Soft AP / Phishing Script [Release]

Hi VulpiArgenti,

looks like a great script. However I tried, and I tried and I couldn't get it to work :( I have read all the previous posts, but nothing helped me. I think the dhcp server is not running. The dhcp server tail term is completely empty, I can see the access point I created on my tablet, I connect but I do not get an IP address. All of this I think points to something being wrong with dhcp. I also get this message when I run the script, but it doesn't interrupt anything it just keeps running:

Can't open /tmp/dhcpd.conf: Permission denied

Do you know how I can fix this? I'd appreciate any help.

Aldous

@bugme, I've also no idea what you did but glad it's working!

@parrotface, thanks for letting me know. If anyone else reports the same issue I'll amend that line as you suggest.

For the Eterm:

1. Exit the script
2. In gnome terminal/konsole enter:
   Code:

   ---

   Eterm

   ---

3. In the Eterm window you should see a menubar (see screenshot). If you don't, perhaps purge and reinstall
4. Clicking on "background" gets you into the options (pixmap etc)
5. Once done, click "Eterm" (first in the menubar), then "Save theme settings..." (and perhaps also "save user settings" for luck)

Attachment 983

Hi Aldous,

Please try/confirm the suggestions in post #62, then report back

Hi VulpiArgenti
I get IP evertime since I changed line 725 from sleep 1 to sleep 3. No problem now I log onto the AP OK.
Info on Eterm solved the background problems I can now see whats going on.
Many thanks for your response.
Now Investigating why I can't get the index.html when trying to run a portal, index.html there 10.0.0.1 but the client does not get directed to the login page.
many thanks

Quote:

---

Originally Posted by Carto_

Hum, same for me deviney !

I am launching pwnSTAR in my local network, all is working fine (victime station have access to the internet) but I wan access to https pages. I mean when I search gmail in google and clic on Gmail --> https://mail.google.com ... ! And in the sslstrip log, lot of shit-data.

My internet connexion is OK, and PwnSTAR well configured.
Running it on BT5R2, sslstrip V 0.9

---

Thats more then i get, i get no data at all. i just get the 2 lines that tells me its posining or sumting but then nothing :/

Ill give it another go later seems i havnt tried lately and seems the ip problem is now fixed it give me more hope it may work ha

I will write back on thursday and let you know my progress

EDIT: using the fix below i managed to get the IP address issue working and also the SLL strip is now working. Shame it dosent present the information aswell as it does in YAMAS but still i can see me having alot of fun with this. I have only tried using option 3 (internet access with MITD attack). I will now try the other options and write back and let you know how i get on.

Quote:

---

Originally Posted by parrotface

Hi
Just run script in debug and I can now get an IP so I guess it's a timing problem. Tried debug on earlier version and it didn't work then.
thanks

edit
changed line 725 from sleep 1 to sleep 3 and I now get IP and can connect OK without running in debug

---

EDIT: VulpiArgenti I have been looking on the video part of the forums and a nice way to inject a payload into the users of the are rouge AP. I was wondering if its possible to add this into your script instead of the evil PDF. Heres the info http://www.backtrack-linux.org/forum...ad.php?t=49858

LAST EDIT TODAY: Ok i tried to test the other options in this script by using the current hotspot release and running it under option 4 in the script. The problem was that my victem machine was just getting internet access and not getting redirected to the login page. i gave the folder www/ folder full admin permissions under the group policy. I did the same with the hotspot folder and made the formdata.txt excutiable.

I could not find process-form-data.php so i left this out because i was guessing it was not in the new hotspot release (correct me if am wrong).

I was wondering if this is a known issue?

Hi Guys, sorry for the delay - don't you hate it when the day-job interferes with backtracking?

-----------------------------------------

@parrotface, the webpage is served on 192.168.0.1. Enter this directly in the browser address bar, from both the attacker and the victim. If you are now getting an IP address, then you should see the index page.

The usual reason for redirection to the login appearing to fail is DNS-caching in the victim. AFAIK, there's not much you can do about this as an attacker. As the victim in a test setup, you can enter a random nonsense address; this is unlikely to be cached and should allow the login page to show. Or try flushing the DNS cache.

-----------------------------------------

@deviney

There's no point in my ripping off ComaX' script. You can run YAMAS at the same time (with the "-p" switch), and use it to parse the SSLStrip logfile generated by PwnSTAR.

I agree it's a nice video by zimmaro. I was intending to look at incorporating a variant of isr-evilgrade, but the index.html from the video would be a much easier option.

If you are using basic menu option 4, then you need the hotspot_2 directory (http://code.google.com/p/pwn-star/do...2.tgz&can=2&q=). This includes the process-form-data.php. I subsequently added portal_hotspot, which is a much better version, launched from the advanced menu.

Quote:

---

Originally Posted by VulpiArgenti

Hi Guys, sorry for the delay - don't you hate it when the day-job interferes with backtracking?

@deviney

There's no point in my ripping off ComaX' script. You can run YAMAS at the same time (with the "-p" switch), and use it to parse the SSLStrip logfile generated by PwnSTAR.

I agree it's a nice video by zimmaro. I was intending to look at incorporating a variant of isr-evilgrade, but the index.html from the video would be a much easier option.

If you are using basic menu option 4, then you need the hotspot_2 directory (http://code.google.com/p/pwn-star/do...2.tgz&can=2&q=). This includes the process-form-data.php. I subsequently added portal_hotspot, which is a much better version, launched from the advanced menu.

---

I never knew that was an option but looking at it more closely i see, i will try the "-p" switch method late.

i have not had a chance to play with isr-evilgrade yet, i will have look at it once iv finished other things am learning. I tried renaming the "FakeUpdate" file to "portal_hotspot3" and running it with your script and it worked to a point. The only problem was that images would not show on the victems webpage only the text :( unfurtinate really...

Yes using hotspot_2 solved the problem thanks. They have all worked... well besides evilpdf because i have not got round to trying it yet. This script is really awersome by the way :) might have some fun with my flat mates at university using it haha

[0-DAY ADDED - PwnSTAR 0.72]

Have added in the new MSXML exploit against Internet Explorer. This will exploit Windows 7. The payload is the default metasploit so is likely to be picked up by AV. I can't do much about that until I've learnt Ruby. Any help welcome.

Use wisely - this vulnerability won't last long!

http://code.google.com/p/pwn-star/downloads/list

[PwnSTAR 0.8]

New features:

1. Exploit added - Java Applet Field Bytecode Verifier. Now the old faithful Java Applet has been patched, this has been described as one of the most powerful of the current exploits.
2. More deauthentication options - MDK3 and airdrop-ng added.

http://code.google.com/p/pwn-star/downloads/list

This may be the last update. I'm not sure I can take the script any further without overlapping with SET. Obviously I couldn't produce anything better than SET, and there seems little point in re-inventing the wheel. I also need to take some time to learn real programming and exploitation. Look out for Ruby::PwnSTAR next year!

Many thanks to all who contributed. It's been fun.

sweet deal, I can't wait to check out the new version, thanks!