Page 10 of 14 FirstFirst ... 89101112 ... LastLast
Results 91 to 100 of 136

Thread: Soft AP / Phishing Script [Release]

  1. #91
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    12

    Default Re: Soft AP / Phishing Script [Release]

    Hi VulpiArgenti,

    looks like a great script. However I tried, and I tried and I couldn't get it to work I have read all the previous posts, but nothing helped me. I think the dhcp server is not running. The dhcp server tail term is completely empty, I can see the access point I created on my tablet, I connect but I do not get an IP address. All of this I think points to something being wrong with dhcp. I also get this message when I run the script, but it doesn't interrupt anything it just keeps running:

    Can't open /tmp/dhcpd.conf: Permission denied

    Do you know how I can fix this? I'd appreciate any help.

    Aldous

  2. #92
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    @bugme, I've also no idea what you did but glad it's working!

    @parrotface, thanks for letting me know. If anyone else reports the same issue I'll amend that line as you suggest.

    For the Eterm:
    1. Exit the script
    2. In gnome terminal/konsole enter:
      Code:
      Eterm
    3. In the Eterm window you should see a menubar (see screenshot). If you don't, perhaps purge and reinstall
    4. Clicking on "background" gets you into the options (pixmap etc)
    5. Once done, click "Eterm" (first in the menubar), then "Save theme settings..." (and perhaps also "save user settings" for luck)


    Screenshot.png

  3. #93
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    Hi Aldous,

    Please try/confirm the suggestions in post #62, then report back

  4. #94
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: Soft AP / Phishing Script [Release]

    Hi VulpiArgenti
    I get IP evertime since I changed line 725 from sleep 1 to sleep 3. No problem now I log onto the AP OK.
    Info on Eterm solved the background problems I can now see whats going on.
    Many thanks for your response.
    Now Investigating why I can't get the index.html when trying to run a portal, index.html there 10.0.0.1 but the client does not get directed to the login page.
    many thanks

  5. #95
    Member
    Join Date
    Jan 2010
    Posts
    54

    Default Re: Soft AP / Phishing Script [Release]

    Quote Originally Posted by Carto_ View Post
    Hum, same for me deviney !

    I am launching pwnSTAR in my local network, all is working fine (victime station have access to the internet) but I wan access to https pages. I mean when I search gmail in google and clic on Gmail --> https://mail.google.com ... ! And in the sslstrip log, lot of shit-data.

    My internet connexion is OK, and PwnSTAR well configured.
    Running it on BT5R2, sslstrip V 0.9
    Thats more then i get, i get no data at all. i just get the 2 lines that tells me its posining or sumting but then nothing :/

    Ill give it another go later seems i havnt tried lately and seems the ip problem is now fixed it give me more hope it may work ha

    I will write back on thursday and let you know my progress

    EDIT: using the fix below i managed to get the IP address issue working and also the SLL strip is now working. Shame it dosent present the information aswell as it does in YAMAS but still i can see me having alot of fun with this. I have only tried using option 3 (internet access with MITD attack). I will now try the other options and write back and let you know how i get on.

    Quote Originally Posted by parrotface View Post
    Hi
    Just run script in debug and I can now get an IP so I guess it's a timing problem. Tried debug on earlier version and it didn't work then.
    thanks

    edit
    changed line 725 from sleep 1 to sleep 3 and I now get IP and can connect OK without running in debug
    EDIT: VulpiArgenti I have been looking on the video part of the forums and a nice way to inject a payload into the users of the are rouge AP. I was wondering if its possible to add this into your script instead of the evil PDF. Heres the info http://www.backtrack-linux.org/forum...ad.php?t=49858

    LAST EDIT TODAY: Ok i tried to test the other options in this script by using the current hotspot release and running it under option 4 in the script. The problem was that my victem machine was just getting internet access and not getting redirected to the login page. i gave the folder www/ folder full admin permissions under the group policy. I did the same with the hotspot folder and made the formdata.txt excutiable.

    I could not find process-form-data.php so i left this out because i was guessing it was not in the new hotspot release (correct me if am wrong).

    I was wondering if this is a known issue?
    Last edited by deviney; 06-13-2012 at 02:45 PM.

  6. #96
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    Hi Guys, sorry for the delay - don't you hate it when the day-job interferes with backtracking?

    -----------------------------------------

    @parrotface, the webpage is served on 192.168.0.1. Enter this directly in the browser address bar, from both the attacker and the victim. If you are now getting an IP address, then you should see the index page.

    The usual reason for redirection to the login appearing to fail is DNS-caching in the victim. AFAIK, there's not much you can do about this as an attacker. As the victim in a test setup, you can enter a random nonsense address; this is unlikely to be cached and should allow the login page to show. Or try flushing the DNS cache.

    -----------------------------------------

    @deviney

    There's no point in my ripping off ComaX' script. You can run YAMAS at the same time (with the "-p" switch), and use it to parse the SSLStrip logfile generated by PwnSTAR.

    I agree it's a nice video by zimmaro. I was intending to look at incorporating a variant of isr-evilgrade, but the index.html from the video would be a much easier option.

    If you are using basic menu option 4, then you need the hotspot_2 directory (http://code.google.com/p/pwn-star/do...2.tgz&can=2&q=). This includes the process-form-data.php. I subsequently added portal_hotspot, which is a much better version, launched from the advanced menu.

  7. #97
    Member
    Join Date
    Jan 2010
    Posts
    54

    Default Re: Soft AP / Phishing Script [Release]

    Quote Originally Posted by VulpiArgenti View Post
    Hi Guys, sorry for the delay - don't you hate it when the day-job interferes with backtracking?

    @deviney

    There's no point in my ripping off ComaX' script. You can run YAMAS at the same time (with the "-p" switch), and use it to parse the SSLStrip logfile generated by PwnSTAR.

    I agree it's a nice video by zimmaro. I was intending to look at incorporating a variant of isr-evilgrade, but the index.html from the video would be a much easier option.

    If you are using basic menu option 4, then you need the hotspot_2 directory (http://code.google.com/p/pwn-star/do...2.tgz&can=2&q=). This includes the process-form-data.php. I subsequently added portal_hotspot, which is a much better version, launched from the advanced menu.

    I never knew that was an option but looking at it more closely i see, i will try the "-p" switch method late.

    i have not had a chance to play with isr-evilgrade yet, i will have look at it once iv finished other things am learning. I tried renaming the "FakeUpdate" file to "portal_hotspot3" and running it with your script and it worked to a point. The only problem was that images would not show on the victems webpage only the text unfurtinate really...

    Yes using hotspot_2 solved the problem thanks. They have all worked... well besides evilpdf because i have not got round to trying it yet. This script is really awersome by the way might have some fun with my flat mates at university using it haha

  8. #98
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    [0-DAY ADDED - PwnSTAR 0.72]

    Have added in the new MSXML exploit against Internet Explorer. This will exploit Windows 7. The payload is the default metasploit so is likely to be picked up by AV. I can't do much about that until I've learnt Ruby. Any help welcome.

    Use wisely - this vulnerability won't last long!

    http://code.google.com/p/pwn-star/downloads/list

  9. #99
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    [PwnSTAR 0.8]

    New features:
    1. Exploit added - Java Applet Field Bytecode Verifier. Now the old faithful Java Applet has been patched, this has been described as one of the most powerful of the current exploits.
    2. More deauthentication options - MDK3 and airdrop-ng added.

    http://code.google.com/p/pwn-star/downloads/list

    This may be the last update. I'm not sure I can take the script any further without overlapping with SET. Obviously I couldn't produce anything better than SET, and there seems little point in re-inventing the wheel. I also need to take some time to learn real programming and exploitation. Look out for Ruby::PwnSTAR next year!

    Many thanks to all who contributed. It's been fun.

  10. #100
    Member
    Join Date
    Dec 2011
    Posts
    86

    Default Re: Soft AP / Phishing Script [Release]

    sweet deal, I can't wait to check out the new version, thanks!

Page 10 of 14 FirstFirst ... 89101112 ... LastLast

Similar Threads

  1. SET 0.7 phishing demo
    By pentest09 in forum BackTrack Videos
    Replies: 7
    Last Post: 12-19-2010, 10:31 PM
  2. Soft AP Upside Down image help pls, script nearly works
    By spriggsy in forum Beginners Forum
    Replies: 0
    Last Post: 11-05-2010, 12:01 PM
  3. Soft AP Script not working?
    By spriggsy in forum Beginners Forum
    Replies: 1
    Last Post: 05-19-2010, 01:08 PM
  4. Soft AP bash script
    By junke1990 in forum OLD Wireless
    Replies: 1
    Last Post: 04-03-2010, 08:30 AM
  5. backtrack 4 pre release user login script
    By eidos in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-30-2009, 09:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •