I tried it, after it started monitor and it said that no device found. I'm trying to find where does it call mon0, ...
Printable View
Thanks thepoor. How did you go? Are the interfaces defined at the start of the script or continuously throughout it? Hopefully I can get a chance to have a look myself this evening but I won't have access to my Kali machine until the weekend to play with it... Good luck.
Awesome forum btw :) aGx
To jujubee
Are you using the Musket Version of the stock version written by Vulpi.
Try using 9a to get an internet connection.
In the Musket Version we had to rewrite some of the coding for Selection Four. The Stock Versions 9a works fine.
To aGravity - we highly suggest you find a way to run the older airmon-ng.
About airmon-ng, the last official version is written here:
http://forum.aircrack-ng.org/index.p...2.html#msg2962
you dont need any wget, just go
http://svn.aircrack-ng.org/trunk/scr...rmon-ng?p=2429
and save it as
airmon-ng.
you simply take always the newest
aircrack-suite from svn or whatever,
and
delete the newer airmon-ng you find there, and put in this one
MTeams
Thanks for the reply mmusket33 & all the good work you/MTeams do. I ended up doing exactly what you recommended on my USB (persistence) install of Kai (which I keep Reaver 1.3 (seems to grab PSKs which Reaver 1.4/5 or wpa_supplicant/wpa_cli methods refuse to) & a few other depreciated programs on). Are there any plans to update PwnSTAR in the future? It's a handy mitm script for beginners & for some reason often works better than my own virtually identical commands for mitm attacks; for the life of me I can't work out what I'm missing on my end, but that's stuff for another post! Cheers guys, aGx
To aGravity,
IT would be helpful to us if you posted in the how to section the step by step method you used to restore the older version of airmon-ng.
Reference Pwnstar9.0 we do have a newer untested Musket Version, BUT currently we are trying to get VMR-MDK010x3.sh tested and out. We have just finished the last module. After that we will turn and continue work on the musket version of Pwnstar9.0.
MTeams
To aGravity jujubee thepoor
Reference older versions of airmon-ng. We turned our attention to your problem and have come up with this simple solution.
Those using VM ware etc can try this with any legacy program in bash.
If you try and rewrite these legacy programs to work with the newer airmon-ng text output you will have to adjust many grep, sed and awk statements just as a start.
As airmon-ng is just a bash script it should run anywhere, if you let the legacy program know where to find it.
MTeams tested the following two(2) methods to make legacy programs function when a newer airmon-ng is installed. This method does not require you to remove the newer version of airmon-ng
You can test this easily with PwnStar9.0. Below is a link to the older version of airmon-ng. Download the program if you require. Or go to an offical site. We just loaded it here to save you having to search.
http://www.datafilehost.com/d/35a8b7ec
Once you have the older version the two(2) methods are as follows.
Method 1
Place the airmon-ng program in root and make it executable.
chmod 755 /root/airmon-ng
Now test it. Type /root/airmon-ng[Enter]
You should get an airmon-ng response showing monitors etc.
Now make a copy of Pwnstar9.0 and work on the copy in case you make a mistake and open it with leafpad.
Use Ctrl H
Change all the airmon-ng enties from:
airmon-ng
to
/root/airmon-ng
In pwnstar there are 13 entries, we did the change all at once
Make your newer Pwnstar copy executable with
chmod 755 Pwnstar9.0copy
Run the program and test
Method Two
Type
locate airmon-ng
Our kali-linux places airmon-ng in
/usr/sbin/airmon-ng
and
usr/share/set/src/wireless/airmon-ng
They are the same program
Rename the airmon-ng you downloaded to airmon-old
Place it in both these folders.
Make these programs executable
chmod 755 /path to file/airmon-old
Now make a copy of Pwnstar9.0 and work on the copy in case you make a mistake and open it with leafpad.
Use Ctrl H
Change all the airmon-ng entries in Pwnstar9.0 from:
airmon-ng
to
airmon-old
Make your newer Pwnstar9.0copy executable with
chmod 755 Pwnstar9.0copy
Run the program and test
You may ask why we do not do this ourselves as it only takes about 5 minutes
We have tested both methods and Pwnstar9 ran fine.
Our associated C-Programmer says there is no problem running the older version with the newer aircrack-ng HOWEVER:
We are using the older version of aircrack-ng so we cannot actually test the result
If you test the older airmon-ng with the newer version aircrack-ng let us know the result.
Musket Teams
Thank you mmusket33 for the detailed how to...
I keep a USB (persistent) install of Kali 1.0.9a as part of my kit for recovery situations as it seems stable on most systems (Kali 1.1.0a [out-of-the-box live USB] panics my kernel on boot) - on that install I use Reaver 1.3 (for those pesky APs that won't return a valid PSK with Reaver 1.4 or 1.5 & where the wpa_supplicant/wpa_cli method refuses to work) & run the PwnSTAR script from there which works fine.
When I saw your previous post I decided to setup a simple way to use PwnSTAR on my permanent (& fully updated/upgraded) HDD install; the method I chose was to copy (& rename) the PwnSTAR friendly airmon-ng (version 1.2-rc2) script from my live USB install to a directory on my HDD. Then I wrote a simple script that swaps (renames) between the PwnSTAR compatible older airmon-ng (version 1.2-beta3) for when using PwnSTAR & back to the latest (version 1.2-rc2) when finished with PwnSTAR.
I hope that makes sense. I've just started using the same principle for changing between Reaver version 1.5.2 (which, with pixiewps, is awesome) & Reaver version 1.3 for the reason mentioned above.
Since the above steps I've had no issues using the PwnSTAR script & look forward to spending some more time with it this week. Apologies for the late reply with this post & I'm most appreciative of your step-by-step last post. Looking forward to more developments mate. Cheers, aGx
Your swaping of airmon-ng was our first approach. Your comments about reaver1.3 are noted and we will try some tests. We had a persistent usb install with 1.3 in our tool box somewhere. Thanks
Musket Teams
You're most welcome. I had a go with your method & it's certainly a better approach; especially for beginners who would most likely be gravitating towards a script like PwnSTAR in the first place. Don't hesitate to PM me if you need any future testing done. aGx
From Musket Team labs
Using legacy programs that require the older version of airmon-ng
Method Three(3)
This is the method that MTeams is using with its scripts that rqr the older airmon-ng
Newer versions do not have to be removed or altered
Turn the airmon-ng program into a function and embed it in the script.
1. Choose a name for the function.
Here we will use:
airmon-old_fn
Do this in the following order only!!!
1. Copy the legacy program
2. Open the copy of the legacy program with leafpad
3. Change all the airmon-ng entries to airmon-old_fn
Go to the beginning of your legacy program somewhere after the #!/bin/bash
Paste this first
#~~~~~~~start airmon-old_fn Start~~~~~~~~#
airmon-old_fn()
{
}
#~~~~~~~End airmon-old_fn End~~~~~~~~#
Open up the airmon-ng script and capture the entire text from #!/bin/sh to the bottom
Paste the entire airmon-ng program between the { } as indicated below
#~~~~~~~start airmon-old_fn Start~~~~~~~~#
airmon-old_fn()
{
PASTE AIRMON-ng Here
}
#~~~~~~~End airmon-old_fn End~~~~~~~~#
Save the program
Test the program
Do not forget to allow your copy of the legacy program to be executable
chmod 755 Name_of_program
Do not paste airmon-ng and then change the airmon-ng entries as this will destroy the airmon-ng script.
The program will now access the function rather then the airmon-ng program on the computer.
MTeams
To gravity
You could run your reaver1.3 version from root. Make it executable AND you must add --session=/folder/filename
This will let reaver know where to store the session. When you restart you must add the same session entry every time.
You might approach soxrok with your reaver1.3 findings and see if you can get him to rewrite reaver1.3 so it outputs all the pixiedust data sequences. We expect they could do it much quicker then anybody else.
We will send you a copy of VMR_MDK when it is completed.
MTeams
Nice one mmusket33 re. --session=/folder/filename - added that to my reaver 1.3 script; handy to keep the session directories separate!
I've got a few routers to dig out of storage before I conclude my reaver 1.3 research. There is one particular box that NO version of Reaver will deliver a PSK & for some, as yet, unknown reason wpa_supplicant (wpa_cli/wps_reg) will not fully authenticate with after a successful association.
I'll shoot of my findings to soxrok this weekend. Looking forward to VMR_MDK!
Cheers for that, aGx
Hey, (before you go further, if you don't like helping total noobs, don't bother)
I have trouble running this script, I am running it on the small kali image file and mannualy installed macchanger. I installed PwnSTAR using github.
My setup:
Raspberry pi running Kali linux
Pta01 wifi dongle with the Atheros AR9002U chipset. (drivers installed properly)
So the problem is, the script seems to run fine. But there is no AP created, nothing just showes up. When I use ''airbase-ng -c 1 -e Test wlan0'' it works just fine.
I am primarly interested in the first and 4th module (honeypot and dns spoof), so maybe I don't have to use PwnSTAR at all.
I can provide any logs if needed.
To bartvelp:
We have no experience with Rasberry PI. So although we would like to help you we cannot. All we can say is that on a hard drive dual boot XP/kali install or a persistent usb install of Kali-linux thru a pc the musket version of Pwnstar9.0 runs fine. You can find the musket version just go to the aircrack-ng forums and there is a link in these threads.
You must log in and go to the bottom of the thread. The files are available thru aircrack-ng forums
http://forum.aircrack-ng.org/index.php/topic,414.0.html
The musket version has a WPA phishing module embedded. IF you get the program running scroll thru the PWnstar Thread and get your program to accept https requests.
We are going to issue an updated musket version of this program soon as the issues surrounding the newer airmon-ng have been resolved through several workarounds.
Possibly someone running RasberryPI might help you further - just keep asking.
MTeams
Edit: with reference to mmusket33's post #74:
Expanding the Phishing Ocean - Getting PwnStar9 to accept requests from HTTPS Sites
Having Pwnstar 9 accept requests from HTTPs sites in NOT a problem with Pwnstar9 coding. The problem is with Apache2.
Here is a method that has been tested to work on a kali-linux 1.09a hard drive install. After completion your phishing pages that previously could not be brought up by a https request like google will now be expressed in the clients computer.You will be able to receive both HTTP and HTTPS...
Hi Musket Teams, nice post.
Can you confirm this is still working on your current Kali hard drive install? I gave it a try & had to comment out the two 'Listen 443' lines from my /etc/apache2/ports.conf file in order to get apache to start (& run) without errors. I don't think it's working for me as any HTTPS traffic goes through normally, as if nothing has happened. For example, if the connected 'victim' went to https://www.mail.google.com/ they would continue on to that very page using HTTPS & not be served the WPA phishing page.
All HTTP traffic does get redirected to the WPA phishing page as we'd hope for, EXCEPT any 'suffixed' address, for example:
http://www.mydomain.com - works A-OK
http://www.mydomain.com/login/ - causes a 'Not Found' Apache error (The requested URL /login/ was not found on this server.).
Is there a way to at least get ALL HTTP traffic ('suffixed' addresses like the 'http://www.mydomain.com/login' example above) to be redirected to the WPA phishing page on our Apache web server?
Thanks again mate, aGx
To aGravity,
We apologize for the late response but we have been busy off line on other projects. Just as soon as we release VMR-MDK011x8.sh a WPS locked router attack script we will immediately turn and clean up the airmon-ng problem with pwnstar9.0 and then look into your comments. However right now all we can provide are some simple possible solutions and tests.
Pwnstar has two methods to work with these web pages. The menu option 4 is limited in types of addresses it can process so try 9a but you must provide internet access in this case. This complicates WPA phishing but the attack is more resistent to webpage address failures.
Now reference HTTPS. Without the mod no webpage is offered at all. With the mod you should get the web page. Since you are talking about WPA pages we expect you are using the musket version. If you are using the stock version note we had to rewrite some code reference selection 4 to get it to work seamlessly. Selection 9a was not altered.
The test for the https functionality is that you get a web page. Without it any webpage request simply fails.
Reference the code you removed if you simply rem # out the lines then restore these lines of code and try making a simple https request like https://www.google.com and see if you get the web page and/or the internet. Then test something like .mail.google.com. We do not understand why you are not getting the web pages.
We will get back to you here when we start tests on PwnStar9 again which will be soon.
MTeams
No problems with the delay mmusket33 - I know you’re often busy with other projects. I’m just getting my Kali system back online after a fresh install so will do some testing with PwnSTAR when time allows – most likely not until next weekend. I had been getting some other strange network issues (not PwnSTAR-related) so perhaps I had broken or changed something and that will resolve itself now; either way I’ll let you know how it goes. Cheers mate, aG
ok, i have been this for nearly 12 straight hours now and I'm tired and going to take a break. I have sorted through all sorts of problems but am finally stuck. When I connect to the AP (connects fine, finally) I cannot get the webpage. I can go onto the host machine and goto 127.0.0.1 (or localhost) and the page loads fine, formdata.txt updates with input (had to install php5 and restart) or I can connect with any other device (tested on mac and android phone) and goto 192.168.0.1 and the page works fine. However when I try to connect to anything else it doesn't do anything, nothing loads (as if the webpage is not existent like going to www.sdfdsfasdfsg.com or something). I have tried creating a host file with pwnstar and also supplying my own (192.168.0.1 www*) and nothing seems to work. Does anyone have any idea why? I am still in the early stages of learning linux/hacking so I'm sure it something extremely ridiculous. Thanks in advanced for any info...
Grub
To aGravity
As promised we are slowly turning our attention back to Pwnstar9.0.
MTeams loaded kali-linux 1.1a i386 onto a laptop, updated and upgraded it, then loaded Pwnstar9-mv1-5 our current beta and setup the webpages in the /var/www folder and setup the HTTPS with Apache2.
Using two(2) wifi devices - one(1) connected to an open router and one(1) supporting the RogueAP
Using the older airmon-ng which is embedded in the program as a function.
We ran tests with Menu Item 4 (no internet connection/WPA Phishing) and 9a using a local Wifi Hotspot logon page.
Both 4 and 9a work fine to include writing the data to the formdata.txt file.
WPA Phishing with 4 was really fast while 9a depends on the strength of the internet connection. In all cases the login page was expressed in the client computer and data sent to the webpage
We could not get a rooted android phone to associate to the rogueAP but this might have been because we used a known poor internal wifi device to support the rogueAP.
MTeams
When loading kali-linux1.1a the program REM(#) out all the update addresses in the /etc/apt/sources.list. So when we went to up-date nothing happened. We have seen this before. We loaded on our own sources list and the program updated nicely.
Hence there is no problem with Pwnstar9.0 and the newest version of kali-linux.
We will probably release this beta soon as most of the changes are clerical.
MTeams
To Grub
We would like to help you but are unsure of you mean here:
????However when I try to connect to anything else it doesn't do anything, nothing loads (as if the webpage is not existent like going to www.sdfdsfasdfsg.com or something).????
What menu item are you using 4 or 9a?
What version are you using the Stock version from Vulpi or the Musket version supporting WPA Phishing
MTeams
Thank you mmusket33!
That’s great news; I’m very much looking forward to your next release. Please drop me a PM if you’d like any additional testing done as I’ve just got a fresh/clean Kali install online.
Oh, I was going through these forums the other day when I came across you mentioning ‘remote viewing’ (with regard to wpa phishing). I’d really like to hear more about that if you have time to send me a PM…
Have a nice weekend & thanks again to MTeams for taking the time to improve this great script.
aG
duplicate post on reloading browser; please ignore
Dear mmusket33,
I have some problems running PwnSTAR on Kali 2.0.
I installed pwnstar with the installer.sh and run the pwnstar file. Then I chose 9 (Advanced Menu) and then A (captive portals).
After that the program asked me if we're giving internet access, so I pressed y. So it showed me available interfaces but if I type those, it tells me that these devices do not exist or do not match?
Here is a screen:Attachment 715
What am I doing wrong here?
It seems all tools from Kali 1 need some upgrade for Kali 2....
To ZeroXX
Unfortunately we are prevented by forums rules from helping you here. So go to this link
http://forum.aircrack-ng.org/index.p...4.html#msg3224
Okey I will try your solution thank you mmusket :)
To ZeRoXX
You should follow this thread in aircrack-ng. We cannot correct Pwnstar9 for kali2.0 as long as this problem exists as only half the program would function. We have solved the problems with VMR-MDK for kali2.0 and may release but this network-manager problem is making us hesitate.
http://forum.aircrack-ng.org/index.p...ic,1062.0.html
MTeams
Both incron and the isc-dhcp-server are now available for kali-linux 2.0(KL2) thru
apt-get install incron
apt-get install isc-dhcp-server
As MTeams has already posted a method that allows one(1) wifi device to be placed monitor mode while still accessing the internet thru a second device, the major obstacles to configuring PwnStar9.0 for KL2 no longer exist.
The program will still require changes in bash coding. MTeams will post here if we get the program up and running under KL2.
MTeams
That's great and we hope to see soon here a working new version for Kali 2 :)
Is there any way to have multiple SSIDs on the softAP with just one wifi card?
Or maybe using a dlink Router connected to the kali PC via cable?
You can have airbase-ng respond to ALL probe requests. Its called a Blackhole. Just put a -P in the airbase-ng command line. Type airbase-ng --help for further details.
MTeams
Thanks. I was able to do it using the pwnstar-mv1.2. In this blackhole mode it simulates more than one AP simultaneosly.