Page 9 of 15 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 144

Thread: [Script] [Video] fakeAP_pwn (v0.3)

  1. #81
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    line 853 in (124) or line 858 in (115)

    Code:
       command=$(iwlist $interface scan 2>/dev/null | grep "essid:")
    The output of "iwlist wlan0 scan" gives me the following.

    Code:
     
    /snip
                        Frequency:2.462 GHz (Channel 11)
                        Quality=37/70  Signal level=-73 dBm
                        Encryption key:on
                        ESSID:"?????"
                        Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                                  12 Mb/s; 24 Mb/s; 36 Mb/s
                        Bit Rates:9 Mb/s; 18 Mb/s; 48 Mb/s; 54 Mb/s
                        Mode:Master
    /snip
    When I capitalize "essid" in line 853 it doesn't go into a long loop looking for a network.

    It only did this while using 2 wireless cards.

    Still getting error code 3 when I enable "extras" (regardless of the configuration) Still investigating what this means.
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  2. #82
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by parrotface View Post
    running hostapd
    real install not VM
    restart is that I stop the script and start it again
    I relise you are still working hard on the script. I am not tring to run multi client, I am trying it with two different clients (XP sp2 and a Vista box) after restarting the script each time before trying a different client.
    I found running #120 stopping the script, then starting #115 the dns worked, but if I re-booted BT4-r1 and run #115 there are problems.
    I posted my findings just in case it helped you.
    Good work, Many thanks
    In that case... Whats your hardware/drivers? Or its something causing interference (either virtual or physical).

    The script isn't designed for "restarting" - and I'm not sure if it ever will be designed to (as I didn't plan for it to do it)
    The idea is a "one time" thing (hence the reason why it didn't have "auto start when the PC is turn on").

    Please do post any results you find/make, as it will help (one way or another)



    Quote Originally Posted by Scamentology View Post
    line 853 in (124) or line 858 in (115)

    Code:
     command=$(iwlist $interface scan 2>/dev/null | grep "essid:")
    The output of "iwlist wlan0 scan" gives me the following.

    Code:
    /snip
    Frequency:2.462 GHz (Channel 11)
    Quality=37/70 Signal level=-73 dBm
    Encryption key:on
     ESSID:"?????"
    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
    12 Mb/s; 24 Mb/s; 36 Mb/s
    Bit Rates:9 Mb/s; 18 Mb/s; 48 Mb/s; 54 Mb/s
    Mode:Master
    /snip
    When I capitalize "essid" in line 853 it doesn't go into a long loop looking for a network.

    It only did this while using 2 wireless cards.

    Still getting error code 3 when I enable "extras" (regardless of the configuration) Still investigating what this means.
    #116-124 was me trying to sync up version - they are not "stable" (I usually post when they are out). Ive still got one "big" update to release which is the result of it all - just need to test/fix a few things first.

    Thanks for the heads up tho on iwlist - Ill look into it Ill see if its any quicker for me.
    For the record, which WiFi cards are you using?

    "action error Code 3" is when parameter "5" (aka Hold) isn't set correct. Simple answer, its a coding bug *ma bad!*
    Thanks for pointing it out - Ill also look into it!
    Have you...g0tmi1k?

  3. #83
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by g0tmi1k View Post
    Thanks for the heads up tho on iwlist - Ill look into it Ill see if its any quicker for me.
    For the record, which WiFi cards are you using?

    "action error Code 3" is when parameter "5" (aka Hold) isn't set correct. Simple answer, its a coding bug *ma bad!*
    Thanks for pointing it out - Ill also look into it!
    I'm using:
    AlfaAWUSO36H and the on-board ath9k on my Sony VAIO

    I'm currently looking to purchase a card that's supported by Hostapd (edit: LOL ath9k supports it)
    Any suggestions? I will continue to post results.
    Last edited by Scamentology; 10-30-2010 at 08:09 AM.
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  4. #84
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    1

    Default Respuesta: [Script] [Video] fakeAP_pwn (v0.3)

    Hi, Iīm developing a tool to extract all wifi passwords stored in target side and send them to your ftp account to see the victim/s wifi passwords.

    I discovered your tool fakeap_pwn a few days ago and i decided to develope this tool for people which are interested into extract wifi passwords and not take a reverse shell or vnc control over the target machine.

    With this tool the attacker can see the passwords of the victim (Wep & Wpa)

    The victim must download and execute the .exe file allocated in our apache server when done the .exe file export allwifi passwords stored and sent them by ftp to our ftp server running in BackTrack
    **********************************************
    I think fakeap needs this improvements:


    1- Add deauth attack to broadcast MACīs associated to a real AP ex: "linksys"
    at the same time we create a fakeAP with the same SSID "linksys" victim AP "linksys" has WPA encryption enabled so when he gets deauthenticated from his real AP will try show active APīs enabled and will see another AP with the same SSID "linksys" so...

    Victim detect another AP with the same SSID and needs to be online cause we are sending deauth attack to broadcast from his router MAC so he will try to connect to our fakeAP and you know all the rest... xD

    2- Add different index.php files using a youtube index file or microsoft index will give to the fake index a greater degree of credibility

    3- Even better than deauth to broadcast is add to fakeap a flood option and cause a massive reboot/freeze of all APs so if all APs are rebooting excepting our fake AP, victims of all APs will be offline and they will have only one AP to connect, our fake AP and Wep & Wpa passwords will come to us xD
    **********************************************
    My tool is not finished im noob in soft developing so forgive me
    Iīm developing it in Visual Basic 2010
    Now my tool export passwords and send them to our FTP server

    Im testing it over my fake AP

    When itīs finished i can send it to you and you can include it in the next fakeap_pwn release

    I would be happy if you did

    I wait for an answer
    Regards

  5. #85
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    fakeAP_pwn v0.3 #125
    Download: [OUT-OF-DATE]
    Added: IP info
    Added: Logging of IPTables
    Added: Port check & Kill apps
    Changed: "DHCP Server" (Using dhcpd3 again)
    Changed: "Temp" output folder
    Fixed: Display bug (when gateway was wrong)
    Fixed: Hostapd detecting bug
    Fixed: Install "apps" bug
    Fixed: IPTables - "Clear" bug
    Fixed: IPTables - "Force" bug
    Fixed: www/ folder copy bug
    Updated: "Help" screen (Removed unused commands)
    Updated: Internal working (Bug fixes, Renamed values, Uses less output windows, etc)
    Updated: Metasploit script
    Updated: Ping tests
    Updated: Screen outputs

    It's worth re-downloading the tar.gz instead of using "-u".
    Last edited by g0tmi1k; 10-30-2010 at 12:01 PM. Reason: Removed Link
    Have you...g0tmi1k?

  6. #86
    Junior Member
    Join Date
    Aug 2010
    Posts
    48

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Hello g0tm1lk, thankyou for the update to the script.

    I am having an issue in running the script. I have all the packages installed as per the BT4R1 package. However according to the script, these modules are not installed. However, dsniff installs correctly, assuming it is updated, but when it came to sslstrip even though it is installed, it still prompted me to install and i got an error as the instalation failed.
    [*] fakeAP_pwn v0.3 (#125)
    [>] Analyzing: Environment
    [!] sslstrip isn't installed
    [~] Would you like to try and install it? [Y/n]: y
    [!] action. Error code: 1
    [!] Failed to install sslstrip
    [i] Quiting
    [>] Restoring: Environment[*] Done! (= Have you... g0tmi1k?

    Also, when changing the "extras" value to "false" it wont detect an access point at all...

    LOG: http://pastebin.com/LFfHXbs0
    Last edited by RexBudman; 10-30-2010 at 04:32 AM.

  7. #87
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by RexBudman View Post
    Hello g0tm1lk, thankyou for the update to the script.

    I am having an issue in running the script. I have all the packages installed as per the BT4R1 package. However according to the script, these modules are not installed. However, dsniff installs correctly, assuming it is updated, but when it came to sslstrip even though it is installed, it still prompted me to install and i got an error as the instalation failed.
    [*] fakeAP_pwn v0.3 (#125)
    [>] Analyzing: Environment
    [!] sslstrip isn't installed
    [~] Would you like to try and install it? [Y/n]: y
    [!] action. Error code: 1
    [!] Failed to install sslstrip
    [i] Quiting
    [>] Restoring: Environment[*] Done! (= Have you... g0tmi1k?

    Also, when changing the "extras" value to "false" it wont detect an access point at all...

    LOG: http://pastebin.com/LFfHXbs0
    I had the same issue. just change the file it points to (line 715 of v125) there is no sslstrip.py int that directory so it assumes its not installed.

    For the other problem capitalize "essid" in line 819. and again in line 344.

    I hope that's helpful.

    IT WORKS!!! Fantastic stuff gotm1lk
    Last edited by Scamentology; 10-30-2010 at 06:35 AM.
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  8. #88
    Junior Member
    Join Date
    Aug 2010
    Posts
    48

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Hey thanks for that response and yes It worked once i implimented your fix.

    New error - http://pastebin.com/ME58TUYX

    http://pastebin.com/dS6KV8p2


    I hope I am not being a pain in the arse, I just want to post the bugs.

    Once the program reaches this point, regardless of detecting fakeAP, it does not appear when probed by seperate machine.
    Last edited by RexBudman; 10-30-2010 at 07:23 AM.

  9. #89
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Yeah I'm getting that too. He mentions what error code 3 is earlier in the thread.

    Quote Originally Posted by RexBudman View Post
    Hey thanks for that response and yes It worked once i implimented your fix.

    New error - http://pastebin.com/ME58TUYX

    http://pastebin.com/dS6KV8p2

    Any reason I might be getting this output from msfconsole while running your script (even in normal mode). It isn't making the fakeap.rb script in the tmp folder in this mode (which is brilliant I might add) so I have no idea yet. any ideas? I love exploring stuff.

    RbReadline Error: SignalException SIGTERM /o pt/metasploit3/msf3/lib/rbreadline.rb:4435:in `read'/opt/metasploit3/msf3/lib/rb readline.rb:4435:in `rl_getc'/opt/metasploit3/msf3/lib/rbreadline.rb:4484:in `se nd'/opt/metasploit3/msf3/lib/rbreadline.rb:4484:in `rl_read_key'/opt/metasploit3 /msf3/lib/rbreadline.rb:4659:in `readline_internal_charloop'/opt/metasploit3/msf 3/lib/rbreadline.rb:4755:in `readline_internal'/opt/metasploit3/msf3/lib/rbreadl ine.rb:4777:in `readline'/opt/metasploit3/msf3/lib/readline_compatible.rb:72:in `readline'/opt/metasploit3/msf3/lib/rex/ui/text/input/readline.rb:90:in `pgets'/ opt/metasploit3/msf3/lib/rex/ui/text/shell.rb:127:in `run'./msfconsole:117

    EDIT: Nevermind - I figured it out
    Last edited by Scamentology; 10-30-2010 at 08:04 AM.
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  10. #90
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script] [Video] fakeAP_pwn (v0.3)

    Quote Originally Posted by Scamentology View Post
    I'm using:
    AlfaAWUSO36H and the on-board ath9k on my Sony VAIO

    I'm currently looking to purchase a card that's supported by Hostapd (edit: LOL ath9k supports it)
    Any suggestions? I will continue to post results.
    My Linksys WUSB54G (rt73usb) works great with hostapd!
    Whereas
    Alfa AWUS036H (rtl8187) --- Doesn't work
    Intel Link 5100 (iwlagn) --- Doesn't work



    Quote Originally Posted by putupeo View Post
    Hi, Iīm developing a tool to extract all wifi passwords stored in target side and send them to your ftp account to see the victim/s wifi passwords.

    I discovered your tool fakeap_pwn a few days ago and i decided to develope this tool for people which are interested into extract wifi passwords and not take a reverse shell or vnc control over the target machine.

    With this tool the attacker can see the passwords of the victim (Wep & Wpa)

    The victim must download and execute the .exe file allocated in our apache server when done the .exe file export allwifi passwords stored and sent them by ftp to our ftp server running in BackTrack
    **********************************************
    I think fakeap needs this improvements:


    1- Add deauth attack to broadcast MACīs associated to a real AP ex: "linksys"
    at the same time we create a fakeAP with the same SSID "linksys" victim AP "linksys" has WPA encryption enabled so when he gets deauthenticated from his real AP will try show active APīs enabled and will see another AP with the same SSID "linksys" so...

    Victim detect another AP with the same SSID and needs to be online cause we are sending deauth attack to broadcast from his router MAC so he will try to connect to our fakeAP and you know all the rest... xD

    2- Add different index.php files using a youtube index file or microsoft index will give to the fake index a greater degree of credibility

    3- Even better than deauth to broadcast is add to fakeap a flood option and cause a massive reboot/freeze of all APs so if all APs are rebooting excepting our fake AP, victims of all APs will be offline and they will have only one AP to connect, our fake AP and Wep & Wpa passwords will come to us xD
    **********************************************
    My tool is not finished im noob in soft developing so forgive me
    Iīm developing it in Visual Basic 2010
    Now my tool export passwords and send them to our FTP server

    Im testing it over my fake AP

    When itīs finished i can send it to you and you can include it in the next fakeap_pwn release

    I would be happy if you did

    I wait for an answer
    Regards
    I've sent you a reply via email about this. (=
    Short reply:
    > Yes, fakeAP_pwn needs ALOT of improvements.
    > The idea of cloning is already planned.
    > There is now a new index.php that looks better.



    Quote Originally Posted by RexBudman View Post
    Hello g0tm1lk, thankyou for the update to the script.

    I am having an issue in running the script. I have all the packages installed as per the BT4R1 package. However according to the script, these modules are not installed. However, dsniff installs correctly, assuming it is updated, but when it came to sslstrip even though it is installed, it still prompted me to install and i got an error as the instalation failed.[*] fakeAP_pwn v0.3 (#125)
    [>] Analyzing: Environment
    [!] sslstrip isn't installed
    [~] Would you like to try and install it? [Y/n]: y
    [!] action. Error code: 1
    [!] Failed to install sslstrip
    [i] Quiting
    [>] Restoring: Environment[*] Done! (= Have you... g0tmi1k?

    Also, when changing the "extras" value to "false" it wont detect an access point at all...

    LOG: http://pastebin.com/LFfHXbs0
    Thanks for telling me about this on IRC. Fixed in 126. (=



    Quote Originally Posted by Scamentology View Post
    I had the same issue. just change the file it points to (line 715 of v125) there is no sslstrip.py int that directory so it assumes its not installed.

    For the other problem capitalize "essid" in line 819. and again in line 344.

    I hope that's helpful.

    IT WORKS!!! Fantastic stuff gotm1lk
    Thanks for the tip & thanks



    Quote Originally Posted by RexBudman View Post
    Hey thanks for that response and yes It worked once i implimented your fix.

    New error - http://pastebin.com/ME58TUYX

    http://pastebin.com/dS6KV8p2


    I hope I am not being a pain in the arse, I just want to post the bugs.

    Once the program reaches this point, regardless of detecting fakeAP, it does not appear when probed by seperate machine.
    Fixed in 126. (=
    Your not a pain, far from it



    Quote Originally Posted by Scamentology View Post
    Yeah I'm getting that too. He mentions what error code 3 is earlier in the thread.

    Any reason I might be getting this output from msfconsole while running your script (even in normal mode). It isn't making the fakeap.rb script in the tmp folder in this mode (which is brilliant I might add) so I have no idea yet. any ideas? I love exploring stuff.

    RbReadline Error: SignalException SIGTERM /o pt/metasploit3/msf3/lib/rbreadline.rb:4435:in `read'/opt/metasploit3/msf3/lib/rb readline.rb:4435:in `rl_getc'/opt/metasploit3/msf3/lib/rbreadline.rb:4484:in `se nd'/opt/metasploit3/msf3/lib/rbreadline.rb:4484:in `rl_read_key'/opt/metasploit3 /msf3/lib/rbreadline.rb:4659:in `readline_internal_charloop'/opt/metasploit3/msf 3/lib/rbreadline.rb:4755:in `readline_internal'/opt/metasploit3/msf3/lib/rbreadl ine.rb:4777:in `readline'/opt/metasploit3/msf3/lib/readline_compatible.rb:72:in `readline'/opt/metasploit3/msf3/lib/rex/ui/text/input/readline.rb:90:in `pgets'/ opt/metasploit3/msf3/lib/rex/ui/text/shell.rb:127:in `run'./msfconsole:117

    EDIT: Nevermind - I figured it out
    How did you fix it?



    Thanks guys for reporting/testing.
    Using the log feature helps alot (and giving the fixes helps even more )

    fakeAP_pwn v0.3 #126
    Fixed: ESSID bug
    Fixed: Route bug
    Fixed: SSLStrip bug
    Removed: "Extras" --- Needs more testing, will be added back in later
    http://code.google.com/p/fakeap-pwn/source/detail?r=126
    http://www.mediafire.com/?8t88l8il0gedh8g
    Have you...g0tmi1k?

Page 9 of 15 FirstFirst ... 7891011 ... LastLast

Similar Threads

  1. [Script][Video] EvilGrade (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 27
    Last Post: 03-06-2011, 12:24 PM
  2. [Script] [Video] metasploit-FakeUpdate (v0.1.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 30
    Last Post: 12-06-2010, 04:53 PM
  3. [Script][Video] - Using McGrew Security's nbnspoof.py
    By orgcandman in forum Beginners Forum
    Replies: 3
    Last Post: 11-17-2010, 07:36 PM
  4. [Script] [Video] FakeAP_pwn (v0.2.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 184
    Last Post: 09-02-2010, 11:01 AM
  5. Replies: 10
    Last Post: 07-12-2010, 03:04 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •