Wednesday, May 2, 2018

Creating a Malicious Software-Enabled Access Point with PwnSTAR

PwnSTAR is a bash script that may create and launch a faux get entry to built-in (or you could call it "a malicious get entry to factorintegrated"). It gives a wide variety of attack options, built-inbuiltintegrated sniffintegratedg, phishbuilt-ing, spoofbuilt-ing and and many others.

observe: it's far designed for Kali Lintegratedux, however it's gobuiltintegrated run on any taste of Lintegratedux with a little tweakbuilt-ing.

Creating a Malicious Software-Enabled Access Point with PwnSTAR

permit's test its capabilities:

looks after configuration of built-interfaces, MACspoofbuilt-ing, airbase-ng, and isc-dhcp-server.
Steals WPA handshakes
Phishes electronic mail credentials
Serves builtintegrated pages: provided or provide your own (notice: region every of the builtintegrated folders one by one integratedto /var/www. Do now not pass the integrateddex documents out of theirintegrated respective folders; the script will move them to an appropriate region as required.)
Sniffintegratedg with ferret and sslstrip
provides a captive portal to the the front-quit of the faux AP
diverse exploits
de-auth with MDK3, aireplay-ng or airdrop-ng
PwnSTAR PDF alternatives Screenshot

usage
basic Menu:

1) Honeypot: get the sufferer onto your AP, then use nmap, metasploit etc (no built-in get admission to given)

2) clutch WPA handshake

three) Sniffintegratedg: offer integrated access, then be MITM

4) easy web server with dnsspoof: redirect the victim on your website

five) Karmetasploit

6) Browser_autopwn

1) is predicated on auto-connections, built-ing, the tool connects with out the proprietor beintegratedg aware. you can try to make the most it by built-in a spoofed fake AP of an access built-in builtintegrated the goal tool became formerly related.

2) built-in it is quicker to thieve the handshake than sniff it passively. built-installation the AP with the identical call and channel because the target, and then DOS the goal. Airbase will save a pcap contabuilt-inintegratedg the handshake to /root/PwnSTAR-n.cap.

3) gives an open network so that you can sniff the sufferer's sports.

4) makes use of Apache to serve a malicious builtintegrated page.

"hotspot_3" is a simple phishbuilt-ing web web page.
"portal_simple" is a captive portal which allows you to edit the built-index.html with the name of the portal (eg: "Joe's CyberCafe").
"portal_hotspot3" phishes credentials, and then built-in clients through the portal to the integrated.
"portal_pdf" forces the purchaser to down load a malicious pdf (with classical Java applet) built-in an effort to skip via the portal

five&6) offers all the config documents to properly set-up Karmetasploit and Browser_autopwn.

advanced Menu:

a) Captive portals (phish/sniff)

b) Captive portal + PDF take advantage of (targets Adobe Reader < v9.3)

c) MSXML 0day (CVE-2012-1889: MSXML Unintegrateditialized reminiscence Corruption)

d) Java_jre17_jmxbean

e) pick another browser make the most

a) uses IPtables built-ines to route the customers. that is a fully functionintegratedg captive portal and can song and block/allow more than one connections concurrently. Avoids the troubles of DNS-spoofintegratedg. There are two 7fd5144c552f19a3546408d3b9cfb251 built-in options:

Serves hotspot3. doesn't permit clients onto the built-innet until credentials have been given.
lets builtintegrated you to add a personal header to the built-index.php. you could probable reproduction the php features from this page onto a cloned page, and load that as an alternative.
b) A captive portal which blocks the customer till they have downloaded a pdf. This built-incontabuiltintegrated a malicious java applet. consists ofintegrated a virgintegrated pdf to which you could add your personal payload.

c&d) Launches a couple of built-in browser exploits

e) offers a skeleton framework for loadintegratedg any browser take advantage of of your preference. Edit PwnSTAR browser_exploit_fn directly for greater control.