Evil Twin in Kali Linux

Evil Twin Attack is a Wi-Fi hacking technique that tricks the user into connecting to a spoofed targeted network, making it nearly impossible to determine whether the network is real or fake, resulting in the user entering their password in the fake network hosted by the Hacker.

How does Evil Twin Attack work?

This attack creates a false access point (captive login portal) and forces the victim/user to enter their wifi password to this fake access point by de-authenticating them from the real access point; once the password is entered, the victim/user is redirected to the real access point.

Tool Required:

1. External Wifi Adapter which supports Monitor Mode & Packet Injection.

How to hack a wifi using Evil Twin Attack?

Step 1: To hack with this technique will be using a tool called Airgeddon. So, clone the Airgeddon’s GitHub Repo to your Kali Machine at any desired location.

git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git

Step 2: Switch the Wifi Adapter’s mode to Monitor Mode, with the following command.

sudo airmon-ng check kill
sudo airmon-ng start wlan0

• airmon-ng check kill – kills the unwanted application, that might interfere the process. 
• airmon-ng start wlan0 – make the interface i.e. wlan0 switch to Monitor Mode.

 

Step 3: Now run the Airgeddon tool that we’ve installed, with root permission.

cd airgeddon
sudo ./airgeddon.sh

 

Step 4: Press Enter, to check if necessary tools are installed or not.

 

Step 5: Now select the interface to use, in this case, it’s wlan0

 

Step 6: Select Evil Twin Attacks Menu by entering the corresponding number 7.

 

Step 7: From Evil Twin Attacks Menu, select the 9th option Evil Twin AP attack with the captive portal (monitor mode needed).

 

Step 8: Enter y to not to make DOS attack, being part of the Evil Twin Attack. Then, press Enter to discover targets.

 

You’ll be prompted a terminal, discovering wi-fi targets.

 

Press Ctrl+C to exit you if see your target in the terminal.

Step 9: By entering the corresponding number, choose Target. eg. 2 [Current Target]

 

Step 10: Now, press 2 to perform Deauth with aireplay-ng.

 

Step 11: Now deny it to perform “Dos pursuit mode” by entering N.

 

Step 12: Press y to spoof your MAC Address.

 

Step 13: The attack requires a handshake file. If you have the file, press y and enter the path of captured handshake else press n to capture the new handshake.

Then enter the amount to timeout or leave it default and press enter to capture the handshake file.

 

Now, two windows will prompt:

 

• Window 1: Capturing Handshake
• Window 2: Performing Deauth Attack

When the Deauth is complete and a handshake is captured, it will congratulate you and ask where to save the captured handshake.

Step 14: Select your language and hit enter to start the Evil Twin Attack.

 

On pre-connected devices, a fake access point will appear, forcing the user to disconnect from the real access point and proceed to the attacker’s captive portal.

 

When the target attempts to connect to a fake access point, he or she will be redirected to a captive portal to enter the password, and if the user enters the password, it will be displayed in the Control Window.