Results 1 to 9 of 9

Thread: Pwnstar9.0 for Kali-linux 2016R1-2 released for testing

  1. #1
    Senior Member
    Join Date
    Jul 2013
    Posts
    764

    Pwnstar9.0 for Kali-linux 2016R1-2 released for testing

    Musket Teams have voted to release their latest field version of Pwnstar9 for WPA Phishing and Open Hotspots for community testing.

    Script supports Kali 2016R1R2 only!

    Features

    1. Complete control of most aspects of the Rogue AP process. Such as mac spoofing, channels, AP names of various components, 2nd wifi device options and all aspects of internet connection when access thru captive portal.

    2. Passive and Active DOS processes all run from only one(1) wifi device supporting packet injection. Passive DDOS allows RogueAP Clones running parallel with Rogue AP and still supporting active DDOS when required.

    3. 17 Web Page folders supporting dns spoof and captive portals for both Open Web Sites, WPA Phishing AND WPA Enterprise

    4. MITMf and sslslip, sslslip+ and sslstrip are setup thru menu options as required by user.

    5. WPA Downgrade added to active DDOS choices available.

    6 HTTPS trap to avoid warning to phish

    7. Options for use of two(2) wifi devices

    You can download the zip which contains a lengthy help file.

    https://github.com/musket33/Pwnstar9...-Kali-2016R1-2

    or

    https://www.datafilehost.com/d/6aec9109


    Musket Teams
    Last edited by mmusket33; 2017-02-04 at 06:19 AM.

  2. #2
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    Webpage Updates

    Replace two files in the webpage folder with these updates

    Corrects a small flaw on right side of background

    Musket Teams

    Update available at either address below


    https://github.com/musket33/Pwnstar9...-Kali-2016R1-2


    https://www.datafilehost.com/d/6d32cdf0

  3. #3
    Junior Member
    Join Date
    Jul 2013
    Posts
    6
    Dear Mmusket,

    I just tried the tool on a fresh install of 2016R2. Using choice 9 a with captive portal and sniffing, I was able to get the captive portal to work fine, but the victim machine could not get past the captive portal for further credential sniffing. Every refresh of browser or attempt to go to other site resulted in captive portal page again. Any thoughts on what I am doing wrong or potential bug? Target was iOS device with safari.

  4. #4
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    To social cred

    1. If you want to do credential sniffing not WPA Phishing suggest you use item 3. This being said tell us the following and we will run some tests and get back to you as we are currently working on new pages.

    1. What web page did you use?

    2. Reference the HTTPS trap feature which selection did you use?

    In general to get past the portal phishing page you first must enter data requested by the page correctly. If you use the HTTPS trap feature the phish will bypass the portal page until a http request is made. At that point the portal page is seen. Once data is entered correctly the phishing page is no longer seen unless you change your mac address and sign in with a different ip.

    In closing use the HTTPS trap, get an association to the rogue and make a https request. You should be sent straight to the internet. Next change your request to http and you should get the portal page, 'Now enter the data requested and see what occurs.

    Musket Teams
    Last edited by mmusket33; 2017-02-12 at 02:23 PM.

  5. #5
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    To social cred

    Suggest you cross reference this post concerning airbase-ng

    https://forums.kali.org/showthread.p...ssid-specified

    MTeams
    Last edited by mmusket33; 2017-02-12 at 02:28 PM.

  6. #6
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    New Web Pages and corrections to one folder are available at:

    https://github.com/musket33/Pwnstar9...-Kali-2016R1-2

    or download thru the following:

    Newpages and Updates.zip

    https://www.datafilehost.com/d/ff979b11


    Musket Teams

  7. #7
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    New Web Pages and Corrections 2

    Included in the package are six(6) webpage folders

    Replace the following four(4) folders with these newer ones

    androidwpa1
    androidwpa1access
    routerwpa8
    routerwpa8access

    Corrects a flaw in error pages.

    New Web Pages

    speedwpa1
    speedwpa1access

    The speed webpages attempt to exploit the emotional need for more internet speed.

    All web page coding has been rechecked and tested

    The captive portal coding is currently being explored by MTeams for newer approaches so expect further changes in the future.

    You can download at;

    https://github.com/musket33/Pwnstar9...-Kali-2016R1-2

    or

    https://www.datafilehost.com/d/f2e72070


    Musket Teams

  8. #8
    Senior Member
    Join Date
    Aug 2013
    Location
    lost in space
    Posts
    580
    Any plans to make this compatible for us poor invisible minority that uses KL1? Please? That would be cool.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  9. #9
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    I assure you that users of Kali 1.10a are not invisible to us. MTeams spent allot of coding time keeping 1.10a functioning. Until we found the older airmon-ng solution reaver always worked better for us when using k1.10a. Furthermore we could never get Bully to do much of anything and are starting tests to see if bully functions better for us when using the older airmon-ng.


    Reference Pwnstar9.0 MTeams ran into problems with some of the sniffing tools. You could make a usb install of kali 2016. This would result in one of the sniffing tools possibly unusable but that might be corrected. However we will look into a modified version. We plan on loading beef into the package. We tried but it kept eating our distro.

    MTeams
    Last edited by mmusket33; 2017-03-01 at 09:36 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •