Hey all!
I've had a go at making a bash script to automate creating a fake AP and pwn who connects to it! (please, any pointers would be great as I'm new at this!)
What is this?This is a bash script and a few other things to make a fake access point which is transparent (allowing target afterwards to surf the Inter-webs after they have been exploited!).
How does this work?> It create a fake AP and DHCP server.
> Runs a web server & create an exploit with metasploit.
> Waits for target to connect, download and run the exploit after it allows them to surf the Inter-webs.
> Creates a backdoor with SBD (Secure BackDoor - bit like netcat!), though this could be replace with VNC if attacker wishes!
> Then starts a few sniffing programs to watch what target does!
What do I need?> Two interfaces, one for Internet (wired/wireless) and the other for becoming an access point (wireless only!)
> A Internet connection (though you could mod it so its non transparent)
> airmon-ng, dhcpd3, apache,metasploit, snarf suit <--- All on BackTrack!
Whats in the 7z file?> FakeAP_pwn.sh <--- The bash script to run.
> FakeAP_pwn.rc <--- Metasploit resource.
> sbd.exe <--- The backdoor.
> dhcpd.conf <--- My DHCP script if you need it.
> index.html <--- The page the target is force to see before they have access to the Internet.
How to use:1.) Extract the 7z file to /root/FakeAP_pwn.
2.) Edit FakeAP_pwn.sh with your gateway, Internet interface, wireless AP interface.
3.) sh /root/FakeAP_pwn/FakeAP_pwn.sh
4.) Wait for a connection...
5.) Game Over.
Notes:It works for me (=I'm running BackTrack 4 Pre Final, The target is running Windows XP Pro SP3 (fully up-to-date 2009-03-25), with no firewall and no AV. Not tested with anything else!
The connections is reverse - so the connection comes from the target to attacker therefore as the attacker is the server it could help out with firewalls...
There is stuff comment out; the stuff at the end I want to happen (help?), the other stuff is other methods of doing the same thing!
LinksDownload: http://mediafire.com/download.php?jndwwjnjn0g
Video: *Uploading *
Commands: http://pastebin.com/f3971a16b
Idea/Source(s): http://forums.remote-exploit.org/wireless/18863-wireless-key-harvester-including-video.html,
http://forums.remote-exploit.org/wireless/18369-fake-ap-wep-wpa-key-grab-video-commands.html~g0tmi1k