Page 7 of 15 FirstFirst ... 56789 ... LastLast
Results 61 to 70 of 144

Thread: [Script] [Video] fakeAP_pwn (v0.3)

  1. #61
    Just burned his ISO herrdign's Avatar
    Join Date
    Sep 2010
    Posts
    6

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    after updating to v #112 the script gave me an error:

    Code:
    [>] Analyzing: Environment
    fakeAP_pwn.sh: line 531: wlan0: command not found
    [!] Internet access: Failed.
    [i] Switching mode: non

    changed line 531 to:
    Code:
    if  [ ! "$command" ]  ; then
    don't know if i messed it up, but it's working again. using gprs-modem via usb (wvdial) at ppp0.

  2. #62
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Hi Just installed #112 and run update. This said updating to #113, when I look in the script it still shows #112 but I presume this is ok and just saved it as version 113.
    Everything seems OK except the victim still can't connect to the internet. I get meterpreter session OK.
    In previous items there is talk of bind9, is this something I need to do or is the script going to be updated.
    P.S Hostpad seems to solve my previous connection problems.
    thanks

  3. #63
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    hi g0tmilk thanks for all the hard work, but I have a problem as in the early days before encoding scheme on the payload it used to get detected, then you used the shikata ......and it evaded AV but now it gets picked up again, so I am wondering if I can append the script to encode using my scheme as its totally undetected as i had to re encode my payloads after posting a video of av evasion and had the scheme smashed all over virus total and rendered it useless. Lesson well learn't not to do that again...I have used multiple encoding again with a twist and used it successfully evading over 20 of the top with heuristics, manually placed it in the server directory over writing yours only sends the stage at the moment but as a payload in itself it works so is there something in the script that could affect this from completion?

    Long winded i know but the Fake AP project is pukka and worked a treat before the virus sig got out, now it wont get past AV..

    Great work though once again..

    Regards Dee

  4. #64
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    @Everyone,
    Sorry for the delay in getting back to you all, I'm currently moving house and haven't got the internet setup yet!



    Quote Originally Posted by Casca View Post
    Hi, I got the same thing - if you have 2 r8187L based wifi cards you can fix it by:

    nano fakeAP_pwn.sh
    change mon0 to wlan1 and save - I had a look at the code and it's removing the rtl8187 drivers and replacing them with r8187 automatically, so there is no "mon0" being created.


    Might want to issue rmmod r8187 & modprobe rtl8187 after the script runs, or just insert that code near the end to complete the cleanup (the mac80211 autoloads with the rtl8187 so no need to modprobe it.
    Thanks for the heads up + Fix! (I'll add it in for my next update.)
    I want to *try* automate detecting the monitor interface, removing this problem altogether. However, all my monitor interfaces use monX, so it may not be "perfect"....



    Quote Originally Posted by Scamentology View Post
    might have a bug with meterpreter while running "true" for extras.

    VNC WKV and my own encoded payload worked perfectly with the script until I put the extras value to true.
    (it sends the stage then gives a sessions ID then stalls forever)

    test comp gives up to 3 popups for the download and starts 2 sessions

    I was still able to get a meterpreter session on the side with a different port while the fake AP was connected to my test computer. so its not the connection or meterpreter.

    Did I miss if there was wep support for airbase? didn't see it in the script anywhere. I'm afraid to continue with hostapd.

    Ver 112
    using ath9k
    eth0 to an AP without internet access (changed ping google.com to 192.168.1.1 to get around the check by your script)
    these are the only alterations to your script.

    Hope this is helpful. ver 109 works for my purposes but I will keep trying the new versions

    What a fun project!!!
    Ive been tweaking & testing extras for another script, so Ill see if the new update fixes this issue.

    Thanks for doing all that testing & reports - its a great help!
    Odd that when you enable "extras" is stops...Ill see which program(s) is causes it.

    fakeAP_pwn is Open, airbase-ng supports WEP, hostapd supports WEP/WPA/WPA2 I believe.
    If your hardware supports hostapd, its worth using it. The script *should* automatically install it, if it doesn't read Jokers guide on how to install it.

    Yes, someone else pointed out that the internet checks are not always 100% correct. Ill find a fix for my next release.
    Ill try and compare v112 to v109 and see what could of messed up for you.



    Quote Originally Posted by Eatme View Post
    pm'd + log :

    Bash | fakeAP_pwn v0.3 (#112) Start - Eatme - NDbBN47c - Pastebin.com

    After running the latest script, Wicd reports all networks with all having %1 WEP even if they're WPA.
    -ok I fix this problem by doing the following commands:
    Code:
    :~# rmmod r8187
    :~# modprobe rtl8187


    This also fixed my error I was having:
    #commented lines 762 - 764
    but you can still take a look at the log, to verify.

    Now latest version #112 is working perfectly. Except Internet does not work after infection, but everything else is good to go.

    ps- is the version 0.7 out yet? i would like to try that AP clone... ;]
    Another issue with r8187...Hmmm, Ill check it out for my next release.
    Does the internet work in "Normal" mode?
    hehe, 0.7 is a "while" off. =P Im trying to fix all theses little bugs before I start on v0.4!



    Quote Originally Posted by joker5bb View Post
    here is how to setup the bind dns server to redirect all dns queries

    Code:
    # named.conf
    include "/etc/rndc.key";
    controls {
    inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };
    };
    options {
    directory "/var/named";
    recursion true;
    };
    zone "." IN {
    type master;
    file "db.localroot";
    };
    Code:
    # db.localroot
    @ IN SOA hostname.example.com admin.example.com (
    1 ; Serial
    3600 ; Refresh every 1 hours
    1800 ; Retry every 30 minutes
    604800 ; Expire after 7 days
    1 ) ; TTL 1 second
    IN NS 10.0.0.1
    IN A 10.0.0.1
    * IN A 10.0.0.1
    What is the advantages of using this over the current method? Have you tired it yourself in the script?
    Ill give it a play when I next can



    Quote Originally Posted by Casca View Post
    Pretty slick -

    I was working on something similar when on a whim I wondered if Backtrack had dnsmasq in the repos... sure enough it does. So after a quick apt-get install dnsmasq - this is what I came up with...

    **set-up dnsmasq*
    nano /etc/dnsmasq.conf -
    add these lines:
    interface=at0
    dhcp-range=10.0.0.10,10.0.0.100,6h
    address=/#/10.0.0.1

    /etc/init.d/dnsmasq restart

    **set-up apache**
    nano /etc/apache2/apache2.conf
    add this line:
    ErrorDocument 404 /index.html

    /etc/init.d/apache2 restart

    airbase-ng -e "testwifi" -c 5 wlan1
    ifconfig at0 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 up

    everything connecting to the tap at at0 gets sent to 127.0.0.1, no matter what they type in, plus at0 can have multiple connections...
    Very nice, Ill also give this a test as well.



    Quote Originally Posted by joker5bb View Post
    nice but bind9 is way better to use
    but there are somethings you are still missing, like https
    also im thinking on how to get multi-client support working, any ideas?
    Can I ask why is bin9 better?
    Could we not use the config file that fakeAP_pwn creates for apache for https? Or iptables?
    You sent me that link a while back about multi-client & php/iptables, would that not do the trick?



    Quote Originally Posted by Casca View Post
    I installed bind9 and tried your config - you're right, bind9 is way better for this. I'm still looking at the docs, but I think I might have an idea for multi client... gotta play with it a bit.
    This is from me not testing it yet, but how is it better?
    If you find anything helpful for the multi-client, could you get in touch?



    Quote Originally Posted by cseven View Post
    g0tmi1k can you add fakeAP_pwn to your google code page so if someone wants to go back a version they can? or is it somewhere that I don't see?

