Soft AP / Phishing Script [Release]

Quote:

---

Originally Posted by VulpiArgenti

[0-DAY ADDED - PwnSTAR 0.72]

Have added in the new MSXML exploit against Internet Explorer. This will exploit Windows 7. The payload is the default metasploit so is likely to be picked up by AV. I can't do much about that until I've learnt Ruby. Any help welcome.

Use wisely - this vulnerability won't last long!

http://code.google.com/p/pwn-star/downloads/list

---

yo VulpiArgenti,
Huge respect for the work you have put in big fella! I don't have the script in front of me but i had to take the zero out of your () 0day_(* something cant remember) as it chucked an error on start up of the script. Find and replace fixed the problem

With the addition of:
a) bandwidth limiting connected users (not sure how this could be done)
b) beef hook injection via an ettercap filter
c) opening a browser with hamster tab and beef tab

this script would be perfect to run in the start up of a rasberrypi!

cheers mate,
Isolot.

Interesting ideas for raspberrypi - I haven't had chance to play with one yet. Here is a method for "shaping" depending on the number of connections http://www.andybev.com/index.php/Linux_iptables_captive_portal_traffic_shaping_scri pts_(PortalShaper)



Were you starting the script through bash (rather than sh etc)? I'm not aware of any restrictions on naming functions in bash (but there is still a lot I don't know!)



[Major problems logging in recently - sorry for the slow reply]

ok, i hate to sound repetitive, but i have been having an issue, as have many here. i have tried several solutions, to no avail.

here is the dhcp error i am receiving.

Code:

---

Generating /tmp/dhcpd.conf

Starting DHCP server...
Internet Systems Consortium DHCP Server V3.1.3
Copyright 2004-2009 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/tmp/dhcpd.conf line 10: semicolon expected.
}
^
/tmp/dhcpd.conf line 10: unexpected end of file
}
^
Configuration file errors encountered -- exiting

---

cat /tmp/dhcpd.conf

Code:

---

default-lease-time 300;
max-lease-time 360;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option routers 192.168.0.1;
option domain-name-servers ;
}

---

I am assuming my problem is right there at the last line where there is no ip.

do i need to hard code this into the script? is this a bug? what am i missing?


cat /etc/resolv.conf

Code:

---

# Generated by dhcpcd for interface wlan1
search <myisp.com>
nameserver <isp IP's>
nameserver <isp IP's>

---

thanks.

Post #51 discussed this. For various reasons the script only reads local dns-servers. Your options are:

• include a local server on your network (usually the same IP as your router, set up in your router config page) - best
• hardcode your existing ISP into the script (at line 713) - not so good

Code:

---

# replace $apdns with your external dns-server

echo "option domain-name-servers $apdns;" >> /tmp/dhcpd.conf

---

------------------------------------------------------------------

Quote:

---

as have many here

---

A little harsh :)

Hi VulpiArgenti

I am currently writing tutorials on my blog about how to use your script. I have noticed some errors hotspot 2:

First: in hotspot 2 index file the location of the images are wrong you have not updated them to /hotspot_2

Second: when using hotspot 2 for some reason the username and passwords are not being saved into the text file.

The first i could fix easly but the second i am realy stumpped on why its not working :/

I also ran into a problem on the captive portal hotspot, I have installed dnotify using 'apt-get install dnotify' but when I run it, all wireless connections seem to stay connected to the routers but have no internet access (even if there on a diffrent network). Is there any reason for this? and how can i solve it. I have only managed to get sslstrip to work for me atm but i have not ran all your options because i think getting the basics working first is the main priorty.

Please get back to me soon thank you.

Quote:

---

First: in hotspot 2 index file the location of the images are wrong

---

Quite right! I really can't believe I am so stupid.

Quote:

---

Second: when using hotspot 2 for some reason the username and passwords are not being saved into the text file.

---

This fails for the same reason - the form action wasn't pointing to the new php.

I've uploaded a new file "hotspot_3". http://code.google.com/p/pwn-star/do...3.tgz&can=2&q= Apologies to anyone else who couldn't get it working.

Quote:

---

I also ran into a problem on the captive portal hotspot

---

I have just thoroughly tested this and it's working perfectly for me. Can you give more details?

As an aside, the captive portal options in the advanced menu are much more useful, as they allow internet access once credentials have been obtained. The simple hotspot options in the basic menu only phish credentials, and don't give internet access.

I just noticed your new upload of hotspot2 (not hotspot 3) has the same problems as you did not put the 3 at the end of the image locations :o and also its a captiave portal even tho it was ment to be the simple one that does not give internet access. I have tried it and it does not ask for logins and rather just gives the victem internet access ha

Am still having no luck with the captive portal, would you teamveiw with me and we can both troubleshoot it?

Only use the packages marked "CURRENT RELEASE" e.g. hotspot_3, not hotspot_2.

To clarify the current use of the script packages:

Use only the packages marked "CURRENT RELEASE" with PwnSTAR_0.8. Older packages work only with older (deprecated) versions of the script.

"hotspot_3" is a simple phishing web page, used with basic menu option 4.

"portal_simple" is a captive portal which allows you to edit the index.html with the name of the portal eg "Joe's CyberCafe". It is used for sniffing.

"portal_hotspot3" phishes credentials, and then allows clients through the portal to the internet

"portal_pdf" forces the client to download a malicious pdf in order to pass through the portal


Edit: I have now bundled these into a single tar http://code.google.com/p/pwn-star/do...R.tgz&can=2&q=

I can't get your script to issue an IP address
On further investigation it appears to be a BT5-R3 problem.
Tried update & upgrade and also purged dhcp3-server still won't start.
any ideas or pointers please. I have BT5-R3 installed on 3 different machines all with the same problem.
thanks