Results 1 to 6 of 6

Thread: Pwnstar9.0 for Kali-linux 2016R1-2 released for testing

  1. #1
    Senior Member
    Join Date
    Jul 2013
    Posts
    754

    Pwnstar9.0 for Kali-linux 2016R1-2 released for testing

    Musket Teams have voted to release their latest field version of Pwnstar9 for WPA Phishing and Open Hotspots for community testing.

    Script supports Kali 2016R1R2 only!

    Features

    1. Complete control of most aspects of the Rogue AP process. Such as mac spoofing, channels, AP names of various components, 2nd wifi device options and all aspects of internet connection when access thru captive portal.

    2. Passive and Active DOS processes all run from only one(1) wifi device supporting packet injection. Passive DDOS allows RogueAP Clones running parallel with Rogue AP and still supporting active DDOS when required.

    3. 17 Web Page folders supporting dns spoof and captive portals for both Open Web Sites, WPA Phishing AND WPA Enterprise

    4. MITMf and sslslip, sslslip+ and sslstrip are setup thru menu options as required by user.

    5. WPA Downgrade added to active DDOS choices available.

    6 HTTPS trap to avoid warning to phish

    7. Options for use of two(2) wifi devices

    You can download the zip which contains a lengthy help file.

    https://github.com/musket33/Pwnstar9...-Kali-2016R1-2

    or

    https://www.datafilehost.com/d/6aec9109


    Musket Teams
    Last edited by mmusket33; 2017-02-04 at 06:19 AM.

  2. #2
    Senior Member
    Join Date
    Jul 2013
    Posts
    754
    Webpage Updates

    Replace two files in the webpage folder with these updates

    Corrects a small flaw on right side of background

    Musket Teams

    Update available at either address below


    https://github.com/musket33/Pwnstar9...-Kali-2016R1-2


    https://www.datafilehost.com/d/6d32cdf0

  3. #3
    Junior Member
    Join Date
    Jul 2013
    Posts
    6
    Dear Mmusket,

    I just tried the tool on a fresh install of 2016R2. Using choice 9 a with captive portal and sniffing, I was able to get the captive portal to work fine, but the victim machine could not get past the captive portal for further credential sniffing. Every refresh of browser or attempt to go to other site resulted in captive portal page again. Any thoughts on what I am doing wrong or potential bug? Target was iOS device with safari.

  4. #4
    Senior Member
    Join Date
    Jul 2013
    Posts
    754
    To social cred

    1. If you want to do credential sniffing not WPA Phishing suggest you use item 3. This being said tell us the following and we will run some tests and get back to you as we are currently working on new pages.

    1. What web page did you use?

    2. Reference the HTTPS trap feature which selection did you use?

    In general to get past the portal phishing page you first must enter data requested by the page correctly. If you use the HTTPS trap feature the phish will bypass the portal page until a http request is made. At that point the portal page is seen. Once data is entered correctly the phishing page is no longer seen unless you change your mac address and sign in with a different ip.

    In closing use the HTTPS trap, get an association to the rogue and make a https request. You should be sent straight to the internet. Next change your request to http and you should get the portal page, 'Now enter the data requested and see what occurs.

    Musket Teams
    Last edited by mmusket33; 2017-02-12 at 02:23 PM.

  5. #5
    Senior Member
    Join Date
    Jul 2013
    Posts
    754
    To social cred

    Suggest you cross reference this post concerning airbase-ng

    https://forums.kali.org/showthread.p...ssid-specified

    MTeams
    Last edited by mmusket33; 2017-02-12 at 02:28 PM.

  6. #6
    Senior Member
    Join Date
    Jul 2013
    Posts
    754
    New Web Pages and corrections to one folder are available at:

    https://github.com/musket33/Pwnstar9...-Kali-2016R1-2

    or download thru the following:

    Newpages and Updates.zip

    https://www.datafilehost.com/d/ff979b11


    Musket Teams

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •