Page 2 of 3 FirstFirst 123 LastLast
Results 51 to 100 of 112

Thread: PwnSTAR running on Kali

  1. #51
    Quote Originally Posted by mmusket33 View Post
    Okay you are trying to conduct a wpa phishing operation. The first working versions of this was developed by techdynamics but there were several operational obstacles that had to be worked out. Musket Teams have taken the work of techdynamics and developed a working system and then employed pwnstar9.0. Go to these links then down load the files and read thru the help files. The problems of phishing a WPA key from a client are outlined. Furthermore web pages have been developed specifically for WPA.

    https://forums.kali.org/showthread.p...light=phishing

    https://forums.kali.org/showthread.p...light=phishing

    MTB
    thanks, as you have probably read on the other topic too i already used your modified script but without success...the events i am describing are never faced in any other discussion (i have checked them all), even if it seems strange because nowadays there's more and more people using idevices to connect internet than pc...this leads me to thinks that or nobody has tested an attack against an ap used by mobile devices or there's something in my setup, but everything works fine (except for the long addresses and the fact that it's working on pc, where everybody uses a browser to surf internet so no problem in showing the fake portal page)

  2. #52
    Join Date
    2013-Jul
    Posts
    844
    We have never had any problems getting the web page expressed in the client computer when providing internet access. And as you point out the dnsspoof has its limits. If we get the chance we will try it with ipod or android and see what happens.
    We get all sorts of data typed into the windows. In one case the rogueAP was simulating an ISP login page and clients were logging on with their WPA key. So donot be surprised of what data you retrieve.

    MTB

  3. #53
    Join Date
    2013-Jul
    Posts
    844
    To forumkali,

    We have run some tests and the results were surpising.

    We tested three(3) mobile phones;

    1.Sony Xperia Go which used andriod
    2.Nokia Asha
    3.Iphone Clone using andriod software

    We are unsure of the operating system on the Nokia. Maybe some reader can fill in the blanks.

    Using Pwnstar9.0 and kali-linux.07 persistent usb flash drive

    Our first test were using 9 Advanced a) captive portal providing internet access.

    The more expensive Sony was useless. Slow intenet connection. Within 10 feet of the antenna the reception remained poor and it only connected to the rogueAP once. Most of the time was spent trying to get an IP address. It was never able to pull up the phishing web page.

    The Nokia Asha and the Iphone clone using Andriod software connected two rooms away with the RogueAP and had the phony ISP web page on the screen instantly. Even faster then our computers. They sent the typed username and password. Everything work perfectly.

    Next we ran up the Musket version of Pwnstar9.0 or pwnstar9.0-mv1.2 written for WPA Phishing.

    We selected 4. Simple web server with dnsspoof and did not provide internet access. In this musket version, routines for item 4 are rewritten for better connection so item 4 in this version is Not Stock Pwnstar9.0.

    The Sony Xperia Go did nothing. It was unable to see the RogueAP half the time and when it could find the RogueAP it spent all its time trying to connect and get an IP address. You could use Pigons from WWI faster.

    The Nokia Asha and Iphone Clone were the exact opposite. Excellant reception many rooms away. They both sent the WPA key instantly. Everything worked perfectly.

    In closing we so far have not seen this problem.


    MTA
    Last edited by mmusket33; 2014-07-29 at 11:02.

  4. #54
    Quote Originally Posted by mmusket33 View Post
    To forumkali,

    We have run some tests and the results were surpising.

    We tested three(3) mobile phones;

    1.Sony Xperia Go which used andriod
    2.Nokia Asha
    3.Iphone Clone using andriod software

    We are unsure of the operating system on the Nokia. Maybe some reader can fill in the blanks.

    Using Pwnstar9.0 and kali-linux.07 persistent usb flash drive

    Our first test were using 9 Advanced a) captive portal providing internet access.

    The more expensive Sony was useless. Slow intenet connection. Within 10 feet of the antenna the reception remained poor and it only connected to the rogueAP once. Most of the time was spent trying to get an IP address. It was never able to pull up the phishing web page.

    The Nokia Asha and the Iphone clone using Andriod software connected two rooms away with the RogueAP and had the phony ISP web page on the screen instantly. Even faster then our computers. They sent the typed username and password. Everything work perfectly.

    Next we ran up the Musket version of Pwnstar9.0 or pwnstar9.0-mv1.2 written for WPA Phishing.

    We selected 4. Simple web server with dnsspoof and did not provide internet access. In this musket version, routines for item 4 are rewritten for better connection so item 4 in this version is Not Stock Pwnstar9.0.

    The Sony Xperia Go did nothing. It was unable to see the RogueAP half the time and when it could find the RogueAP it spent all its time trying to connect and get an IP address. You could use Pigons from WWI faster.

    The Nokia Asha and Iphone Clone were the exact opposite. Excellant reception many rooms away. They both sent the WPA key instantly. Everything worked perfectly.

    In closing we so far have not seen this problem.


    MTA
    thank you for your test. when you connected with any of your devices to the fake ap did you get a pop up notification on your phone that says credentials are needed (as happens on public hotpost) or nothing? to see the captive portal page you had to manually open your browser?

  5. #55
    Join Date
    2013-Jul
    Posts
    844
    These phones have different firmware and we let the owners operate the phones while we watched. We never saw a credentials page. Furthermore we were surpised with the ease the phones brought up the wpa phishing page when using dnsspoof - far easier then some of our computers. Users clicked on their google icon or tried to surf the net and the phishing page was instantly seen.
    We are happy to test again if you give us a series of steps so that we can try and induce your problem.

    MTB

  6. #56
    Quote Originally Posted by mmusket33 View Post
    These phones have different firmware and we let the owners operate the phones while we watched. We never saw a credentials page. Furthermore we were surpised with the ease the phones brought up the wpa phishing page when using dnsspoof - far easier then some of our computers. Users clicked on their google icon or tried to surf the net and the phishing page was instantly seen.
    We are happy to test again if you give us a series of steps so that we can try and induce your problem.

    MTB
    thanks, the fact is you have already showed the problem: you saw the fake page only because you opened the browser and clicked on the google icon. most people, when connected, never open the browser, because they have apps like facebook or twitter and so on that access directly to what they look for. the only real solution i think is to simulate the behaviour of public hotspots, where as soon as you connect a popup appears asking for credentials. this is what i am looking for, searching everywhere to undestand how to implement it. have you ever noticed it? do you know how to activate it? thanks

  7. #57
    Join Date
    2013-Jul
    Posts
    844
    The users did not open browsers, They clicked on icons like twitter or google or facebook. However we now have a better idea what kind of test to do here We will have access to one of the two working phones mentioned. We will run some more tests and get back to you in a few days.

    MTD

  8. #58
    looking informations about public hotspots and similar i found that the popup notification appears on mobiles and pc because the routers used use a firewall to block any communication, coupled with the site redirection to the captive page. is it possible to add a firewall or something similar to the dns redirection in kali/backtrack? thanks


    edit: let me explain better...as soon as they connect to an ap mobile devices send a packet to specific sites (apple.com, google.com and so on) and if they don't receive answer they show the popup asking the user to check if credentials are needed. the redirect function included in pwnstar or other scripts simply don't reject the packet, leading to a timeout connection that leave the phone thinking the connection is ok, so no popup needed. what i am thinking is to actively block the packet to make "understand" the phone the fake ap needs the credentials, just like a public hotspot.
    Last edited by [email protected]; 2014-08-02 at 19:03.

  9. #59
    Join Date
    2014-Aug
    Posts
    1
    Okay, here is where I'm at after a LOT of reading and research. Perhaps I'm overlooking something, I'm not sure.

    pwnstar -> 9 -> a

    Permissions have been set.

    I disabled NetworkManager and installed wicd. Used it instead. Because when I used NetworkManager, it won't allow the computer to connect to the AP.

    Now, with wicd, everything works except for the webpage loading.

    I can connect, and it will pull up index.html.

    It will NOT pull up images or the form if I click login.

    After further review, I looked at the broken image on the deivce. (trying to go to Google or Facebook) .. it shows google.com/Googlewifi.jpg (or whatever it is)...or facebook.com/googlewifi.jpg

    It's like it will access my AP server inititally, but it won't show the images, nor can I submit the form. When I go to submit the forum, it says it's not on the server (ie google.com/service.php is not there). It's like it's not directing properly.

    What am I doing wrong? I know it's not the script; it has something to do with what I'm doing.

  10. #60
    Join Date
    2014-Aug
    Posts
    6
    Hi, i have some problem with ettercap. Now my kali machine conntected to wifi network with have def gateway 192.168.0.1, my airm is to get router password. Router i suppose uses just simple http auth, i enterd :
    echo "1" > proc ....
    iptables -t nat - A PREroutnig..... --to-port 8080
    sslstrip -l 8080 -w test3
    And in another window
    ettercap -T -q -M ARP /192.168.1/ // output

    But i see only such things in ettercap :

    DHCP : [192.168.0.1] ASK :192.168.0.43 255.255.255.0 GW 192.168.0.1 DNS 192.168.0.1

    ANy ideas? Thx( also i am sure that router admin goes on router... so i should see his creds ;( )

  11. #61
    Join Date
    2013-Jul
    Posts
    844
    To excelskip

    First we suggest you get rid of WICD and reinstall network manager. Even in normal use WICD drops internet connections and doesnot work very well. Furthermore we are not sure pwnstar9.0 will run on wicd. We would have to go thru the lines of code but there are specific commands running network-manager in the pwnstar9 script file, an example of one is seen below:

    We have covered the problem of Pwnstar9.0 on kali-linux when network-manager is installed in both our help files in our downloads and comments in this thread. The problem you mentioned can be solved easily thru the network manager icon on the upper right-hand corner of the screen.

    When you setup your rogueAP you do not want network-manager trying to use the wifi device supporting the rogue. If it is actively trying to connect or connected to an AP thru that device, this then blocks a client from connecting to the rogue.

    Click on the network manager > Edit Connection > Wireless > Go to each AP name listed > edit > uncheck Connect automatically on all the Connection names you have listed for the wireless device you are using with the rogue AP.

    If network manager tries to connect to an access point using the rogue wireless device, click on the Disconnect line on the main drop down menu and network-manager will stop trying to associate and leave the device free for use by pwnstar9.0 other devices do not apply here. You just want the device supporting the rogue to be free.

    If you are using two(2) wifi devices one(1) to provide internet access and one(1) to support the rogueAP just make, sure that network-manager doesnot try and use the wifi device supporting the rogueAP. If network manager tries to associate to an AP thru the rogues' device, just disconnect it manually thru the main menu as mentioned above and network-manager will not try and use that device again.

    When pwnstar9.0 sets up a rogueAP sometimes it runs the following command

    service network-manager restart

    When it does this, network-manager will restart and ?MAY? try and use the wifi-device supporting the rogue. Again just manually disconnect this operation thru the main drop down network-manager icon and network-manager will not try and reestablish a connection thru that device again.

    There is a list of other problems outlined in this thread that are not the fault of the pwnstar9.0 program. You should read this thread. Just back thru the pages here till you find it.

    MTC
    Last edited by mmusket33; 2014-08-13 at 10:07.

  12. #62
    Join Date
    2014-Aug
    Posts
    6
    Hi, when i push Karmetasploit it creates for me fake AP but with the strange name ( name of the fake AP always my current mac)
    any ideas? Thx

    I gget this msg during Karmetasploit

    [....] Stopping web server: apache2apache2: apr_sockaddr_info_get() failed for localhost.localdomain
    apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
    Any ideas? I see my fame AP but it's name i my temp mac address(
    any ideas? Thx
    Last edited by sickn3ss; 2014-08-15 at 07:01.

  13. #63
    Join Date
    2014-Aug
    Posts
    2

    Virus?

    I downloaded the zip and opened it. A second later my anti virus went up and said 3 viruses, Trojan Horses. Is this safe to keep on my computer for future installations?

  14. #64
    Join Date
    2013-Jul
    Posts
    844
    Try This

    Using Kali-linux

    Select Accessories > files

    Goto

    File System/etc/apache2

    Make a copy of your apache2.conf file in case you do not like the result

    ctrl-c then ctrl-v over the file name is a quick method


    Open your apache2.conf file with leafpad

    Add the following line to the config file

    ServerName localhost

    Save the file

    Open a terminal window

    type

    service apache2 restart


    The warning will be gone.

    MTD

  15. #65
    Join Date
    2014-Aug
    Posts
    6
    Quote Originally Posted by mmusket33 View Post
    Try This

    Using Kali-linux

    Select Accessories > files

    Goto

    File System/etc/apache2

    Make a copy of your apache2.conf file in case you do not like the result

    ctrl-c then ctrl-v over the file name is a quick method


    Open your apache2.conf file with leafpad

    Add the following line to the config file

    ServerName localhost

    Save the file

    Open a terminal window

    type

    service apache2 restart


    The warning will be gone.

    MTD
    Yes, thx that's helped


    I pushed 3) Sniffing: provide internet access, then be MITM
    re we giving internet access? (y/n)
    y

    Available interfaces:
    wlan0

    You need to reconnect internet
    (ignore networkmanager applet)

    DO IT NOW


    If having problems, RESTART networking in nm-applet, or use Wicd

    Available wireless interfaces:
    wlan0

    ireless interface to use for AP?
    wlan0

    wlan0 is in use, stupid. Try another interface

    Are we giving internet access? (y/n)
    y

    Available interfaces:
    wlan0

    Can i use same interface for AP and for internet?

  16. #66
    Join Date
    2013-Jul
    Posts
    844
    Go thru this thread you will find Musket Team comments on setting up this program. You cannot use the wifi device supporting the rogue to provide internet access read below

    Suggest you first set up item 4 and do not provide internet access. Use another computer and see if you can:
    1. See the rogue
    2. Connect to the rogue
    3. Bring up the web page
    4. Pass data to the formdata.txt. file

    Next use item 9 a. and provide internet access

    You will need either two(2) wifi recievers or a wifi reciever for the rogue and a cable to provide internet access

    If you use two wifi recievers one will support the rogue and one will provide the internet access.

    The trick here is to know which is the rogue and which is providing said internet access

    When the pwnstar program restarts network manager both wifi recievers may start searching and or connect to an AP. Let the wifi device that is providing internet access to connect to an AP and disconnect or make sure the wifi device supporting the rogue is idle. Read thru our comments in this thread it is all covered.

    Continue the setup process and then test the four steps above again - You are now ready to catch a phish. However WPA phishing is different and you will need to read the help files and comments in this thread about channels and essid names.

    Finally if you are using Kali 1.08 you will get a negative-one warning when first running airbase-ng BUT this doesnot seem to affect the operation.

    MTC
    Last edited by mmusket33; 2014-08-17 at 09:41.

  17. #67
    Join Date
    2013-Jul
    Posts
    844
    To mazdacool

    There are many downloads - what download are you talking about?

    MTC

  18. #68
    Join Date
    2013-Jul
    Posts
    844
    As network manager can conflict with Phishing when using PwnStar9 we provide this quick fix to keep Network Manager quiet and not try and connect to a client automatically thus disrupting the wifi device. Disabling NetworkManager is NOT the best solution. Some laptops disable the entire wifi system when you disable Network Manager. In extreme cases you can only enable it again by running a windows based application then shutting down and restarting in Linux. So rather then disable the system just put it gently to sleep as follows:

    To keep NetworkManager quiet during restarts


    Go to /etc/NetworkManager/system-connections/

    You will see text files with the names off all your connections

    Open each file with leafpad or any text editor and add to the [connection] block the following;

    autoconnect=false

    Here is an example of [connection] turning off the autoconnect feature - all other data is an example only and some data has been truncated

    Example

    [connection]
    id=Wifi
    uuid=fbe !truncated!
    type=802-11-wireless
    autoconnect=false
    timestamp=1400000000

    When the wifi device is in the automatically connect mode no autoconnect line is seen in the [connection] block


    If you want to add mac spoofing at this time just add

    cloned-mac-address=00:11:22:33:44:55

    to the [802-11-wireless] block

    Example

    [802-11-wireless]
    ssid=Home1
    mode=infrastructure
    mac-address=55:44:33:22:11:00
    cloned-mac-address=00:11:22:33:44:55
    security=802.11-wireless-security

    You can still use the NetworkManager drop down menu to do these operations BUT a text editor is easier
    MTD

  19. #69
    Join Date
    2014-Sep
    Posts
    4
    So i tried running this with Two wireless cards and i get this error. Can anybody explain me how to solve this?
    Thanks
    Everything is created properly, i think. But client can't connect to the internet.
    trb.JPG
    Thanks in advance.

  20. #70
    Join Date
    2013-Jul
    Posts
    844
    You have not told us exactly what type of rogueAP you are trying to setup?

    However

    The primary reasson that a client cannot associate to your Rogue is that netwotk-manager(NWM) is trying to use the device that is supporting the rogue AP. Read the information in these threads this matter is covered.

    In some of these menu selections, NWM is restarted during the setup stage. You get warnings. Just pause there let NWM try and connect then manually disconnect using the drop down NWM icon upper right-hand corner of the screen. NWM should now stay quiet.

    The program functions well BUT there are several more steps after association before you have a fully functioning rogue.

    The foursteps are:

    1. RogueAP can be seen by a client.
    2. Client can associate to the rogue.
    3. Client can bring up the phishing page.
    4. Client can write to the formdata.txt file.

    If you are trying to phish for WPA keys there are other technical details dealing with your ESSID Name and Channel that have to be dealt with.

    MTeams

  21. #71
    Join Date
    2014-Oct
    Posts
    1
    Using PwnSTAR with Kali on RaspberryPi I've noticed that it forces me to automatically change my mac address where in a VM it states "Not changing mac address, do so manually if you want to..."

    What's the reason for that, and is there any way around it? I don't want it auto-changing the mac address without an option...
    Last edited by observer; 2014-10-11 at 21:28.

  22. #72
    Join Date
    2013-Jul
    Posts
    844
    PwnStar9.0 - Mac Spoofing problems

    When providing internet access and the device used to provide this access is a wireless device, Network-manager must be used to connect to the AP.During program setup, the PwnStar9.0 program spoofs the mac of this device but when network-manager connects to the AP, the mac-spoofing setting in the network-manager drop down manager (i.e. Cloned MAC address) overrides the macchanging routine in PwnStar9.0. If no Cloned MAC Address is entered then network-manager uses the Device Mac Address. This can be seen by typing ifconfig in a terminal window once Pwnstar9.0 setup is complete.

    Therefore if you wish to spoof the mac address of the wifi device providing internet access make sure you manually enter an address thru the network-manager menu or alter the device file in the /etc/NetworkManager/system-connections folder.

    MTeams
    Last edited by mmusket33; 2014-10-20 at 08:53.

  23. #73
    Join Date
    2014-Sep
    Posts
    4
    awesome script and have just started running it however i SSH / VNC to my kali machine as its headless (no monitor / keyboard / tucked away in a cupboard).

    When running this script when i confirm the network settings for the AP it drops my SSH / VNC connection to the kali machine.

    Any chance of knowing why / what i can do to fix it up?

    thanks eXXy.

  24. #74
    Join Date
    2013-Jul
    Posts
    844
    Expanding the Phishing Ocean - Getting PwnStar9 to accept requests from HTTPS Sites

    Having Pwnstar 9 accept requests from HTTPs sites in NOT a problem with Pwnstar9 coding. The problem is with Apache2.
    Here is a method that has been tested to work on a kali-linux 1.09a hard drive install. After completion your phishing pages that previously could not be brought up by a https request like google will now be expressed in the clients computer.You will be able to receive both HTTP and HTTPS.
    Open up a terminal window and type:

    cd /etc/apache2

    Make a directory called ssl

    mkdir ssl

    Go to the ssl directory

    cd ssl

    Make two more directories within ssl

    mkdir crt
    mkdir key

    Now staying in the ssl directory enter the following:

    openssl req -new -x509 -days 365 -keyout key/vhost1.key -out crt/vhost1.crt -nodes -subj '/O=VirtualHost Website Company name/OU=Virtual Host Website department/CN=www.meinedomain.com'

    We suggest you copy and paste this command. It will make two files vhost1.key and vhost1.crt, one file in each folder. If there is an error, your computer misinterprerted the small ticks one before the '/0 and one tick at the end (ie com').

    Now activate the ssl component in apache2 type:

    sudo a2enmod rewrite

    sudo a2enmod ssl

    Finally go to the /etc/apache2/sites-available/ folder

    In the sites-available folder you will see a file named default. Make a copy and rename it default.orig (ie default original) You are saving the original in case you make a mistake. Now go bacK to the default file, open the file with leafpad.

    Either add all the data from <VirtualHost *:443> to the bottom.

    Or Copy paste as required. The complete file is seen below

    to test apache2 simply type

    service apache2 restart.

    ### default starts below ###

    <VirtualHost *:80>

    ServerAdmin webmaster@localhost

    DocumentRoot /var/www

    <Directory />

    Options FollowSymLinks

    AllowOverride None

    </Directory>

    <Directory /var/www/>

    Options Indexes FollowSymLinks MultiViews

    AllowOverride None

    Order allow,deny

    allow from all

    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

    <Directory "/usr/lib/cgi-bin">

    AllowOverride None

    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

    Order allow,deny

    Allow from all

    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,

    # alert, emerg.

    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    </VirtualHost>

    <VirtualHost *:443>

    ServerAdmin webmaster@localhost

    DocumentRoot /var/www

    <Directory />

    Options FollowSymLinks

    AllowOverride None

    </Directory>

    <Directory /var/www/>

    Options Indexes FollowSymLinks MultiViews

    AllowOverride None

    Order allow,deny

    allow from all

    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

    <Directory "/usr/lib/cgi-bin">

    AllowOverride None

    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

    Order allow,deny

    Allow from all

    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,

    # alert, emerg.

    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine On

    SSLCertificateFile /etc/apache2/ssl/crt/vhost1.crt

    SSLCertificateKeyFile /etc/apache2/ssl/key/vhost1.key

    SSLVerifyClient optional

    SSLVerifyDepth 1

    SSLOptions +StdEnvVars +StrictRequire

    </VirtualHost>

    #####default ends above #####

    You can download the config file and help files at:

    http://www.datafilehost.com/d/0d3eda74

    Musket Teams
    Last edited by mmusket33; 2015-01-19 at 02:52.

  25. #75
    Join Date
    2013-Jul
    Posts
    6
    My pwnstar AP had been running solidly for months. Lately I am having crashes and errors. I have the following error message in my sslstrip log:

    2015-04-25 14:43:11,273 Host resolution error: [Failure instance: Traceback: <type 'exceptions.ValueError'>: I/O operation on closed file
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
    /usr/lib/python2.7/dist-packages/twisted/internet/base.py:250:_checkTimeout
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:368:callback
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:464:_startRunCallbacks
    --- <exception caught here> ---
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
    /usr/share/sslstrip/sslstrip/ClientRequest.py:92:handleHostResolvedSuccess
    ]
    2015-04-25 14:44:59,783 Host resolution error: [Failure instance: Traceback: <type 'exceptions.ValueError'>: I/O operation on closed file
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
    /usr/lib/python2.7/dist-packages/twisted/internet/base.py:250:_checkTimeout
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:368:callback
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:464:_startRunCallbacks
    --- <exception caught here> ---
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
    /usr/share/sslstrip/sslstrip/ClientRequest.py:92:handleHostResolvedSuccess
    ]
    2015-04-25 14:45:00,196 Host resolution error: [Failure instance: Traceback: <type 'exceptions.ValueError'>: I/O operation on closed file
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
    /usr/lib/python2.7/dist-packages/twisted/internet/base.py:250:_checkTimeout
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:368:callback
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:464:_startRunCallbacks
    --- <exception caught here> ---
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
    /usr/share/sslstrip/sslstrip/ClientRequest.py:92:handleHostResolvedSuccess
    ]
    2015-04-25 14:45:01,470 Host resolution error: [Failure instance: Traceback: <type 'exceptions.ValueError'>: I/O operation on closed file
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
    /usr/lib/python2.7/dist-packages/twisted/internet/base.py:250:_checkTimeout
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:368:callback
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:464:_startRunCallbacks
    --- <exception caught here> ---
    /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
    /usr/share/sslstrip/sslstrip/ClientRequest.py:92:handleHostResolvedSuccess
    ]
    Any thoughts as to the problem?

  26. #76
    Join Date
    2015-Apr
    Posts
    29
    Hi Musket,

    I followed the steps I download but got errors, please assist.

    etc/apache2/sites-available# service apache2 restart
    apache2: Syntax error on line 271 of /etc/apache2/apache2.conf: Cannot load /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so into server: /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so: cannot open shared object file: No such file or directory
    Action 'configtest' failed.
    The Apache error log may have more information.

    Thank you,

  27. #77
    Quote Originally Posted by TheMantis View Post
    Hi Musket,

    I followed the steps I download but got errors, please assist.

    etc/apache2/sites-available# service apache2 restart
    apache2: Syntax error on line 271 of /etc/apache2/apache2.conf: Cannot load /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so into server: /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so: cannot open shared object file: No such file or directory
    Action 'configtest' failed.
    The Apache error log may have more information.

    Thank you,
    Solved, I installed passenger and configured as prompt after the installation completed.
    Where is the darn "any key" key?

  28. #78
    Join Date
    2013-Jul
    Posts
    844
    To socialcred,

    MTeams are not the authors of this program. We are just end users. We have no idea why this is occurring. You might write Vulpi to author.

    If we experience this problem and find a solution we will post here. You might try reinstalling the python referenced.


    MTeams

  29. #79
    Join Date
    2015-May
    Posts
    4
    Hello to anyone who uses this on VM. I am running Kali 1.1 with VMware and am having trouble with Blackhole AP, it seems to never give internet access despite the option being selected. I can connect to soft AP and get an IP, DNS seems to work, but internet will never be provided as pass-through as it should.

    Any recommendations for settings to pick when setting up a fake AP? Thanks

  30. #80
    Join Date
    2015-May
    Posts
    25
    This script looks really interesting; look forward to trying it out when I get home next week. Just wondering if anything needs to be changed in the script now that aircrack-ng 1.2 RC 2 has changed monitor interfaces (eg. wlan0 becomes wlan0mon - not monX)? Cheers guys, aGx

  31. #81
    Quote Originally Posted by aGravity View Post
    This script looks really interesting; look forward to trying it out when I get home next week. Just wondering if anything needs to be changed in the script now that aircrack-ng 1.2 RC 2 has changed monitor interfaces (eg. wlan0 becomes wlan0mon - not monX)? Cheers guys, aGx
    I tried it, after it started monitor and it said that no device found. I'm trying to find where does it call mon0, ...
    Where is the darn "any key" key?

  32. #82
    Join Date
    2015-May
    Posts
    25
    Quote Originally Posted by thepoor View Post
    I tried it, after it started monitor and it said that no device found. I'm trying to find where does it call mon0, ...
    Thanks thepoor. How did you go? Are the interfaces defined at the start of the script or continuously throughout it? Hopefully I can get a chance to have a look myself this evening but I won't have access to my Kali machine until the weekend to play with it... Good luck.

    Awesome forum btw aGx

  33. #83
    Join Date
    2013-Jul
    Posts
    844
    To jujubee

    Are you using the Musket Version of the stock version written by Vulpi.

    Try using 9a to get an internet connection.

    In the Musket Version we had to rewrite some of the coding for Selection Four. The Stock Versions 9a works fine.

    To aGravity - we highly suggest you find a way to run the older airmon-ng.


    About airmon-ng, the last official version is written here:

    http://forum.aircrack-ng.org/index.p...2.html#msg2962

    you dont need any wget, just go

    http://svn.aircrack-ng.org/trunk/scr...rmon-ng?p=2429

    and save it as
    airmon-ng.
    you simply take always the newest

    aircrack-suite from svn or whatever,

    and

    delete the newer airmon-ng you find there, and put in this one

    MTeams

  34. #84
    Join Date
    2015-May
    Posts
    25
    Quote Originally Posted by mmusket33 View Post
    To aGravity - we highly suggest you find a way to run the older airmon-ng.


    About airmon-ng, the last official version is written here:

    http://forum.aircrack-ng.org/index.p...2.html#msg2962

    you dont need any wget, just go

    http://svn.aircrack-ng.org/trunk/scr...rmon-ng?p=2429

    and save it as
    airmon-ng.
    you simply take always the newest

    aircrack-suite from svn or whatever,

    and

    delete the newer airmon-ng you find there, and put in this one

    MTeams
    Thanks for the reply mmusket33 & all the good work you/MTeams do. I ended up doing exactly what you recommended on my USB (persistence) install of Kai (which I keep Reaver 1.3 (seems to grab PSKs which Reaver 1.4/5 or wpa_supplicant/wpa_cli methods refuse to) & a few other depreciated programs on). Are there any plans to update PwnSTAR in the future? It's a handy mitm script for beginners & for some reason often works better than my own virtually identical commands for mitm attacks; for the life of me I can't work out what I'm missing on my end, but that's stuff for another post! Cheers guys, aGx

  35. #85
    Join Date
    2013-Jul
    Posts
    844
    To aGravity,

    IT would be helpful to us if you posted in the how to section the step by step method you used to restore the older version of airmon-ng.

    Reference Pwnstar9.0 we do have a newer untested Musket Version, BUT currently we are trying to get VMR-MDK010x3.sh tested and out. We have just finished the last module. After that we will turn and continue work on the musket version of Pwnstar9.0.

    MTeams

  36. #86
    Join Date
    2013-Jul
    Posts
    844
    To aGravity jujubee thepoor

    Reference older versions of airmon-ng. We turned our attention to your problem and have come up with this simple solution.

    Those using VM ware etc can try this with any legacy program in bash.

    If you try and rewrite these legacy programs to work with the newer airmon-ng text output you will have to adjust many grep, sed and awk statements just as a start.

    As airmon-ng is just a bash script it should run anywhere, if you let the legacy program know where to find it.

    MTeams tested the following two(2) methods to make legacy programs function when a newer airmon-ng is installed. This method does not require you to remove the newer version of airmon-ng

    You can test this easily with PwnStar9.0. Below is a link to the older version of airmon-ng. Download the program if you require. Or go to an offical site. We just loaded it here to save you having to search.

    http://www.datafilehost.com/d/35a8b7ec

    Once you have the older version the two(2) methods are as follows.

    Method 1

    Place the airmon-ng program in root and make it executable.

    chmod 755 /root/airmon-ng

    Now test it. Type /root/airmon-ng[Enter]

    You should get an airmon-ng response showing monitors etc.

    Now make a copy of Pwnstar9.0 and work on the copy in case you make a mistake and open it with leafpad.

    Use Ctrl H

    Change all the airmon-ng enties from:

    airmon-ng

    to

    /root/airmon-ng

    In pwnstar there are 13 entries, we did the change all at once

    Make your newer Pwnstar copy executable with

    chmod 755 Pwnstar9.0copy

    Run the program and test

    Method Two

    Type

    locate airmon-ng

    Our kali-linux places airmon-ng in

    /usr/sbin/airmon-ng

    and

    usr/share/set/src/wireless/airmon-ng

    They are the same program

    Rename the airmon-ng you downloaded to airmon-old

    Place it in both these folders.

    Make these programs executable

    chmod 755 /path to file/airmon-old

    Now make a copy of Pwnstar9.0 and work on the copy in case you make a mistake and open it with leafpad.

    Use Ctrl H

    Change all the airmon-ng entries in Pwnstar9.0 from:

    airmon-ng

    to

    airmon-old

    Make your newer Pwnstar9.0copy executable with

    chmod 755 Pwnstar9.0copy

    Run the program and test

    You may ask why we do not do this ourselves as it only takes about 5 minutes

    We have tested both methods and Pwnstar9 ran fine.

    Our associated C-Programmer says there is no problem running the older version with the newer aircrack-ng HOWEVER:

    We are using the older version of aircrack-ng so we cannot actually test the result

    If you test the older airmon-ng with the newer version aircrack-ng let us know the result.

    Musket Teams
    Last edited by mmusket33; 2015-06-11 at 09:59.

  37. #87
    Join Date
    2015-May
    Posts
    25
    Thank you mmusket33 for the detailed how to...

    I keep a USB (persistent) install of Kali 1.0.9a as part of my kit for recovery situations as it seems stable on most systems (Kali 1.1.0a [out-of-the-box live USB] panics my kernel on boot) - on that install I use Reaver 1.3 (for those pesky APs that won't return a valid PSK with Reaver 1.4 or 1.5 & where the wpa_supplicant/wpa_cli method refuses to work) & run the PwnSTAR script from there which works fine.

    When I saw your previous post I decided to setup a simple way to use PwnSTAR on my permanent (& fully updated/upgraded) HDD install; the method I chose was to copy (& rename) the PwnSTAR friendly airmon-ng (version 1.2-rc2) script from my live USB install to a directory on my HDD. Then I wrote a simple script that swaps (renames) between the PwnSTAR compatible older airmon-ng (version 1.2-beta3) for when using PwnSTAR & back to the latest (version 1.2-rc2) when finished with PwnSTAR.

    I hope that makes sense. I've just started using the same principle for changing between Reaver version 1.5.2 (which, with pixiewps, is awesome) & Reaver version 1.3 for the reason mentioned above.

    Since the above steps I've had no issues using the PwnSTAR script & look forward to spending some more time with it this week. Apologies for the late reply with this post & I'm most appreciative of your step-by-step last post. Looking forward to more developments mate. Cheers, aGx

  38. #88
    Join Date
    2013-Jul
    Posts
    844
    Your swaping of airmon-ng was our first approach. Your comments about reaver1.3 are noted and we will try some tests. We had a persistent usb install with 1.3 in our tool box somewhere. Thanks

    Musket Teams

  39. #89
    Join Date
    2015-May
    Posts
    25
    You're most welcome. I had a go with your method & it's certainly a better approach; especially for beginners who would most likely be gravitating towards a script like PwnSTAR in the first place. Don't hesitate to PM me if you need any future testing done. aGx

  40. #90
    Join Date
    2013-Jul
    Posts
    844
    From Musket Team labs

    Using legacy programs that require the older version of airmon-ng

    Method Three(3)

    This is the method that MTeams is using with its scripts that rqr the older airmon-ng
    Newer versions do not have to be removed or altered

    Turn the airmon-ng program into a function and embed it in the script.


    1. Choose a name for the function.

    Here we will use:

    airmon-old_fn

    Do this in the following order only!!!

    1. Copy the legacy program

    2. Open the copy of the legacy program with leafpad

    3. Change all the airmon-ng entries to airmon-old_fn

    Go to the beginning of your legacy program somewhere after the #!/bin/bash

    Paste this first


    #~~~~~~~start airmon-old_fn Start~~~~~~~~#

    airmon-old_fn()
    {



    }

    #~~~~~~~End airmon-old_fn End~~~~~~~~#


    Open up the airmon-ng script and capture the entire text from #!/bin/sh to the bottom


    Paste the entire airmon-ng program between the { } as indicated below


    #~~~~~~~start airmon-old_fn Start~~~~~~~~#


    airmon-old_fn()

    {

    PASTE AIRMON-ng Here

    }

    #~~~~~~~End airmon-old_fn End~~~~~~~~#


    Save the program

    Test the program

    Do not forget to allow your copy of the legacy program to be executable

    chmod 755 Name_of_program

    Do not paste airmon-ng and then change the airmon-ng entries as this will destroy the airmon-ng script.

    The program will now access the function rather then the airmon-ng program on the computer.

    MTeams

  41. #91
    Join Date
    2013-Jul
    Posts
    844
    To gravity

    You could run your reaver1.3 version from root. Make it executable AND you must add --session=/folder/filename

    This will let reaver know where to store the session. When you restart you must add the same session entry every time.

    You might approach soxrok with your reaver1.3 findings and see if you can get him to rewrite reaver1.3 so it outputs all the pixiedust data sequences. We expect they could do it much quicker then anybody else.

    We will send you a copy of VMR_MDK when it is completed.

    MTeams

  42. #92
    Join Date
    2015-May
    Posts
    25
    Nice one mmusket33 re. --session=/folder/filename - added that to my reaver 1.3 script; handy to keep the session directories separate!

    I've got a few routers to dig out of storage before I conclude my reaver 1.3 research. There is one particular box that NO version of Reaver will deliver a PSK & for some, as yet, unknown reason wpa_supplicant (wpa_cli/wps_reg) will not fully authenticate with after a successful association.

    I'll shoot of my findings to soxrok this weekend. Looking forward to VMR_MDK!

    Cheers for that, aGx

  43. #93
    Join Date
    2015-Jun
    Posts
    1
    Hey, (before you go further, if you don't like helping total noobs, don't bother)
    I have trouble running this script, I am running it on the small kali image file and mannualy installed macchanger. I installed PwnSTAR using github.
    My setup:
    Raspberry pi running Kali linux
    Pta01 wifi dongle with the Atheros AR9002U chipset. (drivers installed properly)

    So the problem is, the script seems to run fine. But there is no AP created, nothing just showes up. When I use ''airbase-ng -c 1 -e Test wlan0'' it works just fine.
    I am primarly interested in the first and 4th module (honeypot and dns spoof), so maybe I don't have to use PwnSTAR at all.
    I can provide any logs if needed.

  44. #94
    Join Date
    2013-Jul
    Posts
    844
    To bartvelp:

    We have no experience with Rasberry PI. So although we would like to help you we cannot. All we can say is that on a hard drive dual boot XP/kali install or a persistent usb install of Kali-linux thru a pc the musket version of Pwnstar9.0 runs fine. You can find the musket version just go to the aircrack-ng forums and there is a link in these threads.

    You must log in and go to the bottom of the thread. The files are available thru aircrack-ng forums

    http://forum.aircrack-ng.org/index.php/topic,414.0.html

    The musket version has a WPA phishing module embedded. IF you get the program running scroll thru the PWnstar Thread and get your program to accept https requests.

    We are going to issue an updated musket version of this program soon as the issues surrounding the newer airmon-ng have been resolved through several workarounds.

    Possibly someone running RasberryPI might help you further - just keep asking.


    MTeams

  45. #95
    Join Date
    2015-May
    Posts
    25
    Edit: with reference to mmusket33's post #74:

    Expanding the Phishing Ocean - Getting PwnStar9 to accept requests from HTTPS Sites

    Having Pwnstar 9 accept requests from HTTPs sites in NOT a problem with Pwnstar9 coding. The problem is with Apache2.
    Here is a method that has been tested to work on a kali-linux 1.09a hard drive install. After completion your phishing pages that previously could not be brought up by a https request like google will now be expressed in the clients computer.You will be able to receive both HTTP and HTTPS...


    Hi Musket Teams, nice post.

    Can you confirm this is still working on your current Kali hard drive install? I gave it a try & had to comment out the two 'Listen 443' lines from my /etc/apache2/ports.conf file in order to get apache to start (& run) without errors. I don't think it's working for me as any HTTPS traffic goes through normally, as if nothing has happened. For example, if the connected 'victim' went to https://www.mail.google.com/ they would continue on to that very page using HTTPS & not be served the WPA phishing page.

    All HTTP traffic does get redirected to the WPA phishing page as we'd hope for, EXCEPT any 'suffixed' address, for example:

    http://www.mydomain.com - works A-OK
    http://www.mydomain.com/login/ - causes a 'Not Found' Apache error (The requested URL /login/ was not found on this server.).

    Is there a way to at least get ALL HTTP traffic ('suffixed' addresses like the 'http://www.mydomain.com/login' example above) to be redirected to the WPA phishing page on our Apache web server?

    Thanks again mate, aGx
    Last edited by aGravity; 2015-06-27 at 05:11. Reason: Forgot to quote particular post (mmusket33 post #74)

  46. #96
    Join Date
    2013-Jul
    Posts
    844
    To aGravity,

    We apologize for the late response but we have been busy off line on other projects. Just as soon as we release VMR-MDK011x8.sh a WPS locked router attack script we will immediately turn and clean up the airmon-ng problem with pwnstar9.0 and then look into your comments. However right now all we can provide are some simple possible solutions and tests.

    Pwnstar has two methods to work with these web pages. The menu option 4 is limited in types of addresses it can process so try 9a but you must provide internet access in this case. This complicates WPA phishing but the attack is more resistent to webpage address failures.

    Now reference HTTPS. Without the mod no webpage is offered at all. With the mod you should get the web page. Since you are talking about WPA pages we expect you are using the musket version. If you are using the stock version note we had to rewrite some code reference selection 4 to get it to work seamlessly. Selection 9a was not altered.

    The test for the https functionality is that you get a web page. Without it any webpage request simply fails.

    Reference the code you removed if you simply rem # out the lines then restore these lines of code and try making a simple https request like https://www.google.com and see if you get the web page and/or the internet. Then test something like .mail.google.com. We do not understand why you are not getting the web pages.

    We will get back to you here when we start tests on PwnStar9 again which will be soon.

    MTeams

  47. #97
    Join Date
    2015-May
    Posts
    25
    No problems with the delay mmusket33 - I know you’re often busy with other projects. I’m just getting my Kali system back online after a fresh install so will do some testing with PwnSTAR when time allows – most likely not until next weekend. I had been getting some other strange network issues (not PwnSTAR-related) so perhaps I had broken or changed something and that will resolve itself now; either way I’ll let you know how it goes. Cheers mate, aG

  48. #98
    Join Date
    2015-Jul
    Posts
    4
    ok, i have been this for nearly 12 straight hours now and I'm tired and going to take a break. I have sorted through all sorts of problems but am finally stuck. When I connect to the AP (connects fine, finally) I cannot get the webpage. I can go onto the host machine and goto 127.0.0.1 (or localhost) and the page loads fine, formdata.txt updates with input (had to install php5 and restart) or I can connect with any other device (tested on mac and android phone) and goto 192.168.0.1 and the page works fine. However when I try to connect to anything else it doesn't do anything, nothing loads (as if the webpage is not existent like going to www.sdfdsfasdfsg.com or something). I have tried creating a host file with pwnstar and also supplying my own (192.168.0.1 www*) and nothing seems to work. Does anyone have any idea why? I am still in the early stages of learning linux/hacking so I'm sure it something extremely ridiculous. Thanks in advanced for any info...

    Grub

  49. #99
    Join Date
    2013-Jul
    Posts
    844
    To aGravity

    As promised we are slowly turning our attention back to Pwnstar9.0.

    MTeams loaded kali-linux 1.1a i386 onto a laptop, updated and upgraded it, then loaded Pwnstar9-mv1-5 our current beta and setup the webpages in the /var/www folder and setup the HTTPS with Apache2.

    Using two(2) wifi devices - one(1) connected to an open router and one(1) supporting the RogueAP

    Using the older airmon-ng which is embedded in the program as a function.

    We ran tests with Menu Item 4 (no internet connection/WPA Phishing) and 9a using a local Wifi Hotspot logon page.

    Both 4 and 9a work fine to include writing the data to the formdata.txt file.

    WPA Phishing with 4 was really fast while 9a depends on the strength of the internet connection. In all cases the login page was expressed in the client computer and data sent to the webpage

    We could not get a rooted android phone to associate to the rogueAP but this might have been because we used a known poor internal wifi device to support the rogueAP.

    MTeams
    When loading kali-linux1.1a the program REM(#) out all the update addresses in the /etc/apt/sources.list. So when we went to up-date nothing happened. We have seen this before. We loaded on our own sources list and the program updated nicely.

    Hence there is no problem with Pwnstar9.0 and the newest version of kali-linux.

    We will probably release this beta soon as most of the changes are clerical.

    MTeams
    Last edited by mmusket33; 2015-07-24 at 13:30.

  50. #100
    Join Date
    2013-Jul
    Posts
    844
    To Grub

    We would like to help you but are unsure of you mean here:

    ????However when I try to connect to anything else it doesn't do anything, nothing loads (as if the webpage is not existent like going to www.sdfdsfasdfsg.com or something).????

    What menu item are you using 4 or 9a?

    What version are you using the Stock version from Vulpi or the Musket version supporting WPA Phishing

    MTeams

Similar Threads

  1. PwnSTAR not recognising wlan
    By Matriculate in forum General Archive
    Replies: 0
    Last Post: 2016-04-20, 02:09
  2. Does Pwnstar work on Kali Linux 2.0?
    By jacke4123 in forum General Archive
    Replies: 1
    Last Post: 2015-10-27, 05:24
  3. PwnSTAR and Automatically open page on Fake-AP
    By markrenton in forum Project Archive
    Replies: 0
    Last Post: 2015-09-17, 10:52
  4. easy-creds vs pwnstar
    By boost in forum General Archive
    Replies: 6
    Last Post: 2014-04-21, 17:57
  5. Replies: 31
    Last Post: 2013-12-04, 13:57

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •