API tools faq
paste
Advertisement
FlyFar

stop.sh

FlyFar
Aug 12th, 2023
777
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.84 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # stop.sh
  4. # Copyright (C) 2017  Joe Testa <jtesta@positronsecurity.com>
  5. #
  6. # This program is free software: you can redistribute it and/or modify
  7. # it under the terms version 3 of the GNU General Public License as
  8. # published by the Free Software Foundation.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13. # GNU General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU General Public License
  16. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17.  
  18. if [[ `id -u` != 0 ]]; then
  19.     echo "Error: this script must be run as root."
  20.     exit -1
  21. fi
  22.  
  23. if [[ (! -f /home/ssh-mitm/run.sh) || (! -f /home/ssh-mitm/bin/sshd_mitm) ]]; then
  24.     echo "Error: could not find sshd_mitm.  You need to first run install.sh."
  25.     exit -1
  26. fi
  27.  
  28. # Check if --force arg is present.
  29. FORCE=0
  30. if [[ ($# == 1) && ($1 == '--force') ]]; then
  31.     FORCE=1
  32. fi
  33.  
  34.  
  35. # If arpspoof or ettercap are running, stop.  Disabling the forwarding
  36. # configuration while still ARP spoofing would cause a denial of service...
  37. ps ax | awk '{print $5}' | egrep 'arpspoof|ettercap' > /dev/null
  38. if [[ ($? == 0) && ($FORCE != 1) ]]; then
  39.    echo -e "It looks like arpspoof or ettercap is still running.  You need to stop it before running this script, otherwise you'll cause a denial-of-service for the ARP targets.\n\nOtherwise, if you know what you're doing, re-run this script with '--force'."
  40.    exit -1
  41. else
  42.    echo "Forcing termination..."
  43. fi
  44.  
  45. # Kill all processes belonging to the ssh-mitm user.
  46. killall -u ssh-mitm 2> /dev/null
  47.  
  48. echo "Disabling IP forwarding in the kernel..."
  49. echo 0 > /proc/sys/net/ipv4/ip_forward
  50.  
  51. # Check if the INPUT table has an ACCEPT for destination port 2222.  If so,
  52. # delete it.
  53. iptables -nL INPUT | egrep "ACCEPT +tcp +-- +0\.0\.0\.0/0 +0\.0\.0\.0/0 +tcp dpt:2222" > /dev/null
  54. if [[ $? == 0 ]]; then
  55.     echo "Executing: iptables -D INPUT -p tcp --dport 2222 -j ACCEPT"
  56.     iptables -D INPUT -p tcp --dport 2222 -j ACCEPT
  57.     if [[ $? != 0 ]]; then
  58.         echo "ERROR: failed to remove iptables rule!"
  59.         exit -1
  60.     fi
  61. fi
  62.  
  63. # Check if the PREROUTING table has a REDIRECT for port 22 to 2222.  If so,
  64. # delete it.
  65. iptables -t nat -nL PREROUTING | egrep "REDIRECT +tcp +-- +0\.0\.0\.0/0 +0\.0\.0\.0/0 +tcp dpt:22 redir ports 2222" > /dev/null
  66. if [[ $? == 0 ]]; then
  67.     echo "Executing: iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222"
  68.     iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222
  69.     if [[ $? != 0 ]]; then
  70.         echo "ERROR: failed to remove iptables rule!"
  71.         exit -1
  72.     fi
  73. fi
  74.  
  75. echo -e "\nSuccessfully stopped sshd_mitm daemon and disabled forwarding rules.\n"
  76. exit 0
Tags: mitm attack
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!