Soft AP / Phishing Script [Release]

[VulpiArgenti]

Meet the PwnSTAR: Pwn_SofT_Ap_scRipt

Will do far more than launch airbase-ng:

• manage interfaces and MACspoofing
  
• set up sniffing
  
• serve up phishing or malicious web pages
  
• launch karmetasploit
  
• grab WPA handshakes
  
• de-auth clients
  
• manage IPtables

Updated feature list:

• captive-portal with iptables and php
• more php scripts added
• exploits added
• mdk3 and airdrop deauth

Designed to lead beginners through all the steps (and hopefully experts too will find it useful) - everything should work OOTB.

Huge nod to snafu777, and in fact to everyone who has posted a script here.





All comments appreciated - let me know if anything doesn't work, and what features you would like added.

[Current version 0.84 - see post #125]

Spend an evening with the PwnSTAR at http://code.google.com/p/pwn-star/downloads/list

[VulpiArgenti]

Here is an example of a phishing page, as seen by the victim, demonstrating PwnSTAR acting as a web server. It offers free WiFi in exchange for credentials. It only needs one...

As it stands it doesn't have too many legitimate uses. However, it would be a simple job to copy the target's business logo onto the page, or clone their site, and then fire up PwnSTAR near the premises.

I've only started learning html, so this is pretty rough. Feel free to contribute a more refined version. The more elegant, the more chance of success.




Instructions for use:

download and untar
copy the hotspot directory into /var/www
set permissions;

hotspot directory:- group www-data, create and delete files

formdata.txt:- group www-data, rw
process-form-data.php:- make executable

leave index.html where it is; PwnSTAR will move it into position

Download from http://code.google.com/p/pwn-star/downloads/list

[nivong]

THis looks great! An update of FakeAP by g0tm1lk finaly !

[VulpiArgenti]

Thanks nivong. G0tm1lk's script did have more powerful exploits than PwnSTAR - I'm working on it!

[thad0ctor]

looks good! can't wait to see it in action

[nivong]

Cool, can't wait to see it getting futher developed!

will test now and report back.

Report:
#resize -s 38 85 &> /dev/null # resize the terminal
commented out because it really f*cks up the resize and it's way to small and totaly weird resizing

2e:
wlan0 00:1e:65:24:8c:ce
is in use, stupid. Try another interface
It's not and I have no other interface for wlan. I would recommend make an option to "unuse" it. Ifconfig wlan0 down didn't work. Going for a restart now.
After reboot, same error. Can't continue
BTW I used option uno, honypot.

[VulpiArgenti]

Hi nivong,

Thanks for the quick feedback - just what I need to progress the script.

The resize isn't important but I'm curious to discover why it doesn't work for you. You can see in the screenshot the size it gives me. Are you perhaps in KDE, or using an alternative terminal?

The interface error message will only appear if you are trying to set wlan0 for both internet connected interface and AP interface. For the honey pot we don't give internet access - set your wlan0 as the AP interface. This is how it goes:

Code:

How do you want to use the AP?
    
    1) Honeypot: get the victim onto your AP, then use nmap, metasploit etc 

                 no internet access given
    
    2) Grab WPA handshake
    
    3) Sniffing: provide internet access, then be MITM
    
    4) Web server: redirect the victim to your webpage
    
    5) Karmetasploit
     
     
    q) Exit from the script
    
    
1  ### enter 1



Wireless interface to use for AP?


wlan0   00:c0:XXXXXX
wlan0   ### enter wlan0

Starting monitor mode...
etc

Let me know how you get on.

[nivong]

I am on BT5 R2 64 BIT KDE. With a resolution of : 1366x768 (if I am correct)


The problem was I just hit enter after it says:
Wireless interface to use for AP?


wlan0 00:c0:XXXXXX
(I just hitted enter here)

So I didn't wrote wlan0. Little confusing meby? I would have changed it in :

Which Wireless interface to use for AP? (write down)
wlan0 00:c0:XXXXXX

I haven't tested it yet on BT5, I will do this tomorrow on april 6te

[bugme]

hello vulpiargenti, my compliments for your great script. i tried it with the webserver option, and had a little problem: the fake ap goes up perfectly, but the pc that connect to it can't see the fake web page. i tried giving access to internet when asked (when you select the first card it's highlighted in yellow, the second instead remains in brown, probably a little omission in the code?) and without connection; the files index.html, formdata.txt and process-form-data.php are in var/www but cannot be found, so i created another folder in var/www and placed the files in it. now they are found and trying the localhost in firefox indeed shows everything, but it's working only on local and not on the fake connection. what am i doing wrong? thank you. (oh and in the airodump session starting the purple-on-black text isn't very readable )

[VulpiArgenti]

Hi bugme,

Thanks for your comments - much appreciated.

Regarding the Eterm colours, you can see on the screenshot that they should be a very readable purple/yellow. Please launch Eterm then adjust the background settings: transparency off, pixmap none; then "save theme settings". This gives a blank background to show the script colours.

You shouldn't need to create any additional directories once you have moved "hotspot" into /var/www. Your directory setup should look like this:

Code:

root@bt:~# ls /var/www
hotspot  index.html  wstool
root@bt:~# ls /var/www/hotspot
facebookLogo.jpg  GmailLogo.png   HotmailLogo.png  process-form-data.php
formdata.txt      GoogleWifi.jpg  index.html       yahoo.gif

And then running the script (red is your entries):

Code:

Setting up the web page

MUST have directory structure set up correctly

Available web directories:
hotspot
index.html
wstool

Select directory
hotspot

hotspot/index moved into position

Starting Apache...
 * Starting web server apache2                                                [ OK ] 
...success

Starting DNS spoofing...

Do you want to tail the credentials txtfile? (y/n)
y


facebookLogo.jpg  GmailLogo.png   HotmailLogo.png  process-form-data.php
formdata.txt      GoogleWifi.jpg  index.html       yahoo.gif

Enter name of txtfile
formdata.txt

Web Server attack running

Try again with it set up like this.

If there are still problems we need to troubleshoot your victim's connection. Does a lease show up in the "DHCP Tail" eterm, and does the DNSSpoof eterm show activity?