Results 1 to 26 of 26

Thread: New WPA Phishing system using pwnstar9.0 released for general use

  1. #1
    Join Date
    2013-Jul
    Posts
    841

    New WPA Phishing system using pwnstar9.0 released for general use

    Musket Teams have rewritten PwnStar9.0 in an effort to improve WPA Phishing success.

    The following features have been added.

    1. Reference the Basic Menu item 4) Simple Web Server with dnspoof. IP Tables have been rewritten specifically for that selection, to improve WPA Phishing when no internet access is provided.

    2. A new interactive phishing page has been constructed allowing the user to have PwnStar 9.0-mv1.2 insert the target routers' make, model and other deails into the phishing main page as required by the user. This web page will be in the routerwpa3 folder found in the downoad.

    You can download the pwmstar-mv.zip file at:

    http://www.axifile.com/en/8D0DEA0B60

    This zip file contains:

    pwnstar9.0-mv1.2
    routerwpa3 folder
    a. formdata.txt
    b. index.html
    c. processs-form-data.php
    Install instructions - pwnstar9.0mv1.2.txt


    This is a Musket Team Release

  2. #2
    Could you Please Help me with Some things. in Instructions , it says we need two wifi devices . why ?? i think this can be done only by one device too . (Linset).
    And Which option Should i choose , i have 10 options i think which one is correct (this is unclear too and this not mention instruction text too that which option you have too choose.)
    and is this run mdk3 by it's own or am i suppose to run it manually??
    Thanks in Advance..

  3. #3
    Join Date
    2013-Jul
    Posts
    841
    First read thru:

    https://forums.kali.org/showthread.p...unning-on-Kali

    Near the end there is a way to allow apache2 to accept https request - make sure you do this.

    If you can make the phishing system work with one Wifi Device please develop it and post how you did it.

    Test your system and make sure clients can access your rogueAP while the deauth process is being conducted.


    MTeams prefers using mdk3 g to kick clients off the router.

    Use Item 4 and do not provide internet access.

    We are working on an updated version as this time.

    MTeams

  4. #4
    Linset Tool , which uses only on Wireless card. and linset is also kind of Social Engineering Tool i think, which generate a fake page and user enter it's password and we get the password etccc.... Am i right ?

  5. #5
    Join Date
    2015-Mar
    Posts
    127
    Would it be possible for this script to be updated to use the new airmon-ng. Aircrack 1.2 rc 2, names virtual monitor interface differently.

    Ex.
    new
    airmon-ng wlan3 = wlan3mon
    old
    airmon-ng wlan3 = mon0

    or just be able to handle old and new airmon-ng.
    Last edited by nuroo; 2015-04-19 at 20:19.

  6. #6
    Join Date
    2013-Jul
    Posts
    841
    To Nuroo,

    MTeams do not use VM and therefore could not test any rewrite. You might consult the main PwnStar9 Thread by Vulpi the author of PwnStar9 and see if he would do the rewrite.

    MTeams

  7. #7
    Join Date
    2015-Mar
    Posts
    127
    Ok no worries. Not using VM though. Aircrack-ng got updated.

  8. #8
    Join Date
    2015-Apr
    Location
    cosmoland
    Posts
    18
    Hi all!
    Where is the problem pls help me
    http://www42.zippyshare.com/v/i7MJellZ/file.html

    Apache failed to start please resolve then try again

  9. #9
    Join Date
    2013-Jul
    Posts
    41
    Thanks for the guide,

    Although the download Link seems to be down....

  10. #10
    Join Date
    2015-Apr
    Location
    cosmoland
    Posts
    18
    Quote Originally Posted by slmafiq View Post
    Hi all!
    Where is the problem pls help me
    http://www42.zippyshare.com/v/i7MJellZ/file.html

    Apache failed to start please resolve then try again
    please

  11. #11
    Join Date
    2015-Sep
    Posts
    14
    Quote Originally Posted by slmafiq View Post
    please
    Bro i had the same problem. Try to do what I'm going to write:

    apt-get update
    git clone https://github.com/SilverFoxx/PwnSTAR.git

    After did it, go into the PwnSTAR folder from the terminal, and start the PwnStar file using sudo bash

    Install all the dependencies that it requires

    After that, download the MTeams version and follow the guide in it (and remember to follow the Apache2 openssl guide on https://forums.kali.org/showthread.p...-on-Kali/page8 ) !
    Last edited by markrenton; 2015-09-25 at 18:06.

  12. #12
    Join Date
    2015-Mar
    Posts
    8
    It would be nice if this could work with one adapter, and verify the password entered by the victim.

  13. #13
    Join Date
    2013-Jul
    Posts
    841
    To Desuu

    linset does the deauth and sets up a tap interface at0 with one device. For the deauth it uses

    mdk3 mon0 d -b -c

    where

    d = Deauthentication/dissassociation

    -b /path/blacklist.txt Macs to run test on

    -c Channel

    If you are not providing internet access you can test this approach with Pwnstar9.0. In this case MTeams thinks your rogueAP has to be on the same channel. We have not tested this.

    MTeams

  14. #14
    Join Date
    2013-Aug
    Location
    Italy
    Posts
    65
    Hi musket
    I know that what I ask is a little off topic
    but since it was updated aircrack WPA Phishing It has become a tragedy anch
    and because the interface monitor inhibits wlan0
    time ago I read your own guide on how to downgrade to airkrack you mind post it on kali linux forum
    I would be very grateful because now some attacks are virtually impossible
    thank you
    Est modus in rebus
    cd /usr/bin/bad

  15. #15
    Join Date
    2013-Jul
    Posts
    841
    To Devil,

    There is no reason to downgrade. With the newer airmon-ng we have published all the workarounds. You could also just place the older airmon-ng in the /user/bin folder and run that instead. Furthermore you will still have the Network Manager Problems. Both airmon-ng and Network-manager are bugged out BUT you can work around the problems.

    Reference phishing MTeams is just now cleaning up a Kali2.0 version of Pwnstar9.0 and it runs much better in kali2.0. This is not due to our coding - because once you get past the bugs kali2.0 runs fine - this has surprised us. We have developed something we call a HTTPS-HTTP trap to lure in androids and mobile phones. We also have mitmf running alongside PS9 and have been testing mdk3 d which might reduce the number of wifi adapters required. So far mdk3 d on the same device as the rogueAP works fine. Give us a week and you will be back phishing the wifi oceans.
    Last edited by mmusket33; 2015-09-26 at 14:22.

  16. #16
    Join Date
    2013-Aug
    Location
    Italy
    Posts
    65
    many thanks for the info musket
    and thanks for the great work that we made
    the problem that most afflicts me in kali sana is the multiple monitors
    spoof the mac on the monitors and some some problem that kali 1.0 had not pity that I did not even have a copy of the old kali patiently
    I wait impatiently to see your work
    Good work mmusket33 team
    Est modus in rebus
    cd /usr/bin/bad

  17. #17
    Join Date
    2013-Aug
    Location
    Italy
    Posts
    65
    sorry duplicate post
    Last edited by Devil_D; 2015-09-27 at 10:38.
    Est modus in rebus
    cd /usr/bin/bad

  18. #18
    Join Date
    2015-Sep
    Posts
    14
    Quote Originally Posted by mmusket33 View Post
    To Devil,

    There is no reason to downgrade. With the newer airmon-ng we have published all the workarounds. You could also just place the older airmon-ng in the /user/bin folder and run that instead. Furthermore you will still have the Network Manager Problems. Both airmon-ng and Network-manager are bugged out BUT you can work around the problems.

    Reference phishing MTeams is just now cleaning up a Kali2.0 version of Pwnstar9.0 and it runs much better in kali2.0. This is not due to our coding - because once you get past the bugs kali2.0 runs fine - this has surprised us. We have developed something we call a HTTPS-HTTP trap to lure in androids and mobile phones. We also have mitmf running alongside PS9 and have been testing mdk3 d which might reduce the number of wifi adapters required. So far mdk3 d on the same device as the rogueAP works fine. Give us a week and you will be back phishing the wifi oceans.
    And what about browsers from laptops (for ex. Chrome or Mozilla), there's nothing to do?

  19. #19
    Join Date
    2015-Apr
    Location
    cosmoland
    Posts
    18
    Thanks to u'r reply markrenton
    i tried everything
    i have 2 wi fi card TP-Link TL-WN722N and intel.....

    apt-get update
    git clone https://github.com/SilverFoxx/PwnSTAR.git
    sudo bash installer.sh
    sudo bash pwnstar >>>>>

    watch this video
    *REMOVED*

    And when i was trying to connect with the network it didnt allow me to do so.. and even if i connected it didnt load any pages including FAKEPAGE (with my phone xperia m2 aqua)


    Edit:
    Youtube
    Last edited by g0tmi1k; 2015-10-21 at 08:39. Reason: Youtube

  20. #20
    Join Date
    2015-Apr
    Location
    cosmoland
    Posts
    18
    Have someone made the program work ???

  21. #21
    Join Date
    2013-Jul
    Posts
    841
    To slmafiq,

    As Mteams have noted in Pwnstar9.0(PS9) threads the current versions of PS9 both stock and MTeams PS9mv will not work with kali2.0. If kali1.10a is using the newer airmon-ng that gives you a wlan0mon monitor PS9 will not work. If you are using the older airmon-ng and kali 1.10a the Musket Version works fine if you setup the program correctly. MTeams suggests you just wait a bit and a MTeams PS9 version for kali2.0 will be available. We are working thru the deauth and rescan modules at present.

  22. #22
    Join Date
    2015-Apr
    Location
    cosmoland
    Posts
    18
    Quote Originally Posted by mmusket33 View Post
    To slmafiq,

    As Mteams have noted in Pwnstar9.0(PS9) threads the current versions of PS9 both stock and MTeams PS9mv will not work with kali2.0. If kali1.10a is using the newer airmon-ng that gives you a wlan0mon monitor PS9 will not work. If you are using the older airmon-ng and kali 1.10a the Musket Version works fine if you setup the program correctly. MTeams suggests you just wait a bit and a MTeams PS9 version for kali2.0 will be available. We are working thru the deauth and rescan modules at present.
    Thanks!

    i use kali-linux-1.1.0a-i386 live USB
    wlan1
    wlan0
    mon0
    mon1
    with this commnads
    apt-get update
    sudo bash installer.sh
    sudo bash pwnstar
    i have 2 wi fi adapters TP-link WN722 and intel
    TP-link is connected for internet
    intel is FAKE AP
    or vice versa

    Тhen i use HOTSPOT_3 var/www
    everything worked fine
    Until i tried to connect with my phone for FAKE AP.

    Google chrome didnt load any pages Thats is the problem

    Do u want to make a video for you ?

  23. #23
    Join Date
    2013-Jul
    Posts
    841
    To Slmafiq:

    When we release Pwnstar9.0 for kali2.0 you should feel free to do what you want with it to include videos.

    MTeams do not do videos,facebook etc. So anything ever put out there will never come from us. We only provide text help files for study.

  24. #24
    Join Date
    2015-Sep
    Posts
    14
    When will it be released Pwnstar new version?
    And what about bypassing HTTPS on Chrome/Mozilla for laptops, have you done something?

  25. #25
    Join Date
    2014-Sep
    Posts
    1
    I have to commend this wonderful script. I started using it only recently and it's been wonderful, however I do have a little issue with my fake AP txpower or so to speak.

    Everything seems to be up and running including the dnsspoof with option 4 but when I start a fake AP with the same name and channel as my target AP, my fake AP doesn't come up and I thought perhaps it's the power and I ran

    iwconfig wlan0 txpower 30

    but it doesn't seem to solve the problem.

    PS: when I start the fake AP with similar but different name on the same channel it does come up and I can connect smoothly.

    What can I do to resolve this, thanks.

  26. #26
    Join Date
    2013-Jul
    Posts
    841
    To bogenius

    MTeams suggest you use the newer Pwnstar version we just released for kali2.0

    Reference TX power this is set by the command iw reg set BO

    However BO does not now support 30
    Open the Pwnstar Script
    Find the line Ctrl F
    iw reg set

    Change
    iw reg set BO
    to
    iw reg set GY

    If you use the exact same name on the same channel, one name may be masked by the other name when viewed with airodump-ng. You will see a flashing there occasionally if this is the case. Suggest you only use an exact same name with an ISP or open hotspot. Alter the mac address slightly. If you are using a different wifi device to conduct the DDOS then you can set your RogueAP on a different channel. In the newer Pwnstar help files this subject is covered in more detail. Furthrmore the newer version handles HTTPS requests by setting what we call a HTTPS-HTTP trap. This is only available in the newer version.

    MTeams

Similar Threads

  1. Netmanmac1-3 released for general use
    By mmusket33 in forum General Archive
    Replies: 16
    Last Post: 2018-01-05, 01:00
  2. Pwnstar9.0 for Kali-linux 2016R1-2 released for testing
    By mmusket33 in forum Project Archive
    Replies: 14
    Last Post: 2017-04-26, 11:33
  3. Replies: 18
    Last Post: 2017-01-12, 01:14
  4. Pwnstar9.0 for kali2.0 has been released for general use
    By mmusket33 in forum Project Archive
    Replies: 37
    Last Post: 2016-12-05, 08:23
  5. Pwnstar9.0 bugs
    By mmusket33 in forum General Archive
    Replies: 0
    Last Post: 2014-04-07, 11:21

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •