Pwn Phone User Manual
Contents
1. Add to Target 2 Go to Mitm and click Arp Poisoning and select the checkbox for Sniff remote connections click OK to stop arp cache poisoning simply click on Mitm and select Stop mitm Go to main desktop open ssltrip shortcut tail f home user sslstrip log Credentials may show up in both Ettercap and home user sslstrip log On a windows target machine go to a cmd shell and run arp a to see if mac address of pwnphone is there confirms arp cache poisoning is working Open a browser and go to an HTTPS enabled site to test if sslstrip is working2. with thumbprint icon on desktop 2 Enable injection with the Injection_ON shortcut on the desktop red syringe 3 Run airodump ng in rootshell as follows airodump ng ivs bssid mac address of router c channel w filename to write to wlanO Example airodump ng ivs bssid 11 22 33 44 55 66 c 6 w test wlan0 4 In another rootshell terminal run the arp replay attack with aireplay ng 3 b 11 22 33 44 55 66 wlanO 5 In another rootshell terminal run the fake auth attack with aireplay ng 1 O a 11 22 33 44 55 66 wlanO 6 If this doesn t work run a deauth attack also used for obtaining wpa handshakes aireplay ng 0 10 a 11 22 33 44 55 66 wlanO 7 Or de auth a single client connected to the wireless network aireplay ng 0 10 a 11 22 33 44 55 66 c 00 22 44 66 88 99 wlanO 8 Now go back to you terminal window running the arp replay attack and see if it is injecting packets If so it will take 10 000 to 35 000 data packets captured shown in airodump window to successfully crack the WEP key 9 To attempt the WEP key crack aircrack ng test ivs or whatever your capture file is named Grimwepa Grimwepa is a great little java GUI front end to the Aircrack NG suite Basically run the first 2 steps in the last process rolling MAC address and hostname and turning injection on 1 Open Grimwepa if monitor mode is not enabled it will ask you to enable it which means you probably forgot to turn on injection Click
3. FANIE CA FTE Copyright 2012 Rapid Focus Security LLC DBA Pwnie Express Manual revision 6 5 2012 Pwn Phone User Manual Note The online version of this manual is maintained here http www pwnieexpress com rt html Legal Stuff e All Pwnie Express Rapid Focus Security products are for legally authorized uses only e By using this product you agree to the terms of the Rapid Focus Security EULA http pwnieexpress com pdfs RFSEULA pdf e As with any software application any downloads transfers of this software are subject to export controls under the U S Commerce Department s Export Administration Regulations EAR By using this software you certify your complete understanding of and compliance with these regulations e This product contains both open source and proprietary software Proprietary software is distributed under the terms of the Rapid Focus Security EULA http pwnieexpress com pdfs RFSEULA pdf Open source software is distributed under the GNU General Public License http www gnu org licenses gpl html Features e Comes with a wide variety of pen testing tools installed with quick access shortcuts e Supports wireless monitor mode and injection for WEP cracking e Supports promiscuous mode for sniffing other traffic passively e Man in the middle capabilities for intercepting network traffic Tools Installed e Metasploit Fasttrack SET Scapy Nikto SSLstrip iodine e Kismet Aircrack NG Wifite Wi
4. d show main windows with networks 5 Use the volume control buttons on the top of the phone to change the font size 6 Use Esc to access the Kismet main menu which you can then control with the arrow keys 7 Kismet will prompt you to use the built in GPS to log networks physical locations If you do not want to use this feature simply deny Kismet access to the GPS when it asks or disable the GPS in the connections menu in upper left hand corner of the screen where connection manager is located 8 Kismet will save logs automatically in many different formats where ever it is run from If you use the desktop shortcut it will default to save them to the home user MyDocs folder 9 For more information on this tool please visit kismetwireless net Aircrack NG suite The aircrack ng suite comes with many different powerful tools to attack and sniff 802 11 wireless networks There are many good tutorials on youtube and aircrack ng org On the desktop the airodump ng wlanO shortcut is great for doing site surveys monitoring signal strength and viewing connected clients Aircrack NG on this phone is mainly used for WEP cracking and capturing WPA handshakes for cracking on a more powerful system If you are unfamiliar with cracking WEP start with these videos http www youtube com watch v qelVuhGciSI http www youtube com watch v oHq cKoYcr8 amp On the N900 the procedure is as follows 1 optional Roll MAC address and hostname
5. fizoo GrimWEPa Wepbuster e Nmap netcat tcpdump wireshark tshark Ettercap NG exploitDB macchanger e presencevne client xilvnc server conky tor rdesktop openvpn netmon iptables Getting started Make sure the keyboard is not slid out otherwise you will be greeted with the backup menu Turn the phone on by holding the small power button on the top between volume and camera buttons and sliding the side button on the right down Phone will vibrate and white Nokia screen will appear The first thing to get used to is the interface to the N900 The way it works it simple but knowing a few key things will greatly help in navigating The main desktop screen will have most of the key pen testing tools available via convenient shortcut icons There are 4 desktop screens by default Navigation By tapping the upper left hand corner you will have access to multitasking between running applications as well as different desktop areas One of these areas is the main applications folder where all applications with an icon are stored This is where you will find things like the application manager file manager and other general settings for the phone Also in the upper left hand corner to the right of the clock shows a battery and connection information If you tap here you will have access to wireless devices and a basic connection manager Use this to connect to wifi and Internet TIP Once in an xterm shell you can increase decrease t
6. he font size with volume buttons Main pen testing desktop screen shortcuts left to right 3 48 pm BHT 1 Conky For seeing system usage and stats OMNDAUAWN RR e O 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 Promiscuous_on_off Script to turn promiscuous mode on and off for wlanO xTerm rootshell Root shell access to the home user MyDocs pwnphone folder Macchanger Rolls mac address of wireless card wlanO and changes hostname to DellPC Nmap Cmd line version of Nmap Zenmap Gui version of Nmap InjectionON Loads drivers required for wireless packet injection InjectionOFF Unloads packet injection drivers and reloads normal wifi drivers Airodump ng Quick access to wireless sniffer running airodump ng wlan0O Kismet Wireless sniffer mapping tool Wifite Wireless automated attack tool Wifizoo Wireless tool to sniff active sessions on open wifi Grimwepa GUI front end tool used with the Aircrack NG suite wep wpa cracking Wepbuster Automatically crack wireless WEP networks in range be careful Promiscuous mode on off button Enables promiscuous mode on wlanO Wireshark Desktop shortcut packet analyzer sniffer Tshark CMD line version of wireshark running on wlanO Tcpdump Run tcpdump on wlanO tcpdump s0 n i wlanO SSLstrip Tool used to strip websites of ssl and sniff credentials Scapy Scapy interface interactive packet
7. manipulation Nikto Web scanning tool SET Social Engineering Toolkit Metasploit CMD version of msf3 msfconsole Metasploit GUI GUI version of msf3 Fasttrack Automated pentesting tool EttercapNG Curses Curses version of EttercapNG EttercapNG GUI GUI version of EttercapNG Admin desktop left of main pen testing desktop 11 17 pm Bg 7 i j REVERSE f SSH SHELL File manager Maemo GUI file manager FTPn900 FTP client GSM Mon Monitor status of cell phone connection Presence VNC VNC client Rdesktop Remote desktop client OBRWNe 6 xlivnc VNC server quick shortcut WARNING no password set by default 7 Reverse SSH shell Will ask for hostname to connect to but must be setup see below 8 Browser Maemo Web browser 9 VIM Vim editor SSH access Username root Default password pwnphone Tools path home user MyDocs pwnphone The rootshell shortcut will bring you to the tools path by default Some of the tools are in the path and can be run from anywhere others are not Wireless Promiscuous mode Promiscuous On Off script is on desktop icon has face with red hair and goggles to the left of the wireshark icon You can then run wireshark tshark tcpdump or ettercap to see packets on the wireless network that normally you wouldn t see To Manually Enable ifconfig wlan0 promisc To Manually Disable ifconfig wlanO promisc Wireless Monitor mode Monitor mode all
8. ows for fully passive sniffing As such you can t be actively connected to a wireless network at the same time Kismet and Airodump ng will automatically put your wireless card in monitor mode Just remember you ll need to put the wireless card wlanO back into managed mode through a rootshell terminal or using Green hat icon on desktop when you want to connect to a network again Enable ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig up Disable ifconfig down iwconfig wlan0 mode managed ifconfig up Wireless packet injection For the N900 there are special drivers that support packet injection but unfortunately when enabled they also drain the power and battery life substantially The default home screen contains quick shortcuts to enable disable injection as needed InjectionON red syringe This script loads the injection driver and puts the card into monitor mode Once loaded use GrimWEPa or Aircrack NG for WEP cracking de auth attacks or handshake captures InjectionOFF blue syringe This script unloads the injection driver and loads the default wireless driver which still supports monitor promiscuous mode Kismet 1 Open the kismet icon purple on the desktop or from a shell It will put your card in monitor mode if it is not already 2 The first thing it will ask you is Start Kismet Server Hit enter for Yes 3 Hit enter for Start 4 Hit Tab then enter to close console window an
9. refresh targets which will automatically spawn airodump to start sniffing Once you have found a WEP network you wish to crack switch back to the Grimwepa interface and click stop scanning Select from the list the network you wish to crack then click use client in attack select under attack method arp replay Then simply click start attack If everything goes well and you are close enough to the access point and there are clients connected it should attack and crack everything automatically If not you can try opening a separate rootshell terminal and running the aireplay ng fake auth and deauth attacks mentioned in the Aircrack ng section above 5 Grimpwepa automatically starts cracking once it has collected 10 000 data packets so if it s a 128 bit WEP network you may need to just stop the cracking process and restart it Wifite Wifite is an automated tool to attack wireless networks It looks pretty and works OK 1 Torun it first run airodump ng wlanO to start channel hopping desktop icon or from terminal 2 Then click the Wifite icon and watch it search for things to attack Once it finds some stuff hit Ctrl C to then move to the next stage of attacking Note that you may have to use a rootshell and navigate to it s folder and run it there cd home user MyDocs pwnphone wireless wifite python2 5 wifite_r54 py 3 Use Ctrl C when ready and follow the menu prompts to proceed Wifizoo Wifizoo can be used
10. to sniff all sorts of open wireless traffic especially active sessions and cookies To use it run Airodump ng or Kismet to channel hop then open the icon on the desktop for Wifizoo If the browser doesn t show anything just refresh it WepBuster Wepbuster is a one click fully automated WEP cracking tool To use enable injection mode red syringe on desktop and launch the icon kakashi ninja on the desktop Currently this tool is set to crack the capture file once 30000 ivs are reached but you can change this value by editing the wepbuster script itself Or try running aircrack ng against the generated capture file in the wepbuster directory To use cd home user MyDocs pwnphone wireless wepbuster 1 0_beta perl wepbuster channel s perl wepbuster sort connect hostname ip address perl wepbuster permute OPTIONS perl wepbuster help this will give you basic run options WARNING WepBuster will automatically attempt to attack ANY wep networks within range Use at your own risk MITM with Ettercap and SSLstrip 1 Open Ettercap NG GUI on desktop 2 Select Sniff and click Unified sniffing 3 Select wlanO and click OK 4 Click Start and then Start Sniffing 5 Go to Hosts and click Scan for Hosts 6 Go to Hosts and click Host list 7 Select IP address of target computer to mitm and then click Add to Target 1 10 11 12 13 14 Select Router IP 192 168 1 1 typically and click
Download Pdf Manuals
Related Search