    Thanks!
    C
    It's already there! Im currenlty moving all my scripts to googlecode.



    Quote Originally Posted by herrdign View Post
    after updating to v #112 the script gave me an error:

    Code:
    [>] Analyzing: Environment
    fakeAP_pwn.sh: line 531: wlan0: command not found
    [!] Internet access: Failed.
    [i] Switching mode: non
    changed line 531 to:
    Code:
    if [ ! "$command" ] ; then
    don't know if i messed it up, but it's working again. using gprs-modem via usb (wvdial) at ppp0.
    Thanks for reporting, Ill see if I can get a fix for the next release.



    Quote Originally Posted by parrotface View Post
    Hi Just installed #112 and run update. This said updating to #113, when I look in the script it still shows #112 but I presume this is ok and just saved it as version 113.
    Everything seems OK except the victim still can't connect to the internet. I get meterpreter session OK.
    In previous items there is talk of bind9, is this something I need to do or is the script going to be updated.
    P.S Hostpad seems to solve my previous connection problems.
    thanks
    Im guessing the script varible version didn't get updated - I wouldn't worry about it.
    So when you used hostapd it "works", whereas when you run it with airbase-ng it stops at which point?
    Im going to look into bind9 - and see about adding it in to the script (You dont need to worry about it)



    Quote Originally Posted by pentest09 View Post
    hi g0tmilk thanks for all the hard work, but I have a problem as in the early days before encoding scheme on the payload it used to get detected, then you used the shikata ......and it evaded AV but now it gets picked up again, so I am wondering if I can append the script to encode using my scheme as its totally undetected as i had to re encode my payloads after posting a video of av evasion and had the scheme smashed all over virus total and rendered it useless. Lesson well learn't not to do that again...I have used multiple encoding again with a twist and used it successfully evading over 20 of the top with heuristics, manually placed it in the server directory over writing yours only sends the stage at the moment but as a payload in itself it works so is there something in the script that could affect this from completion?

    Long winded i know but the Fake AP project is pukka and worked a treat before the virus sig got out, now it wont get past AV..

    Great work though once again..

    Regards Dee
    From the first post:
    Bypassing "Problem" programs
    * Anti Virus - As of 2010-09-02, you MAY be able to bypass a SOME by uncommenting line 1397 --- BackTrack only.
    Does that work for you?
    What is your encoding scheme?
    Which AV are you using? Which AV is it being detected by?
    Have you...g0tmi1k?

  5. #65
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Encoding is mix multiple but re encoding over 3 times 1.exe then using that as template for the next etc.

    Smart Security picks it up and it was the only one that got most if not all of my payloads but all of the other majors didnt even get basic encoding so my aim is to evade eset which i have done again, it picked up yours and my old coding as rozena generic. Only as of middle of last week may i add was running the same encode for over 8 months undetected. So was wondering if i can script the metasploit part of the encoding to fit with my own for the windows update.exe

    Thanks for such a quick reply ..
    Regards Dee
    ps good luck with the move.


    I use vmware with snapshots of AVs instead of using Virus total . over 20 or so and evades all

  6. #66
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Code:
    Can I ask why is bin9 better?
    Could we not use the config file that fakeAP_pwn creates for apache for https? Or iptables?
    You sent me that link a while back about multi-client & php/iptables, would that not do the trick?
    dnsmasq is only a dns forwarder, bind9 is DNS nameserver
    bind9 would only be used for non-transparent mode
    we can do a simple multi client configuration by using php on the client side, iptables and MAC authentication, but we aslo need something else to gain them access to the internet, we need a metasploit session ID. This could be done by starting a metasploit databse.

  7. #67
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by g0tmi1k View Post




    Another issue with r8187...Hmmm, Ill check it out for my next release.
    Does the internet work in "Normal" mode?
    hehe, 0.7 is a "while" off. =P Im trying to fix all theses little bugs before I start on v0.4!
    I have a whole new setup now, I'm not on VMware anymore, but when I was, INTERNET on the targets machine didn't work. Now that I'm running HD install I will give it another try and post results.
    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

  8. #68
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by pentest09 View Post
    Encoding is mix multiple but re encoding over 3 times 1.exe then using that as template for the next etc.

    Smart Security picks it up and it was the only one that got most if not all of my payloads but all of the other majors didnt even get basic encoding so my aim is to evade eset which i have done again, it picked up yours and my old coding as rozena generic. Only as of middle of last week may i add was running the same encode for over 8 months undetected. So was wondering if i can script the metasploit part of the encoding to fit with my own for the windows update.exe

    Thanks for such a quick reply ..
    Regards Dee
    ps good luck with the move.


    I use vmware with snapshots of AVs instead of using Virus total . over 20 or so and evades all
    Yes, it can be done. On #113, its line 1460, where it creates "Windows-KB183905-x86-ENU.exe". Edit this with your "settings".
    It would be great if you could share your settings - tho I do understand there is more chance your payload will be detected....



    Quote Originally Posted by joker5bb View Post
    dnsmasq is only a dns forwarder, bind9 is DNS nameserver
    bind9 would only be used for non-transparent mode
    we can do a simple multi client configuration by using php on the client side, iptables and MAC authentication, but we aslo need something else to gain them access to the internet, we need a metasploit session ID. This could be done by starting a metasploit databse.
    I've been messing about with dnsmasq, and I've got it working for fakeAP_pwn. (Both non & transparent mode). I'm feeling that it might replface "dhcp3" & "dnsspoof" =p
    Haven't got bind9 working right yet. )=
    I'm going to try and force on getting rid of a few bugs before starting work on multiple-clients.



    Quote Originally Posted by Eatme View Post
    I have a whole new setup now, I'm not on VMware anymore, but when I was, INTERNET on the targets machine didn't work. Now that I'm running HD install I will give it another try and post results.
    Do you mean, normal? Or when the targets are meant to be be able to surf the internet (after infection with transparent & normal mode?)
    Have you...g0tmi1k?

  9. #69
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by g0tmi1k View Post
    Do you mean, normal? Or when the targets are meant to be be able to surf the internet (after infection with transparent & normal mode?)
    with any mode....i tried them all. I believe transparent give them internet, but i tried that as well.
    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

  10. #70
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by Eatme View Post
    with any mode....i tried them all. I believe transparent give them internet, but i tried that as well.
    Give #114 a try (=

    Revision: 114
    Date: Sat Oct 2 03:57:00 2010
    Log: Added more "debug" & "verbose" info
    Fixed "gateway" bug
    Fixed "r8187" bug
    Fixed "version/upgrade" bug
    Replaced "dhcpd3" & "dnssspoof" with "dnsmasq"
    Stops services after the script has finished
    Updated "Extras" programs
    Updated "help" screen
    Updated "internet check"
    Updated "MAC Address" settings
    Updated the internal workings
    Updated "update" function
    Updated "VNC.reg" - doesn't add to firewall anymore
    http://code.google.com/p/fakeap-pwn/source/detail?r=114
    Have you...g0tmi1k?

Page 7 of 15 FirstFirst ... 56789 ... LastLast

Similar Threads

  1. [Script][Video] EvilGrade (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 27
    Last Post: 03-06-2011, 12:24 PM
  2. [Script] [Video] metasploit-FakeUpdate (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 30
    Last Post: 12-06-2010, 04:53 PM
  3. [Script][Video] - Using McGrew Security's nbnspoof.py
    By orgcandman in forum Beginners Forum
    Replies: 3
    Last Post: 11-17-2010, 07:36 PM
  4. [Script] [Video] FakeAP_pwn (v0.2.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 184
    Last Post: 09-02-2010, 11:01 AM
  5. Replies: 10
    Last Post: 07-12-2010, 03:04 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •