Results 1 to 14 of 14

Thread: ROGUE OFFLINE AP Credential Harvester setup HELP!

  1. #1
    Join Date
    2015-Sep
    Posts
    16

    Post ROGUE OFFLINE AP Credential Harvester setup HELP!

    Hi everyone, i have been trying for the past 3 months to setup a rogue wifi AP WITHOUT internet access.

    I have tried all the different tutorials online but none have been successful for me.

    I am trying to setup a rogue AP, without internet access and will forward all connected clients to a login page of my choice for credential harvesting. For example, once connected, a 'enter your email address and password' email address page will pop up for credential harvesting , etc.

    If anyone could run me through a simple step by step from start to finish guide, i would be grateful.

    Any help would be great!

    I am now currently using the new kali linux 2.0

    Thank you



    I

  2. #2
    Join Date
    2013-Jul
    Posts
    844
    There are four(4) main rogueAP programs Pwnstar9.0, Easycreds Linset and Aerial. These are all available for download thru these forums. To our knowledge none of these programs will run under kali2.0 for a variety of reasons. Please correct us here if we are in error. The reasons are no eterm support, a new airmon-ng output among other things.

    You could make a usb persistent install of kali1.10a and download either the stock pwnstar9.0 or the musket version. See the Pwnstar Thread for the address or search the aircrack-ng forums for the link. You can also run Linset. Download the musket version found in aircrack-ng as the stock linset is in spanish and has bugs which are corrected in the musket version.

    We know nothing about easy creds. Arial does not support Phishing pages.

    MTeams is trying to get Pwnstar9.0 to run under kali2.0 and are recoding as we speak but it will be finished when it is finished.

    If you go the persistent usb route we suggest you download the musket version of Pwnstar9.0 and read the help files. Also read thru the Pwnstar Thread for help.

    You could write Vulpi the author of Pwnstar9.0 and ask him to recode his program for kali2.0
    MTeams

  3. #3
    Join Date
    2015-Sep
    Posts
    14
    Dear MTeams, I really thank you for all your work. The problem of WPA phishing programms is that browsers like Chrome and Firefox have HSTS, so it's impossible to redirect Https to Http. This thing makes all WPA phishing programms useless, due to the fact that major visited websites (Google, Yahoo, Gmail etc.) are Https.
    To (partially) remedy to this problem, a phising program should have a sort of fake captive portal that automatically opens a browser window when the victim connects to the Fake AP. It's actually possible only for some Android mobile device, using Linset. But, at least where I live, 90% of people use a laptop to connect.
    Hoping that my comment could help your Team to improve a phishing script with this needful option.
    Regards

  4. #4
    Join Date
    2015-Sep
    Posts
    16
    Thank you very much for your reply.

    I have tried pwnstar in the past. I still have the same problems with it. When it asks me 'Are we giving internet access' i say no. When it asks me which interfaces, it shows 'wlan0' and my external eifi card 'wlan1. I have tried using each of them many of times and each time it just shows the error 'Device does NOT exist'....what could be wrong? Thank you

  5. #5
    Join Date
    2015-Sep
    Posts
    16
    I have manged to get Pwnstar up and running great with your advice! But there is one more problem. Once the victim has connected, they enter there credentials into the fake website, click 'login', and the text file at my end on my pc which is harvesting the passwords etc, stays blank.

    Any help would be great. Thank you

  6. #6
    Join Date
    2013-Jul
    Posts
    844
    Dear jacke4123

    If you are using the musket version then the help files take you thru the four(4) function tests. You need to select the formdata.txt as the destination for this data. Now two(2) things can go wrong here. First each phishing folder has its own formdata.txt file. You may simply be looking at a formdata.txt file in the wrong folder in /var/www/ . Secondly you must allow others to write to this file. So set the permissions for the formdata.txt file in each folder in /var/www to 777 with the command chmod 777 formdata.txt. Open a terminal window and cd to the folders and set the permissions for each formdata.txt file. Then try it.

    There is a method to allow apache 2 to accept https request - it is in the pwnstar main thread in the community projects

    We have gotten kali2.0 to run Pwnstar9.0 and provide a rogueAP without shutting down network-manager. So we are working on a phishing page with the internet access ability as we speak.

    MTeams

  7. #7
    Join Date
    2013-Jul
    Posts
    844
    To jacke4123

    During the rewrite of Pwnstar9.0 for kali2.0 we have come across another problem. Apache2 now has an html folder within the /var/www/ folder. Apache now looks for the index.html file there:

    i.e. /var/www/html/index.html

    To get the data written to the formdata.txt file by a client you must place the process-form-data.php for that web page into the same folder as the index.html

    If you place it anywhere else it cannot be accessed by the client even if you show the path to this php file in the index.html

    MTeams

  8. #8
    I did something like what you're explaining a while ago using nothing but a wrt54g router loaded with openwrt. Redirected all http/HTTPS traffic to itself with a captive portal phishing for wpa passwords. Said something like "there is an error in your configuration, please input wireless password to continue"
    If anyone is interested in how I did it ill see about making a writeup.

  9. #9
    Join Date
    2015-Sep
    Posts
    14
    Quote Originally Posted by aanarchyy View Post
    I did something like what you're explaining a while ago using nothing but a wrt54g router loaded with openwrt. Redirected all http/HTTPS traffic to itself with a captive portal phishing for wpa passwords. Said something like "there is an error in your configuration, please input wireless password to continue"
    If anyone is interested in how I did it ill see about making a writeup.
    I'm interested. It's necessary to use a router? Why can't use an USB adaptor like awus036h or something else? Send me a P.M. please, I have other questions about HSTS redirection. Thanks

  10. #10
    Join Date
    2013-Jul
    Posts
    844
    To aanachyy

    Mteams is recoding Pwnstar9 for kali2.0. We have the phishing pages all working we are just working on the internet access portion and the hard work will be finished.

    If you have a method of redirecting https requests to http please post. We have tried all sorts of methods and nothing worked for us.

    MTeams

  11. #11
    Join Date
    2015-Sep
    Posts
    14
    To mmusket33

    As you surely know, the connection to https is made before any kind of re-direction. So it's impossible to do it using an openSSL or a self-certified one.
    The major browsers have HSTS enabled.
    I think that the only way to redirect Https requests to http is to buy a cert. We can do it, all together, putting money together.
    If you're interested, we can make something together.
    It's the only solution to make a REAL wpa phishing script.
    Thank you

  12. #12
    Join Date
    2015-Sep
    Posts
    16
    Thank you for keeping me up to date, its a great help.

    I am still having a few problems setting up the rogue AP.

    When signing in on the fake webpage, I still cannot recieve the credentials on my comptuer even though i have changed the permissions of the files. Could this be that i am installing Pwnstar into the wrong folder?? Which folder to you recommend extracting the files of Pwnstar to, and then which folder to install to when asked in terminal??

    Also, I have tried giving internet access to the rogue AP but when the victim sign in, they recieve a Apache 2 error saying that they are forbidden.

    Isit possible to bridge Wlan0 (which is connected to the internet) to Wlan1 (which will be the access point). Or isit only possible to bridge eth0 to wlan1 for example?

    Thank you very much for your help so far!

  13. #13
    @mmusket33

    It was something kinda like this.
    https://forums.kali.org/showthread.p...id3-%28MITM%29

  14. #14
    Join Date
    2015-Sep
    Posts
    14
    To aanarchyy:

    Start Firefox/Iceweasel:
    Open 'Preferences'
    Go to the 'Advanced' section, 'Certificates' tab
    Press the 'View Certificates' button and go to the 'Authorities' tab
    Press the 'Import' button, select the Root-ca-cert.pem file , check 'Trust this CA to indetify websites' press 'OK'.
    The problem is that the victim should import the cert, so I think that, pratically talking, it's useless. Or am I wrong?

Similar Threads

  1. S.E.T Credential Harvester
    By metafiend in forum General Archive
    Replies: 2
    Last Post: 2016-02-19, 14:27
  2. S.E.T Credential Harvester
    By metafiend in forum TroubleShooting Archive
    Replies: 2
    Last Post: 2016-02-19, 14:27
  3. Credential harvester
    By captainnima in forum General Archive
    Replies: 1
    Last Post: 2015-11-13, 13:12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •