PDA

View Full Version : New WPA Phishing system using pwnstar9.0 released for general use



mmusket33
2014-04-18, 07:29
Musket Teams have rewritten PwnStar9.0 in an effort to improve WPA Phishing success.

The following features have been added.

1. Reference the Basic Menu item 4) Simple Web Server with dnspoof. IP Tables have been rewritten specifically for that selection, to improve WPA Phishing when no internet access is provided.

2. A new interactive phishing page has been constructed allowing the user to have PwnStar 9.0-mv1.2 insert the target routers' make, model and other deails into the phishing main page as required by the user. This web page will be in the routerwpa3 folder found in the downoad.

You can download the pwmstar-mv.zip file at:

http://www.axifile.com/en/8D0DEA0B60

This zip file contains:

pwnstar9.0-mv1.2
routerwpa3 folder
a. formdata.txt
b. index.html
c. processs-form-data.php
Install instructions - pwnstar9.0mv1.2.txt


This is a Musket Team Release

FurqanHanif
2015-03-23, 11:25
Could you Please Help me with Some things. in Instructions , it says we need two wifi devices . why ?? i think this can be done only by one device too . (Linset).
And Which option Should i choose , i have 10 options i think which one is correct (this is unclear too and this not mention instruction text too that which option you have too choose.)
and is this run mdk3 by it's own or am i suppose to run it manually??
Thanks in Advance.. :)

mmusket33
2015-03-24, 04:53
First read thru:

https://forums.kali.org/showthread.php?1406-PwnSTAR-running-on-Kali

Near the end there is a way to allow apache2 to accept https request - make sure you do this.

If you can make the phishing system work with one Wifi Device please develop it and post how you did it.

Test your system and make sure clients can access your rogueAP while the deauth process is being conducted.


MTeams prefers using mdk3 g to kick clients off the router.

Use Item 4 and do not provide internet access.

We are working on an updated version as this time.

MTeams

FurqanHanif
2015-03-24, 10:56
Linset Tool , which uses only on Wireless card. and linset is also kind of Social Engineering Tool i think, which generate a fake page and user enter it's password and we get the password etccc.... Am i right ? :confused:

nuroo
2015-04-19, 20:16
Would it be possible for this script to be updated to use the new airmon-ng. Aircrack 1.2 rc 2, names virtual monitor interface differently.

Ex.
new
airmon-ng wlan3 = wlan3mon
old
airmon-ng wlan3 = mon0

or just be able to handle old and new airmon-ng.

mmusket33
2015-04-21, 10:45
To Nuroo,

MTeams do not use VM and therefore could not test any rewrite. You might consult the main PwnStar9 Thread by Vulpi the author of PwnStar9 and see if he would do the rewrite.

MTeams

nuroo
2015-04-21, 11:04
Ok no worries. Not using VM though. Aircrack-ng got updated.

slmafiq
2015-09-22, 07:46
Hi all!
Where is the problem pls help me
http://www42.zippyshare.com/v/i7MJellZ/file.html

Apache failed to start please resolve then try again

hightech316
2015-09-23, 16:50
Thanks for the guide,

Although the download Link seems to be down....

slmafiq
2015-09-25, 16:38
Hi all!
Where is the problem pls help me
http://www42.zippyshare.com/v/i7MJellZ/file.html

Apache failed to start please resolve then try again

please :confused:

markrenton
2015-09-25, 18:02
please :confused:

Bro i had the same problem. Try to do what I'm going to write:

apt-get update
git clone https://github.com/SilverFoxx/PwnSTAR.git

After did it, go into the PwnSTAR folder from the terminal, and start the PwnStar file using sudo bash

Install all the dependencies that it requires

After that, download the MTeams version and follow the guide in it (and remember to follow the Apache2 openssl guide on https://forums.kali.org/showthread.php?1406-PwnSTAR-running-on-Kali/page8 ) !

Desuu
2015-09-25, 21:19
It would be nice if this could work with one adapter, and verify the password entered by the victim.

mmusket33
2015-09-26, 12:03
To Desuu

linset does the deauth and sets up a tap interface at0 with one device. For the deauth it uses

mdk3 mon0 d -b -c

where

d = Deauthentication/dissassociation

-b /path/blacklist.txt Macs to run test on

-c Channel

If you are not providing internet access you can test this approach with Pwnstar9.0. In this case MTeams thinks your rogueAP has to be on the same channel. We have not tested this.

MTeams

Devil_D
2015-09-26, 12:39
Hi musket
I know that what I ask is a little off topic
but since it was updated aircrack WPA Phishing It has become a tragedy anch
and because the interface monitor inhibits wlan0
time ago I read your own guide on how to downgrade to airkrack you mind post it on kali linux forum
I would be very grateful because now some attacks are virtually impossible :(
thank you

mmusket33
2015-09-26, 14:03
To Devil,

There is no reason to downgrade. With the newer airmon-ng we have published all the workarounds. You could also just place the older airmon-ng in the /user/bin folder and run that instead. Furthermore you will still have the Network Manager Problems. Both airmon-ng and Network-manager are bugged out BUT you can work around the problems.

Reference phishing MTeams is just now cleaning up a Kali2.0 version of Pwnstar9.0 and it runs much better in kali2.0. This is not due to our coding - because once you get past the bugs kali2.0 runs fine - this has surprised us. We have developed something we call a HTTPS-HTTP trap to lure in androids and mobile phones. We also have mitmf running alongside PS9 and have been testing mdk3 d which might reduce the number of wifi adapters required. So far mdk3 d on the same device as the rogueAP works fine. Give us a week and you will be back phishing the wifi oceans.

Devil_D
2015-09-27, 10:34
many thanks for the info musket
and thanks for the great work that we made
the problem that most afflicts me in kali sana is the multiple monitors :(
spoof the mac on the monitors and some some problem that kali 1.0 had not :( pity that I did not even have a copy of the old kali patiently :(
I wait impatiently to see your work :)
Good work mmusket33 team

Devil_D
2015-09-27, 10:34
sorry duplicate post

markrenton
2015-09-27, 14:34
To Devil,

There is no reason to downgrade. With the newer airmon-ng we have published all the workarounds. You could also just place the older airmon-ng in the /user/bin folder and run that instead. Furthermore you will still have the Network Manager Problems. Both airmon-ng and Network-manager are bugged out BUT you can work around the problems.

Reference phishing MTeams is just now cleaning up a Kali2.0 version of Pwnstar9.0 and it runs much better in kali2.0. This is not due to our coding - because once you get past the bugs kali2.0 runs fine - this has surprised us. We have developed something we call a HTTPS-HTTP trap to lure in androids and mobile phones. We also have mitmf running alongside PS9 and have been testing mdk3 d which might reduce the number of wifi adapters required. So far mdk3 d on the same device as the rogueAP works fine. Give us a week and you will be back phishing the wifi oceans.

And what about browsers from laptops (for ex. Chrome or Mozilla), there's nothing to do?

slmafiq
2015-09-28, 19:31
Thanks to u'r reply markrenton
i tried everything
i have 2 wi fi card TP-Link TL-WN722N and intel.....

apt-get update
git clone https://github.com/SilverFoxx/PwnSTAR.git
sudo bash installer.sh
sudo bash pwnstar >>>>>

watch this video
*REMOVED*

And when i was trying to connect with the network it didnt allow me to do so.. and even if i connected it didnt load any pages including FAKEPAGE (with my phone xperia m2 aqua)


Edit:
Youtube

slmafiq
2015-10-01, 14:53
Have someone made the program work ??? :D

mmusket33
2015-10-01, 16:50
To slmafiq,

As Mteams have noted in Pwnstar9.0(PS9) threads the current versions of PS9 both stock and MTeams PS9mv will not work with kali2.0. If kali1.10a is using the newer airmon-ng that gives you a wlan0mon monitor PS9 will not work. If you are using the older airmon-ng and kali 1.10a the Musket Version works fine if you setup the program correctly. MTeams suggests you just wait a bit and a MTeams PS9 version for kali2.0 will be available. We are working thru the deauth and rescan modules at present.

slmafiq
2015-10-03, 10:48
To slmafiq,

As Mteams have noted in Pwnstar9.0(PS9) threads the current versions of PS9 both stock and MTeams PS9mv will not work with kali2.0. If kali1.10a is using the newer airmon-ng that gives you a wlan0mon monitor PS9 will not work. If you are using the older airmon-ng and kali 1.10a the Musket Version works fine if you setup the program correctly. MTeams suggests you just wait a bit and a MTeams PS9 version for kali2.0 will be available. We are working thru the deauth and rescan modules at present.

Thanks!

i use kali-linux-1.1.0a-i386 live USB
wlan1
wlan0
mon0
mon1
with this commnads
apt-get update
sudo bash installer.sh
sudo bash pwnstar
i have 2 wi fi adapters TP-link WN722 and intel
TP-link is connected for internet
intel is FAKE AP
or vice versa

Тhen i use HOTSPOT_3 var/www
everything worked fine
Until i tried to connect with my phone for FAKE AP.

Google chrome didnt load any pages Thats is the problem

Do u want to make a video for you ?

mmusket33
2015-10-03, 12:21
To Slmafiq:

When we release Pwnstar9.0 for kali2.0 you should feel free to do what you want with it to include videos.

MTeams do not do videos,facebook etc. So anything ever put out there will never come from us. We only provide text help files for study.

markrenton
2015-10-03, 17:22
When will it be released Pwnstar new version?
And what about bypassing HTTPS on Chrome/Mozilla for laptops, have you done something?

orobogenius
2015-10-05, 17:09
I have to commend this wonderful script. I started using it only recently and it's been wonderful, however I do have a little issue with my fake AP txpower or so to speak.

Everything seems to be up and running including the dnsspoof with option 4 but when I start a fake AP with the same name and channel as my target AP, my fake AP doesn't come up and I thought perhaps it's the power and I ran

iwconfig wlan0 txpower 30

but it doesn't seem to solve the problem.

PS: when I start the fake AP with similar but different name on the same channel it does come up and I can connect smoothly.

What can I do to resolve this, thanks.

mmusket33
2015-10-09, 00:41
To bogenius

MTeams suggest you use the newer Pwnstar version we just released for kali2.0

Reference TX power this is set by the command iw reg set BO

However BO does not now support 30
Open the Pwnstar Script
Find the line Ctrl F
iw reg set

Change
iw reg set BO
to
iw reg set GY

If you use the exact same name on the same channel, one name may be masked by the other name when viewed with airodump-ng. You will see a flashing there occasionally if this is the case. Suggest you only use an exact same name with an ISP or open hotspot. Alter the mac address slightly. If you are using a different wifi device to conduct the DDOS then you can set your RogueAP on a different channel. In the newer Pwnstar help files this subject is covered in more detail. Furthrmore the newer version handles HTTPS requests by setting what we call a HTTPS-HTTP trap. This is only available in the newer version.

MTeams