View Full Version : New WPA Phishing system using pwnstar9.0 released for general use
mmusket33
2014-04-18, 07:29
Musket Teams have rewritten PwnStar9.0 in an effort to improve WPA Phishing success.
The following features have been added.
1. Reference the Basic Menu item 4) Simple Web Server with dnspoof. IP Tables have been rewritten specifically for that selection, to improve WPA Phishing when no internet access is provided.
2. A new interactive phishing page has been constructed allowing the user to have PwnStar 9.0-mv1.2 insert the target routers' make, model and other deails into the phishing main page as required by the user. This web page will be in the routerwpa3 folder found in the downoad.
You can download the pwmstar-mv.zip file at:
http://www.axifile.com/en/8D0DEA0B60
This zip file contains:
pwnstar9.0-mv1.2
routerwpa3 folder
a. formdata.txt
b. index.html
c. processs-form-data.php
Install instructions - pwnstar9.0mv1.2.txt
This is a Musket Team Release
FurqanHanif
2015-03-23, 11:25
Could you Please Help me with Some things. in Instructions , it says we need two wifi devices . why ?? i think this can be done only by one device too . (Linset).
And Which option Should i choose , i have 10 options i think which one is correct (this is unclear too and this not mention instruction text too that which option you have too choose.)
and is this run mdk3 by it's own or am i suppose to run it manually??
Thanks in Advance.. :)
mmusket33
2015-03-24, 04:53
First read thru:
https://forums.kali.org/showthread.php?1406-PwnSTAR-running-on-Kali
Near the end there is a way to allow apache2 to accept https request - make sure you do this.
If you can make the phishing system work with one Wifi Device please develop it and post how you did it.
Test your system and make sure clients can access your rogueAP while the deauth process is being conducted.
MTeams prefers using mdk3 g to kick clients off the router.
Use Item 4 and do not provide internet access.
We are working on an updated version as this time.
MTeams
FurqanHanif
2015-03-24, 10:56
Linset Tool , which uses only on Wireless card. and linset is also kind of Social Engineering Tool i think, which generate a fake page and user enter it's password and we get the password etccc.... Am i right ? :confused:
Would it be possible for this script to be updated to use the new airmon-ng. Aircrack 1.2 rc 2, names virtual monitor interface differently.
Ex.
new
airmon-ng wlan3 = wlan3mon
old
airmon-ng wlan3 = mon0
or just be able to handle old and new airmon-ng.
mmusket33
2015-04-21, 10:45
To Nuroo,
MTeams do not use VM and therefore could not test any rewrite. You might consult the main PwnStar9 Thread by Vulpi the author of PwnStar9 and see if he would do the rewrite.
MTeams
Ok no worries. Not using VM though. Aircrack-ng got updated.
Hi all!
Where is the problem pls help me
http://www42.zippyshare.com/v/i7MJellZ/file.html
Apache failed to start please resolve then try again
hightech316
2015-09-23, 16:50
Thanks for the guide,
Although the download Link seems to be down....
Hi all!
Where is the problem pls help me
http://www42.zippyshare.com/v/i7MJellZ/file.html
Apache failed to start please resolve then try again
please :confused:
markrenton
2015-09-25, 18:02
please :confused:
Bro i had the same problem. Try to do what I'm going to write:
apt-get update
git clone https://github.com/SilverFoxx/PwnSTAR.git
After did it, go into the PwnSTAR folder from the terminal, and start the PwnStar file using sudo bash
Install all the dependencies that it requires
After that, download the MTeams version and follow the guide in it (and remember to follow the Apache2 openssl guide on https://forums.kali.org/showthread.php?1406-PwnSTAR-running-on-Kali/page8 ) !
It would be nice if this could work with one adapter, and verify the password entered by the victim.
mmusket33
2015-09-26, 12:03
To Desuu
linset does the deauth and sets up a tap interface at0 with one device. For the deauth it uses
mdk3 mon0 d -b -c
where
d = Deauthentication/dissassociation
-b /path/blacklist.txt Macs to run test on
-c Channel
If you are not providing internet access you can test this approach with Pwnstar9.0. In this case MTeams thinks your rogueAP has to be on the same channel. We have not tested this.
MTeams
Hi musket
I know that what I ask is a little off topic
but since it was updated aircrack WPA Phishing It has become a tragedy anch
and because the interface monitor inhibits wlan0
time ago I read your own guide on how to downgrade to airkrack you mind post it on kali linux forum
I would be very grateful because now some attacks are virtually impossible :(
thank you
mmusket33
2015-09-26, 14:03
To Devil,
There is no reason to downgrade. With the newer airmon-ng we have published all the workarounds. You could also just place the older airmon-ng in the /user/bin folder and run that instead. Furthermore you will still have the Network Manager Problems. Both airmon-ng and Network-manager are bugged out BUT you can work around the problems.
Reference phishing MTeams is just now cleaning up a Kali2.0 version of Pwnstar9.0 and it runs much better in kali2.0. This is not due to our coding - because once you get past the bugs kali2.0 runs fine - this has surprised us. We have developed something we call a HTTPS-HTTP trap to lure in androids and mobile phones. We also have mitmf running alongside PS9 and have been testing mdk3 d which might reduce the number of wifi adapters required. So far mdk3 d on the same device as the rogueAP works fine. Give us a week and you will be back phishing the wifi oceans.
many thanks for the info musket
and thanks for the great work that we made
the problem that most afflicts me in kali sana is the multiple monitors :(
spoof the mac on the monitors and some some problem that kali 1.0 had not :( pity that I did not even have a copy of the old kali patiently :(
I wait impatiently to see your work :)
Good work mmusket33 team
markrenton
2015-09-27, 14:34
To Devil,
There is no reason to downgrade. With the newer airmon-ng we have published all the workarounds. You could also just place the older airmon-ng in the /user/bin folder and run that instead. Furthermore you will still have the Network Manager Problems. Both airmon-ng and Network-manager are bugged out BUT you can work around the problems.
Reference phishing MTeams is just now cleaning up a Kali2.0 version of Pwnstar9.0 and it runs much better in kali2.0. This is not due to our coding - because once you get past the bugs kali2.0 runs fine - this has surprised us. We have developed something we call a HTTPS-HTTP trap to lure in androids and mobile phones. We also have mitmf running alongside PS9 and have been testing mdk3 d which might reduce the number of wifi adapters required. So far mdk3 d on the same device as the rogueAP works fine. Give us a week and you will be back phishing the wifi oceans.
And what about browsers from laptops (for ex. Chrome or Mozilla), there's nothing to do?
Thanks to u'r reply markrenton
i tried everything
i have 2 wi fi card TP-Link TL-WN722N and intel.....
apt-get update
git clone https://github.com/SilverFoxx/PwnSTAR.git
sudo bash installer.sh
sudo bash pwnstar >>>>>
watch this video
*REMOVED*
And when i was trying to connect with the network it didnt allow me to do so.. and even if i connected it didnt load any pages including FAKEPAGE (with my phone xperia m2 aqua)
Edit:
Youtube
Have someone made the program work ??? :D
mmusket33
2015-10-01, 16:50
To slmafiq,
As Mteams have noted in Pwnstar9.0(PS9) threads the current versions of PS9 both stock and MTeams PS9mv will not work with kali2.0. If kali1.10a is using the newer airmon-ng that gives you a wlan0mon monitor PS9 will not work. If you are using the older airmon-ng and kali 1.10a the Musket Version works fine if you setup the program correctly. MTeams suggests you just wait a bit and a MTeams PS9 version for kali2.0 will be available. We are working thru the deauth and rescan modules at present.
To slmafiq,
As Mteams have noted in Pwnstar9.0(PS9) threads the current versions of PS9 both stock and MTeams PS9mv will not work with kali2.0. If kali1.10a is using the newer airmon-ng that gives you a wlan0mon monitor PS9 will not work. If you are using the older airmon-ng and kali 1.10a the Musket Version works fine if you setup the program correctly. MTeams suggests you just wait a bit and a MTeams PS9 version for kali2.0 will be available. We are working thru the deauth and rescan modules at present.
Thanks!
i use kali-linux-1.1.0a-i386 live USB
wlan1
wlan0
mon0
mon1
with this commnads
apt-get update
sudo bash installer.sh
sudo bash pwnstar
i have 2 wi fi adapters TP-link WN722 and intel
TP-link is connected for internet
intel is FAKE AP
or vice versa
Тhen i use HOTSPOT_3 var/www
everything worked fine
Until i tried to connect with my phone for FAKE AP.
Google chrome didnt load any pages Thats is the problem
Do u want to make a video for you ?
mmusket33
2015-10-03, 12:21
To Slmafiq:
When we release Pwnstar9.0 for kali2.0 you should feel free to do what you want with it to include videos.
MTeams do not do videos,facebook etc. So anything ever put out there will never come from us. We only provide text help files for study.
markrenton
2015-10-03, 17:22
When will it be released Pwnstar new version?
And what about bypassing HTTPS on Chrome/Mozilla for laptops, have you done something?
orobogenius
2015-10-05, 17:09
I have to commend this wonderful script. I started using it only recently and it's been wonderful, however I do have a little issue with my fake AP txpower or so to speak.
Everything seems to be up and running including the dnsspoof with option 4 but when I start a fake AP with the same name and channel as my target AP, my fake AP doesn't come up and I thought perhaps it's the power and I ran
iwconfig wlan0 txpower 30
but it doesn't seem to solve the problem.
PS: when I start the fake AP with similar but different name on the same channel it does come up and I can connect smoothly.
What can I do to resolve this, thanks.
mmusket33
2015-10-09, 00:41
To bogenius
MTeams suggest you use the newer Pwnstar version we just released for kali2.0
Reference TX power this is set by the command iw reg set BO
However BO does not now support 30
Open the Pwnstar Script
Find the line Ctrl F
iw reg set
Change
iw reg set BO
to
iw reg set GY
If you use the exact same name on the same channel, one name may be masked by the other name when viewed with airodump-ng. You will see a flashing there occasionally if this is the case. Suggest you only use an exact same name with an ISP or open hotspot. Alter the mac address slightly. If you are using a different wifi device to conduct the DDOS then you can set your RogueAP on a different channel. In the newer Pwnstar help files this subject is covered in more detail. Furthrmore the newer version handles HTTPS requests by setting what we call a HTTPS-HTTP trap. This is only available in the newer version.
MTeams