I’ve had a go at making a bash script to automate creating a ‘Fake AP’ (Access Point) and ‘pwn’ who connects to it!
This is a bash script and a few other things to make a fake access point which is transparent (allowing target afterwards to surf the inter-webs after they have been exploited!).
- Creates a fake AP and DHCP server.
- Runs a web server & creates an exploit with metasploit.
- Waits for target to connect, download and run the exploit after it allows them to surf the Inter-webs.
- Uses a backdoor, SBD (Secure BackDoor - bit like netcat!), though this could be replace with VNC if attacker wishes!
- Then starts a few ‘sniffing’ programs (dnsiff suite) to watch what target does!
- Two interfaces, one for Internet (wired/wireless) and the other for becoming an access point (wireless only!)
- A Internet connection (though you could mod it so its non transparent)
- Airmon-ng, dhcpd3, apache,metasploit, dnsiff suite - All in BackTrack!
- The script! - FakeAP_pwn*.7z (17.7KB, MD5 006ee8522deb5c4d71c754e94282a51 *Coming soon*
Whats in the 7z file?
- FakeAP_pwn.sh - Bash script to run
- FakeAP_pwn.rc - Metasploit resource
- sbdbg.exe - Backdoor
- dhcpd.conf - My DHCP script (in-case you need it)
- index.html - The page the target is force to see before they have access to the Internet.
How to use
- Extract the 7z file to /root/FakeAP_pwn.
- Edit FakeAP_pwn.sh with your gateway, Internet interface, wireless AP interface.
- Wait for a connection…
- Game Over.
- It works for me =).
- I’m running BackTrack 4 Pre Final, The target is running Windows XP Pro SP3 (fully up-to-date 2009-03-25), with no firewall and no AV. Not tested with anything else!
- The connections is reverse - so the connection comes from the target to attacker therefore as the attacker is the server it could help out with firewalls…
- There is stuff comment out; the stuff at the end I want to happen, the other stuff is other methods of doing the same thing!