Pwnstar9.0 for kali2.0 has been released for general use
Pwnstar9.0 for Kali 2.0 is released for general use and testing.
The Pwnstar9mv2.zip package contains the following;
2. webpage folder
3. MITMf directory
Package designed for WPA Phishing and sniffing
You can download Pwnstar9-K2.zip package at:
Musket Team Labs
For those unable to download because of the portalpdf file try this download. The portalpdf folder in the webpage folder has been removed. The pdf attack listed in the Basic Menu will therefore not function as the rqr folder will be missing. This will not affect other Menu selections listed as tested in the help file
Last edited by mmusket33; 2016-03-10 at 07:33 AM.
virus total kicks back 38/50 on this.
The original author constructed a portal+pdf attack. The virus you see listed is part of that package and is included in all Pwnstar9.0 versions both stock and musket team.
We have included a download listed above that does not include the portal+pdf web page folder.
Let us know if you have any other problems
Last edited by mmusket33; 2015-10-08 at 02:06 AM.
make video how you start option 4 i cannot contect for rouge AP with my phone :@ :@ :@
Have a problem with it.
This is the steps I've made.
Kali Linux 2.0 (Tried both Vmware and HD installation)
Apt-get update && upgrade
I installed all the dependencies, set the various permission, placed the various files in root and the portal pages to /var/www
bash pwnstar etc..
I have a wired connection (through Lan) and two adapters:
Once I open the script, i followed the various Yes or Not, as long as It creates the rogueAP.
I provided internet access, writing "eth0" when the program asks which interface will be used to provide i.a. (so I selected the option for HTTPS-HTTP trap)
I placed the RogueAP channel on 1,that is the same of the victim's router.
Realtek for AP, Ralink for mdk3 attacks.
The problem is that, even if I can see the various broadcast requests, NO ONE connects to the fake AP. And, I repeat, mdk3 deauth works well.
What's the problem?
I tried 48h for one victim router, and I tried other routers too, but nothing happened.
Can you kindly help me?
The best way to test this program is to go thru the four steps we outline in both the main Pwnstar thread set up by Vulpi and in our help files.
With a second wifi device.
1. See if the rogueAP name is seen.
2. Test if the second wifi device can connect(associate) to the rogueAP
3. Test to see if the second device can call up the phishing page.
4. Test to see if data can be written to the formdata.txt file from the second computer.
5. Deauth the targetAP and see if you can connect to it thru your second wifi device.
6. Deauth the targetAP and see if you can still connect to the rogueAP and pass data.
If the above all works it is just a matter of getting a phish to bite. WPA phishing is a social engineering attack. Computers are not forced onto the rogueAP, the client has to choose to connect. Read our suggestions about rogueAP names in the help files. MTeams suggest you explore all other avenues while you WPA Phish in this order:
3. Brute Force Run thru 8-10 numeric strings and then a good WPA dictionary - Use elcomsoft
4. Listen for probe requests of WPA key in clear text by collecting essidprobe data.
You should test item three and use the mithf program also. Connect your own device to the rogueAP and you can see all the data being past/
Last edited by mmusket33; 2015-10-15 at 10:53 AM.
Great work by your MusketTeams keeping this tool working. It's a favorite for end-user security awareness training.
The tool works fine for the captive portal and phishing attack. I am having trouble getting the sniffing functionality to match what I was getting with sslstrip. Once the target was through the phishing portal it was no problem to grab demo outlook.com credentials. Now I can't seem to get the MITMf script to work to sniff after browsing authorized. Any tips on troubleshooting would be greatly appreciated. Alternatively could I still use sslstrip?
First you can only use MITMf with Basic Menu item 3. You cannot use it with Basic menu item 4 or 9a because Apache2 runs and takes over the port. You mention browsing authorized which leads us to thinking you are trying to use it with a portal/phishing page which again requires Apache2.
We note this limitation in the help files.
If this is not the case then outline your menu choices etc and we will try an duplicate your problem and correct it.
Thanks for pointing out my error. You are correct I was trying to use it as a follow on to the captive portal phishing attack. I didn't read the help files carefully enough. Should the sslstrip attack still work after 9a?
Again thanks for keeping a favorite tool working!