I've had a go at making a bash script to automate creating a fake AP and pwn who connects to it! (please, any pointers would be great as I'm new at this!)
What is this?
This is a bash script and a few other things to make a fake access point which is transparent (allowing target afterwards to surf the Inter-webs after they have been exploited!).
How does this work?
> It create a fake AP and DHCP server.
> Runs a web server & create an exploit with metasploit.
> Waits for target to connect, download and run the exploit after it allows them to surf the Inter-webs.
> Creates a backdoor with SBD (Secure BackDoor - bit like netcat!), though this could be replace with VNC if attacker wishes!
> Then starts a few sniffing programs to watch what target does!
What do I need?
> Two interfaces, one for Internet (wired/wireless) and the other for becoming an access point (wireless only!)
> A Internet connection (though you could mod it so its non transparent)
> airmon-ng, dhcpd3, apache,metasploit, snarf suit <--- All on BackTrack!
Whats in the 7z file?
> FakeAP_pwn.sh <--- The bash script to run.
> FakeAP_pwn.rc <--- Metasploit resource.
> sbd.exe <--- The backdoor.
> dhcpd.conf <--- My DHCP script if you need it.
> index.html <--- The page the target is force to see before they have access to the Internet.
How to use:
1.) Extract the 7z file to /root/FakeAP_pwn.
2.) Edit FakeAP_pwn.sh with your gateway, Internet interface, wireless AP interface.
3.) sh /root/FakeAP_pwn/FakeAP_pwn.sh
4.) Wait for a connection...
5.) Game Over.
It works for me (=
I'm running BackTrack 4 Pre Final, The target is running Windows XP Pro SP3 (fully up-to-date 2009-03-25), with no firewall and no AV. Not tested with anything else!
The connections is reverse - so the connection comes from the target to attacker therefore as the attacker is the server it could help out with firewalls...
There is stuff comment out; the stuff at the end I want to happen (help?), the other stuff is other methods of doing the same thing!
Video: *Uploading *
Idea/Source(s): http://forums.remote-exploit.org/wireless/18863-wireless-key-harvester-including-video.html, http://forums.remote-exploit.org/wireless/18369-fake-ap-wep-wpa-key-grab-video-commands.html