Tag: script

Meterpreter script – rogueap.rb – Abusing Windows Virtual Wireless NIC Feature

by on Oct.08, 2011, under Meterpreter Scripts, Posts

I found myself inspired by Vivek Ramachandran‘s videos, I thought I would take the honor in creating the simple meterpreter script that basically does what you see in the third installation of the Swse Addendum videos.

When I watched the third video I thought to myself, “This shouldn’t be too difficult to do”. From my perception, I think that Vivek was kind of hinting that he might have wanted to see someone in the info-sec community create a meterpreter script that does what you see in this video. I was glad to do this. 🙂

For penetration testers, this script means that they can now more easily setup rogue wireless access points by utilizing this script, that utilizes the soft ap feature that is implemented into Windows 7 and Windows 2008.

If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using my script, one could essentially automate deploying a series of rogue ap points throughout a domain. This would be kind of like a network worm.

If you’re curious about automating Metasploit, please see:

http://dev.metasploit.com/redmine/projects/framework/repository/revisions/8878/entry/documentation/msfconsole_rc_ruby_example.rc

My script gives the end user the option if they want to install the meterpreter service on the victim computer. I thought that giving this option would be ideal for if the victim computer ends up rebooting. If you were just to deploy the soft AP and run a binding payload, the binding payload most likely wouldn’t survive a reboot.

The script is available here:

http://zitstif.no-ip.org/meterpreter/rogueap.rb

http://zitstif.no-ip.org/meterpreter/rogueap.txt

If you have any issues and you need help, feel free to contact me. Additionally, don’t hesitate to modify the script if you need/want to do so.

2 Comments :, , , , , , , , , , , , , , , , , , , , , , more...

Updated Section and Other Matters

by on Jan.19, 2011, under Posts

I haven’t had much time or energy to work on my website due to work, having a more than usual social life (odd), and school. I’m gong to make an honest effort to keep this website up to date at a higher frequency than what I’ve been doing.

This post is mostly in regards to my reconnaissance websites section. I’ve updated it and organized the websites by category. I’ve also added a link Samy’s geolocation page, which is great for finding actual (or close) locations of AP points, thanks to Google doing ‘legal’ wardriving.

Also, I’m planning on obtaining a Nokia n900, which I plan to ‘weaponize’ it in an original manner, and I will post steps to doing so on my website. I also have some meterpreter script ideas that I’m planning on working on. Additionally to that, I have a meterpreter script that has been laying around that utilizes an old trick for maintaining access to a compromised server, that I will plan on posting for metasploit users to use.

Here’s to a new year in information security! What will 2011 bring? 🙂

More to come as usual..

1 Comment :, , , , , , , , , , , , , , , , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!