Page 1 of 11 123 ... LastLast
Results 1 to 10 of 144

Thread: [Script] [Video] fakeAP_pwn (v0.3)

Hybrid View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Script] [Video] fakeAP_pwn (v0.3)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/4079518
    Download video: http://www.mediafire.com/?yo06t9yiyeq4fff
    Download Script (fakeAP_pwn-v0.3.tar): http://www.mediafire.com/?hakic7kqk8b6e8c
    Download Script (fakeAP_pwn.v0.3-127.tar.gz): http://www.mediafire.com/?j2hz9rce10zh1w3


    What is this?

    An update to the script, fakeAP_pwn, which is a bash script to automate creating a "Fake Access Point" and "pwn" whoever connects to it!


    How does it work?
    > Creates an access point, runs a DHCP & web server.
    > Creates an exploit via Metasploit.
    > Waits for the target to connect, download and run the "update".
    > Once successfully exploited, it automatically uploads a payload; SBD, VNC or WKV via the exploit
    > Depending on the mode, it will grant internet access after infection
    > The attacker has the option to run a few "sniffing" programs to "monitor" what the target does on our access point!


    What do I need?

    > The tar file, fakeAP_pwn-v0.3.tar (1018.5KB, SHA1:7C8605F19210FEDC3219822D4D28CC7D1E4A4996)
    > A wireless card --- that supports monitor mode
    > Optional: Another interface (wired or wireless) with internet access
    > aircrack-ng suite, dhcpd3, apache2, metasploit, dnsiff suite, wget --- All on BackTrack!
    > Optional: Subversion, hostapd, macchanger, sbd, vnc, squid, mogrify, imsniff, driftnet, sslstrip, ettercap --- Which all can be install by fakeAP_pwn


    Whats new?
    In short, a lot. (=
    When comparing it to an older version just about everything has changed, expect for the original idea! See the changelog at the end for more details.


    Whats in the tar file?
    > fakeAP_pwn.sh --- Bash script
    > www/index.php --- The page that the target is forced to see before they have access to the Internet.
    > www/Linux.jpg, OSX.jpg, Windows.jpg, your operating system.jpg --- OS pictures
    > www/tick.jpg, favicon.ico --- Other images
    > www/sbd.exe --- SBD payload> www/vnchooks.dll, winvnc.exe, vnc.reg --- VNC payloads
    > www/wkv-x86.exe, wkv-x64.exe --- WKV payloads
    How do I use it?1.) Extract the tar file (tar xf fakeAP_pwn-v0.3.tar).
    2.) Copy the "www" folder to /var/www/fakeAP_pwn (cp www/* /var/www/)
    3.) Either edit fakeAP_pwn.sh or specify, via command line, your interface(s)/mode/payload. (You can view your interfaces via ifconfig and use kate to edit.)
    4.) Wait for a connection...
    5.) ...Game over. (=

    Commands:
    Code:
    tar xf fakeAP_pwn-v0.3.tar
    cd fakeAP_pwn
    ls
    mkdir /var/www/fakeAP_pwn
    cp www/* /var/www/fakeAP_pwn
    bash fakeAP_pwn.sh
    clear
    ifconfig
    bash fakeAP_pwn.sh -?
    bash fakeAP_pwn.sh -m non -p wkv -v
    bash fakeAP_pwn.sh -m normal -V
    bash fakeAP_pwn.sh -m flip -d
    ls
    kate fakeAP_pwn.log

    Troubleshooting


    • "Odd"/Hidden SSID
      • airbase-ng doesn't always work... Re-run the script
      • Try hostap

    • Can't connect
      • airbase-ng doesn't always work... Re-run the script


      • Try hostap
      • Try using two WiFi cards with Diagnostics mode enabled


      • Target is too close/far away
      • I've found "Window 7" connects better/more than "Windows XP"

    • No IP address
      • Use latest version of dhcp3-server
      • Re-run the script

    • Slow
      • Don't run/target a virtual machine
      • Try hostap
      • Try using a different MTU value
      • Your hardware (Example, 802.11n doesn't work too well)

    • Bypassing "Problem" programs
      • Anti Virus - As of 2010-09-02, you MAY be able to bypass a SOME by uncommenting line 1397 --- BackTrack only.
      • Windows Firewall - I'm working on it for the next release (=
      • UAC - Not sure... )=

    • ... still not working correctly?
      • Re run with Diagnostics mode enabled (-d)
      • Make a note of the setup (Hardware, versions etc)
      • Get in touch!





    Notes:

    • Big thanks to joker5bb for giving a helping hand with the coding
    • Thanks to everyone testing out the beta releases/giving feedback
    • Tested in BackTrack 4, R1. Works with Ubuntu 10.04 too!
    • It's worth doing this "manually" (without the script) before using this, so you have an idea of what's happening, and why. The script is only meant to save time.
    • I'm running BackTrack 4 R1 in VM, The target is running Windows 7 Ultimate (fully up-to-date 2010-09-02), with firewall enabled, no AV and with UAC enabled (Windows 7 Default). The other target is running in a VM using Windows XP SP3 Professional.
    • All connections are reversed - meaning the connections come from the target to the attacker, therefore, as the attacker is the server, so it could help out with firewalls...
    • As you can see in the code there is a "roadmap", one day I plan for this to also affect Linux and OSX, support multiple clients, have a different "delivery system" and a "Cloning" mode.
    • The video doesn't demonstrate everything...
    • The video uses fakeAP_pwn v0.3 #100


    Song: Sigma - Paint It Black& The Prodigy - One Love & Zombie Nation - Kernkraft. 400
    Video length: 11:48
    Capture length: 33:07

    Blog Post: http://g0tmi1k.blogspot.com/2010/09/scriptvideo-fakeappwn-v03.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/32462-%5Bscript%5D-%5Bvideo%5D-fakeap_pwn-v0-3-a.html#post173954



    Changelog
    2010-09-02 - v0.3 (Build 100)
    > Added: 'Diagnostics' and 'Verbose' modes
    > Added: 'HostAP' to create access point
    > Added: 'Monitoring connections' feature
    > Added: 'Normal' & 'Flip' (Upside-Down-Ternet) modes
    > Added: 'Update' feature
    > Added: 'WKV' payload
    > Added: More 'checks' & 'Self fixes'
    > Added: More programs to 'extra' features
    > Changed: DNS server
    > Fix: lots of bugs/errors
    > Renamed and moved sections about
    > Updated: 'index' & OS images
    > Updated: 'metasploit', 'dhcpd3', 'apache' scripts
    > Updated: 'sbd.exe' & 'vnc.exe' & 'vnc.reg'
    > Updated: The 'help' screen
    > Updated: The all of the 'internal structure/workings'
    > Updated: The command line arguments
    > ...and a couple of extra 'little' things
    Last edited by g0tmi1k; 03-05-2011 at 01:42 PM. Reason: Added #127
    Have you...g0tmi1k?

  2. #2
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    beautiful! congrats g0tmi1k ... Im trying it out right now

    quick update ::
    when I launch this script from my BT4R1 vmware virtual machine, (using the alfa AWUS036NH adpater, and rt2x00 driver via compat-wireless) I get some strange output. specifically ::
    Code:
     _IceTransOpen: Unable to Parse address �
    so in the hopes of identifying the cause of this message I enabled the debug options and set the verbosity to "2" in yr script, heres some of the output ::
    Code:
    Command: ifconfig eth0 up && sleep 1
     _IceTransOpen: Unable to Parse address � 
     Warning: Tried to connect to session manager, Could not open network socket
     [>] Stopping: Programs
     Command: killall dhcpd3 apache2 wicd-client airbase-ng hostapd xterm
     _IceTransOpen: Unable to Parse address � 
     Warning: Tried to connect to session manager, Could not open network socket
     [>] Stopping: Daemons
     Command: /etc/init.d/dhcp3-server stop
     _IceTransOpen: Unable to Parse address � 
     Warning: Tried to connect to session manager, Could not open network socket
     Command: /etc/init.d/apache2 stop
     _IceTransOpen: Unable to Parse address � 
     Warning: Tried to connect to session manager, Could not open network socket
     Command: /etc/init.d/wicd stop
     _IceTransOpen: Unable to Parse address � 
     Warning: Tried to connect to session manager, Could not open network socket
     [>] Configuring: Wireless card
     Command: ifconfig wlan0 down && sleep 1 && ifconfig wlan0 up
     _IceTransOpen: Unable to Parse address � 
     Warning: Tried to connect to session manager, Could not open network socket
     Command: airmon-ng start wlan0
     _IceTransOpen: Unable to Parse address � 
     Warning: Tried to connect to session manager, Could not open network socket
     [>] Configuring: MAC address
    is this something I should be concerned with? everything appears to be working good so far.

    keep up the good work, g0tmi1k! congrats on reaching v0.3
    Last edited by fnord0; 09-03-2010 at 11:01 PM.
    'see the fnords!'

  3. #3
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Thanks fnord0 for testing/feedback.

    Hmm...
    After a quick google search of, IceTransOpen, I found this.
    Login in as user
    sudo mc
    go to the root folder and delete .ICEauthority
    Now log out and try to login as admin
    Source: https://lists.ubuntu.com/archives/ub...ry/066789.html
    Personally I wouldn't delete it, just move it somewhere safe...
    OR
    Go to user folder, show hidden files, rename .gonf .gconfd gnome gnome2 and gnome2_private, just add a .bak on to them. Log into gnome. Wala!
    Source: http://www.ubuntux.org/dapper-gnome-error


    I've just downloaded a fresh copy from mediafire, and tested it with my Linksys WUSB54GC using BackTrack 4 R1 (In VirtualBox) and I didn't get any like that...
    So the programs/commands run correctly (e.g. it works & you can see all the xterm windows?), just getting that output?

    Thanks for the thanks!
    Last edited by g0tmi1k; 09-04-2010 at 08:09 AM.
    Have you...g0tmi1k?

  4. #4
    Junior Member leg3nd's Avatar
    Join Date
    Feb 2011
    Posts
    32

    Question Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by g0tmi1k View Post
    Thanks fnord0 for testing/feedback.

    Hmm...
    After a quick google search of, IceTransOpen, I found this.
    Source: https://lists.ubuntu.com/archives/ub...ry/066789.html
    Personally I wouldn't delete it, just move it somewhere safe...
    ORSource: http://www.ubuntux.org/dapper-gnome-error


    I've just downloaded a fresh copy from mediafire, and tested it with my Linksys WUSB54GC using BackTrack 4 R1 (In VirtualBox) and I didn't get any like that...
    So the programs/commands run correctly (e.g. it works & you can see all the xterm windows?), just getting that output?

    Thanks for the thanks!
    Hey I have narrowed down this error a bit more and was curious if anyone had found a solution..

    It makes sense that you would not have gotten the error in a BT4 R1 installation because it doesn't seem to be an issue in R1.

    I tried these solutions and all it did was start giving me the same error, but now in terminator as well.. So I restored the backed up folders and I am back to square one.

    Xterm throws out these errors all over the place while terminator has no problems.

    So basically this seems to only be an issue with BT4 R2 installations, or maybe a fluxbox problem. (im not using KDE, maybe fnord0 is using fluxbox too?).

    Regardless, it seems that full functionality is available in xterm, but these errors all over the place do make most my scripts a bit messy.

    Any help or advice is appreciated.

  5. #5
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    doh! I'm embarrased you just troubleshot that... I'd thought it was somehting from yr script doing that, obviously it's not. strangely enough it sounds like both those 'fixes' are to be implemented if I'm using a 'user' account, but since this is backtrack I'm logged in and using root. to answer the last question ::
    Quote Originally Posted by g0tmi1k
    it works & you can see all the xterm windows?
    affirmative. it works, and all xterm windows show up and run as they should... I just keep seeing that strange error message, but everything works as it should. notice though I was using my AWUS036NH adapter, this adapter does NOT work properly with airbase-ng or hostapd, which is a seperate subject altogether.

    I tried your script using my DLINK adapter and now everything is peachy - u da man!
    'see the fnords!'

  6. #6
    Member
    Join Date
    Feb 2009
    Location
    0,0
    Posts
    90

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    I'm seeing something weird with MTU. I set the MTU=1280 in the script (#102) and when check the logs I see:

    Code:
    [>] Starting: Access point
    Access Point~airbase-ng -a 00:09:99:9a:58:3f -W 0 -c 1 -e "Airlink" -v mon0
    10:41:15  Created tap interface at0
    10:41:15  Trying to set MTU on at0 to 1500
    10:41:15  Trying to set MTU on mon0 to 1800
    10:41:15  Access Point with BSSID 00:09:99:9A:58:3F started.
    It doesn't appear to be setting the MTU on at0, I'm assuming that is what that variable is for? The script works for me but I am just playing around with trying to get a better connection. I haven't tried hostap yet.

    C

  7. #7
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by fnord0 View Post
    doh! I'm embarrased you just troubleshot that... I'd thought it was somehting from yr script doing that, obviously it's not. strangely enough it sounds like both those 'fixes' are to be implemented if I'm using a 'user' account, but since this is backtrack I'm logged in and using root. to answer the last question ::

    affirmative. it works, and all xterm windows show up and run as they should... I just keep seeing that strange error message, but everything works as it should. notice though I was using my AWUS036NH adapter, this adapter does NOT work properly with airbase-ng or hostapd, which is a seperate subject altogether.

    I tried your script using my DLINK adapter and now everything is peachy - u da man!
    Thats okay! I did find something else though which may fix it...
    there are know problems wih the RTL8187 chipset.
    To solve this, you can switch to the ieee80211 r8187 drivers, which will work just fine:
    rmmod rtl8187
    rmmod mac80211
    modprobe r8187
    Source: A readme written by darkoperator.

    ...Well at least it works, which glad for you, even though its using another card!
    Is the reason why your haveing problems with AWUS036NH is because 802.11n?


    Quote Originally Posted by cseven View Post
    I'm seeing something weird with MTU. I set the MTU=1280 in the script (#102) and when check the logs I see:
    Code:
    [>] Starting: Access point
    Access Point~airbase-ng -a 00:09:99:9a:58:3f -W 0 -c 1 -e "Airlink" -v mon0
    10:41:15 Created tap interface at0
    10:41:15 Trying to set MTU on at0 to 1500
    10:41:15 Trying to set MTU on mon0 to 1800
    10:41:15 Access Point with BSSID 00:09:99:9A:58:3F started.
    It doesn't appear to be setting the MTU on at0, I'm assuming that is what that variable is for? The script works for me but I am just playing around with trying to get a better connection. I haven't tried hostap yet.

    C
    Yeah, thats the purpose of that variable and I had notice the MTU value not changing the other day too, so I have added it to the todo/tofix list.
    You can improve the speeds with MTU value (once its working!), and I've been told that hostap is even better (if you can get that working too!)
    Have you...g0tmi1k?

  8. #8
    Junior Member Tr00g33k's Avatar
    Join Date
    Jul 2008
    Posts
    46

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    I tried to download your script, but i get error from mediafire, that file on server doesn exist

  9. #9
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by Tr00g33k View Post
    I tried to download your script, but i get error from mediafire, that file on server doesn exist
    Ive just tired all the links myself, and didn't get a problem.
    Sure you using: fakeAP_pwn-v0.3.tar
    Have you...g0tmi1k?

  10. #10
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    hi g0tmilk thanks for all the hard work, but I have a problem as in the early days before encoding scheme on the payload it used to get detected, then you used the shikata ......and it evaded AV but now it gets picked up again, so I am wondering if I can append the script to encode using my scheme as its totally undetected as i had to re encode my payloads after posting a video of av evasion and had the scheme smashed all over virus total and rendered it useless. Lesson well learn't not to do that again...I have used multiple encoding again with a twist and used it successfully evading over 20 of the top with heuristics, manually placed it in the server directory over writing yours only sends the stage at the moment but as a payload in itself it works so is there something in the script that could affect this from completion?

    Long winded i know but the Fake AP project is pukka and worked a treat before the virus sig got out, now it wont get past AV..

    Great work though once again..

    Regards Dee

Page 1 of 11 123 ... LastLast

Similar Threads

  1. [Script][Video] EvilGrade (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 27
    Last Post: 03-06-2011, 12:24 PM
  2. [Script] [Video] metasploit-FakeUpdate (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 30
    Last Post: 12-06-2010, 04:53 PM
  3. [Script][Video] - Using McGrew Security's nbnspoof.py
    By orgcandman in forum Beginners Forum
    Replies: 3
    Last Post: 11-17-2010, 07:36 PM
  4. [Script] [Video] FakeAP_pwn (v0.2.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 184
    Last Post: 09-02-2010, 11:01 AM
  5. Replies: 10
    Last Post: 07-12-2010, 03:04 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •