|
|||||||
| Wireless Specific topics related to the attack & defense of wireless systems |
 |
|
|
LinkBack | Thread Tools | Display Modes |
07-25-2009, 02:37 PM
|
|||
|
|||
Wireless Key Grabber (WKG) Fully automated
This is my latest release, wireless key grabber for backtrack 4 pre final.
Before using you need to download lighttpd install using apt-get install lighttpd Video is here YouTube - Wireless Key Grabber explanation of the script is here Bash pastebin - collaborative debugging tool and finally the required files MEGAUPLOAD - The leading online storage and file delivery service be sure to extract these into /root therefore all your files are in root/WK if you know what you are doing then you can change this but you would need to follow it through in the script and it's other files remember this is for educational purposes only inspired by g0tmilk with his scripting  cheerz
Last edited by hm2075; 07-25-2009 at 02:40 PM. 
|
|
07-27-2009, 05:32 PM
|
|||
|
|||
|
the problem with browser vulnerability is that they get patched quickly
you could modify the index file and add any vulnerability of your choice the next project i'm working on is a capture and release fully transparent fake ap Last edited by hm2075; 07-27-2009 at 06:10 PM.
|
|
07-27-2009, 08:09 PM
|
||||
|
||||
|
Quote:
/me feels proud! (= Well done! I will give this a try soon! p.s. I realllly need to update my script! 
__________________
~ Have you, g0tmi1k? ~
 <(^^,)> d[-_^]b (= =D-->--< 
|
|
07-27-2009, 08:45 PM
|
|||
|
|||
|
My next version is going to be awesome
a fully transparent access point here's what will happen victims join our evil ap, they will all be redirected to to the fake update page, those that do not download our update will not be allowed to go any further Those that do download our update will get access to the internet, with us in the middle, a true MITM attack. From here we can keylog, grab docs, grab passwords, the possibilities are endless for those that are curious how I am going to achieve this.... here's how, meterpreter grabs the victims mac address puts it into a directory, we then grep the contents of all files in this directory and add it into allowmac.txt then finally we create a new script that manipulates our iptables and only allows access to the internet if they are in the allowmac.txt list I have solved the part of grabbing victims mac address, grepping and creating our allowmac.txt and looping it. the only part left is the iptables script, if anyone wants to help then I am looking at a script that does the following redirect any users not in our allowmac list to our webserver, and allow any that are in this list to surf the internet. If not I will have to figure it out myself eventually watch this space Last edited by hm2075; 07-27-2009 at 08:59 PM.
|
|
07-31-2009, 06:14 AM
|
|||
|
|||
|
i think I have solved it all for the new version
iptables now sorted I think, I am using the "mark" options in iptables it looks like it is just a matter of pulling everything together into one script, expect to see it released sometime next week so what happens : 1. Victim connects to our AP 2. Victim is redirected to fake update page. 3a.. Victim decides not to download exe....... victim unable to proceed further 3b. Victim downloads update. Script kicks off 4. Meterpreter loaded with hb2.rc script 5. Wireless key viewer uploaded,executed and we grab wireless keys 6. Victim's mac address is uploaded to mac folder, iptables updated to allow victim to surf 7. sniffers activated to monitor usage. we can do further things such as keylog, sslstrip etc etc 8. More victims connect but cannot go past fake update page unless they download update.exe
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 06:33 AM.
