Download 7z:

What is this?
I've had a go at making a bash script to automate creating a 'Fake AP' (Access Point) and 'pwn' who connects to it!
This is a bash script and a few other things to make a fake access point which is transparent (allowing target afterwards to surf the Inter-webs after they have been exploited!).

How does this work?
> Creates a fake AP and DHCP server.
> Runs a web server & creates an exploit with metasploit.
> Waits for target to connect, download and run the exploit after it allows them to surf the Inter-webs.
> Uses a backdoor, SBD (Secure BackDoor - bit like netcat!), though this could be replace with VNC if attacker wishes!
> Then starts a few 'sniffing' programs (dnsiff suite) to watch what target does!

What do I need?
> Two interfaces, one for Internet (wired/wireless) and the other for becoming an access point (wireless only!)
> A Internet connection (though you could mod it so its non transparent)
> airmon-ng, dhcpd3, apache,metasploit, snarf suit <--- All on BackTrack!

Whats in the 7z file?

> <--- Bash script to run
> FakeAP_pwn.rc <--- Metasploit resource
> sbdbg.exe <--- Backdoor
> dhcpd.conf <--- My DHCP script (in-case you need it)
> index.html <--- The page the target is force to see before they have access to the Internet.

How to use:

1.) Extract the 7z file to /root/FakeAP_pwn.
2.) Edit with your gateway, Internet interface, wireless AP interface.
3.) sh /root/FakeAP_pwn/
4.) Wait for a connection...
5.) Game Over.

It works for me (=
I'm running BackTrack 4 Pre Final, The target is running Windows XP Pro SP3 (fully up-to-date 2009-03-25), with no firewall and no AV. Not tested with anything else!
The connections is reverse - so the connection comes from the target to attacker therefore as the attacker is the server it could help out with firewalls...
There is stuff comment out; the stuff at the end I want to happen, the other stuff is other methods of doing the same thing!
FakeAP_pwn.7z (17.7KB, MD5 006ee8522deb5c4d71c754e94282a516)

Blog Post:
Forum Post: