Tutorial

Using EVIL-AP

EVIL-AP was created to perform pen tests and assist network administrators in auditing network security. AP allows network engineers to hack their own network to identify vulnerabilities and implement mechanisms to strengthen the network against potential attackers.

The author of this device is not responsible for any damages caused.

First steps

Power supply:
– Plug the EVIL-AP into the electricity
– Connect the POE Ethernet cable. Must support Switch or Router.
Sign up for EVIL-AP
– By directly connecting the network cable from the EVIL-AP (port 2 – 4) to the PC.

Log in

– Indirectly, EVIL-AP is connected to a known network. You need to know the IP address that has been assigned to the EVIL-AP. You can scan the network you are currently on. Use WinBox. On such a network, the EVIL-AP appears as “WIFI-AP”.

winbox

EVIL-AP must be connected to the Internet. Network cable (port 1) or 88th, 99th option
Recommended: Set the country. 17. option
Enjoy !!!

mainmenu

Free space on EVIL-AP

Internal storage where records with login credentials are stored. Watch this space carefully. If this storage becomes full, it will not be possible to store names and passwords. I recommend deleting the memory if the value < 500Kib is reached (option 15.)

Features and functions

The main function of EVIL-AP is to capture login credentials. The key is to convince the victim to believe they are logging into the WiFi network under a GOOGLE / FACEBOOK / MICROSOFT / or our custom template account.

Once connected to “FreeWiFi”, the victim will be offered one of the following templates. Thus the captive portal.

1. Upload Google template / 2. Upload Microsoft template / 3. Upload Facebook template

4. Upload your custom template

You can create your own login portal. HTML and CSS knowledge at a basic level is required.

You edit only two files \templates\custom\hotspot\login.html and \templates\custom\hotspot\styles.css. Do not change the other files !!

In the login.html file, you must preserve this structure:

Getting the password of a nearby routers

5. EvilTwin hotspots (manual add)

6. EvilTwin hotspots (automated)

This feature scans the nearest networks within EVIL-AP range and creates virtual clones. In my case there are only 3 networks in the vicinity. If I choose the number 10 it clones only 3 of course.

7. EvilTwin hotspots (automated) “WiFiname”-2

Same function as mentioned above. With the difference that it adds the suffix “-2” to the WiFi network name.

Why? The latest iPhones won’t display a WiFi network that doesn’t contain a password and is the same as the cloned one.

Example. If the iPhone finds a “HomeWiFi” network with a password, it will display it. But at the same time, a network called “HomeWiFi” without a password (created by EVIL-AP) will not appear in the menu.

If I want to conduct an attack on the iPhone I have to create a clone with a different name namely “HomeWiFi-2”. In this case the iPhone will show both networks “HomeWiFi” and “HomeWiFi-2”.

Of course we believe that user enters the password 😊

How to view captured passwords?

The credentials entered by the victim are stored in the EVIL-AP records. The function “8. Download logs / Show caught passwords on EVIL-AP” to display them. They are then saved locally on your PC as history.

To view the history, use the “9. Show local logs / history (your PC)”.

Deleting history in PC “16. Clear local logs (your PC)”. This function does not affect the storage in EVIL-AP.

It is important to delete EVIL-AP entries from time to time to avoid memory overflow!!! 15. Clear logs in EVIL-AP

It is important to guard this repository. However, it is very difficult to fill it. Do you think you’ll catch more than 800-1,200 passwords? 😊😊😊

EVIL-AP provides “managerial WiFi – —in manual—“. It is used for remote management of some functions.

SSID: —in manual—

Password: —in manual—

In this case, to display passwords. Option 8.

Situation:

I’m sitting in a café. After a week of operation, I want to see what EVIL-AP has captured. I want to be inconspicuous. I’m not going to walk up to the EVIL-AP with a cable in my hand. I’ll connect to —in manual— and ….8. choice.

Unfortunately this limitation is due to the fact that EVIL-AP has only 2 WiFi interfaces. I would have disconnected myself when tampering.

Additional features

17. Set WiFi country

I recommend setting the country first. Each country allows a different frequency. This will prevent unexpected problems. For example, “I can’t see the networks on my phone.”

18. Show nearby WiFi – first 20

This feature speaks for itself. Show me the 20 nearest WiFi networks. This is an information function.

20. Get status EVIL-AP if connected to internet via WiFi

EVIL-AP can be connected to the Internet not only via network cable but also via WiFi. This function will check if this is the case.

88. Connect to WiFi manual

Connect EVIL-AP to a WiFi network where you know the password. If you don’t have the option of using a cable.

Situation:

I want to run my EVIL-AP. I’m sitting in a café. I know the password to the nearest WiFi router. I get access to the internet. And now I can set up the router as described above.

The nearest networks in the menu will be displayed. I choose. I enter my password. After logging in, a test is performed to see if EVIL-AP has internet. I don’t have to write the network name manually 😊

Vieos

First run. I will use the option to connect to a known WiFi network where I know the password (in this case I will not use the internet cable). I will create a google login portal.

Remote status check of captured passwords.

Cloning of nearby WiFi networks.

Please enable JavaScript in your browser to complete this form.