FakeAP_pwn.[v0.1].sh - Create a Fake AP (Auto Bash Script)

I’ve had a go at making a bash script to automate creating a ‘Fake AP’ (Access Point) and ‘pwn’ who connects to it!

This is a bash script and a few other things to make a fake access point which is transparent (allowing target afterwards to surf the inter-webs after they have been exploited!).

Links

Download Script (fakeAP_pwn-v0.1.tar.gz): *Out-Of-Date*


v0.3 FINAL IS OUT


Method

  • Creates a fake AP and DHCP server.
  • Runs a web server & creates an exploit with metasploit.
  • Waits for target to connect, download and run the exploit after it allows them to surf the Inter-webs.
  • Uses a backdoor, SBD (Secure BackDoor - bit like netcat!), though this could be replace with VNC if attacker wishes!
  • Then starts a few ‘sniffing’ programs (dnsiff suite) to watch what target does!

Tools

  • Two interfaces, one for Internet (wired/wireless) and the other for becoming an access point (wireless only!)
  • A Internet connection (though you could mod it so its non transparent)
  • Airmon-ng, dhcpd3, apache,metasploit, dnsiff suite - All in BackTrack!
  • The script! - FakeAP_pwn*.7z (17.7KB, MD5 006ee8522deb5c4d71c754e94282a51 *Coming soon*

Whats in the 7z file?

  • FakeAP_pwn.sh - Bash script to run
  • FakeAP_pwn.rc - Metasploit resource
  • sbdbg.exe - Backdoor
  • dhcpd.conf - My DHCP script (in-case you need it)
  • index.html - The page the target is force to see before they have access to the Internet.

How to use

  1. Extract the 7z file to /root/FakeAP_pwn.
  2. Edit FakeAP_pwn.sh with your gateway, Internet interface, wireless AP interface.
  3. sh /root/FakeAP_pwn/FakeAP_pwn.sh
  4. Wait for a connection…
  5. Game Over.

Notes

  • It works for me =).
  • I’m running BackTrack 4 Pre Final, The target is running Windows XP Pro SP3 (fully up-to-date 2009-03-25), with no firewall and no AV. Not tested with anything else!
  • The connections is reverse - so the connection comes from the target to attacker therefore as the attacker is the server it could help out with firewalls…
  • There is stuff comment out; the stuff at the end I want to happen, the other stuff is other methods of doing the same thing!

Blog Post: http://blog.g0tmi1k.com/2009/06/fakeappwn-v01/