Page 13 of 14 FirstFirst ... 311121314 LastLast
Results 121 to 130 of 136

Thread: Soft AP / Phishing Script [Release]

  1. #121
    Just burned his ISO
    Join Date
    Sep 2012
    Posts
    5

    Default Re: Soft AP / Phishing Script [Release]

    @VulpiArgenti

    It worked with a random address, thank you for the help! i don't know how i can get around this but ill try and think of something.

    Working on the Terminal Re-sizer. it asks you for your resolution before running the script, and if you only have 1 terminal open it takes up the entire scree, 2 terminals half, etc.

    Trying to make it so you can switch between work spaces, which currently is not working ( Bad if you have 4+ Consoles open)

  2. #122
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    Terminal re-sizing would be a nice addition to the script - looking forward to seeing it.

  3. #123
    Member longjidin's Avatar
    Join Date
    Feb 2010
    Location
    Kg Lengkong to Bukit Lada
    Posts
    93

    Default Re: Soft AP / Phishing Script [Release]

    i am gonna to try it too bro!!........let me know
    Happy hunting!!

  4. #124
    Just burned their ISO
    Join Date
    Mar 2012
    Posts
    16

    Default Re: Soft AP / Phishing Script [Release]

    Quote Originally Posted by VulpiArgenti View Post
    I'm not intending to upgrade my main rig, so I can't comment yet. I'll have a play with R3 in a VM and get back to you in a few days. Do you think this is a specific problem with the script, or a general problem with dhcp3-server ie does dhcp work when you run it manually?


    There problem IMO is the DHCP, If it isnt setup properly the script wont work.
    I also had to change the standard settings...Things like the router which you set to 192.168.0.1, I had to make it 192.168.1.1 and obviously change the subnet etc.
    I finally managed to get your script to work.
    Its pretty good actually allthough Option 4 doesnt seem to work on Iphone 4.
    Keep up the good work VulpiArgenti

  5. #125
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    UPDATE

    • Added new Java 0day (CVE-2013-0422)
    • Added browser_autopwn
    • Finally fixed the nameserver/dhcpd.conf issues! Should now work whatever the contents of resolv.conf. See from line 707 in the script if you are interested in the parsing.
    • More error checking
    • Fully working on BT5R3



    [PS No changes to the html: existing users need only download the script, not the entire tar bundle.]
    Last edited by VulpiArgenti; 01-13-2013 at 07:09 PM. Reason: PS added

  6. #126
    Just burned their ISO
    Join Date
    Feb 2013
    Posts
    2

    Question Re: Soft AP / Phishing Script [Release]

    sorry for doublepost please delete this

    Hey VulpiArgenti,

    your script works great. I finally came to a point where i nearly understand it to the bone. What i dont get is the iptables configuration. While the option 4 with dns-spoof is working like a charm redirecting to the portal i created, the configuration of a captive portal (advanced options) via iptables is not working. The victim can connect via 192.168.0.1 but for example google.com is not redirected to 192.168.0.1. My question is if if this option is working for you or is it still under construction? You got a hint for me? Iptables would be great to learn also for firewalling. And what is the sense of the option "stop dns-spoof" here is hasnt startet at all.

    cheers
    sud0jud0
    Last edited by sud0jud0; 02-07-2013 at 10:48 AM. Reason: double-post

  7. #127
    Just burned their ISO
    Join Date
    Feb 2013
    Posts
    2

    Default Re: Soft AP / Phishing Script [Release]

    Oii Vulpi,
    I really like your script and it works good even though sometimes I wish it would be more GUI-like to the point where i can at first enter all the attack vektors and parameters and then simply hit launch to start it off. I read it through mostly, and now i am at a point where i understand most of it. I tested option 4 for example, works smoothly with dns-spoof! But when I want to grant internet access after credentials have been entered it fails to redirect the victims to 192.168.1.1 where the hotspot is (advanced options, then option a) ). Now my question: Does this part of the script work for you? (i tested also another iptable-configuration from an alternative blog). The IPtables do not work for me. Is there an option to dnsspoof only unknown macs or something like that? any suggestions?

    regards

    sud0jud0

  8. #128
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    I read it through mostly
    Thanks for making the effort to do this. Let me know if you come up with any improvements in the code.

    Does this part of the script work for you?
    All parts of the script work for me

    fails to redirect the victims to 192.168.1.1 where the hotspot is (advanced options, then option a)
    There are a lot of moving parts here so you will need to troubleshoot the whole sequence. Try to narrow down the point of failure and get back to me.
    The iptables filter by MAC, so will obviously fail if the php does not obtain a valid MAC.
    The relevant php is:

    PHP Code:
    } else { 
        
    // Attempt to get the client's mac address
        
    $mac shell_exec("$arp -a ".$_SERVER['REMOTE_ADDR']);
        
    preg_match('/..:..:..:..:..:../',$mac $matches);
        @
    $mac $matches[0]; 
    You could add in something like "echo $mac" to check this php is working.

    You can look at the iptables by:
    Code:
    iptables -L -t nat
    which for me gives:
    Code:
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere            MAC YO:UR:MA:C:: 
    (snip)

  9. #129

    Default Re: Soft AP / Phishing Script [Release]

    Hi!
    I love the idea of your script, and look forward to using it. I have run into a wall and hope I can get your help in solving my issue. Basically my problem is I can not get a fake AP to go up. I believe it has to do with the "at0" portions of code. Forgive me for lacking knowledge in this area. After running the script with no luck I took a look at the code and its seems the issue arises once I get to the part, "ifconfig at0 up $ap_ip netmask $ap_sm" around line 645, "I've made some comments to remind me where in the code so the line #'s might not match up)

    So in a separate terminal, I ran the code "ifconfig at0 up" where I get an error, "at0: ERROR while getting interface flags: No such device".. This is where I am assuming why I am not getting an Fake AP's from going up. If I run ifconfig, the interfaces I do have listed are eth0, wlan0, lo. So with that in mind I tried changing you're code to supplement all at0 with eth0, and again with wlan0 and mon0.. and still no luck. The script still runs well, however I notice once it starts airbase, I will see it try to set up again on at0. I'm not sure where airbase is getting that from as I have commented out all references to "at0" in trying to troubleshoot this. (Perhaps default for airbase?) So now I'm at a loss.

    I would love to help contribute anyway I can, and look forward to you're response!
    Thank you,
    --Charon

    *Edit
    I was able to get a Fake AP up by doing the following;
    First I put my wlan0 into monitor mode: ifconfig start wlan0
    And then I used this command: airbase-ng -e "CharonTESTap" -c 9 mon0
    And got this output:
    00:17:45 Created tap interface at0
    00:17:45 Trying to set MTU on at0 to 1500
    00:17:45 Trying to set MTU on mon0 to 1800
    00:17:45 Access Point with BSSID 88:53:2E:87:4F:AB started.
    ..
    After checking my my phone sure enough the Fake Ap is now there, but I can not get it to happen with the script. I hope this additional info is useful.

    Edit 2*
    So I felt bad giving such lofty info on my issue and spent most of the night researching and reading up. The I came up to what a TAP interface was and boom! it was like a lightbulb going off in my head. An at0 interface is a Software based interface. d'oh. Reverted all the code back to original. So now I'm going to focus on the codes part that calls up airbase. I'm thinking it might be a timing issue, but still not sure. Still not working for me ... yet. But I'm sure it will be soon

    Edit 3*
    Yay. One problem solved! After "echo -e "$info\nOK, We're finally starting airbase-ng..." Line 640 or so, I changed the sleep value to 30. That sure enough gives it the time to put up the at0 interface finally. Now I am having dhcp problems to troubleshoot. I may need to do a fresh install as I've done so much to my system and have no idea where the trouble is at now.

    Edit 4* Last Edit (hopefull)
    So I did a fresh install of BT, did the update and dist upgrade, and installed the prerequisites. Tried the script again, and was finally able to get the Fake AP to go up! Yay. Not sure where I had the issue to solve that problem. I had to modify several Sleep functions (mostly plus 5) to many of them, and after that was able to connect and monitor the traffic on at0 with wireshark. Very tired now lol, so I will try the other functions tomorrow.

    Sorry this post became more of a troubleshooting post for me asking for help and solving it all in the same place. I am happy though, cause I learned a lot of new stuff I didn't know before. I hope its useful for someone as well
    Last edited by charonsecurity; 02-25-2013 at 04:00 PM. Reason: Additional information

  10. #130
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    Well done for troubleshooting it yourself; all part of the never-ending learning curve . Timing can be an issue in a long script: I'm trying to run it as fast as possible for most users, but this proves to be too quick for a minority, particularly those in a VM. The "sleeps" at lines 378 and 640 are the crucial ones to get right.

Page 13 of 14 FirstFirst ... 311121314 LastLast

Similar Threads

  1. SET 0.7 phishing demo
    By pentest09 in forum BackTrack Videos
    Replies: 7
    Last Post: 12-19-2010, 10:31 PM
  2. Soft AP Upside Down image help pls, script nearly works
    By spriggsy in forum Beginners Forum
    Replies: 0
    Last Post: 11-05-2010, 12:01 PM
  3. Soft AP Script not working?
    By spriggsy in forum Beginners Forum
    Replies: 1
    Last Post: 05-19-2010, 01:08 PM
  4. Soft AP bash script
    By junke1990 in forum OLD Wireless
    Replies: 1
    Last Post: 04-03-2010, 08:30 AM
  5. backtrack 4 pre release user login script
    By eidos in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-30-2009, 09:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •