Soft AP / Phishing Script [Release]

[Carto_]

Hum, same for me deviney !

I am launching pwnSTAR in my local network, all is working fine (victime station have access to the internet) but I wan access to https pages. I mean when I search gmail in google and clic on Gmail --> https://mail.google.com ... ! And in the sslstrip log, lot of shit-data.

My internet connexion is OK, and PwnSTAR well configured.
Running it on BT5R2, sslstrip V 0.9

[parrotface]

Hi
Still having trouble with Eterm background

adjust the background settings: transparency off, pixmap none; then "save theme settings"

I assume this in the /usr/share/Eterm/themes/Eterm/theme.conf file.
if so does the code need to be in a certain place.

The IP problem I have seems to be that the dhcp server is not running
many thanks

[VulpiArgenti]

Hi parrotface

You can set up theme.conf, but its not necessary, it can be done from an Eterm window.
The Eterms that the script launches are stripped of menu-bars etc (to save desk space). You need to separately launch it from a terminal, and will then see a menu bar that will allow you to make the changes.

[VulpiArgenti]

[v 0.7: EXPLOIT ADDED]

I'm now adding in some of the classic exploits, starting with an evil-PDF. Don't get too excited; this is mainly for learning purposes. It's unlikely to work in your local coffee-shop, where most people will have a patched Adobe Reader.

The idea is to block internet access with the captive portal, until the correct access code has been entered. This is available from a downloadable pdf (which of course contains the exploit).
The client is then allowed through the captive portal, and hopefully will stay connected long enough to be thoroughly owned. Two pdf's included, or you can supply your own.

This blog supplied the inspiration: http://www.proso.com/2011/03/31/capt...ation-tests-2/

Other new features:

custom dnsspoofing in the basic menu (targeted spoofing for a particular site)
Eterm cursor colour changed (more visible on light background)

Script update: PwnSTAR_0.7
New webpage: portal_pdf.tgz (contains evil-pdfs, index php, a "virgin" pdf to add your own payload, and a stand-alone payload that will work with the script)

http://code.google.com/p/pwn-star/downloads/list


Just to clarify, in order to use all the script modules, you need all the web sites marked "current release" in the download page.


[I was hoping to include a Java applet attack but must confess to having problems with SET at the moment. I'll make the Applet the old-fashioned way and include it in the next release.]

[pr0l3]

http://backupserver.ca/blog/?p=64

A quick writeup on PwnSTAR.

[bugme]

hello VulpiArgenti! i am still having troubles with the DHCP server problem...however i managed to start the server manually using http://teh-geek.com/?p=512 this guide...unfortunately i can't read the code of your script, so i can't find the differences between the manual and automatic way to activate the server, but what i suspect is that there is a difference in one of the last 3 steps on the guide (adding the route, pointing dhcpd.conf to the dhcp3-server and specify the interface (at0) or the flushing, and obviously the addresses and the path -tmp in your script, etc on the guide- ) . again, sorry if i am talking nonsense, but i'm just trying to focus the problem with a low experience on this could you help me solving this? thanks

[VulpiArgenti]

Hi bugme
Sorry, but I don't have enough specific info to help. Perhaps if you run the script in debug mode you may be able to narrow the problem down, and then post back.

Code:

bash -x path/to/PwnSTAR_0.7

[parrotface]

Hi
Still can't get IP address from the AP PwnSTAT_0.7
stopped dhcp3-server before starting script
added extra line 720 - /etc/init.d/dhcp3-server start
still no go
/tmp/dhcpd.conf does not exist when running script

Eterm background - sorry but I still can't sort out transparency off & pixmap none. please point show me where to change the theme, I not asking to be spoon fed but I am realy up against reading whats going on. Tempory fix, changed buttonbar to 1 thoughout the script at least this allows me to switch the pixmap.

I have created my own bash script which sets up softAP and gives me an IP so I think my dhcp3-server is OK.
many thanks

[bugme]

ok now i really don't know what to say, but simply running the script in debug has solved any problem, and now everything works flawless thank you VulpiArgenti!!!!!!!

Hi bugme
Sorry, but I don't have enough specific info to help. Perhaps if you run the script in debug mode you may be able to narrow the problem down, and then post back.

Code:

bash -x path/to/PwnSTAR_0.7

[parrotface]

Hi
Just run script in debug and I can now get an IP so I guess it's a timing problem. Tried debug on earlier version and it didn't work then.
thanks

edit
changed line 725 from sleep 1 to sleep 3 and I now get IP and can connect OK without running in debug