Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 44

Thread: [Tutorial] How to: Create Fake AP (with a auto bash script!)

  1. #21
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    8

    Default

    got it to work now, i had to use this:
    hxxp://sourceforge.net/projects/dnspentest
    --> java ServerKernelMain 10.0.0.1 10.0.0.1

  2. #22

    Default

    fnord0
    Again, thanks
    SBD (Secure BackDoor) isnt part of metasploit! Its like netcat!
    I used SBD as a backdoor, so if later if I wish to get access again it makes life alot easier, instead of re using metasploit and exploiting them. For example if the service(s) which I was exploiting could be closed/stop or they could of done a system update stopping the exploit but by using SBD, I'm straight back in !

    If you wish to get the lastest SBD:
    Filename: sbd-1.36.tar.gz
    HomePage: Tigerteam
    Download Link:http://packetstormsecurity.org/UNIX/...bd-1.36.tar.gz
    Source: .:[ packet storm ]:. - http://packetstormsecurity.org/

    *There is a (out of date?) version included with backback: /pentest/windows-binaries/tools/ *


    I'm doing all the SBD from ./msfcli via a script (fakeap_pwn.rb)
    I could also of done it from ./msfconsole and used fakeap_pwn.rc - which then calls fakeap_pwn.rb later - I just cut out the middle man! (NOT in the 7z). For both of them, you use AutoRunScript to call the script.

    Thanks for the links - Im going to give them a read!

    Does any of that help?

    ~g0tmi1k

    Edit:
    dnspentest - I tired using that (the commands are in the script, just comment out). For some reason that didn't work for me!
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  3. #23
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    8

    Default

    dnsspoof -i at0 -f /tmp/dns-spoof

    /tmp/dns-spoof:
    10.0.0.1 *.* *

    does also work.

    another problem:
    the connection via the fake ip is unbearable slow, i can't load a website completely.
    it stops loading content, if the title of the website appears in the browser. the "received packets" also increase only from time to time...
    seems that the connection is not very stable, rarely it loads a page in the first try. any ideas to improve the connection / the routing to the other network interface?

    /edit just noticed, that i can access some pages e.g. mozilla.com (except downloading) with regular speed, but the bigger part of pages is unaccessible

  4. #24
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    Interesting work here, hope my work on the wireless key grabber and fake ap with transparency has helped here

    I've not been playing with Fake ap's for quite some time but I am impressed by how much progress is being made,

    I am curious though, how do you automatically get the victim to surf normally after they have visited your splash page without allowing other users in?

    at
    # They give us access to their system, so lets give them internet back

    are you not giving everyone "internet" back?

  5. #25
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default

    Quote Originally Posted by g0tmi1k View Post
    Does any of that help?
    ohhh yes! just what I was looking for, and then some! thanks for the explanation! I really appreciate it! I look forward to more of yr posts to this site my friend =)

    take care, and thanks for the schooling
    'see the fnords!'

  6. #26
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default

    Quote Originally Posted by frozen View Post
    another problem:
    the connection via the fake ip is unbearable slow, i can't load a website completely.
    it stops loading content, if the title of the website appears in the browser. the "received packets" also increase only from time to time...
    seems that the connection is not very stable, rarely it loads a page in the first try. any ideas to improve the connection / the routing to the other network interface?

    /edit just noticed, that i can access some pages e.g. mozilla.com (except downloading) with regular speed, but the bigger part of pages is unaccessible
    that sounds like MTU issue... (or fragmentation?) I noticed that the airbase-ng attempts to change the MTU to 1800 (or sumpthin) and then fails back to 1500 (at least on mine, and I swear I've seen others mention this)...
    IIRC NAT is taking place (I am not looking at the script right now), BUT this may require you to change the MTU on the box you are browsing the web to 1492, or 1476... sorry cant recall exact #, but google MTU and browsing issues and I bet u might possibly find an answer.
    also I could be completely off as well, others in this post may be able to assist. can you ping with 1500byte ping size to www.yahoo.com (etc) and not getting packet loss? if u get packet loss, it MAY be MTU... I just saying...
    'see the fnords!'

  7. #27
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    8

    Default

    with an mtu of 1500 or 1800 it works
    but which value do i have to use, does it matter? higher = better? (probably not )

  8. #28
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Read up on what MTU is. Im going to say this now. The alfa card has horrible probs with airbase because of it. In fact the client will pretty much only be able to browse google and nothing else.

    There is one thing i would add to this, and thats sslstrip. I wrote up a guide on it a little while ago just to prove that it worked. It did however as i said it was less than worthless with the alfa.

    http://forums.remote-exploit.org/bt4...-sslstrip.html
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  9. #29
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default

    Been trying to get this working. Have so far gotten a Windows XP SP2 victim to connect, however, been having dhcpd-issuance problems. Another victim box, Windows Vista SP1, cannot connect to the network at all! "Windows cannot connect to TestNet." The reason for the error supposedly is that the wireless network signal is too weak, yet I'm using a Ubiquiti SRC (ath5k) card with an antenna right next to the victim machine. Also, the signal is strong in the Windows Wireless Assistant.

    This is getting frustrating.

  10. #30
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default

    Okay, got the Windows XP SP 2 victim to download a wkv.exe variant and execute it, although the data transmission rates are so SLOW, took seriously 10-15 minutes just for it to upload and execute.

    Doing a simple ping from the victim machine:

    Reply from 72.14.213.104 (google.com): bytes = 32 time=594ms TTL=49
    Request timed out.
    Reply from 72.14.213.104 (google.com): bytes = 32 time=107ms TTL=49
    Reply from 72.14.213.104 (google.com): bytes = 32 time=110ms TTL=49

    That's a 25% packet loss and the transmission rate for a 32 byte packet was a whopping half a second. No wonder it took so long to upload a small .exe file.

    The MTU I have set right now is 1800. To those who have it working smooth and fast, what MTU are you using?

    Also, I'm still having problems with the DHCP addressing. When I normally connect to routers the DHCP is automatically renewed. However, with airbase-ng, I must get on the victim computer and do a /release /renew for DHCP to work. Also, every few minutes the victim gets disconnected from the AP and reconnects. I'm assuming this is a packet-size issue as well.

    Anyone else having similar problems/any solutions? Thanks everyone for contributing. Oh, and if you want your gateway interface automatically loaded with FakeAP_pwn.sh: replace the "export gateway" line with:

    export gatewayip=`route | awk '/^default/ {getline; print $2}'` #get gateway for our device connected to internet, replace "default" with corresponding `route` information

Page 3 of 5 FirstFirst 12345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •