Results 1 to 38 of 38

Thread: Pwnstar9.0 for kali2.0 has been released for general use

  1. #1
    Join Date
    2013-Jul
    Posts
    844

    Pwnstar9.0 for kali2.0 has been released for general use

    Pwnstar9.0 for Kali 2.0 is released for general use and testing.

    The Pwnstar9mv2.zip package contains the following;

    1. Pwnstar9.0-K2mv2-6.sh

    2. webpage folder

    hotspot_3
    portal_pdf
    portal_hotspotaccess
    portal_simpleaccess
    routerwpa1
    routerwpa1access
    routerwpa2
    routerwpa2access
    routerwpa3
    routerwpa3access
    routerwpa5
    routerwpa5access

    3. MITMf directory

    4. mitmf.sh

    5. impact-master

    6. Pwnstar9-K2-help.txt


    Package designed for WPA Phishing and sniffing


    You can download Pwnstar9-K2.zip package at:

    https://github.com/musket33/Pwnstar9.0-for-WPA-Phishing


    http://www.datafilehost.com/d/6b262f3b


    Musket Team Labs

    For those unable to download because of the portalpdf file try this download. The portalpdf folder in the webpage folder has been removed. The pdf attack listed in the Basic Menu will therefore not function as the rqr folder will be missing. This will not affect other Menu selections listed as tested in the help file


    http://www.datafilehost.com/d/5cca5a16
    Last edited by mmusket33; 2016-03-10 at 07:33.

  2. #2
    Join Date
    2015-Oct
    Posts
    2

  3. #3
    Join Date
    2015-Oct
    Posts
    2
    virus total kicks back 38/50 on this.

  4. #4
    Join Date
    2013-Jul
    Posts
    844
    To: turtlebacon

    Thanks

    The original author constructed a portal+pdf attack. The virus you see listed is part of that package and is included in all Pwnstar9.0 versions both stock and musket team.

    We have included a download listed above that does not include the portal+pdf web page folder.

    Let us know if you have any other problems

    MTeams
    Last edited by mmusket33; 2015-10-08 at 02:06.

  5. #5
    Join Date
    2015-Apr
    Location
    cosmoland
    Posts
    18
    make video how you start option 4 i cannot contect for rouge AP with my phone :@ :@ :@

  6. #6
    Join Date
    2015-Sep
    Posts
    14
    Have a problem with it.
    This is the steps I've made.
    Kali Linux 2.0 (Tried both Vmware and HD installation)

    Apt-get update && upgrade
    I installed all the dependencies, set the various permission, placed the various files in root and the portal pages to /var/www
    bash pwnstar etc..
    I have a wired connection (through Lan) and two adapters:
    RTL8187
    RT2800

    Once I open the script, i followed the various Yes or Not, as long as It creates the rogueAP.
    I provided internet access, writing "eth0" when the program asks which interface will be used to provide i.a. (so I selected the option for HTTPS-HTTP trap)
    I placed the RogueAP channel on 1,that is the same of the victim's router.
    Realtek for AP, Ralink for mdk3 attacks.

    The problem is that, even if I can see the various broadcast requests, NO ONE connects to the fake AP. And, I repeat, mdk3 deauth works well.
    What's the problem?
    I tried 48h for one victim router, and I tried other routers too, but nothing happened.

    Can you kindly help me?
    Thanks.

  7. #7
    Join Date
    2013-Jul
    Posts
    844
    To Mark:

    The best way to test this program is to go thru the four steps we outline in both the main Pwnstar thread set up by Vulpi and in our help files.


    Setup Pwnstar9

    With a second wifi device.


    1. See if the rogueAP name is seen.

    2. Test if the second wifi device can connect(associate) to the rogueAP

    3. Test to see if the second device can call up the phishing page.

    4. Test to see if data can be written to the formdata.txt file from the second computer.

    Advanced Testing

    5. Deauth the targetAP and see if you can connect to it thru your second wifi device.

    6. Deauth the targetAP and see if you can still connect to the rogueAP and pass data.


    If the above all works it is just a matter of getting a phish to bite. WPA phishing is a social engineering attack. Computers are not forced onto the rogueAP, the client has to choose to connect. Read our suggestions about rogueAP names in the help files. MTeams suggest you explore all other avenues while you WPA Phish in this order:

    1. Pixiedust
    2. Reaver
    3. Brute Force Run thru 8-10 numeric strings and then a good WPA dictionary - Use elcomsoft
    4. Listen for probe requests of WPA key in clear text by collecting essidprobe data.

    You should test item three and use the mithf program also. Connect your own device to the rogueAP and you can see all the data being past/


    MTeams
    Last edited by mmusket33; 2015-10-15 at 10:53.

  8. #8
    Join Date
    2013-Jul
    Posts
    6
    Dear mmusket33,

    Great work by your MusketTeams keeping this tool working. It's a favorite for end-user security awareness training.

    The tool works fine for the captive portal and phishing attack. I am having trouble getting the sniffing functionality to match what I was getting with sslstrip. Once the target was through the phishing portal it was no problem to grab demo outlook.com credentials. Now I can't seem to get the MITMf script to work to sniff after browsing authorized. Any tips on troubleshooting would be greatly appreciated. Alternatively could I still use sslstrip?

  9. #9
    Join Date
    2013-Jul
    Posts
    844
    To socialcred

    First you can only use MITMf with Basic Menu item 3. You cannot use it with Basic menu item 4 or 9a because Apache2 runs and takes over the port. You mention browsing authorized which leads us to thinking you are trying to use it with a portal/phishing page which again requires Apache2.

    We note this limitation in the help files.

    If this is not the case then outline your menu choices etc and we will try an duplicate your problem and correct it.

    MTeams

  10. #10
    Join Date
    2013-Jul
    Posts
    6
    Dear Mmusket33,

    Thanks for pointing out my error. You are correct I was trying to use it as a follow on to the captive portal phishing attack. I didn't read the help files carefully enough. Should the sslstrip attack still work after 9a?

    Again thanks for keeping a favorite tool working!

  11. #11
    Join Date
    2013-Jul
    Posts
    844
    To: socialcred

    Okay we threw a little time at the problem here is a solution.

    If you run Basic Menu 3 sniff there is no portal page and no problem.

    However if you are running a Portal Page and want to sniff with sslslip+ the portal page is gone once you run ANY of the sniffing features so you must let the client get past the portal and begin accessing the internet before you sniff. Here are the variations when running 9a with pwnstar9.0(PS9).

    1. Start PS9
    2. Run Basic Menu 9a as internet access must be provided
    3. If you select the https-http trap feature then once you start the sniffing features the client can only access https requests. If however you select to not use the trap then once the sniffing features are started the client can access both http and https requests. This though means the client cannot pass thru thr portal and get internet access unless a http request is made.

    4. Once PS9 is running you will see in yellow:

    Enter Line Number of operation to be conducted.

    Select 3 sniff victims and additional xterm windows with ferret and sslstrip will open in turn and start writing data as it comes thru. This selection will also rewrite some iptables allowing sslstrip to function.

    To allow mitmf(ie sslstrip+) to function you must unbind port 10000 if it is bound

    Open a terminal window

    Type fuser -k 10000/tcp

    or fuser -n tcp 10000

    You will get a bunch of Cannot Stat file etc warnings and then

    10000/tcp 4677

    The 4677 digit is a numerical string designating the process and can be any numeric string

    Now type killall -9 and the numeric string seen, in this case 4677

    killall -9 4677

    You will get an error message ignore it

    Now run mitmf.sh and it runs fine. Just give it time to get the python script to run.

    We are working on a mitmf.sh that runs all this for you. Will post it here when completed. However we think Basic Menu 3 is a better feature.

    MTeams
    Last edited by mmusket33; 2015-10-22 at 12:38.

  12. #12
    Join Date
    2015-Nov
    Posts
    4
    To mmusket33,

    Would you consider sharing your code on github or bitbucket? They are much better platforms for sharing code than free file upload sites. Also it would allow us to contribute your codebase (that is if you accept pull requests).

    Regardless of your decision thanks for the tool.

  13. #13
    Join Date
    2013-Jul
    Posts
    844
    To pip,

    The original author Vulpi has posted his version on github

    MTeams adapted it for WPA phishing

    Our view is once we release any code to the community, the code belongs to the community not us.

    Hence if you think it wise to post two(2) versions on github that would be your decision. We have no objection to you posting if you wish.

  14. #14
    Join Date
    2013-Jul
    Posts
    6
    Dear Mmusket33,

    I appreciate the time your team spent on dealing with my question. I will be in a position to run tests soon. I just tried using the phish/sniff advanced attack after allowing the victim through the phishing captive portal and the sslstrip attack still works! In fact, it works faster than on the prior version of Kali. Congrats on a great framework for wifi attack demonstrations for end-user security. Sometimes users don't believe the training until they see the attacks in class!

  15. #15
    You mention browsing authorized which leads us to thinking you are trying to use it with a portal/phishing page which again requires Apache2

  16. #16
    Join Date
    2015-Dec
    Posts
    1

    Pwnsta9.0 musket version

    Hi,

    I appreciate your effort on pwnstar project. I want to ask your opinion on the following scenario:

    I'm starting your version of pwnstar on a kali 2.0 virtual machine, using (9-a). Everything its created normaly. Im using "portal-hotspott" page. I'm using as test devices an iPhone 5 and an iPhone 6. I can connect to the pwnstar created network and i'm receiving the portal page on any http request. Credentials are captured and shown to formdata.txt.

    The problem is that after few minutes (sometimes 1-2 min , sometimes 5-6) im loosing the connection to the pwnstar network and I can't reconnect because the pwnstar network disappear from spectrum.

    Any ideas on how to debug this?

    Thank you in advance.
    Frank

  17. #17
    Join Date
    2013-Jul
    Posts
    844
    To Frank,

    Unfortunately MTeams has never run the program in a virtual machine. We suggest you make a persistent usb install of kali 2.0 or do a Harddrive install and then test the program and see if the problem disappears. Do not try and run the program from a live only usb, the persistent feature must be set up. If at that time the problem still exists then we will try and assist you BUT this problem doesnot exist on our computers.

    MTeams

  18. #18
    Repeated message, delete please
    Last edited by brunoaduarte; 2015-12-05 at 23:56. Reason: REPEATED MESSAGE, DELETE PLEASE

  19. #19
    Hi mmusket33 !

    In vk496/Linset, there's a feature to auto test the captured wpa passphrase (the one user entered on the fake accesspoint page) in realtime, by trying it on a previous captured WPA handshake packet.

    If the user types a password that cracks the handshake, then the fake page shows a success message and disables the fake ap automatically.

    Is there a similar function in your "pwnstar9.0-K2-mv2-6.sh" ?

    BTW, i've read a lot and only tested pwnstar9.0-K2-mv2-6.sh till now, i'm about to download wifislax to try linset as it seems to have some bugs in kali.

    Anyway, which of these do you think is the best ? pwnstar or linset ?

  20. #20
    Join Date
    2013-Jul
    Posts
    844
    To brunoaduarte

    First reference linset. MTeams may not be aware of the authors latest works. MTeams did debug and translate and then release a linset version but it probably will only run in kali1.10a due to the airmon-ng problems.

    We prefer the Pwnstar9.0(PS9) approach written by vulpi. MTeams have new phishing pages on the drawing board that will plug right into the MTeam PS9 version.

    Furthermore we know of no other phishing progam that will run under Kali2.0 because of the airmon-ng network-manager conflicts. And because Eterm although now available for kali2.0 doesnot work in the kali2.0 environment. We tried to address the Eterm issue in these forums but got nowhere and just gave up.

    For us the King of RogueAP programs is Aerial however this program doesnot support phishing web
    pages and maynot run in kali2.0. If you find any of these comments in error please correct us.

    Reference functions in PS9 - no such handshake module exists. WPA Phishing is a social engineering attack. What is most important is the quality of the web pages and the functionality of the systems interaction with the client. Vulpi provided an easily adaptive program that allows expansion and individual expression. If you use PS9 even if it is an MTeams release thank the original author who made all this possible.

    If you find either linset or Aerial run in kali2.0 please advise


    MTeams

  21. #21
    Join Date
    2013-Jul
    Posts
    844
    Pwnstar 9.0K2 cannnot be run in kali-linux-2016.1-i386. MTeams is currently coding around the problems.

    Musket Teams

  22. #22
    Join Date
    2016-Mar
    Posts
    4
    Mmusket33 Thank You

  23. #23
    Join Date
    2015-Dec
    Posts
    15
    Quote Originally Posted by mmusket33 View Post
    Pwnstar 9.0K2 cannnot be run in kali-linux-2016.1-i386. MTeams is currently coding around the problems.

    Musket Teams
    Any ETA for 2016.1 release availability?

  24. #24
    Join Date
    2016-Apr
    Posts
    2
    @JackBauer

    I have been in contact with Musket Teams via e-mail. They told me currently they have terminated all work with kali-linux 2016R as they cannot keep a stable operating system functioning. I doubt they are even visiting this site at present. I do see them post in aircrack-ng forums however.

  25. #25
    Join Date
    2013-Jul
    Posts
    844
    To: JackBauer

    As highway9 notes MTeams has terminated all active work with kali2016 until a stable version of Kali2016 emerges. Our RV Team expects that to occur in late June or early July.

    We have a Beta Version of PwnStar9.0 for kali2/2016 with new phishing web pages that is running in a persistent usb install of kali2016 that we could send you if you wanted it. MTeams can always use other opinions.

    Musket Teams

  26. #26
    Join Date
    2015-Dec
    Posts
    15
    Quote Originally Posted by mmusket33 View Post
    To: JackBauer

    As highway9 notes MTeams has terminated all active work with kali2016 until a stable version of Kali2016 emerges. Our RV Team expects that to occur in late June or early July.

    We have a Beta Version of PwnStar9.0 for kali2/2016 with new phishing web pages that is running in a persistent usb install of kali2016 that we could send you if you wanted it. MTeams can always use other opinions.

    Musket Teams
    Thanks MMusket, i'll be glad to test this Beta on my Kali 2016.
    Waiting for it...

  27. #27
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Quote Originally Posted by mmusket33 View Post

    MTeams has terminated all active work with kali2016 until a stable version of Kali2016 emerges.

    Musket Teams
    let'see what happens with Devuan also. I'm hoping that someone will come out with pentest/techie OS with it as its core.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  28. #28
    Join Date
    2015-May
    Posts
    25
    Tested Pwnstar 9.0 K2 on Kali 2016 rolling, It works fine, Installed MITF separately as seen here https://github.com/byt3bl33d3r/MITMf/wiki/Installation

    Works fine, thanks M Team. You guys have been doing a great work with keeping us alive with new tools.

    Looking forward for a great hammer for WPA/WPS PIN breaker

    Cheers!

  29. #29
    Join Date
    2013-May
    Location
    indonesia
    Posts
    20
    i use 2 adapter wireless wlan0 and wlan1 .. testing on client with android phone can connect to AP.. but when i choose options 3 ( give client internet connection and snifing ), this options can't launch .... so the client can't open the webpage....
    [-] INDONESIA [-]

  30. #30
    Join Date
    2013-Jul
    Posts
    844
    To machx

    Thanks for the tests we will reference this address when we release the updated PS9 supporting passive DOS thru RogueAP clones.



    To R.volv3.R

    Web page support does not exist for item three. MTeams is currently working on a new version of PS9. Our focus has been on items 4 and 9a. If you want to provide internet access then select 9a. If you use the HTTP Trap then when the client tries to access a https site the client is passed on to the site HOWEVER the minute a http site is request the iphishing web page is seen.

    Internet access for an associated client thru selection 9a is dependent on the quality of the internet connection you have established thru your device. Poor,weak or slow access will result in page timeouts for the client. This does not affect the phishing web page. Hence if the HTTP trap is used a client requesting a https site will get the site or the page will time out but no certificate warning will be seen if the site requested is valid. All our android phones work fine.

    MTeams
    Last edited by mmusket33; 2016-06-26 at 14:57.

  31. #31
    Join Date
    2016-Jun
    Posts
    4
    Hi Mmusket333 - I do enjoy your scripts. They are helping me while I learn various things about my home router. I am having some trouble with the version of PwnSTAR I'm using. I believe I have the K2mv2-6. The issue I am having is creating a MITM with internet access.

    A couple of things I can't seem to pinpoint;

    1. It launches 2 APs. One named Default and the other the ESSID I specify.
    2. No internet access is given, and when given the option of choosing which option out of 3, I choose number 3 "Give Internet access and sniff". I keep getting the error (Option not available in this attack mode). Happens when trying to use a Honey Pot as well.
    3. The DHCP client error I'm getting - tail:unrecognized file system type for /var/lib/dhcp/dhcpd.leases - not sure if this is why my connected clients can't get internet

    Once I get through this I'll be able to move onto the next step

    Would it be possible to get the beta script to test that out?

  32. #32
    Join Date
    2013-Jul
    Posts
    844
    To: rexii

    First None of your items have anything to do with errors in Pwnstar9.0

    1. The 2 APs is a bug in aircrack. This bug has been corrected in newer versions. So update/upgrade your installation and this should go away. For reference see aircrack-ng forums although there are some commentary here in kali under airbase-ng

    2. To use item 3 you must provide internet access. You state no internet access given

    3. The tail unrecognized file system type is a bug in tail AND will have NO effect on anything just ignore it. If you want details just google tail and the warning. When we issue the newer Pwnstar which we are working on at present a comment about tail warning errors has already been added to the menu texts.

    MTeams
    Last edited by mmusket33; 2016-06-28 at 14:47.

  33. #33
    Join Date
    2013-May
    Location
    indonesia
    Posts
    20
    i think no internet access because when start pwnstar all wlan will disconect , if we use LAN cable .. it will still have internet connection and can give internet access to victim..

  34. #34
    Join Date
    2016-Jun
    Posts
    4
    Quote Originally Posted by mmusket33 View Post
    To: rexii

    First None of your items have anything to do with errors in Pwnstar9.0

    1. The 2 APs is a bug in aircrack. This bug has been corrected in newer versions. So update/upgrade your installation and this should go away. For reference see aircrack-ng forums although there are some commentary here in kali under airbase-ng

    2. To use item 3 you must provide internet access. You state no internet access given

    3. The tail unrecognized file system type is a bug in tail AND will have NO effect on anything just ignore it. If you want details just google tail and the warning. When we issue the newer Pwnstar which we are working on at present a comment about tail warning errors has already been added to the menu texts.

    MTeams
    Oh I see! I thought they were errors in the script interacting with my distribution. thank you so much for clarifying that! I really appreciate it.

    Yes I do realise I need to offer internet for item three, but I can't get the internet flowing, and I assumed originally it was the tail bug in the dhcp window. Learner Driver here! I am still trying to get the internet working through item three. Keeps telling me that the attack is not available in that mode.

    Will practice more! Thanks MTeams!

  35. #35
    Join Date
    2013-Jul
    Posts
    844
    To: R.3volv3.R and rexiii

    Reference internet access

    Suggest you download Netmanmac and turn off all your connect automatically setting. Also you must spoof your internet connected device thru Network Manager menus only.

    If you use airmon-ng check kill you loose the ability to connect to the internet. Using service commands like service NetworkManager restart WILL NOT restore full function to your Network Manager menu. The only way to restore full function is to reboot the computer.

    If you do not use airmon-ng check kill BUT type service NetworkManager restart to initialize new mac addresses or autoconnect settings you will again loose full function of Network Manager and again you must reboot the computer.

    MTeams has noticed that unless the internet access is strong a web page will not be seen. If you select the HTTPS pass thru then either the web page is seen or the program constantly tries to load a page.

    MTeams cannot test wired interfaces and are interested in any reports


    Suggest you test 9a first and then 3.


    You cannot run portions of this script using kali 2016R. The current version is for kali 2.0

    We have spent more time coding around Network Manager then actually writing any other code.

    MTeams

  36. #36
    Join Date
    2013-Jul
    Posts
    844
    To rexiii

    MTeams is working on a newer version of Pwnstar9 that would support kali2016.

    We found that internet access could not be provided when using kali2016R. Our RV group suspected Apache2 so we tried

    apt-get install apache2

    A few files were loaded and after that internet access was again up and running.

    So if you are using 9a and no internet access is seen try the apt-get install routine.

    MTeams

  37. #37
    Join Date
    2016-Sep
    Posts
    3
    mmusket33,

    I have been a long time reader of these forums and one of the reasons I have joined is to say a huge thanks to you for your posts on this forum.

    Also thank you for the work you do on the scripts you freely provide. You make Kali more usable for the average guy.

    Please keep up the good work as I am sure many more people really appreciate your efforts.

  38. #38
    Join Date
    2013-Jul
    Posts
    844
    Keeping DNS internet link active thru the Captive portal in the musket version of Pwnstar9

    When running the Captive portal selections 9a and 3 in the musket version of Pwnstar 9.0, a internet connection is required. Without the connection the phishing page will not run nor will the HTTPS-HTTP trap function.


    The trap allows the phish to access the internet when a HTTPS request is made BUT if a HTTP is made the phishing page is provided,


    MTeams is currently updating Pwnstar9 for kali rolling R2 and WPA Phishing. Until this update is released suggest when using the captive portal selections 9a and 3, users run the following in a terminal window if 9a or 3 are selected.

    while true; do ping -c 1 www.google.com; killall -q ping; sleep 1; ping -c 1 www.facebook.com; killall -q ping; sleep 1; done

    If you wish to launch in an xterm window then

    xterm -g 80x5+0-0 -T "DNS REsponse Test" -e "while true; do ping -c 1 www.google.com; killall -q ping; sleep 1; ping -c 1 www.facebook.com; killall -q ping; sleep 1; done"

    The xterm window will be seen in the lower lefthand corner of the screen

    This doesnot apply to selection 4 in the Pwnstar menu which does not use the captive portal.

    Musket Teams

Similar Threads

  1. Netmanmac1-3 released for general use
    By mmusket33 in forum General Archive
    Replies: 16
    Last Post: 2018-01-05, 01:00
  2. Pwnstar9.0 for Kali-linux 2016R1-2 released for testing
    By mmusket33 in forum Project Archive
    Replies: 14
    Last Post: 2017-04-26, 11:33
  3. Replies: 18
    Last Post: 2017-01-12, 01:14
  4. Replies: 25
    Last Post: 2015-10-09, 00:41
  5. Pwnstar9.0 bugs
    By mmusket33 in forum General Archive
    Replies: 0
    Last Post: 2014-04-07, 11:21

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •