Watch video on-line: http://g0tmi1k.blip.tv/file/3622180
Download video: http://www.mediafire.com/?pmnasjkp3jc7t0k
Download Script (fakeAP_pwn-v0.2.5.tar.gz): * OUT OF DATE*
What is this?
An update to the script, fakeAP_pwn. This is a bash script to automate creating a 'Fake Access Point' and 'pwn' whoever connects to it! The FakeAP is transparent (allowing the target to afterwards surf the inter-webs once they have been exploited!), and the payload is either SBD (Secure BackDoor - similar to netcat!) or VNC (remote desktop).
How does this work?
> Creates a fake AP and DHCP server.
> Runs a web server & creates an exploit with metasploit.
> Waits for the target to connect, download and run the exploit.
> Once successfully exploited it grants access to allow the target to surf the inter-webs.
> Uploads a backdoor; SBD or VNC, via the exploit
> The attacker has the option to run a few 'sniffing' programs (from the dnsiff suite) to watch what the target does on the FakeAP!
What do I need?
> Two interfaces, one for Internet (wired/wireless) and the other for becoming an access point (wireless only - must support monitor mode)
> A Internet connection (though you could modify it so its non transparent)
> Airmon-ng, dhcpd3, apache, metasploit, dnsiff suite --- All on BackTrack!
> The script! fakeAP_pwn-v0.2.5.tar.gz (490.3 KB, SHA1:541d91c19ff32777317385218820233a62f1dc76)
Whats in the tar.gz?
> fakeAP_pwn.sh --- Bash script
> www/index.php --- The page the target is forced to see before they have access to the Internet.
> www/Linux.jpg, OSX.jpg, Windows.jpg --- OS pictures
> www/sbd.exe --- SBD Backdoor
> www/vnc-g0tmi1k.exe --- VNC Backdoor
How to use it?
1.) Extract the tar.gz file (via tar zxf fakeAP_pwn-v0.2.5.tar.gz).
2.) Copy the "www" folder to /var/www (cp www/* /var/www/)
3.) Make sure to "Start Network" and to have an IP address. (via start-network and dhclient [Internet Interface])
4.) Edit fakeAP_pwn.sh with your "internet" and "wireless" interface. (You can view your interfaces via ifconfig and use kate to edit the file.)
5.) bash fakeAP_pwn.sh (don't forget to be in the correct folder!)
6.) Wait for a connection...
7.) ...Game Over.
Commands:
tar zxf fakeAP_pwn-v0.2.5.tar.gz cd fakeAP_pwn-v0.2.5 cd fakeAP_pwn cp www/* /var/www ifconfig kate fakeAP_pwn.sh bash fakeAP_pwn.sh
Notes:
- This time it should work for everyone, just not me =P
- The video uses fakeAP_pwn.sh v0.2.1
- It's worth doing this "manually" (without the script) before using the script, so you have an idea of what's happening, and why. The script is only meant to save time.
- I'm running BackTrack 4 Final in VM, The target is running Windows 7 Ultimate (fully up-to-date 2010-05-13), with no firewall, no AV and no UAC. Tested with windows XP SP3 Professional as well.
- The connection is reversed - so the connection comes from the target to the attacker, therefore, as the attacker is the server, it could help out with firewalls...
- As you can see in the code, one day I plan for this to also "affect" Linux and/or OSX...but its taken me this long to update it - so don't hold your breath!
Video length: 3:20
Capture length: 8:12
Blog Post: http://g0tmi1k.blogspot.com/2010/05/script-video-fakeappwn-v021.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/28363-%5Bscript%5D-%5Bvideo%5D-fakeap_pwn-v0-2-1-a.html#post161837
~g0tmi1k
v0.2.5
> Removed silly typos
v0.2.4
+ Added arguments
+ Checks for superuser
+ Checks interfaces/paths/files exists
+ Improved transparent mode (Thanks joker5bb)
> General code improvements
> Updated the help message
v0.2.3
+ Fakes the MAC address (Thanks joker5bb)
+ Fix “wicd” bug (Thanks joker5bb)
+ Randomizes ports each time
+ Reversed VNC - No need to type in password now
+ Stops and removes existent backdoors
+ Stops services and programs (Thanks joker5bb)
+ Uses “msfencode” - to prevent detection
+ Webpage now has a "favicon"
> Fix a few minor features - Couple of silly typos (Thanks joker5bb)
> General code improvements
> Improved "clean up" code
> Improved the WiFi interface (Thanks joker5bb)
> Renamed the backdoor files
> Renamed the output windows
v0.2.2
+ Fix gateway bug
+ Fix DHCP PID Bug
+ Checks for other index files. And acts on it.
+ Checks to make sure user copied www/. Else acts on it.
+ Added more tools to "extra".
+ Added extra settings (Response to all requests & WiFiName)
> Improved debug info
> Aligned the output windows
> General code improvements
> Improved chances of DHCP working (Might need more work)
> "Started" work on transparent (Needs more work)
> "Started" work on allow a custom backdoor (Needs more work)
- Removed Linux/OSX - was confusing people
v0.2.1
+ Remade first release
> Created Video
> Created Video
v0.1
+ First public release
Wow! Excellent work my friend.
ReplyDeleteI just ran the script, and I'm even more impressed! Beats the hell out of ./SET any day of the week... The only thing missing is an iPhone payload... lol
ReplyDelete@hacknet/h4ckn3t
ReplyDeleteThanks for the thanks!
I dont think itsbetter than SET myself, but still. Thank ;)
...now if you want a iPhone payload, could you give me a iPhone for me to test on =P (=
LOL... I'll work on that!
ReplyDeletewow cooooool update!!!
ReplyDeleteSweet...;D
ReplyDeletec
Great script! Love watching your videos, they are so clean and simple. Arranging the windows is also great when working the scripts.
ReplyDeletejeej I am back again and allready 3 new versions out :P you are developing fast my friend!
ReplyDeleteUhm can't download the new beta(RC4) file .... mediafire is bitching me. Trying in a few agian
As soon as I get home I am loving to give it a try ;)
ReplyDeleteTesting it and it is still looking great so far :) can't find anything wrong !
ReplyDelete@Nivong
ReplyDeleteThanks for the thanks + the testing!
Is there anything you wish for it to do/add/missing?
This comment has been removed by the author.
ReplyDelete@sabotage/n0rd1ck
ReplyDeleteI hope you have permission of the network(s) & PC(s) your attacking, else it's not legal.
~Please make sure your not doing anything illegal.~
@g0tmi1k
ReplyDeleteyou did it again, and again as soon as I get home I am going to try it! for sure!
and what is the changelog now then?
@Nivong
ReplyDeletehehe! Thanks! v0.3 final should be soon. Very soon.
The changelog is huge. I'm going to have to go though the SVN log and create it. Though I think most of the stuff is "behind the scenes".
Really impressed :)
ReplyDelete@hakermania
ReplyDeleteThanks for the thanks!
Is it missing anything?
Great work. What are the differences between 0.2.5 and 0.3? And by the way I think 0.3 version link is not working. Thanks :)
ReplyDelete@Samuel
ReplyDeleteAlot. (=
v0.3 isn't yet complete - so I haven't done a change log for it. But its safe to say, its alot better (and hopefully work the wait!)
The link for v0.3 is working. Just tired it myself.
g0tm1lk... I need to try your new script! Check out mine. It's for the n00bs for sure, but its kinda cool. Lemme know what ya think scriptmaster! =)
ReplyDeletehttp://h4ckn3t.blogspot.com/2010/08/automated-wep-cracking-script-w3p0wn.html
@h4ckn3t
ReplyDeleteThanks for the link.
Ill give it a try as soon as I can. *life is a little busy at the mo*
~ V0.3 FINAL IS OUT ~
ReplyDeletehttp://g0tmi1k.blogspot.com/2010/09/scriptvideo-fakeappwn-v03.html
I'm having an issue with the DHCP server.
ReplyDeleteI get
"dhcp3 failed to start" then the script shuts down.
Any idea? This is on ubuntu 10.10, I've already changed a bunch of stuff to suit my directories, but this is confusing me.
Plus my if I start the DHCP server without the script it runs.
@hodginsa
ReplyDeleteFakeAP_pwn v0.2.x has been replaced with version 0.3!
*See the post above yours!*
just wandering but will this work on backtrack 5 ??
ReplyDelete@s
ReplyDeleteThis has been discontinued as fakeAP_pwn v0.3 has now been released. However, that will not work with BackTrack 5. When fakeAP_pwn v0.4 is out, that will.
when it come v0.4 ?? we wait..
ReplyDelete