#- Computer Forensic Science and IT Security Professional. ⠠⠵

domingo, abril 19, 2015

Complementando a postagem anterior sobre ZINES Brasileiros, segue mais alguns encontrados pela internet, quem gostar e quiser contribuir com mais alguns fique avontade! (:

[DIR]Parent Directory -
[TXT]2l8.txt13-Jan-2012 09:04 174K
[DIR]ARTeam/13-Jan-2012 09:03 -
[DIR]BoW/13-Jan-2012 09:11 -
[DIR]CITADEL666/13-Jan-2012 09:12 -
[DIR]G-line/13-Jan-2012 09:12 -
[DIR]HAX0R/13-Jan-2012 09:11 -
[DIR]HVR/13-Jan-2012 09:05 -
[DIR]INFINITY/13-Jan-2012 09:11 -
[DIR]L0CK/13-Jan-2012 09:11 -
[DIR]Perl_Underground/13-Jan-2012 09:12 -
[DIR]TeaMp0isoN/13-Jan-2012 09:04 -
[DIR]UP/13-Jan-2012 09:04 -
[DIR]ZF0/13-Jan-2012 09:04 -
[TXT]anti-anti-sec.txt13-Jan-2012 09:03 580K
[DIR]anti-sec/13-Jan-2012 09:05 -
[DIR]b0g/13-Jan-2012 09:04 -
[DIR]b4b0/13-Jan-2012 09:04 -
[DIR]bzine/13-Jan-2012 09:03 -
[DIR]crh/13-Jan-2012 09:04 -
[DIR]dikline/13-Jan-2012 09:11 -
[DIR]dot-aware/13-Jan-2012 09:04 -
[DIR]el8/13-Jan-2012 09:12 -
[DIR]exp/13-Jan-2012 09:12 -
[TXT]exploit.this 0x01.txt13-Jan-2012 09:12 32K
[DIR]feh/13-Jan-2012 09:05 -
[TXT]geist-01.txt13-Jan-2012 09:04 547K
[DIR]h0no/13-Jan-2012 09:11 -
[DIR]phrack/13-Jan-2012 09:11 -
[DIR]r3m/13-Jan-2012 09:04 -

Forte Abraço []'s

I’ve had a go at making a bash script to automate creating a ‘Fake AP’ (Access Point) and ‘pwn’ who connects to it! This is a bash script and a few other things to make a fake access point which is transparent (allowing target afterwards to surf the inter-webs after they have been exploited!).


Download Script (fakeAP_pwn-v0.1.tar.gz): *Out-Of-Date*



  • Creates a fake AP and DHCP server.
  • Runs a web server & creates an exploit with metasploit.
  • Waits for target to connect, download and run the exploit after it allows them to surf the Inter-webs.
  • Uses a backdoor, SBD (Secure BackDoor - bit like netcat!), though this could be replace with VNC if attacker wishes!
  • Then starts a few ‘sniffing’ programs (dnsiff suite) to watch what target does!


  • Two interfaces, one for Internet (wired/wireless) and the other for becoming an access point (wireless only!)
  • A Internet connection (though you could mod it so its non transparent)
  • Airmon-ng, dhcpd3, apache,metasploit, dnsiff suite - All in BackTrack!
  • The script! - FakeAP_pwn*.7z (17.7KB, MD5 006ee8522deb5c4d71c754e94282a51 *Coming soon*

Whats in the 7z file?

  • FakeAP_pwn.sh - Bash script to run
  • FakeAP_pwn.rc - Metasploit resource
  • sbdbg.exe - Backdoor
  • dhcpd.conf - My DHCP script (in-case you need it)
  • index.html - The page the target is force to see before they have access to the Internet.

How to use

  1. Extract the 7z file to /root/FakeAP_pwn.
  2. Edit FakeAP_pwn.sh with your gateway, Internet interface, wireless AP interface.
  3. sh /root/FakeAP_pwn/FakeAP_pwn.sh
  4. Wait for a connection…
  5. Game Over.


  • It works for me =).
  • I’m running BackTrack 4 Pre Final, The target is running Windows XP Pro SP3 (fully up-to-date 2009-03-25), with no firewall and no AV. Not tested with anything else!
  • The connections is reverse - so the connection comes from the target to attacker therefore as the attacker is the server it could help out with firewalls…
  • There is stuff comment out; the stuff at the end I want to happen, the other stuff is other methods of doing the same thing!
Blog Post: https://blog.g0tmi1k.com/2009/06/fakeappwn-v01/