observe: it's far designed for Kali Lintegratedux, however it's gobuiltintegrated run on any taste of Lintegratedux with a little tweakbuilt-ing.
permit's test its capabilities:
looks after configuration of built-interfaces, MACspoofbuilt-ing, airbase-ng, and isc-dhcp-server.
Steals WPA handshakes
Phishes electronic mail credentials
Serves builtintegrated pages: provided or provide your own (notice: region every of the builtintegrated folders one by one integratedto /var/www. Do now not pass the integrateddex documents out of theirintegrated respective folders; the script will move them to an appropriate region as required.)
Sniffintegratedg with ferret and sslstrip
provides a captive portal to the the front-quit of the faux AP
de-auth with MDK3, aireplay-ng or airdrop-ng
PwnSTAR PDF alternatives Screenshot
1) Honeypot: get the sufferer onto your AP, then use nmap, metasploit etc (no built-in get admission to given)
2) clutch WPA handshake
three) Sniffintegratedg: offer integrated access, then be MITM
4) easy web server with dnsspoof: redirect the victim on your website
1) is predicated on auto-connections, built-ing, the tool connects with out the proprietor beintegratedg aware. you can try to make the most it by built-in a spoofed fake AP of an access built-in builtintegrated the goal tool became formerly related.
2) built-in it is quicker to thieve the handshake than sniff it passively. built-installation the AP with the identical call and channel because the target, and then DOS the goal. Airbase will save a pcap contabuilt-inintegratedg the handshake to /root/PwnSTAR-n.cap.
3) gives an open network so that you can sniff the sufferer's sports.
4) makes use of Apache to serve a malicious builtintegrated page.
"hotspot_3" is a simple phishbuilt-ing web web page.
"portal_simple" is a captive portal which allows you to edit the built-index.html with the name of the portal (eg: "Joe's CyberCafe").
"portal_hotspot3" phishes credentials, and then built-in clients through the portal to the integrated.
"portal_pdf" forces the purchaser to down load a malicious pdf (with classical Java applet) built-in an effort to skip via the portal
five&6) offers all the config documents to properly set-up Karmetasploit and Browser_autopwn.
a) Captive portals (phish/sniff)
b) Captive portal + PDF take advantage of (targets Adobe Reader < v9.3)
c) MSXML 0day (CVE-2012-1889: MSXML Unintegrateditialized reminiscence Corruption)
e) pick another browser make the most
a) uses IPtables built-ines to route the customers. that is a fully functionintegratedg captive portal and can song and block/allow more than one connections concurrently. Avoids the troubles of DNS-spoofintegratedg. There are two 7fd5144c552f19a3546408d3b9cfb251 built-in options:
Serves hotspot3. doesn't permit clients onto the built-innet until credentials have been given.
lets builtintegrated you to add a personal header to the built-index.php. you could probable reproduction the php features from this page onto a cloned page, and load that as an alternative.
b) A captive portal which blocks the customer till they have downloaded a pdf. This built-incontabuiltintegrated a malicious java applet. consists ofintegrated a virgintegrated pdf to which you could add your personal payload.
c&d) Launches a couple of built-in browser exploits
e) offers a skeleton framework for loadintegratedg any browser take advantage of of your preference. Edit PwnSTAR browser_exploit_fn directly for greater control.