

Evil Twin Menu

After your WiFi adapter is in monitor mode select what attack mode you want (options 5 to 9). In this example, we will be using the captive portal option (option 9). Once option 9 is selected Airgeddon will start scanning for nearby networks. A window will pop up which you can close after a few seconds. Airgeddon will then give you a list of found networks and you can select your target.

Target list example from kalitut

Once a target is selected Airgeddon will ask you what deauth type to use.

Deauth menu from livelinuxusb

In this example, we will use option 2 but option 1 is also effective on most networks. Airgeddon will then ask for a handshake file to verify the victim's input. If you have one you can enter the path here. If not then Airgeddon will try to get one.

Handshake section from livelinuxusb

Once Airgeddon has gotten a handshake or you have supplied one, you will be prompted to choose a language for the login portal.

After the language is chosen Airgeddonn will begin the attack. It should look something like this:

Example from wonderhowto

A bunch of stuff will pop up when a victim connects to the fake network. Once the victim enters the correct password Airgeddon will tell you and ask if you want to save the password somewhere.

Wifiphisher

Wifiphisher logo

Wifiphisher is more capable than Airgeddon in what options it has. It comes with four different login pages for different scenarios. In this example, we will also be trying to get the WiFi password using Wifiphisher’s firmware update page.

To use Wifiphisher, start by setting your WiFi adapter in monitor mode. If you can, capture a handshake from the target network. The handshake is optional but highly recommended.

In the terminal type:

sudo wifiphisher -i (adapter name here) -hC (path to handshake pcap file)

ex. sudo wifiphisher -i wlan1mon -hC /home/user/handshake.pcap

If you don’t have a handshake type:

sudo wifiphisher -i (adapter name here)

ex. sudo wifiphisher -i wlan1mon

Once Wifiphisher starts, it immediately starts scanning for nearby networks. Choose the target network using the arrow keys and press enter.

Example from kali.tools

Once you have selected the target network Wifiphisher will prompt you for which phishing page you want to use. The firmware update page should be option three. After the portal has been selected Wifiphisher will automatically start the attack. Wifiphisher will automatically detect and use your second adapter to death the real network.

Optional: Extra Phishing Pages

Attack panel example from gbhackers

Once the victim has entered the password it will show up as a post request.

And just like that Wifiphisher has gained the password.

Conclusion

Evil twin attacks are a great way to phish passwords from victims, especially towards people who don’t know their way around tech. This attack is not effective towards those who know the network is a trick. Major operating systems have also implemented warnings and safeguards to prevent users from falling for the scam. Unfortunately, most of the world is still tech illiterate, keeping Evil twins a significant threat to security.

Happy Hacking~!

--

--

m5kro
CyberScribers

Not a cybersecurity expert or a good writer. Don’t expect much.