PwnSTAR running on Kali

[mmusket33]

Expanding the Phishing Ocean - Getting PwnStar9 to accept requests from HTTPS Sites

Having Pwnstar 9 accept requests from HTTPs sites in NOT a problem with Pwnstar9 coding. The problem is with Apache2.
Here is a method that has been tested to work on a kali-linux 1.09a hard drive install. After completion your phishing pages that previously could not be brought up by a https request like google will now be expressed in the clients computer.You will be able to receive both HTTP and HTTPS.
Open up a terminal window and type:

cd /etc/apache2

Make a directory called ssl

mkdir ssl

Go to the ssl directory

cd ssl

Make two more directories within ssl

mkdir crt
mkdir key

Now staying in the ssl directory enter the following:

openssl req -new -x509 -days 365 -keyout key/vhost1.key -out crt/vhost1.crt -nodes -subj '/O=VirtualHost Website Company name/OU=Virtual Host Website department/CN=www.meinedomain.com'

We suggest you copy and paste this command. It will make two files vhost1.key and vhost1.crt, one file in each folder. If there is an error, your computer misinterprerted the small ticks one before the '/0 and one tick at the end (ie com').

Now activate the ssl component in apache2 type:

sudo a2enmod rewrite

sudo a2enmod ssl

Finally go to the /etc/apache2/sites-available/ folder

In the sites-available folder you will see a file named default. Make a copy and rename it default.orig (ie default original) You are saving the original in case you make a mistake. Now go bacK to the default file, open the file with leafpad.

Either add all the data from <VirtualHost *:443> to the bottom.

Or Copy paste as required. The complete file is seen below

to test apache2 simply type

service apache2 restart.

### default starts below ###

<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot /var/www

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory /var/www/>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory "/usr/lib/cgi-bin">

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

<VirtualHost *:443>

ServerAdmin webmaster@localhost

DocumentRoot /var/www

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory /var/www/>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory "/usr/lib/cgi-bin">

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine On

SSLCertificateFile /etc/apache2/ssl/crt/vhost1.crt

SSLCertificateKeyFile /etc/apache2/ssl/key/vhost1.key

SSLVerifyClient optional

SSLVerifyDepth 1

SSLOptions +StdEnvVars +StrictRequire

</VirtualHost>

#####default ends above #####

You can download the config file and help files at:

http://www.datafilehost.com/d/0d3eda74

Musket Teams

[socialcred]

My pwnstar AP had been running solidly for months. Lately I am having crashes and errors. I have the following error message in my sslstrip log:

2015-04-25 14:43:11,273 Host resolution error: [Failure instance: Traceback: <type 'exceptions.ValueError'>: I/O operation on closed file
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
/usr/lib/python2.7/dist-packages/twisted/internet/base.py:250:_checkTimeout
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:368:callback
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:464:_startRunCallbacks
--- <exception caught here> ---
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
/usr/share/sslstrip/sslstrip/ClientRequest.py:92:handleHostResolvedSuccess
]
2015-04-25 14:44:59,783 Host resolution error: [Failure instance: Traceback: <type 'exceptions.ValueError'>: I/O operation on closed file
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
/usr/lib/python2.7/dist-packages/twisted/internet/base.py:250:_checkTimeout
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:368:callback
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:464:_startRunCallbacks
--- <exception caught here> ---
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
/usr/share/sslstrip/sslstrip/ClientRequest.py:92:handleHostResolvedSuccess
]
2015-04-25 14:45:00,196 Host resolution error: [Failure instance: Traceback: <type 'exceptions.ValueError'>: I/O operation on closed file
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
/usr/lib/python2.7/dist-packages/twisted/internet/base.py:250:_checkTimeout
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:368:callback
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:464:_startRunCallbacks
--- <exception caught here> ---
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
/usr/share/sslstrip/sslstrip/ClientRequest.py:92:handleHostResolvedSuccess
]
2015-04-25 14:45:01,470 Host resolution error: [Failure instance: Traceback: <type 'exceptions.ValueError'>: I/O operation on closed file
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
/usr/lib/python2.7/dist-packages/twisted/internet/base.py:250:_checkTimeout
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:368:callback
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:464:_startRunCallbacks
--- <exception caught here> ---
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
/usr/share/sslstrip/sslstrip/ClientRequest.py:92:handleHostResolvedSuccess
]

Any thoughts as to the problem?

[TheMantis]

Hi Musket,

I followed the steps I download but got errors, please assist.

etc/apache2/sites-available# service apache2 restart
apache2: Syntax error on line 271 of /etc/apache2/apache2.conf: Cannot load /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so into server: /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so: cannot open shared object file: No such file or directory
Action 'configtest' failed.
The Apache error log may have more information.

Thank you,

[thepoor]

Hi Musket,

I followed the steps I download but got errors, please assist.

etc/apache2/sites-available# service apache2 restart
apache2: Syntax error on line 271 of /etc/apache2/apache2.conf: Cannot load /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so into server: /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so: cannot open shared object file: No such file or directory
Action 'configtest' failed.
The Apache error log may have more information.

Thank you,

Solved, I installed passenger and configured as prompt after the installation completed.

[aGravity]

Edit: with reference to mmusket33's post #74:

Expanding the Phishing Ocean - Getting PwnStar9 to accept requests from HTTPS Sites

Having Pwnstar 9 accept requests from HTTPs sites in NOT a problem with Pwnstar9 coding. The problem is with Apache2.
Here is a method that has been tested to work on a kali-linux 1.09a hard drive install. After completion your phishing pages that previously could not be brought up by a https request like google will now be expressed in the clients computer.You will be able to receive both HTTP and HTTPS...

Hi Musket Teams, nice post.

Can you confirm this is still working on your current Kali hard drive install? I gave it a try & had to comment out the two 'Listen 443' lines from my /etc/apache2/ports.conf file in order to get apache to start (& run) without errors. I don't think it's working for me as any HTTPS traffic goes through normally, as if nothing has happened. For example, if the connected 'victim' went to https://www.mail.google.com/ they would continue on to that very page using HTTPS & not be served the WPA phishing page.

All HTTP traffic does get redirected to the WPA phishing page as we'd hope for, EXCEPT any 'suffixed' address, for example:

http://www.mydomain.com - works A-OK
http://www.mydomain.com/login/ - causes a 'Not Found' Apache error (The requested URL /login/ was not found on this server.).

Is there a way to at least get ALL HTTP traffic ('suffixed' addresses like the 'http://www.mydomain.com/login' example above) to be redirected to the WPA phishing page on our Apache web server?

Thanks again mate, aGx