The script is 100% working on bt5r3 test machine. You just install the prerequisites and Code: Select All chmod 775 911_AP.sh You can run the script from any directory on your PC. You can even place it inside /usr/bin and just type 911_AP in terminal and it will be part of your system!! It should be fully functional. The script has everything you need on a fresh install of BT5r3 to make it compatible and ready to run. 1 . Prerequsites and Updates 2. Run FAKE AP Static 3. Run EVIL TWIN AP 4. Run Standard ARP poison 5. Netdiscover connected clients 6. EXIT It will not work with ISC_DHCP_SERVER. You will need to do the following. THIS IS FOR any other OS besides BT5 Code: Select All apt-get purge dhcp3-server apt-get purge dhcp3-common You will need to use this version of DHCP3 server http://www.mediafire.com/?oxgkgdio8ndjq5l http://www.mediafire.com/?p3g4maize6p60dy Install with the following: Code: Select All tar xzvf <FILENAME> tar xzvf <FILENAME> You should be able to pwn anyone on a network with this. You can run a FAKE_AP for days without a crash. How to Use make sure you commented out your etter.conf file so you dont have the # sign in front of the lines that say. Open terminal and type Code: Select All gedit /etc/etter.conf ——–> When done editing these lines save the file If you are using IP tables, Like below: Code: Select All #redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT %rport” #redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT %rport” to this “Just remove the # signs from the front of each line” Or if you use these IP tables: Code: Select All redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT %rport” redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT %rport” And also edit these lines to look like this Code: Select All [privs] ec_uid = 65534 # nobody is the default ec_gid = 65534 # nobody is the default Change the 65534 to 0′s in each of the 2 lines Code: Select All [privs] ec_uid = 0 # nobody is the default ec_gid = 0 # nobody is the default Download: 911_AP.sh (25 KB) Read more in here: http://www.backtrack-linux.org/forums/showthread.php?t=54804&s=c375a0d463c7b751e782e17597c19628 Or: http://top-hat-sec.com/forum/index.php?topic=1667.0