Results 1 to 10 of 144

Thread: [Script] [Video] fakeAP_pwn (v0.3)

Threaded View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Script] [Video] fakeAP_pwn (v0.3)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/4079518
    Download video: http://www.mediafire.com/?yo06t9yiyeq4fff
    Download Script (fakeAP_pwn-v0.3.tar): http://www.mediafire.com/?hakic7kqk8b6e8c
    Download Script (fakeAP_pwn.v0.3-127.tar.gz): http://www.mediafire.com/?j2hz9rce10zh1w3


    What is this?

    An update to the script, fakeAP_pwn, which is a bash script to automate creating a "Fake Access Point" and "pwn" whoever connects to it!


    How does it work?
    > Creates an access point, runs a DHCP & web server.
    > Creates an exploit via Metasploit.
    > Waits for the target to connect, download and run the "update".
    > Once successfully exploited, it automatically uploads a payload; SBD, VNC or WKV via the exploit
    > Depending on the mode, it will grant internet access after infection
    > The attacker has the option to run a few "sniffing" programs to "monitor" what the target does on our access point!


    What do I need?

    > The tar file, fakeAP_pwn-v0.3.tar (1018.5KB, SHA1:7C8605F19210FEDC3219822D4D28CC7D1E4A4996)
    > A wireless card --- that supports monitor mode
    > Optional: Another interface (wired or wireless) with internet access
    > aircrack-ng suite, dhcpd3, apache2, metasploit, dnsiff suite, wget --- All on BackTrack!
    > Optional: Subversion, hostapd, macchanger, sbd, vnc, squid, mogrify, imsniff, driftnet, sslstrip, ettercap --- Which all can be install by fakeAP_pwn


    Whats new?
    In short, a lot. (=
    When comparing it to an older version just about everything has changed, expect for the original idea! See the changelog at the end for more details.


    Whats in the tar file?
    > fakeAP_pwn.sh --- Bash script
    > www/index.php --- The page that the target is forced to see before they have access to the Internet.
    > www/Linux.jpg, OSX.jpg, Windows.jpg, your operating system.jpg --- OS pictures
    > www/tick.jpg, favicon.ico --- Other images
    > www/sbd.exe --- SBD payload> www/vnchooks.dll, winvnc.exe, vnc.reg --- VNC payloads
    > www/wkv-x86.exe, wkv-x64.exe --- WKV payloads
    How do I use it?1.) Extract the tar file (tar xf fakeAP_pwn-v0.3.tar).
    2.) Copy the "www" folder to /var/www/fakeAP_pwn (cp www/* /var/www/)
    3.) Either edit fakeAP_pwn.sh or specify, via command line, your interface(s)/mode/payload. (You can view your interfaces via ifconfig and use kate to edit.)
    4.) Wait for a connection...
    5.) ...Game over. (=

    Commands:
    Code:
    tar xf fakeAP_pwn-v0.3.tar
    cd fakeAP_pwn
    ls
    mkdir /var/www/fakeAP_pwn
    cp www/* /var/www/fakeAP_pwn
    bash fakeAP_pwn.sh
    clear
    ifconfig
    bash fakeAP_pwn.sh -?
    bash fakeAP_pwn.sh -m non -p wkv -v
    bash fakeAP_pwn.sh -m normal -V
    bash fakeAP_pwn.sh -m flip -d
    ls
    kate fakeAP_pwn.log

    Troubleshooting


    • "Odd"/Hidden SSID
      • airbase-ng doesn't always work... Re-run the script
      • Try hostap

    • Can't connect
      • airbase-ng doesn't always work... Re-run the script


      • Try hostap
      • Try using two WiFi cards with Diagnostics mode enabled


      • Target is too close/far away
      • I've found "Window 7" connects better/more than "Windows XP"

    • No IP address
      • Use latest version of dhcp3-server
      • Re-run the script

    • Slow
      • Don't run/target a virtual machine
      • Try hostap
      • Try using a different MTU value
      • Your hardware (Example, 802.11n doesn't work too well)

    • Bypassing "Problem" programs
      • Anti Virus - As of 2010-09-02, you MAY be able to bypass a SOME by uncommenting line 1397 --- BackTrack only.
      • Windows Firewall - I'm working on it for the next release (=
      • UAC - Not sure... )=

    • ... still not working correctly?
      • Re run with Diagnostics mode enabled (-d)
      • Make a note of the setup (Hardware, versions etc)
      • Get in touch!





    Notes:

    • Big thanks to joker5bb for giving a helping hand with the coding
    • Thanks to everyone testing out the beta releases/giving feedback
    • Tested in BackTrack 4, R1. Works with Ubuntu 10.04 too!
    • It's worth doing this "manually" (without the script) before using this, so you have an idea of what's happening, and why. The script is only meant to save time.
    • I'm running BackTrack 4 R1 in VM, The target is running Windows 7 Ultimate (fully up-to-date 2010-09-02), with firewall enabled, no AV and with UAC enabled (Windows 7 Default). The other target is running in a VM using Windows XP SP3 Professional.
    • All connections are reversed - meaning the connections come from the target to the attacker, therefore, as the attacker is the server, so it could help out with firewalls...
    • As you can see in the code there is a "roadmap", one day I plan for this to also affect Linux and OSX, support multiple clients, have a different "delivery system" and a "Cloning" mode.
    • The video doesn't demonstrate everything...
    • The video uses fakeAP_pwn v0.3 #100


    Song: Sigma - Paint It Black& The Prodigy - One Love & Zombie Nation - Kernkraft. 400
    Video length: 11:48
    Capture length: 33:07

    Blog Post: http://g0tmi1k.blogspot.com/2010/09/scriptvideo-fakeappwn-v03.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/32462-%5Bscript%5D-%5Bvideo%5D-fakeap_pwn-v0-3-a.html#post173954



    Changelog
    2010-09-02 - v0.3 (Build 100)
    > Added: 'Diagnostics' and 'Verbose' modes
    > Added: 'HostAP' to create access point
    > Added: 'Monitoring connections' feature
    > Added: 'Normal' & 'Flip' (Upside-Down-Ternet) modes
    > Added: 'Update' feature
    > Added: 'WKV' payload
    > Added: More 'checks' & 'Self fixes'
    > Added: More programs to 'extra' features
    > Changed: DNS server
    > Fix: lots of bugs/errors
    > Renamed and moved sections about
    > Updated: 'index' & OS images
    > Updated: 'metasploit', 'dhcpd3', 'apache' scripts
    > Updated: 'sbd.exe' & 'vnc.exe' & 'vnc.reg'
    > Updated: The 'help' screen
    > Updated: The all of the 'internal structure/workings'
    > Updated: The command line arguments
    > ...and a couple of extra 'little' things
    Last edited by g0tmi1k; 03-05-2011 at 01:42 PM. Reason: Added #127
    Have you...g0tmi1k?

Similar Threads

  1. [Script][Video] EvilGrade (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 27
    Last Post: 03-06-2011, 12:24 PM
  2. [Script] [Video] metasploit-FakeUpdate (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 30
    Last Post: 12-06-2010, 04:53 PM
  3. [Script][Video] - Using McGrew Security's nbnspoof.py
    By orgcandman in forum Beginners Forum
    Replies: 3
    Last Post: 11-17-2010, 07:36 PM
  4. [Script] [Video] FakeAP_pwn (v0.2.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 184
    Last Post: 09-02-2010, 11:01 AM
  5. Replies: 10
    Last Post: 07-12-2010, 03:04 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •