Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #y0-
- # dependencies
- # sudo apt-get install dnsmasq hostapd dhcp3-server
- version=0.1
- show_help(){
- echo "A rogue AP setup utility v$version inspired from Airsnarf Shmoo. "
- echo "Copyright (c) 2011 USIM Student Batch 2007-2011. All rights reserved"
- echo
- echo "Usage: $0 [options]"
- echo "Options:"
- echo "-s : show config"
- echo "-r : run this config"
- echo "-h : show this help message and exit"
- }
- show_config(){
- head -n 68 $0
- }
- while [[ $# != 0 ]]; do
- arg_name=$1; shift
- case "$arg_name" in
- -h) show_help; exit 0;;
- -s) show_config; exit 0;;
- -r) t=$arg_name;break;;
- *) echo "invalid option: $1"; show_help;exit 1;;
- esac
- done
- [ "$t" != "-r" ] && { show_help; exit 1; }
- ################################################
- # Here are some variables you may want to edit
- ################################################
- BMODE="non-bridge" #
- MODE="simple" #
- INET_IFACE="ppp0" #ppp0 #tun0 kalau lalu openvpn
- HOSTAP_WIFI_IFACE="wlan0" # Tested on ath5k/ath9k/rt73usb based cards
- # broadcom card majority tak support
- BRIDGE_IFACE="br0"
- CHAN="7" # channel wifi, berbeza ikut card
- SSID="mysabily.blogspot.com" # Boleh tukar SSID kepada nama lain
- INET_GW="113.211.116.196" #10.8.0.6 # Set external IP di sini check guna whatismyipaddress.com
- LAN_IP="192.168.2.1"
- NETMASK="255.255.255.0"
- NETWORK="192.168.2.0/24"
- BROADCAST_IP="192.168.2.255"
- SUBNET="192.168.2.0"
- RANGE_IP="192.168.2.3 192.168.2.254"
- DHCP_MIN="192.168.2.3"
- DHCP_MAX="192.168.2.254"
- DOMAIN="usim.edu.my"
- OPTION_NETBIOS_NAME_SERVERS="192.168.2.252"
- ACL_LOCALNET_SRC="192.168.0.0/16"
- #OPDNS="208.67.222.220, 208.67.222.222, 4.2.2.1, 4.2.2.2, 208.67.216.132, 208.67.216.132"
- #OPDNS="8.8.8.8,8.8.4.4"
- OPDNS="58.71.136.10,58.71.132.10" # Set DNS di sini, boleh tukar ikut contoh di atas.
- DNS="$INET_GW, $OPDNS" ##DNSpppX = "YOUR ISP DNS SERVER, $OPDNS"
- #DNS="$OPDNS"
- #payload="" # payload can be : sbd/vnc/wkv/other (what to upload to the user). vnc=remote desktop, sbd=shell, wkv=View WiFi keys. (/path/to/file), only used if payload is "other"
- #backdoorPath="/tmp/backdoor.exe"
- #port=$(shuf -i 2000-65000 -n 1)
- echo "----------------------------------------------------------------------"
- echo "A rogue AP setup utility v$version inspired from Airsnarf Shmoo. "
- echo "Copyright (c) 2011 USIM Student Batch 2007-2011. All rights reserved"
- echo "----------------------------------------------------------------------"
- echo "[*] Testing internet connection...";
- command=$(ping -I $INET_IFACE -c 1 google.com |grep "64 bytes from" |cut -d' ' -f 4);
- if [ -z $command ] ; then echo "[!] Internet access failed. "; exit 1 ; else echo "[-] Got internet access..." ; fi;
- mkdir -p "$(pwd)/tmp/"
- HOME_DIR="$(pwd)/tmp"
- # Create the hostapd.conf
- mkdir -p /tmp/hostapd > /dev/null 2>&1
- rm /tmp/hostapd/hostapd.conf > /dev/null 2>&1
- rm /tmp/hostapd/hostapd.pid > /dev/null 2>&1
- cat > /tmp/hostapd/hostapd.conf << EOF
- driver=nl80211
- logger_syslog=-1
- logger_syslog_level=2
- logger_stdout=-1
- logger_stdout_level=1
- ssid=$SSID
- hw_mode=g
- channel=$CHAN
- beacon_int=100
- dtim_period=2
- max_num_sta=255
- rts_threshold=2347
- fragm_threshold=2346
- macaddr_acl=0
- auth_algs=3
- ignore_broadcast_ssid=0
- #wmm_enabled=1
- eapol_key_index_workaround=0
- eap_server=0
- own_ip_addr=127.0.0.1
- # WPA settings. We'll use stronger WPA2
- # bit0 = WPA
- # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
- wpa=2
- # Preshared key of between 8-63 ASCII characters.
- # If you define the key in here, make sure that the file is not readable
- # by anyone but root. Alternatively you can use a separate file for the
- # key; see original hostapd.conf for more information.
- # Set WPA key di sini
- wpa_passphrase=passwordaku
- # Key management algorithm. In this case, a simple pre-shared key (PSK)
- wpa_key_mgmt=WPA-PSK
- # The cipher suite to use. We want to use stronger CCMP cipher.
- wpa_pairwise=CCMP
- # Change the broadcasted/multicasted keys after this many seconds.
- wpa_group_rekey=600
- # Change the master key after this many seconds. Master key is used as a basis
- # (source) for the encryption keys.
- wpa_gmk_rekey=86400
- EOF
- echo "interface=$HOSTAP_WIFI_IFACE" >> /tmp/hostapd/hostapd.conf
- echo "INTERFACES=\"\"" > /etc/default/dhcp3-server
- if [ "$BMODE" == "non-bridge" ]; then
- ifconfig $HOSTAP_WIFI_IFACE down && sleep 2
- ifconfig $HOSTAP_WIFI_IFACE up && sleep 2
- ifconfig $HOSTAP_WIFI_IFACE $LAN_IP netmask $NETMASK
- route add -net $SUBNET netmask $NETMASK gw $LAN_IP
- echo -e "[*] Starting DHCP Server.. "
- # Create custom dhcpd.conf
- path="$HOME_DIR/dhcpd.conf"
- if [ -e "$path" ] ; then rm "$path"; fi
- echo -e "#
- ddns-update-style none;
- ignore client-updates; # Ignore all client requests for DDNS update
- authoritative;
- default-lease-time 86400; # 24 hours
- max-lease-time 172800; # 48 hours
- log-facility local7;\n
- subnet $SUBNET netmask $NETMASK {
- range $RANGE_IP;
- option routers $LAN_IP;
- option subnet-mask $NETMASK;
- option broadcast-address $BROADCAST_IP;
- option domain-name \"$DOMAIN\"; " >> $path
- echo " option domain-name-servers $DNS;" >> $path
- #echo " option domain-name-servers $LAN_IP;" >> $path #non tranparant
- echo -e " option netbios-name-servers $OPTION_NETBIOS_NAME_SERVERS;\n}" >> $path
- cp $HOME_DIR/dhcpd.conf /etc/dhcp3/dhcpd.conf
- rm /var/run/dhcpd.pid
- ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
- dhcpd3 -cf /etc/dhcp3/dhcpd.conf $HOSTAP_WIFI_IFACE -pf /var/run/dhcpd.pid
- echo -e "[*] Starting DNS forwarder... "
- path="$HOME_DIR/dnsmasq.conf"
- if [ -e "$path" ] ; then rm "$path" ; fi
- echo -e "#
- interface=$LAN_IFACE
- domain=$DOMAIN
- #dhcp-range=$DHCP_MIN,$DHCP_MAX,24h
- #dhcp-authoritative
- #dhcp-option=3,$LAN_IP # Gateway" >> $path
- #echo -e "dhcp-option=6,$LAN_IP # DNS" >> $path #non tranparant
- echo -e "dhcp-option=6,$DNS # DNS" >> $path ; fi
- echo -e "log-queries
- #log-dhcp
- log-facility="$HOME_DIR/dnsmasq.log"" >> $path
- # Solve our DNS Forwarder
- dnsmasq -C $HOME_DIR/dnsmasq.conf&
- ##########################################################################
- # Simple WLAN setup (clients can access Internet)
- if [ $MODE = "simple" ];then echo -e "[*] Starting simple WLAN setup...."
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
- iptables -A FORWARD -i $HOSTAP_WIFI_IFACE -j ACCEPT
- iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to $INET_GW
- echo 1 > /proc/sys/net/ipv4/ip_forward
- sleep 1
- /etc/init.d/dhcp3-server restart > /dev/null 2>&1
- sleep 1
- echo "Starting AP..."
- hostapd -dd -P /tmp/hostapd/hostapd.pid /tmp/hostapd/hostapd.conf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement